Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-21799 (GCVE-0-2025-21799)
Vulnerability from cvelistv5
Published
2025-02-27 20:00
Modified
2025-05-04 07:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()
When getting the IRQ we use k3_udma_glue_tx_get_irq() which returns
negative error value on error. So not NULL check is not sufficient
to deteremine if IRQ is valid. Check that IRQ is greater then zero
to ensure it is valid.
There is no issue at probe time but at runtime user can invoke
.set_channels which results in the following call chain.
am65_cpsw_set_channels()
am65_cpsw_nuss_update_tx_rx_chns()
am65_cpsw_nuss_remove_tx_chns()
am65_cpsw_nuss_init_tx_chns()
At this point if am65_cpsw_nuss_init_tx_chns() fails due to
k3_udma_glue_tx_get_irq() then tx_chn->irq will be set to a
negative value.
Then, at subsequent .set_channels with higher channel count we
will attempt to free an invalid IRQ in am65_cpsw_nuss_remove_tx_chns()
leading to a kernel warning.
The issue is present in the original commit that introduced this driver,
although there, am65_cpsw_nuss_update_tx_rx_chns() existed as
am65_cpsw_nuss_update_tx_chns().
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 93a76530316a3d8cc2d82c3deca48424fee92100 Version: 93a76530316a3d8cc2d82c3deca48424fee92100 Version: 93a76530316a3d8cc2d82c3deca48424fee92100 Version: 93a76530316a3d8cc2d82c3deca48424fee92100 Version: 93a76530316a3d8cc2d82c3deca48424fee92100 Version: 93a76530316a3d8cc2d82c3deca48424fee92100 Version: 93a76530316a3d8cc2d82c3deca48424fee92100 |
|
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/ti/am65-cpsw-nuss.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "321990fdf4f1bb64e818c7140688bf33d129e48d",
"status": "affected",
"version": "93a76530316a3d8cc2d82c3deca48424fee92100",
"versionType": "git"
},
{
"lessThan": "ed8c0300f302338c36edb06bca99051e5be6fb2f",
"status": "affected",
"version": "93a76530316a3d8cc2d82c3deca48424fee92100",
"versionType": "git"
},
{
"lessThan": "aea5cca681d268f794fa2385f9ec26a5cce025cd",
"status": "affected",
"version": "93a76530316a3d8cc2d82c3deca48424fee92100",
"versionType": "git"
},
{
"lessThan": "88fd5db8c0073bd91d18391feb5741aeb0a2b475",
"status": "affected",
"version": "93a76530316a3d8cc2d82c3deca48424fee92100",
"versionType": "git"
},
{
"lessThan": "8448c87b3af68bebca21e3136913f7f77e363515",
"status": "affected",
"version": "93a76530316a3d8cc2d82c3deca48424fee92100",
"versionType": "git"
},
{
"lessThan": "8aae91ae1c65782a169ec070e023d4d269e5d6e6",
"status": "affected",
"version": "93a76530316a3d8cc2d82c3deca48424fee92100",
"versionType": "git"
},
{
"lessThan": "4395a44acb15850e492dd1de9ec4b6479d96bc80",
"status": "affected",
"version": "93a76530316a3d8cc2d82c3deca48424fee92100",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/ti/am65-cpsw-nuss.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.76",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.13",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.2",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()\n\nWhen getting the IRQ we use k3_udma_glue_tx_get_irq() which returns\nnegative error value on error. So not NULL check is not sufficient\nto deteremine if IRQ is valid. Check that IRQ is greater then zero\nto ensure it is valid.\n\nThere is no issue at probe time but at runtime user can invoke\n.set_channels which results in the following call chain.\nam65_cpsw_set_channels()\n am65_cpsw_nuss_update_tx_rx_chns()\n am65_cpsw_nuss_remove_tx_chns()\n am65_cpsw_nuss_init_tx_chns()\n\nAt this point if am65_cpsw_nuss_init_tx_chns() fails due to\nk3_udma_glue_tx_get_irq() then tx_chn-\u003eirq will be set to a\nnegative value.\n\nThen, at subsequent .set_channels with higher channel count we\nwill attempt to free an invalid IRQ in am65_cpsw_nuss_remove_tx_chns()\nleading to a kernel warning.\n\nThe issue is present in the original commit that introduced this driver,\nalthough there, am65_cpsw_nuss_update_tx_rx_chns() existed as\nam65_cpsw_nuss_update_tx_chns()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:21:28.563Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/321990fdf4f1bb64e818c7140688bf33d129e48d"
},
{
"url": "https://git.kernel.org/stable/c/ed8c0300f302338c36edb06bca99051e5be6fb2f"
},
{
"url": "https://git.kernel.org/stable/c/aea5cca681d268f794fa2385f9ec26a5cce025cd"
},
{
"url": "https://git.kernel.org/stable/c/88fd5db8c0073bd91d18391feb5741aeb0a2b475"
},
{
"url": "https://git.kernel.org/stable/c/8448c87b3af68bebca21e3136913f7f77e363515"
},
{
"url": "https://git.kernel.org/stable/c/8aae91ae1c65782a169ec070e023d4d269e5d6e6"
},
{
"url": "https://git.kernel.org/stable/c/4395a44acb15850e492dd1de9ec4b6479d96bc80"
}
],
"title": "net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21799",
"datePublished": "2025-02-27T20:00:54.223Z",
"dateReserved": "2024-12-29T08:45:45.770Z",
"dateUpdated": "2025-05-04T07:21:28.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-21799\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-02-27T20:16:02.563\",\"lastModified\":\"2025-03-13T13:15:55.610\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()\\n\\nWhen getting the IRQ we use k3_udma_glue_tx_get_irq() which returns\\nnegative error value on error. So not NULL check is not sufficient\\nto deteremine if IRQ is valid. Check that IRQ is greater then zero\\nto ensure it is valid.\\n\\nThere is no issue at probe time but at runtime user can invoke\\n.set_channels which results in the following call chain.\\nam65_cpsw_set_channels()\\n am65_cpsw_nuss_update_tx_rx_chns()\\n am65_cpsw_nuss_remove_tx_chns()\\n am65_cpsw_nuss_init_tx_chns()\\n\\nAt this point if am65_cpsw_nuss_init_tx_chns() fails due to\\nk3_udma_glue_tx_get_irq() then tx_chn-\u003eirq will be set to a\\nnegative value.\\n\\nThen, at subsequent .set_channels with higher channel count we\\nwill attempt to free an invalid IRQ in am65_cpsw_nuss_remove_tx_chns()\\nleading to a kernel warning.\\n\\nThe issue is present in the original commit that introduced this driver,\\nalthough there, am65_cpsw_nuss_update_tx_rx_chns() existed as\\nam65_cpsw_nuss_update_tx_chns().\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ethernet: ti: am65-cpsw: arreglo de liberaci\u00f3n de IRQ en am65_cpsw_nuss_remove_tx_chns() Al obtener la IRQ, usamos k3_udma_glue_tx_get_irq() que devuelve un valor de error negativo en caso de error. Por lo tanto, la comprobaci\u00f3n de que no sea NULL no es suficiente para determinar si la IRQ es v\u00e1lida. Compruebe que la IRQ sea mayor que cero para asegurarse de que sea v\u00e1lida. No hay ning\u00fan problema en el momento de la prueba, pero en el momento de la ejecuci\u00f3n, el usuario puede invocar .set_channels, lo que da como resultado la siguiente cadena de llamadas. am65_cpsw_set_channels() am65_cpsw_nuss_update_tx_rx_chns() am65_cpsw_nuss_remove_tx_chns() am65_cpsw_nuss_init_tx_chns() En este punto, si am65_cpsw_nuss_init_tx_chns() falla debido a k3_udma_glue_tx_get_irq(), tx_chn-\u0026gt;irq se establecer\u00e1 en un valor negativo. Luego, en los .set_channels posteriores con un mayor conteo de canales, intentaremos liberar una IRQ no v\u00e1lida en am65_cpsw_nuss_remove_tx_chns(), lo que generar\u00e1 una advertencia del kernel. El problema est\u00e1 presente en el commit original que introdujo este controlador, aunque all\u00ed, am65_cpsw_nuss_update_tx_rx_chns() exist\u00eda como am65_cpsw_nuss_update_tx_chns().\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/321990fdf4f1bb64e818c7140688bf33d129e48d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/4395a44acb15850e492dd1de9ec4b6479d96bc80\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8448c87b3af68bebca21e3136913f7f77e363515\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/88fd5db8c0073bd91d18391feb5741aeb0a2b475\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8aae91ae1c65782a169ec070e023d4d269e5d6e6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/aea5cca681d268f794fa2385f9ec26a5cce025cd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ed8c0300f302338c36edb06bca99051e5be6fb2f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
suse-su-2025:0955-1
Vulnerability from csaf_suse
Published
2025-03-19 16:11
Modified
2025-03-19 16:11
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).
- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).
- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).
- CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439).
- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).
- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).
- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).
- CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028).
- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).
- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).
- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).
- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).
- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).
- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).
- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).
- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).
- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).
- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113).
- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114).
- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115).
- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122).
- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123).
- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).
- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).
- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).
- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).
- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).
- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).
- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).
- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).
- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).
- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).
- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).
- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).
- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).
- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).
- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).
- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).
- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).
- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).
- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).
The following non-security bugs were fixed:
- acct: block access to kernel internal filesystems (git-fixes).
- acct: perform last write from workqueue (git-fixes).
- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).
- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).
- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).
- add nf_tables for iptables non-legacy network handling
- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).
- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).
- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).
- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).
- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).
- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).
- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).
- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).
- ALSA: seq: Make dependency on UMP clearer (git-fixes).
- ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes).
- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).
- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).
- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).
- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)
- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)
- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)
- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)
- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)
- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)
- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).
- ASoC: es8328: fix route from DAC to output (git-fixes).
- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).
- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).
- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).
- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).
- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).
- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).
- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).
- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).
- batman-adv: Drop unmanaged ELP metric worker (git-fixes).
- batman-adv: fix panic during interface removal (git-fixes).
- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).
- bio-integrity: do not restrict the size of integrity metadata (git-fixes).
- blk_iocost: remove some duplicate irq disable/enables (git-fixes).
- blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558).
- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).
- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).
- blk-mq: add number of queue calc helper (bsc#1236897).
- blk-mq: create correct map for fallback case (bsc#1236896).
- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).
- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).
- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).
- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).
- blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes).
- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).
- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).
- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).
- block: add a disk_has_partscan helper (git-fixes).
- block: add a partscan sysfs attribute for disks (git-fixes).
- block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes).
- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).
- block: change rq_integrity_vec to respect the iterator (git-fixes).
- block: Clear zone limits for a non-zoned stacked queue (git-fixes).
- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).
- block: ensure we hold a queue reference when using queue limits (git-fixes).
- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).
- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).
- block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes).
- block: fix integer overflow in BLKSECDISCARD (git-fixes).
- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).
- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).
- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).
- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).
- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).
- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).
- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).
- block: Provide bdev_open_* functions (git-fixes).
- block: Remove special-casing of compound pages (git-fixes).
- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).
- block: retry call probe after request_module in blk_request_module (git-fixes).
- block: return unsigned int from bdev_io_min (git-fixes).
- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).
- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).
- block: support to account io_ticks precisely (git-fixes).
- block: use the right type for stub rq_integrity_vec() (git-fixes).
- bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).
- bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).
- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).
- bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).
- bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).
- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).
- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).
- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).
- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).
- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).
- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).
- can: ctucanfd: handle skb allocation failure (git-fixes).
- can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes).
- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).
- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).
- cifs: commands that are retried should have replay flag set (bsc#1231432).
- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).
- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).
- cifs: helper function to check replayable error codes (bsc#1231432).
- cifs: new mount option called retrans (bsc#1231432).
- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).
- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).
- cifs: Remove intermediate object of failed create reparse call (git-fixes).
- cifs: update desired access while requesting for directory lease (git-fixes).
- cifs: update the same create_guid on replay (git-fixes).
- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).
- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).
- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).
- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).
- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).
- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).
- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).
- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).
- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).
- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).
- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).
- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).
- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).
- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).
- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).
- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).
- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).
- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).
- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).
- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).
- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).
- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).
- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).
- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).
- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).
- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).
- cxgb4: Avoid removal of uninserted tid (git-fixes).
- cxgb4: use port number to set mac addr (git-fixes).
- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).
- dlm: fix srcu_read_lock() return type to int (git-fixes).
- doc: update managed_irq documentation (bsc#1236897).
- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).
- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes).
- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).
- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).
- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).
- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).
- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).
- drm/amdkfd: only flush the validate MES contex (stable-fixes).
- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).
- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).
- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).
- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).
- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).
- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).
- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).
- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).
- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).
- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).
- drm/i915/selftests: avoid using uninitialized context (git-fixes).
- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).
- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)
- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).
- drm/msm: Avoid rounding up to one jiffy (git-fixes).
- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).
- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).
- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).
- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).
- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).
- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).
- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).
- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).
- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).
- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).
- drm/sched: Fix preprocessor guard (git-fixes).
- drm/virtio: New fence for every plane update (stable-fixes).
- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).
- efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes).
- eth: gve: use appropriate helper to set xdp_features (git-fixes).
- exfat: convert to ctime accessor functions (git-fixes).
- exfat: do not zero the extended part (bsc#1237356).
- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).
- exfat: fix file being changed by unaligned direct write (git-fixes).
- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).
- exfat: fix zero the unwritten part for dio read (git-fixes).
- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).
- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).
- Fix conditional for selecting gcc-13
- Fix conditional for selecting gcc-13.
- Fix memory-hotplug regression (bsc#1237504)
- futex: Do not include process MM in futex key on no-MMU (git-fixes).
- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).
- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).
- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).
- gpio: pca953x: Improve interrupt support (git-fixes).
- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).
- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).
- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).
- Grab mm lock before grabbing pt lock (git-fixes).
- gup: make the stack expansion warning a bit more targeted (bsc#1238214).
- hfs: Sanity check the root record (git-fixes).
- hid: hid-steam: Add Deck IMU support (stable-fixes).
- hid: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).
- hid: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).
- hid: hid-steam: Clean up locking (stable-fixes).
- hid: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).
- hid: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).
- hid: hid-steam: Fix cleanup in probe() (git-fixes).
- hid: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).
- hid: hid-steam: Move hidraw input (un)registering to work (git-fixes).
- hid: hid-steam: remove pointless error message (stable-fixes).
- hid: hid-steam: Update list of identifiers from SDL (stable-fixes).
- hid: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).
- hid: multitouch: Add NULL check in mt_input_configured (git-fixes).
- hid: Wacom: Add PCI Wacom device support (stable-fixes).
- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).
- i2c: ls2x: Fix frequency division register access (git-fixes).
- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).
- iavf: allow changing VLAN state without calling PF (git-fixes).
- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)
- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).
- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).
- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).
- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).
- ice: fix max values for dpll pin phase adjust (git-fixes).
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).
- ice: gather page_count()'s of each frag right before XDP prog call (git-fixes).
- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).
- ice: put Rx buffers after being done with current frame (git-fixes).
- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).
- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).
- ice: use internal pf id instead of function number (git-fixes).
- idpf: add read memory barrier when checking descriptor done bit (git-fixes).
- idpf: call set_real_num_queues in idpf_open (bsc#1236661).
- idpf: convert workqueues to unbound (git-fixes).
- idpf: fix handling rsc packet with a single segment (git-fixes).
- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).
- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).
- igc: return early when failing to read EECD register (git-fixes).
- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).
- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).
- Input: allocate keycode for phone linking (stable-fixes).
- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).
- kabi: fix bus type (bsc#1236896).
- kabi: fix group_cpus_evenly (bsc#1236897).
- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).
- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).
- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).
- kernel-source: Also replace bin/env
- kvm: arm64: Do not eagerly teardown the vgic on init error (git-fixes).
- kvm: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).
- kvm: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).
- kvm: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).
- kvm: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)
- kvm: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).
- kvm: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).
- kvm: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).
- kvm: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).
- kvm: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).
- kvm: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).
- kvm: VMX: Fix comment of handle_vmx_instruction() (git-fixes).
- kvm: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).
- kvm: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).
- kvm: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).
- kvm: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).
- kvm: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes).
- kvm: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).
- kvm: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).
- kvm: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).
- kvm: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes).
- kvm: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).
- kvm: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).
- kvm: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).
- kvm: x86/mmu: Skip the 'try unsync' path iff the old SPTE was a leaf SPTE (git-fixes).
- lib: stackinit: hide never-taken branch from compiler (stable-fixes).
- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).
- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).
- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).
- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).
- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).
- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).
- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).
- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).
- md: convert comma to semicolon (git-fixes).
- md: Do not flush sync_work in md_write_start() (git-fixes).
- md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes).
- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).
- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).
- md/md-cluster: fix spares warnings for __le64 (git-fixes).
- md/raid0: do not free conf on raid0_run failure (git-fixes).
- md/raid1: do not free conf on raid0_run failure (git-fixes).
- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).
- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).
- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).
- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).
- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).
- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).
- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).
- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)
- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).
- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).
- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).
- Move upstreamed ACPI patch into sorted section
- mptcp: export local_address (git-fixes)
- mptcp: fix data races on local_id (git-fixes)
- mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- mptcp: fix NL PM announced address accounting (git-fixes)
- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)
- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)
- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)
- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)
- mptcp: pm: deny endp with signal + subflow + port (git-fixes)
- mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes)
- mptcp: pm: do not try to create sf if alloc failed (git-fixes)
- mptcp: pm: fullmesh: select the right ID later (git-fixes)
- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)
- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)
- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)
- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)
- mptcp: pm: re-using ID of unused removed subflows (git-fixes)
- mptcp: pm: reduce indentation blocks (git-fixes)
- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)
- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)
- mptcp: unify pm get_local_id interfaces (git-fixes)
- mptcp: unify pm set_flags interfaces (git-fixes)
- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).
- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).
- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).
- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).
- nbd: do not allow reconnect after disconnect (git-fixes).
- nbd: Fix signal handling (git-fixes).
- nbd: Improve the documentation of the locking assumptions (git-fixes).
- net: avoid UAF on deleted altname (bsc#1233749).
- net: check for altname conflicts when changing netdev's netns (bsc#1233749).
- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).
- net: do not send a MOVE event when netdev changes netns (bsc#1233749).
- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).
- net: fix ifname in netlink ntf during netns move (bsc#1233749).
- net: fix removing a namespace with conflicting altnames (bsc#1233749).
- net: Fix undefined behavior in netdev name allocation (bsc#1233749).
- net: free altname using an RCU callback (bsc#1233749).
- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).
- net: move altnames together with the netdevice (bsc#1233749).
- net: reduce indentation of __dev_alloc_name() (bsc#1233749).
- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).
- net: remove else after return in dev_prep_valid_name() (bsc#1233749).
- net: rose: lock the socket in rose_bind() (git-fixes).
- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).
- net: smc: fix spurious error message from __sock_release() (bsc#1237126).
- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).
- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).
- net/mlx5: Correct TASR typo into TSAR (git-fixes).
- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).
- net/mlx5: Fix RDMA TX steering prio (git-fixes).
- net/mlx5: SF, Fix add port error handling (git-fixes).
- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).
- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).
- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).
- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).
- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).
- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).
- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).
- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).
- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).
- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).
- null_blk: fix validation of block size (git-fixes).
- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).
- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).
- nvme-fc: use ctrl state getter (git-fixes).
- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).
- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).
- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).
- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).
- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).
- nvme: make nvme_tls_attrs_group static (git-fixes).
- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- nvme: tcp: Fix compilation warning with W=1 (git-fixes).
- nvme/ioctl: add missing space in err message (git-fixes).
- nvmet: Fix crash when a namespace is disabled (git-fixes).
- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).
- packaging: Turn gcc version into config.sh variable.
- padata: Clean up in padata_do_multithreaded() (bsc#1237563).
- padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563).
- partitions: ldm: remove the initial kernel-doc notation (git-fixes).
- PCI: hookup irq_get_affinity callback (bsc#1236896).
- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).
- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).
- PCI: Use downstream bridges for distributing resources (bsc#1237325).
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).
- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).
- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).
- phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes).
- Pickup RXE code change introduced by upstream merge
- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).
- platform/x86: acer-wmi: Ignore AC events (stable-fixes).
- platform/x86: int3472: Check for adev == NULL (stable-fixes).
- platform/x86: ISST: Ignore minor version change (bsc#1237452).
- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).
- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).
- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).
- power: supply: da9150-fg: fix potential overflow (git-fixes).
- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).
- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).
- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).
- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).
- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932).
- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).
- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).
- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).
- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).
- rbd: do not move requests to the running list on errors (git-fixes).
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).
- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)
- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)
- RDMA/efa: Reset device on probe failure (git-fixes)
- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)
- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).
- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)
- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)
- RDMA/mlx5: Fix AH static rate parsing (git-fixes)
- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)
- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)
- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)
- RDMA/rxe: Improve newline in printing messages (git-fixes)
- regmap-irq: Add missing kfree() (git-fixes).
- Revert 'blk-throttle: Fix IO hang for a corner case' (git-fixes).
- Revert 'drm/amd/display: Use HW lock mgr for PSR1' (stable-fixes).
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205).
- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).
- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).
- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).
- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).
- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).
- s390/pci: Ignore RID for isolated VFs (bsc#1236752).
- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).
- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).
- s390/pci: Use topology ID for multi-function devices (bsc#1236752).
- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).
- s390/topology: Improve topology detection (bsc#1236591).
- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).
- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).
- scsi: core: Clear driver private data when retrying request (git-fixes).
- scsi: core: Do not retry I/Os during depopulation (git-fixes).
- scsi: core: Handle depopulation and restoration in progress (git-fixes).
- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).
- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).
- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).
- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).
- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).
- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).
- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).
- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).
- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).
- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).
- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).
- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).
- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).
- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).
- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).
- scsi: myrb: Remove dead code (git-fixes).
- scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).
- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).
- scsi: sg: Enable runtime power management (git-fixes).
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).
- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- selftest: hugetlb_dio: fix test naming (git-fixes).
- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).
- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).
- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).
- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).
- selftests: mptcp: connect: -f: no reconnect (git-fixes).
- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).
- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).
- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).
- serial: 8250: Fix fifo underflow on flush (git-fixes).
- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).
- smb: cached directories can be more than root file handle (bsc#1231432).
- smb: cilent: set reparse mount points as automounts (git-fixes).
- smb: client: add support for WSL reparse points (git-fixes).
- smb: client: allow creating special files via reparse points (git-fixes).
- smb: client: allow creating symlinks via reparse points (git-fixes).
- smb: client: cleanup smb2_query_reparse_point() (git-fixes).
- smb: client: do not query reparse points twice on symlinks (git-fixes).
- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).
- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).
- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).
- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).
- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).
- smb: client: fix hardlinking of reparse points (git-fixes).
- smb: client: Fix minor whitespace errors and warnings (git-fixes).
- smb: client: fix missing mode bits for SMB symlinks (git-fixes).
- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).
- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).
- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).
- smb: client: fix possible double free in smb2_set_ea() (git-fixes).
- smb: client: fix potential broken compound request (git-fixes).
- smb: client: fix renaming of reparse points (git-fixes).
- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).
- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).
- smb: client: handle path separator of created SMB symlinks (git-fixes).
- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).
- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).
- smb: client: ignore unhandled reparse tags (git-fixes).
- smb: client: implement ->query_reparse_point() for SMB1 (git-fixes).
- smb: client: instantiate when creating SFU files (git-fixes).
- smb: client: introduce ->parse_reparse_point() (git-fixes).
- smb: client: introduce cifs_sfu_make_node() (git-fixes).
- smb: client: introduce reparse mount option (git-fixes).
- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).
- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).
- smb: client: move most of reparse point handling code to common file (git-fixes).
- smb: client: move some params to cifs_open_info_data (bsc#1231432).
- smb: client: optimise reparse point querying (git-fixes).
- smb: client: parse owner/group when creating reparse points (git-fixes).
- smb: client: parse reparse point flag in create response (bsc#1231432).
- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).
- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).
- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).
- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).
- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).
- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).
- smb: client: retry compound request without reusing lease (git-fixes).
- smb: client: return reparse type in /proc/mounts (git-fixes).
- smb: client: reuse file lease key in compound operations (git-fixes).
- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).
- smb: client: set correct file type from NFS reparse points (git-fixes).
- smb: client: stop revalidating reparse points unnecessarily (git-fixes).
- smb: use kernel_connect() and kernel_bind() (git-fixes).
- smb3: fix creating FIFOs when mounting with 'sfu' mount option (git-fixes).
- smb3: request handle caching when caching directories (bsc#1231432).
- smb3: retrying on failed server close (bsc#1231432).
- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).
- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).
- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).
- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).
- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).
- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).
- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).
- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).
- spi: sn-f-ospi: Fix division by zero (git-fixes).
- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).
- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).
- tools: fix annoying 'mkdir -p ...' logs when building tools in parallel (git-fixes).
- ublk: fix error code for unsupported command (git-fixes).
- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).
- ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes).
- ublk: move zone report data out of request pdu (git-fixes).
- usb: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).
- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).
- usb: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).
- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).
- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).
- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).
- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).
- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).
- usb: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).
- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).
- usb: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).
- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).
- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).
- usb: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).
- usb: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).
- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).
- usb: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).
- usb: roles: set switch registered flag early on (git-fixes).
- usb: serial: option: add MeiG Smart SLM828 (stable-fixes).
- usb: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).
- usb: serial: option: drop MeiG Smart defines (stable-fixes).
- usb: serial: option: fix Telit Cinterion FN990A name (stable-fixes).
- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).
- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).
- usbnet: ipheth: document scope of NCM implementation (stable-fixes).
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- util_macros.h: fix/rework find_closest() macros (git-fixes).
- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).
- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).
- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- virtio: hookup irq_get_affinity callback (bsc#1236896).
- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).
- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).
- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).
- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).
- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).
- wifi: iwlwifi: avoid memory leak (stable-fixes).
- wifi: iwlwifi: limit printed string from FW file (git-fixes).
- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).
- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).
- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).
- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).
- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).
- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).
- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).
- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).
- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).
- x86/asm: Make serialize() always_inline (git-fixes).
- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).
- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).
- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).
- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
- xen/swiotlb: relax alignment requirements (git-fixes).
- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).
- zram: clear IDLE flag after recompression (git-fixes).
- zram: clear IDLE flag in mark_idle() (git-fixes).
- zram: do not mark idle slots that cannot be idle (git-fixes).
- zram: fix potential UAF of zram table (git-fixes).
- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).
- zram: refuse to use zero sized block device as backing device (git-fixes).
- zram: split memory-tracking and ac-time tracking (git-fixes).
Patchnames
SUSE-2025-955,SUSE-SLE-Module-Live-Patching-15-SP6-2025-955,SUSE-SLE-Module-RT-15-SP6-2025-955,openSUSE-SLE-15.6-2025-955
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).\n- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).\n- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).\n- CVE-2024-45010: mptcp: pm: only mark \u0027subflow\u0027 endp as available (bsc#1230439).\n- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).\n- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).\n- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).\n- CVE-2024-50142: xfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset (bsc#1233028).\n- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).\n- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).\n- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).\n- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).\n- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).\n- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).\n- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).\n- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).\n- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).\n- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).\n- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).\n- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy (bsc#1236113).\n- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current-\u003ensproxy (bsc#1236114).\n- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current-\u003ensproxy (bsc#1236115).\n- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current-\u003ensproxy (bsc#1236122).\n- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy (bsc#1236123).\n- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).\n- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).\n- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).\n- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).\n- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).\n- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).\n- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).\n- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).\n- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).\n- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).\n- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).\n- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).\n- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).\n- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).\n- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).\n- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).\n- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).\n- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).\n- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).\n- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).\n- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).\n- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).\n\nThe following non-security bugs were fixed:\n\n- acct: block access to kernel internal filesystems (git-fixes).\n- acct: perform last write from workqueue (git-fixes).\n- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).\n- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).\n- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).\n- add nf_tables for iptables non-legacy network handling \n- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).\n- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).\n- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).\n- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).\n- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).\n- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).\n- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).\n- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).\n- ALSA: seq: Make dependency on UMP clearer (git-fixes).\n- ALSA: seq: remove redundant \u0027tristate\u0027 for SND_SEQ_UMP_CLIENT (stable-fixes).\n- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).\n- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).\n- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).\n- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).\n- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)\n- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)\n- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)\n- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)\n- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)\n- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)\n- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).\n- ASoC: es8328: fix route from DAC to output (git-fixes).\n- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).\n- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).\n- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).\n- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).\n- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).\n- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).\n- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).\n- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).\n- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).\n- batman-adv: Drop unmanaged ELP metric worker (git-fixes).\n- batman-adv: fix panic during interface removal (git-fixes).\n- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).\n- bio-integrity: do not restrict the size of integrity metadata (git-fixes).\n- blk_iocost: remove some duplicate irq disable/enables (git-fixes).\n- blk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage (bsc#1237558).\n- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).\n- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).\n- blk-mq: add number of queue calc helper (bsc#1236897).\n- blk-mq: create correct map for fallback case (bsc#1236896).\n- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).\n- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).\n- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).\n- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).\n- blk-mq: move cpuhp callback registering out of q-\u003esysfs_lock (git-fixes).\n- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).\n- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).\n- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).\n- block: add a disk_has_partscan helper (git-fixes).\n- block: add a partscan sysfs attribute for disks (git-fixes).\n- block: add check of \u0027minors\u0027 and \u0027first_minor\u0027 in device_add_disk() (git-fixes).\n- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).\n- block: change rq_integrity_vec to respect the iterator (git-fixes).\n- block: Clear zone limits for a non-zoned stacked queue (git-fixes).\n- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).\n- block: ensure we hold a queue reference when using queue limits (git-fixes).\n- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).\n- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).\n- block: Fix elevator_get_default() checking for NULL q-\u003etag_set (git-fixes).\n- block: fix integer overflow in BLKSECDISCARD (git-fixes).\n- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).\n- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).\n- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).\n- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).\n- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).\n- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).\n- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).\n- block: Provide bdev_open_* functions (git-fixes).\n- block: Remove special-casing of compound pages (git-fixes).\n- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).\n- block: retry call probe after request_module in blk_request_module (git-fixes).\n- block: return unsigned int from bdev_io_min (git-fixes).\n- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).\n- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).\n- block: support to account io_ticks precisely (git-fixes).\n- block: use the right type for stub rq_integrity_vec() (git-fixes).\n- bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).\n- bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).\n- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).\n- bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).\n- bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).\n- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).\n- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).\n- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).\n- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).\n- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).\n- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).\n- can: ctucanfd: handle skb allocation failure (git-fixes).\n- can: etas_es58x: fix potential NULL pointer dereference on udev-\u003eserial (git-fixes).\n- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).\n- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).\n- cifs: commands that are retried should have replay flag set (bsc#1231432).\n- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).\n- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).\n- cifs: helper function to check replayable error codes (bsc#1231432).\n- cifs: new mount option called retrans (bsc#1231432).\n- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).\n- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).\n- cifs: Remove intermediate object of failed create reparse call (git-fixes).\n- cifs: update desired access while requesting for directory lease (git-fixes).\n- cifs: update the same create_guid on replay (git-fixes).\n- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).\n- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).\n- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).\n- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).\n- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).\n- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).\n- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).\n- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).\n- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).\n- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).\n- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).\n- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).\n- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).\n- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).\n- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).\n- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).\n- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).\n- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).\n- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).\n- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).\n- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).\n- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).\n- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).\n- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).\n- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).\n- cxgb4: Avoid removal of uninserted tid (git-fixes).\n- cxgb4: use port number to set mac addr (git-fixes).\n- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).\n- dlm: fix srcu_read_lock() return type to int (git-fixes).\n- doc: update managed_irq documentation (bsc#1236897).\n- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).\n- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).\n- drm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in resource_build_scaling_params (git-fixes).\n- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).\n- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).\n- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).\n- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).\n- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).\n- drm/amdkfd: only flush the validate MES contex (stable-fixes).\n- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).\n- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).\n- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).\n- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).\n- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).\n- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).\n- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).\n- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).\n- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).\n- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).\n- drm/i915/selftests: avoid using uninitialized context (git-fixes).\n- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).\n- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)\n- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).\n- drm/msm: Avoid rounding up to one jiffy (git-fixes).\n- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).\n- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).\n- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).\n- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).\n- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).\n- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).\n- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).\n- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).\n- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).\n- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).\n- drm/sched: Fix preprocessor guard (git-fixes).\n- drm/virtio: New fence for every plane update (stable-fixes).\n- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).\n- efi: libstub: Use \u0027-std=gnu11\u0027 to fix build with GCC 15 (stable-fixes).\n- eth: gve: use appropriate helper to set xdp_features (git-fixes).\n- exfat: convert to ctime accessor functions (git-fixes).\n- exfat: do not zero the extended part (bsc#1237356).\n- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).\n- exfat: fix file being changed by unaligned direct write (git-fixes).\n- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).\n- exfat: fix zero the unwritten part for dio read (git-fixes).\n- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).\n- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).\n- Fix conditional for selecting gcc-13 \n- Fix conditional for selecting gcc-13.\n- Fix memory-hotplug regression (bsc#1237504) \n- futex: Do not include process MM in futex key on no-MMU (git-fixes).\n- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).\n- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).\n- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).\n- gpio: pca953x: Improve interrupt support (git-fixes).\n- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).\n- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).\n- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).\n- Grab mm lock before grabbing pt lock (git-fixes).\n- gup: make the stack expansion warning a bit more targeted (bsc#1238214).\n- hfs: Sanity check the root record (git-fixes).\n- hid: hid-steam: Add Deck IMU support (stable-fixes).\n- hid: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).\n- hid: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).\n- hid: hid-steam: Clean up locking (stable-fixes).\n- hid: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).\n- hid: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).\n- hid: hid-steam: Fix cleanup in probe() (git-fixes).\n- hid: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).\n- hid: hid-steam: Move hidraw input (un)registering to work (git-fixes).\n- hid: hid-steam: remove pointless error message (stable-fixes).\n- hid: hid-steam: Update list of identifiers from SDL (stable-fixes).\n- hid: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).\n- hid: multitouch: Add NULL check in mt_input_configured (git-fixes).\n- hid: Wacom: Add PCI Wacom device support (stable-fixes).\n- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).\n- i2c: ls2x: Fix frequency division register access (git-fixes).\n- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).\n- iavf: allow changing VLAN state without calling PF (git-fixes).\n- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)\n- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).\n- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).\n- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).\n- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).\n- ice: fix max values for dpll pin phase adjust (git-fixes).\n- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).\n- ice: gather page_count()\u0027s of each frag right before XDP prog call (git-fixes).\n- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).\n- ice: put Rx buffers after being done with current frame (git-fixes).\n- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).\n- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).\n- ice: use internal pf id instead of function number (git-fixes).\n- idpf: add read memory barrier when checking descriptor done bit (git-fixes).\n- idpf: call set_real_num_queues in idpf_open (bsc#1236661).\n- idpf: convert workqueues to unbound (git-fixes).\n- idpf: fix handling rsc packet with a single segment (git-fixes).\n- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).\n- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).\n- igc: return early when failing to read EECD register (git-fixes).\n- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).\n- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).\n- Input: allocate keycode for phone linking (stable-fixes).\n- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).\n- kabi: fix bus type (bsc#1236896).\n- kabi: fix group_cpus_evenly (bsc#1236897).\n- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).\n- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).\n- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).\n- kernel-source: Also replace bin/env\n- kvm: arm64: Do not eagerly teardown the vgic on init error (git-fixes).\n- kvm: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).\n- kvm: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).\n- kvm: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).\n- kvm: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)\n- kvm: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).\n- kvm: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).\n- kvm: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).\n- kvm: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).\n- kvm: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).\n- kvm: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).\n- kvm: VMX: Fix comment of handle_vmx_instruction() (git-fixes).\n- kvm: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).\n- kvm: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).\n- kvm: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).\n- kvm: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).\n- kvm: x86: AMD\u0027s IBPB is not equivalent to Intel\u0027s IBPB (git-fixes).\n- kvm: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).\n- kvm: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).\n- kvm: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).\n- kvm: x86: Reject Hyper-V\u0027s SEND_IPI hypercalls if local APIC isn\u0027t in-kernel (git-fixes).\n- kvm: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).\n- kvm: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).\n- kvm: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).\n- kvm: x86/mmu: Skip the \u0027try unsync\u0027 path iff the old SPTE was a leaf SPTE (git-fixes).\n- lib: stackinit: hide never-taken branch from compiler (stable-fixes).\n- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).\n- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).\n- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).\n- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).\n- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).\n- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).\n- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).\n- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).\n- md: convert comma to semicolon (git-fixes).\n- md: Do not flush sync_work in md_write_start() (git-fixes).\n- md/md-bitmap: add \u0027sync_size\u0027 into struct md_bitmap_stats (git-fixes).\n- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).\n- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).\n- md/md-cluster: fix spares warnings for __le64 (git-fixes).\n- md/raid0: do not free conf on raid0_run failure (git-fixes).\n- md/raid1: do not free conf on raid0_run failure (git-fixes).\n- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).\n- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).\n- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).\n- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).\n- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).\n- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).\n- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).\n- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)\n- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).\n- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).\n- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).\n- Move upstreamed ACPI patch into sorted section\n- mptcp: export local_address (git-fixes)\n- mptcp: fix data races on local_id (git-fixes)\n- mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- mptcp: fix NL PM announced address accounting (git-fixes)\n- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)\n- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)\n- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)\n- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)\n- mptcp: pm: deny endp with signal + subflow + port (git-fixes)\n- mptcp: pm: do not ignore \u0027subflow\u0027 if \u0027signal\u0027 flag is also set (git-fixes)\n- mptcp: pm: do not try to create sf if alloc failed (git-fixes)\n- mptcp: pm: fullmesh: select the right ID later (git-fixes)\n- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)\n- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)\n- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)\n- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)\n- mptcp: pm: re-using ID of unused removed subflows (git-fixes)\n- mptcp: pm: reduce indentation blocks (git-fixes)\n- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)\n- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)\n- mptcp: unify pm get_local_id interfaces (git-fixes)\n- mptcp: unify pm set_flags interfaces (git-fixes)\n- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).\n- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).\n- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).\n- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).\n- nbd: do not allow reconnect after disconnect (git-fixes).\n- nbd: Fix signal handling (git-fixes).\n- nbd: Improve the documentation of the locking assumptions (git-fixes).\n- net: avoid UAF on deleted altname (bsc#1233749).\n- net: check for altname conflicts when changing netdev\u0027s netns (bsc#1233749).\n- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).\n- net: do not send a MOVE event when netdev changes netns (bsc#1233749).\n- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).\n- net: fix ifname in netlink ntf during netns move (bsc#1233749).\n- net: fix removing a namespace with conflicting altnames (bsc#1233749).\n- net: Fix undefined behavior in netdev name allocation (bsc#1233749).\n- net: free altname using an RCU callback (bsc#1233749).\n- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).\n- net: move altnames together with the netdevice (bsc#1233749).\n- net: reduce indentation of __dev_alloc_name() (bsc#1233749).\n- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).\n- net: remove else after return in dev_prep_valid_name() (bsc#1233749).\n- net: rose: lock the socket in rose_bind() (git-fixes).\n- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).\n- net: smc: fix spurious error message from __sock_release() (bsc#1237126).\n- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).\n- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).\n- net/mlx5: Correct TASR typo into TSAR (git-fixes).\n- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).\n- net/mlx5: Fix RDMA TX steering prio (git-fixes).\n- net/mlx5: SF, Fix add port error handling (git-fixes).\n- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).\n- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).\n- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).\n- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).\n- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).\n- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).\n- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).\n- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).\n- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).\n- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).\n- null_blk: fix validation of block size (git-fixes).\n- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).\n- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).\n- nvme-fc: use ctrl state getter (git-fixes).\n- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).\n- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).\n- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).\n- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).\n- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).\n- nvme: make nvme_tls_attrs_group static (git-fixes).\n- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- nvme: tcp: Fix compilation warning with W=1 (git-fixes).\n- nvme/ioctl: add missing space in err message (git-fixes).\n- nvmet: Fix crash when a namespace is disabled (git-fixes).\n- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).\n- packaging: Turn gcc version into config.sh variable. \n- padata: Clean up in padata_do_multithreaded() (bsc#1237563).\n- padata: Honor the caller\u0027s alignment in case of chunk_size 0 (bsc#1237563).\n- partitions: ldm: remove the initial kernel-doc notation (git-fixes).\n- PCI: hookup irq_get_affinity callback (bsc#1236896).\n- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).\n- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).\n- PCI: Use downstream bridges for distributing resources (bsc#1237325).\n- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).\n- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).\n- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).\n- phy: tegra: xusb: reset VBUS \u0026 ID OVERRIDE (git-fixes).\n- Pickup RXE code change introduced by upstream merge\n- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).\n- platform/x86: acer-wmi: Ignore AC events (stable-fixes).\n- platform/x86: int3472: Check for adev == NULL (stable-fixes).\n- platform/x86: ISST: Ignore minor version change (bsc#1237452).\n- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).\n- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).\n- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).\n- power: supply: da9150-fg: fix potential overflow (git-fixes).\n- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).\n- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).\n- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).\n- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).\n- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932).\n- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).\n- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).\n- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).\n- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).\n- rbd: do not move requests to the running list on errors (git-fixes).\n- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).\n- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)\n- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)\n- RDMA/efa: Reset device on probe failure (git-fixes)\n- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)\n- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).\n- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)\n- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)\n- RDMA/mlx5: Fix AH static rate parsing (git-fixes)\n- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)\n- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)\n- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)\n- RDMA/rxe: Improve newline in printing messages (git-fixes)\n- regmap-irq: Add missing kfree() (git-fixes).\n- Revert \u0027blk-throttle: Fix IO hang for a corner case\u0027 (git-fixes).\n- Revert \u0027drm/amd/display: Use HW lock mgr for PSR1\u0027 (stable-fixes).\n- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)\n- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)\n- s390/cio: rename bitmap_size() -\u003e idset_bitmap_size() (git-fixes bsc#1236205).\n- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).\n- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).\n- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).\n- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).\n- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).\n- s390/pci: Ignore RID for isolated VFs (bsc#1236752).\n- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).\n- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).\n- s390/pci: Use topology ID for multi-function devices (bsc#1236752).\n- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).\n- s390/topology: Improve topology detection (bsc#1236591).\n- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).\n- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).\n- scsi: core: Clear driver private data when retrying request (git-fixes).\n- scsi: core: Do not retry I/Os during depopulation (git-fixes).\n- scsi: core: Handle depopulation and restoration in progress (git-fixes).\n- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).\n- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).\n- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).\n- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).\n- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).\n- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).\n- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).\n- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).\n- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).\n- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).\n- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).\n- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).\n- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).\n- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).\n- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).\n- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).\n- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).\n- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).\n- scsi: myrb: Remove dead code (git-fixes).\n- scsi: qedi: Fix potential deadlock on \u0026qedi_percpu-\u003ep_work_lock (git-fixes).\n- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).\n- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).\n- scsi: sg: Enable runtime power management (git-fixes).\n- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).\n- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).\n- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).\n- scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- selftest: hugetlb_dio: fix test naming (git-fixes).\n- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).\n- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).\n- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).\n- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).\n- selftests: mptcp: connect: -f: no reconnect (git-fixes).\n- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).\n- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).\n- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).\n- serial: 8250: Fix fifo underflow on flush (git-fixes).\n- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).\n- smb: cached directories can be more than root file handle (bsc#1231432).\n- smb: cilent: set reparse mount points as automounts (git-fixes).\n- smb: client: add support for WSL reparse points (git-fixes).\n- smb: client: allow creating special files via reparse points (git-fixes).\n- smb: client: allow creating symlinks via reparse points (git-fixes).\n- smb: client: cleanup smb2_query_reparse_point() (git-fixes).\n- smb: client: do not query reparse points twice on symlinks (git-fixes).\n- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).\n- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).\n- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).\n- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).\n- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).\n- smb: client: fix hardlinking of reparse points (git-fixes).\n- smb: client: Fix minor whitespace errors and warnings (git-fixes).\n- smb: client: fix missing mode bits for SMB symlinks (git-fixes).\n- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).\n- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).\n- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).\n- smb: client: fix possible double free in smb2_set_ea() (git-fixes).\n- smb: client: fix potential broken compound request (git-fixes).\n- smb: client: fix renaming of reparse points (git-fixes).\n- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).\n- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).\n- smb: client: handle path separator of created SMB symlinks (git-fixes).\n- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).\n- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).\n- smb: client: ignore unhandled reparse tags (git-fixes).\n- smb: client: implement -\u003equery_reparse_point() for SMB1 (git-fixes).\n- smb: client: instantiate when creating SFU files (git-fixes).\n- smb: client: introduce -\u003eparse_reparse_point() (git-fixes).\n- smb: client: introduce cifs_sfu_make_node() (git-fixes).\n- smb: client: introduce reparse mount option (git-fixes).\n- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).\n- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).\n- smb: client: move most of reparse point handling code to common file (git-fixes).\n- smb: client: move some params to cifs_open_info_data (bsc#1231432).\n- smb: client: optimise reparse point querying (git-fixes).\n- smb: client: parse owner/group when creating reparse points (git-fixes).\n- smb: client: parse reparse point flag in create response (bsc#1231432).\n- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).\n- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).\n- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).\n- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).\n- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).\n- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).\n- smb: client: retry compound request without reusing lease (git-fixes).\n- smb: client: return reparse type in /proc/mounts (git-fixes).\n- smb: client: reuse file lease key in compound operations (git-fixes).\n- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).\n- smb: client: set correct file type from NFS reparse points (git-fixes).\n- smb: client: stop revalidating reparse points unnecessarily (git-fixes).\n- smb: use kernel_connect() and kernel_bind() (git-fixes).\n- smb3: fix creating FIFOs when mounting with \u0027sfu\u0027 mount option (git-fixes).\n- smb3: request handle caching when caching directories (bsc#1231432).\n- smb3: retrying on failed server close (bsc#1231432).\n- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).\n- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).\n- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).\n- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).\n- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).\n- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).\n- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).\n- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).\n- spi: sn-f-ospi: Fix division by zero (git-fixes).\n- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).\n- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).\n- tools: fix annoying \u0027mkdir -p ...\u0027 logs when building tools in parallel (git-fixes).\n- ublk: fix error code for unsupported command (git-fixes).\n- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).\n- ublk: move ublk_cancel_dev() out of ub-\u003emutex (git-fixes).\n- ublk: move zone report data out of request pdu (git-fixes).\n- usb: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).\n- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).\n- usb: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).\n- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).\n- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).\n- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).\n- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).\n- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).\n- usb: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).\n- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).\n- usb: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).\n- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).\n- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).\n- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).\n- usb: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).\n- usb: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).\n- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).\n- usb: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).\n- usb: roles: set switch registered flag early on (git-fixes).\n- usb: serial: option: add MeiG Smart SLM828 (stable-fixes).\n- usb: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).\n- usb: serial: option: drop MeiG Smart defines (stable-fixes).\n- usb: serial: option: fix Telit Cinterion FN990A name (stable-fixes).\n- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).\n- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).\n- usbnet: ipheth: document scope of NCM implementation (stable-fixes).\n- Use gcc-13 for build on SLE16 (jsc#PED-10028).\n- util_macros.h: fix/rework find_closest() macros (git-fixes).\n- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).\n- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).\n- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- virtio: hookup irq_get_affinity callback (bsc#1236896).\n- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).\n- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).\n- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).\n- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).\n- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).\n- wifi: iwlwifi: avoid memory leak (stable-fixes).\n- wifi: iwlwifi: limit printed string from FW file (git-fixes).\n- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).\n- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).\n- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).\n- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).\n- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).\n- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).\n- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).\n- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).\n- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).\n- x86/asm: Make serialize() always_inline (git-fixes).\n- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).\n- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).\n- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).\n- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).\n- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).\n- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).\n- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).\n- xen/swiotlb: relax alignment requirements (git-fixes).\n- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).\n- zram: clear IDLE flag after recompression (git-fixes).\n- zram: clear IDLE flag in mark_idle() (git-fixes).\n- zram: do not mark idle slots that cannot be idle (git-fixes).\n- zram: fix potential UAF of zram table (git-fixes).\n- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).\n- zram: refuse to use zero sized block device as backing device (git-fixes).\n- zram: split memory-tracking and ac-time tracking (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-955,SUSE-SLE-Module-Live-Patching-15-SP6-2025-955,SUSE-SLE-Module-RT-15-SP6-2025-955,openSUSE-SLE-15.6-2025-955",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0955-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0955-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250955-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0955-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020563.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1219367",
"url": "https://bugzilla.suse.com/1219367"
},
{
"category": "self",
"summary": "SUSE Bug 1222672",
"url": "https://bugzilla.suse.com/1222672"
},
{
"category": "self",
"summary": "SUSE Bug 1222803",
"url": "https://bugzilla.suse.com/1222803"
},
{
"category": "self",
"summary": "SUSE Bug 1225606",
"url": "https://bugzilla.suse.com/1225606"
},
{
"category": "self",
"summary": "SUSE Bug 1225742",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "self",
"summary": "SUSE Bug 1225981",
"url": "https://bugzilla.suse.com/1225981"
},
{
"category": "self",
"summary": "SUSE Bug 1227937",
"url": "https://bugzilla.suse.com/1227937"
},
{
"category": "self",
"summary": "SUSE Bug 1228521",
"url": "https://bugzilla.suse.com/1228521"
},
{
"category": "self",
"summary": "SUSE Bug 1230235",
"url": "https://bugzilla.suse.com/1230235"
},
{
"category": "self",
"summary": "SUSE Bug 1230438",
"url": "https://bugzilla.suse.com/1230438"
},
{
"category": "self",
"summary": "SUSE Bug 1230439",
"url": "https://bugzilla.suse.com/1230439"
},
{
"category": "self",
"summary": "SUSE Bug 1230497",
"url": "https://bugzilla.suse.com/1230497"
},
{
"category": "self",
"summary": "SUSE Bug 1231432",
"url": "https://bugzilla.suse.com/1231432"
},
{
"category": "self",
"summary": "SUSE Bug 1231912",
"url": "https://bugzilla.suse.com/1231912"
},
{
"category": "self",
"summary": "SUSE Bug 1231920",
"url": "https://bugzilla.suse.com/1231920"
},
{
"category": "self",
"summary": "SUSE Bug 1231949",
"url": "https://bugzilla.suse.com/1231949"
},
{
"category": "self",
"summary": "SUSE Bug 1232159",
"url": "https://bugzilla.suse.com/1232159"
},
{
"category": "self",
"summary": "SUSE Bug 1232198",
"url": "https://bugzilla.suse.com/1232198"
},
{
"category": "self",
"summary": "SUSE Bug 1232201",
"url": "https://bugzilla.suse.com/1232201"
},
{
"category": "self",
"summary": "SUSE Bug 1232299",
"url": "https://bugzilla.suse.com/1232299"
},
{
"category": "self",
"summary": "SUSE Bug 1232508",
"url": "https://bugzilla.suse.com/1232508"
},
{
"category": "self",
"summary": "SUSE Bug 1232520",
"url": "https://bugzilla.suse.com/1232520"
},
{
"category": "self",
"summary": "SUSE Bug 1232919",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "self",
"summary": "SUSE Bug 1233028",
"url": "https://bugzilla.suse.com/1233028"
},
{
"category": "self",
"summary": "SUSE Bug 1233109",
"url": "https://bugzilla.suse.com/1233109"
},
{
"category": "self",
"summary": "SUSE Bug 1233483",
"url": "https://bugzilla.suse.com/1233483"
},
{
"category": "self",
"summary": "SUSE Bug 1233749",
"url": "https://bugzilla.suse.com/1233749"
},
{
"category": "self",
"summary": "SUSE Bug 1234070",
"url": "https://bugzilla.suse.com/1234070"
},
{
"category": "self",
"summary": "SUSE Bug 1234853",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "self",
"summary": "SUSE Bug 1234857",
"url": "https://bugzilla.suse.com/1234857"
},
{
"category": "self",
"summary": "SUSE Bug 1234891",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "self",
"summary": "SUSE Bug 1234894",
"url": "https://bugzilla.suse.com/1234894"
},
{
"category": "self",
"summary": "SUSE Bug 1234895",
"url": "https://bugzilla.suse.com/1234895"
},
{
"category": "self",
"summary": "SUSE Bug 1234896",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "self",
"summary": "SUSE Bug 1234963",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "self",
"summary": "SUSE Bug 1235054",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "self",
"summary": "SUSE Bug 1235061",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "self",
"summary": "SUSE Bug 1235073",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "self",
"summary": "SUSE Bug 1235435",
"url": "https://bugzilla.suse.com/1235435"
},
{
"category": "self",
"summary": "SUSE Bug 1235485",
"url": "https://bugzilla.suse.com/1235485"
},
{
"category": "self",
"summary": "SUSE Bug 1235592",
"url": "https://bugzilla.suse.com/1235592"
},
{
"category": "self",
"summary": "SUSE Bug 1235599",
"url": "https://bugzilla.suse.com/1235599"
},
{
"category": "self",
"summary": "SUSE Bug 1235609",
"url": "https://bugzilla.suse.com/1235609"
},
{
"category": "self",
"summary": "SUSE Bug 1235932",
"url": "https://bugzilla.suse.com/1235932"
},
{
"category": "self",
"summary": "SUSE Bug 1235933",
"url": "https://bugzilla.suse.com/1235933"
},
{
"category": "self",
"summary": "SUSE Bug 1236113",
"url": "https://bugzilla.suse.com/1236113"
},
{
"category": "self",
"summary": "SUSE Bug 1236114",
"url": "https://bugzilla.suse.com/1236114"
},
{
"category": "self",
"summary": "SUSE Bug 1236115",
"url": "https://bugzilla.suse.com/1236115"
},
{
"category": "self",
"summary": "SUSE Bug 1236122",
"url": "https://bugzilla.suse.com/1236122"
},
{
"category": "self",
"summary": "SUSE Bug 1236123",
"url": "https://bugzilla.suse.com/1236123"
},
{
"category": "self",
"summary": "SUSE Bug 1236133",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "self",
"summary": "SUSE Bug 1236138",
"url": "https://bugzilla.suse.com/1236138"
},
{
"category": "self",
"summary": "SUSE Bug 1236199",
"url": "https://bugzilla.suse.com/1236199"
},
{
"category": "self",
"summary": "SUSE Bug 1236200",
"url": "https://bugzilla.suse.com/1236200"
},
{
"category": "self",
"summary": "SUSE Bug 1236203",
"url": "https://bugzilla.suse.com/1236203"
},
{
"category": "self",
"summary": "SUSE Bug 1236205",
"url": "https://bugzilla.suse.com/1236205"
},
{
"category": "self",
"summary": "SUSE Bug 1236573",
"url": "https://bugzilla.suse.com/1236573"
},
{
"category": "self",
"summary": "SUSE Bug 1236575",
"url": "https://bugzilla.suse.com/1236575"
},
{
"category": "self",
"summary": "SUSE Bug 1236576",
"url": "https://bugzilla.suse.com/1236576"
},
{
"category": "self",
"summary": "SUSE Bug 1236591",
"url": "https://bugzilla.suse.com/1236591"
},
{
"category": "self",
"summary": "SUSE Bug 1236661",
"url": "https://bugzilla.suse.com/1236661"
},
{
"category": "self",
"summary": "SUSE Bug 1236677",
"url": "https://bugzilla.suse.com/1236677"
},
{
"category": "self",
"summary": "SUSE Bug 1236681",
"url": "https://bugzilla.suse.com/1236681"
},
{
"category": "self",
"summary": "SUSE Bug 1236682",
"url": "https://bugzilla.suse.com/1236682"
},
{
"category": "self",
"summary": "SUSE Bug 1236684",
"url": "https://bugzilla.suse.com/1236684"
},
{
"category": "self",
"summary": "SUSE Bug 1236689",
"url": "https://bugzilla.suse.com/1236689"
},
{
"category": "self",
"summary": "SUSE Bug 1236700",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "self",
"summary": "SUSE Bug 1236702",
"url": "https://bugzilla.suse.com/1236702"
},
{
"category": "self",
"summary": "SUSE Bug 1236752",
"url": "https://bugzilla.suse.com/1236752"
},
{
"category": "self",
"summary": "SUSE Bug 1236759",
"url": "https://bugzilla.suse.com/1236759"
},
{
"category": "self",
"summary": "SUSE Bug 1236821",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "self",
"summary": "SUSE Bug 1236822",
"url": "https://bugzilla.suse.com/1236822"
},
{
"category": "self",
"summary": "SUSE Bug 1236896",
"url": "https://bugzilla.suse.com/1236896"
},
{
"category": "self",
"summary": "SUSE Bug 1236897",
"url": "https://bugzilla.suse.com/1236897"
},
{
"category": "self",
"summary": "SUSE Bug 1236952",
"url": "https://bugzilla.suse.com/1236952"
},
{
"category": "self",
"summary": "SUSE Bug 1236967",
"url": "https://bugzilla.suse.com/1236967"
},
{
"category": "self",
"summary": "SUSE Bug 1236994",
"url": "https://bugzilla.suse.com/1236994"
},
{
"category": "self",
"summary": "SUSE Bug 1237007",
"url": "https://bugzilla.suse.com/1237007"
},
{
"category": "self",
"summary": "SUSE Bug 1237017",
"url": "https://bugzilla.suse.com/1237017"
},
{
"category": "self",
"summary": "SUSE Bug 1237025",
"url": "https://bugzilla.suse.com/1237025"
},
{
"category": "self",
"summary": "SUSE Bug 1237028",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "self",
"summary": "SUSE Bug 1237045",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "self",
"summary": "SUSE Bug 1237126",
"url": "https://bugzilla.suse.com/1237126"
},
{
"category": "self",
"summary": "SUSE Bug 1237132",
"url": "https://bugzilla.suse.com/1237132"
},
{
"category": "self",
"summary": "SUSE Bug 1237139",
"url": "https://bugzilla.suse.com/1237139"
},
{
"category": "self",
"summary": "SUSE Bug 1237155",
"url": "https://bugzilla.suse.com/1237155"
},
{
"category": "self",
"summary": "SUSE Bug 1237158",
"url": "https://bugzilla.suse.com/1237158"
},
{
"category": "self",
"summary": "SUSE Bug 1237159",
"url": "https://bugzilla.suse.com/1237159"
},
{
"category": "self",
"summary": "SUSE Bug 1237232",
"url": "https://bugzilla.suse.com/1237232"
},
{
"category": "self",
"summary": "SUSE Bug 1237234",
"url": "https://bugzilla.suse.com/1237234"
},
{
"category": "self",
"summary": "SUSE Bug 1237325",
"url": "https://bugzilla.suse.com/1237325"
},
{
"category": "self",
"summary": "SUSE Bug 1237356",
"url": "https://bugzilla.suse.com/1237356"
},
{
"category": "self",
"summary": "SUSE Bug 1237415",
"url": "https://bugzilla.suse.com/1237415"
},
{
"category": "self",
"summary": "SUSE Bug 1237452",
"url": "https://bugzilla.suse.com/1237452"
},
{
"category": "self",
"summary": "SUSE Bug 1237504",
"url": "https://bugzilla.suse.com/1237504"
},
{
"category": "self",
"summary": "SUSE Bug 1237521",
"url": "https://bugzilla.suse.com/1237521"
},
{
"category": "self",
"summary": "SUSE Bug 1237558",
"url": "https://bugzilla.suse.com/1237558"
},
{
"category": "self",
"summary": "SUSE Bug 1237562",
"url": "https://bugzilla.suse.com/1237562"
},
{
"category": "self",
"summary": "SUSE Bug 1237563",
"url": "https://bugzilla.suse.com/1237563"
},
{
"category": "self",
"summary": "SUSE Bug 1237848",
"url": "https://bugzilla.suse.com/1237848"
},
{
"category": "self",
"summary": "SUSE Bug 1237849",
"url": "https://bugzilla.suse.com/1237849"
},
{
"category": "self",
"summary": "SUSE Bug 1237879",
"url": "https://bugzilla.suse.com/1237879"
},
{
"category": "self",
"summary": "SUSE Bug 1237889",
"url": "https://bugzilla.suse.com/1237889"
},
{
"category": "self",
"summary": "SUSE Bug 1237891",
"url": "https://bugzilla.suse.com/1237891"
},
{
"category": "self",
"summary": "SUSE Bug 1237901",
"url": "https://bugzilla.suse.com/1237901"
},
{
"category": "self",
"summary": "SUSE Bug 1237950",
"url": "https://bugzilla.suse.com/1237950"
},
{
"category": "self",
"summary": "SUSE Bug 1238214",
"url": "https://bugzilla.suse.com/1238214"
},
{
"category": "self",
"summary": "SUSE Bug 1238303",
"url": "https://bugzilla.suse.com/1238303"
},
{
"category": "self",
"summary": "SUSE Bug 1238347",
"url": "https://bugzilla.suse.com/1238347"
},
{
"category": "self",
"summary": "SUSE Bug 1238368",
"url": "https://bugzilla.suse.com/1238368"
},
{
"category": "self",
"summary": "SUSE Bug 1238509",
"url": "https://bugzilla.suse.com/1238509"
},
{
"category": "self",
"summary": "SUSE Bug 1238525",
"url": "https://bugzilla.suse.com/1238525"
},
{
"category": "self",
"summary": "SUSE Bug 1238570",
"url": "https://bugzilla.suse.com/1238570"
},
{
"category": "self",
"summary": "SUSE Bug 1238739",
"url": "https://bugzilla.suse.com/1238739"
},
{
"category": "self",
"summary": "SUSE Bug 1238751",
"url": "https://bugzilla.suse.com/1238751"
},
{
"category": "self",
"summary": "SUSE Bug 1238753",
"url": "https://bugzilla.suse.com/1238753"
},
{
"category": "self",
"summary": "SUSE Bug 1238759",
"url": "https://bugzilla.suse.com/1238759"
},
{
"category": "self",
"summary": "SUSE Bug 1238860",
"url": "https://bugzilla.suse.com/1238860"
},
{
"category": "self",
"summary": "SUSE Bug 1238863",
"url": "https://bugzilla.suse.com/1238863"
},
{
"category": "self",
"summary": "SUSE Bug 1238877",
"url": "https://bugzilla.suse.com/1238877"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52924 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52925 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26708 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26810 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45010 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47701 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49884 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49950 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50029 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50036 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50073 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50115 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50142 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50185 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50294 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50294/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53123 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53147 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53173 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53177 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53178 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53226 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53239 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56539 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56548 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56579 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56605 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56605/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56633 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56647 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56720 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57889 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57948 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21636 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21637 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21638 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21639 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21640 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21647 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21665 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21667 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21668 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21680 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21681 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21684 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21687 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21688 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21689 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21689/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21690 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21699 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21705 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21715 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21716 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21719 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21767 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21790 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21799 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21802 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21802/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-03-19T16:11:24Z",
"generator": {
"date": "2025-03-19T16:11:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0955-1",
"initial_release_date": "2025-03-19T16:11:24Z",
"revision_history": [
{
"date": "2025-03-19T16:11:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"product": {
"name": "kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"product_id": "kernel-devel-rt-6.4.0-150600.10.29.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"product": {
"name": "kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"product_id": "kernel-source-rt-6.4.0-150600.10.29.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"product_id": "cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"product_id": "dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"product_id": "gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "kernel-rt-6.4.0-150600.10.29.1.x86_64",
"product_id": "kernel-rt-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"product_id": "kernel-rt-devel-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"product_id": "kernel-rt-extra-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-6.4.0-150600.10.29.1.x86_64",
"product_id": "kernel-rt-livepatch-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"product_id": "kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"product_id": "kernel-rt-optional-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"product_id": "kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"product_id": "kernel-rt_debug-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"product_id": "kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"product_id": "kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"product_id": "kernel-syms-rt-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"product_id": "kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"product_id": "ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"product_id": "reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Real Time Module 15 SP6",
"product": {
"name": "SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-rt:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-6.4.0-150600.10.29.1.noarch as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch"
},
"product_reference": "kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-150600.10.29.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-rt-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.4.0-150600.10.29.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-6.4.0-150600.10.29.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-6.4.0-150600.10.29.1.noarch as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch"
},
"product_reference": "kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-rt-6.4.0-150600.10.29.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-6.4.0-150600.10.29.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch"
},
"product_reference": "kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-rt-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-extra-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-optional-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-6.4.0-150600.10.29.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch"
},
"product_reference": "kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-rt-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t skip expired elements during walk\n\nThere is an asymmetry between commit/abort and preparation phase if the\nfollowing conditions are met:\n\n1. set is a verdict map (\"1.2.3.4 : jump foo\")\n2. timeouts are enabled\n\nIn this case, following sequence is problematic:\n\n1. element E in set S refers to chain C\n2. userspace requests removal of set S\n3. kernel does a set walk to decrement chain-\u003euse count for all elements\n from preparation phase\n4. kernel does another set walk to remove elements from the commit phase\n (or another walk to do a chain-\u003euse increment for all elements from\n abort phase)\n\nIf E has already expired in 1), it will be ignored during list walk, so its use count\nwon\u0027t have been changed.\n\nThen, when set is culled, -\u003edestroy callback will zap the element via\nnf_tables_set_elem_destroy(), but this function is only safe for\nelements that have been deactivated earlier from the preparation phase:\nlack of earlier deactivate removes the element but leaks the chain use\ncount, which results in a WARN splat when the chain gets removed later,\nplus a leak of the nft_chain structure.\n\nUpdate pipapo_get() not to skip expired elements, otherwise flush\ncommand reports bogus ENOENT errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52924",
"url": "https://www.suse.com/security/cve/CVE-2023-52924"
},
{
"category": "external",
"summary": "SUSE Bug 1236821 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "external",
"summary": "SUSE Bug 1244630 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1244630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "important"
}
],
"title": "CVE-2023-52924"
},
{
"cve": "CVE-2023-52925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t fail inserts if duplicate has expired\n\nnftables selftests fail:\nrun-tests.sh testcases/sets/0044interval_overlap_0\nExpected: 0-2 . 0-3, got:\nW: [FAILED] ./testcases/sets/0044interval_overlap_0: got 1\n\nInsertion must ignore duplicate but expired entries.\n\nMoreover, there is a strange asymmetry in nft_pipapo_activate:\n\nIt refetches the current element, whereas the other -\u003eactivate callbacks\n(bitmap, hash, rhash, rbtree) use elem-\u003epriv.\nSame for .remove: other set implementations take elem-\u003epriv,\nnft_pipapo_remove fetches elem-\u003epriv, then does a relookup,\nremove this.\n\nI suspect this was the reason for the change that prompted the\nremoval of the expired check in pipapo_get() in the first place,\nbut skipping exired elements there makes no sense to me, this helper\nis used for normal get requests, insertions (duplicate check)\nand deactivate callback.\n\nIn first two cases expired elements must be skipped.\n\nFor -\u003edeactivate(), this gets called for DELSETELEM, so it\nseems to me that expired elements should be skipped as well, i.e.\ndelete request should fail with -ENOENT error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52925",
"url": "https://www.suse.com/security/cve/CVE-2023-52925"
},
{
"category": "external",
"summary": "SUSE Bug 1236822 for CVE-2023-52925",
"url": "https://bugzilla.suse.com/1236822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "important"
}
],
"title": "CVE-2023-52925"
},
{
"cve": "CVE-2024-26708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: really cope with fastopen race\n\nFastopen and PM-trigger subflow shutdown can race, as reported by\nsyzkaller.\n\nIn my first attempt to close such race, I missed the fact that\nthe subflow status can change again before the subflow_state_change\ncallback is invoked.\n\nAddress the issue additionally copying with all the states directly\nreachable from TCP_FIN_WAIT1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26708",
"url": "https://www.suse.com/security/cve/CVE-2024-26708"
},
{
"category": "external",
"summary": "SUSE Bug 1222672 for CVE-2024-26708",
"url": "https://bugzilla.suse.com/1222672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-26708"
},
{
"cve": "CVE-2024-26810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Lock external INTx masking ops\n\nMask operations through config space changes to DisINTx may race INTx\nconfiguration changes via ioctl. Create wrappers that add locking for\npaths outside of the core interrupt code.\n\nIn particular, irq_type is updated holding igate, therefore testing\nis_intx() requires holding igate. For example clearing DisINTx from\nconfig space can otherwise race changes of the interrupt configuration.\n\nThis aligns interfaces which may trigger the INTx eventfd into two\ncamps, one side serialized by igate and the other only enabled while\nINTx is configured. A subsequent patch introduces synchronization for\nthe latter flows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26810",
"url": "https://www.suse.com/security/cve/CVE-2024-26810"
},
{
"category": "external",
"summary": "SUSE Bug 1222803 for CVE-2024-26810",
"url": "https://bugzilla.suse.com/1222803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-26810"
},
{
"cve": "CVE-2024-40980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: replace spin_lock by raw_spin_lock\n\ntrace_drop_common() is called with preemption disabled, and it acquires\na spin_lock. This is problematic for RT kernels because spin_locks are\nsleeping locks in this configuration, which causes the following splat:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47\npreempt_count: 1, expected: 0\nRCU nest depth: 2, expected: 2\n5 locks held by rcuc/47/449:\n #0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210\n #1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130\n #2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210\n #3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70\n #4: ff1100086ee07520 (\u0026data-\u003elock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290\nirq event stamp: 139909\nhardirqs last enabled at (139908): [\u003cffffffffb1df2b33\u003e] _raw_spin_unlock_irqrestore+0x63/0x80\nhardirqs last disabled at (139909): [\u003cffffffffb19bd03d\u003e] trace_drop_common.constprop.0+0x26d/0x290\nsoftirqs last enabled at (139892): [\u003cffffffffb07a1083\u003e] __local_bh_enable_ip+0x103/0x170\nsoftirqs last disabled at (139898): [\u003cffffffffb0909b33\u003e] rcu_cpu_kthread+0x93/0x1f0\nPreemption disabled at:\n[\u003cffffffffb1de786b\u003e] rt_mutex_slowunlock+0xab/0x2e0\nCPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7\nHardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x8c/0xd0\n dump_stack+0x14/0x20\n __might_resched+0x21e/0x2f0\n rt_spin_lock+0x5e/0x130\n ? trace_drop_common.constprop.0+0xb5/0x290\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_drop_common.constprop.0+0xb5/0x290\n ? preempt_count_sub+0x1c/0xd0\n ? _raw_spin_unlock_irqrestore+0x4a/0x80\n ? __pfx_trace_drop_common.constprop.0+0x10/0x10\n ? rt_mutex_slowunlock+0x26a/0x2e0\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_rt_mutex_slowunlock+0x10/0x10\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_kfree_skb_hit+0x15/0x20\n trace_kfree_skb+0xe9/0x150\n kfree_skb_reason+0x7b/0x110\n skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_skb_queue_purge_reason.part.0+0x10/0x10\n ? mark_lock.part.0+0x8a/0x520\n...\n\ntrace_drop_common() also disables interrupts, but this is a minor issue\nbecause we could easily replace it with a local_lock.\n\nReplace the spin_lock with raw_spin_lock to avoid sleeping in atomic\ncontext.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40980",
"url": "https://www.suse.com/security/cve/CVE-2024-40980"
},
{
"category": "external",
"summary": "SUSE Bug 1227937 for CVE-2024-40980",
"url": "https://bugzilla.suse.com/1227937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-40980"
},
{
"cve": "CVE-2024-41055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: prevent derefencing NULL ptr in pfn_section_valid()\n\nCommit 5ec8e8ea8b77 (\"mm/sparsemem: fix race in accessing\nmemory_section-\u003eusage\") changed pfn_section_valid() to add a READ_ONCE()\ncall around \"ms-\u003eusage\" to fix a race with section_deactivate() where\nms-\u003eusage can be cleared. The READ_ONCE() call, by itself, is not enough\nto prevent NULL pointer dereference. We need to check its value before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41055",
"url": "https://www.suse.com/security/cve/CVE-2024-41055"
},
{
"category": "external",
"summary": "SUSE Bug 1228521 for CVE-2024-41055",
"url": "https://bugzilla.suse.com/1228521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-41055"
},
{
"cve": "CVE-2024-44974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44974",
"url": "https://www.suse.com/security/cve/CVE-2024-44974"
},
{
"category": "external",
"summary": "SUSE Bug 1230235 for CVE-2024-44974",
"url": "https://bugzilla.suse.com/1230235"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-44974"
},
{
"cve": "CVE-2024-45009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the \"remove single subflow\" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \u0027subflow\u0027 endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\u0027s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45009",
"url": "https://www.suse.com/security/cve/CVE-2024-45009"
},
{
"category": "external",
"summary": "SUSE Bug 1230438 for CVE-2024-45009",
"url": "https://bugzilla.suse.com/1230438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-45009"
},
{
"cve": "CVE-2024-45010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \u0027subflow\u0027 endp as available\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the \"remove single address\" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \u0027signal\u0027 endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\u0027subflow\u0027 endpoints, and here it is a \u0027signal\u0027 endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \u0027subflow\u0027 endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45010",
"url": "https://www.suse.com/security/cve/CVE-2024-45010"
},
{
"category": "external",
"summary": "SUSE Bug 1230439 for CVE-2024-45010",
"url": "https://bugzilla.suse.com/1230439"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-45010"
},
{
"cve": "CVE-2024-47701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid OOB when system.data xattr changes underneath the filesystem\n\nWhen looking up for an entry in an inlined directory, if e_value_offs is\nchanged underneath the filesystem by some change in the block device, it\nwill lead to an out-of-bounds access that KASAN detects as an UAF.\n\nEXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.\nloop0: detected capacity change from 2048 to 2047\n==================================================================\nBUG: KASAN: use-after-free in ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\nRead of size 1 at addr ffff88803e91130f by task syz-executor269/5103\n\nCPU: 0 UID: 0 PID: 5103 Comm: syz-executor269 Not tainted 6.11.0-rc4-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\n ext4_find_inline_entry+0x4be/0x5e0 fs/ext4/inline.c:1697\n __ext4_find_entry+0x2b4/0x1b30 fs/ext4/namei.c:1573\n ext4_lookup_entry fs/ext4/namei.c:1727 [inline]\n ext4_lookup+0x15f/0x750 fs/ext4/namei.c:1795\n lookup_one_qstr_excl+0x11f/0x260 fs/namei.c:1633\n filename_create+0x297/0x540 fs/namei.c:3980\n do_symlinkat+0xf9/0x3a0 fs/namei.c:4587\n __do_sys_symlinkat fs/namei.c:4610 [inline]\n __se_sys_symlinkat fs/namei.c:4607 [inline]\n __x64_sys_symlinkat+0x95/0xb0 fs/namei.c:4607\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f3e73ced469\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff4d40c258 EFLAGS: 00000246 ORIG_RAX: 000000000000010a\nRAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f3e73ced469\nRDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0\nRBP: 0000000000000000 R08: 00007fff4d40c290 R09: 00007fff4d40c290\nR10: 0023706f6f6c2f76 R11: 0000000000000246 R12: 00007fff4d40c27c\nR13: 0000000000000003 R14: 431bde82d7b634db R15: 00007fff4d40c2b0\n \u003c/TASK\u003e\n\nCalling ext4_xattr_ibody_find right after reading the inode with\next4_get_inode_loc will lead to a check of the validity of the xattrs,\navoiding this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47701",
"url": "https://www.suse.com/security/cve/CVE-2024-47701"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1231920 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1231920"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-47701"
},
{
"cve": "CVE-2024-49884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix slab-use-after-free in ext4_split_extent_at()\n\nWe hit the following use-after-free:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_split_extent_at+0xba8/0xcc0\nRead of size 2 at addr ffff88810548ed08 by task kworker/u20:0/40\nCPU: 0 PID: 40 Comm: kworker/u20:0 Not tainted 6.9.0-dirty #724\nCall Trace:\n \u003cTASK\u003e\n kasan_report+0x93/0xc0\n ext4_split_extent_at+0xba8/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nAllocated by task 40:\n __kmalloc_noprof+0x1ac/0x480\n ext4_find_extent+0xf3b/0x1e70\n ext4_ext_map_blocks+0x188/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nFreed by task 40:\n kfree+0xf1/0x2b0\n ext4_find_extent+0xa71/0x1e70\n ext4_ext_insert_extent+0xa22/0x3260\n ext4_split_extent_at+0x3ef/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n==================================================================\n\nThe flow of issue triggering is as follows:\n\next4_split_extent_at\n path = *ppath\n ext4_ext_insert_extent(ppath)\n ext4_ext_create_new_leaf(ppath)\n ext4_find_extent(orig_path)\n path = *orig_path\n read_extent_tree_block\n // return -ENOMEM or -EIO\n ext4_free_ext_path(path)\n kfree(path)\n *orig_path = NULL\n a. If err is -ENOMEM:\n ext4_ext_dirty(path + path-\u003ep_depth)\n // path use-after-free !!!\n b. If err is -EIO and we have EXT_DEBUG defined:\n ext4_ext_show_leaf(path)\n eh = path[depth].p_hdr\n // path also use-after-free !!!\n\nSo when trying to zeroout or fix the extent length, call ext4_find_extent()\nto update the path.\n\nIn addition we use *ppath directly as an ext4_ext_show_leaf() input to\navoid possible use-after-free when EXT_DEBUG is defined, and to avoid\nunnecessary path updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49884",
"url": "https://www.suse.com/security/cve/CVE-2024-49884"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232198 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1232198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-49884"
},
{
"cve": "CVE-2024-49950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49950"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix uaf in l2cap_connect\n\n[Syzbot reported]\nBUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\nRead of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nWorkqueue: hci2 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\n l2cap_connect_req net/bluetooth/l2cap_core.c:4080 [inline]\n l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline]\n l2cap_recv_frame+0xf0b/0x8eb0 net/bluetooth/l2cap_core.c:6825\n l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514\n hci_acldata_packet net/bluetooth/hci_core.c:3791 [inline]\n hci_rx_work+0xaab/0x1610 net/bluetooth/hci_core.c:4028\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n...\n\nFreed by task 5245:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579\n poison_slab_object+0xf7/0x160 mm/kasan/common.c:240\n __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2256 [inline]\n slab_free mm/slub.c:4477 [inline]\n kfree+0x12a/0x3b0 mm/slub.c:4598\n l2cap_conn_free net/bluetooth/l2cap_core.c:1810 [inline]\n kref_put include/linux/kref.h:65 [inline]\n l2cap_conn_put net/bluetooth/l2cap_core.c:1822 [inline]\n l2cap_conn_del+0x59d/0x730 net/bluetooth/l2cap_core.c:1802\n l2cap_connect_cfm+0x9e6/0xf80 net/bluetooth/l2cap_core.c:7241\n hci_connect_cfm include/net/bluetooth/hci_core.h:1960 [inline]\n hci_conn_failed+0x1c3/0x370 net/bluetooth/hci_conn.c:1265\n hci_abort_conn_sync+0x75a/0xb50 net/bluetooth/hci_sync.c:5583\n abort_conn_sync+0x197/0x360 net/bluetooth/hci_conn.c:2917\n hci_cmd_sync_work+0x1a4/0x410 net/bluetooth/hci_sync.c:328\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49950",
"url": "https://www.suse.com/security/cve/CVE-2024-49950"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232159 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1232159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-49950"
},
{
"cve": "CVE-2024-50029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50029"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync\n\nThis checks if the ACL connection remains valid as it could be destroyed\nwhile hci_enhanced_setup_sync is pending on cmd_sync leading to the\nfollowing trace:\n\nBUG: KASAN: slab-use-after-free in hci_enhanced_setup_sync+0x91b/0xa60\nRead of size 1 at addr ffff888002328ffd by task kworker/u5:2/37\n\nCPU: 0 UID: 0 PID: 37 Comm: kworker/u5:2 Not tainted 6.11.0-rc6-01300-g810be445d8d6 #7099\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ? hci_enhanced_setup_sync+0x91b/0xa60\n print_report+0x152/0x4c0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n ? __virt_addr_valid+0x1fa/0x420\n ? hci_enhanced_setup_sync+0x91b/0xa60\n kasan_report+0xda/0x1b0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n hci_enhanced_setup_sync+0x91b/0xa60\n ? __pfx_hci_enhanced_setup_sync+0x10/0x10\n ? __pfx___mutex_lock+0x10/0x10\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n ? __pfx_lock_acquire+0x10/0x10\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x167/0x240\n worker_thread+0x5b7/0xf60\n ? __kthread_parkme+0xac/0x1c0\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x293/0x360\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2f/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 34:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n __hci_conn_add+0x187/0x17d0\n hci_connect_sco+0x2e1/0xb90\n sco_sock_connect+0x2a2/0xb80\n __sys_connect+0x227/0x2a0\n __x64_sys_connect+0x6d/0xb0\n do_syscall_64+0x71/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 37:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x101/0x160\n kfree+0xd0/0x250\n device_release+0x9a/0x210\n kobject_put+0x151/0x280\n hci_conn_del+0x448/0xbf0\n hci_abort_conn_sync+0x46f/0x980\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n worker_thread+0x5b7/0xf60\n kthread+0x293/0x360\n ret_from_fork+0x2f/0x70\n ret_from_fork_asm+0x1a/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50029",
"url": "https://www.suse.com/security/cve/CVE-2024-50029"
},
{
"category": "external",
"summary": "SUSE Bug 1231949 for CVE-2024-50029",
"url": "https://bugzilla.suse.com/1231949"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-50029"
},
{
"cve": "CVE-2024-50036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not delay dst_entries_add() in dst_release()\n\ndst_entries_add() uses per-cpu data that might be freed at netns\ndismantle from ip6_route_net_exit() calling dst_entries_destroy()\n\nBefore ip6_route_net_exit() can be called, we release all\nthe dsts associated with this netns, via calls to dst_release(),\nwhich waits an rcu grace period before calling dst_destroy()\n\ndst_entries_add() use in dst_destroy() is racy, because\ndst_entries_destroy() could have been called already.\n\nDecrementing the number of dsts must happen sooner.\n\nNotes:\n\n1) in CONFIG_XFRM case, dst_destroy() can call\n dst_release_immediate(child), this might also cause UAF\n if the child does not have DST_NOCOUNT set.\n IPSEC maintainers might take a look and see how to address this.\n\n2) There is also discussion about removing this count of dst,\n which might happen in future kernels.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50036",
"url": "https://www.suse.com/security/cve/CVE-2024-50036"
},
{
"category": "external",
"summary": "SUSE Bug 1231912 for CVE-2024-50036",
"url": "https://bugzilla.suse.com/1231912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-50036"
},
{
"cve": "CVE-2024-50073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50073"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Fix use-after-free in gsm_cleanup_mux\n\nBUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0\ndrivers/tty/n_gsm.c:3160 [n_gsm]\nRead of size 8 at addr ffff88815fe99c00 by task poc/3379\nCPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56\nHardware name: VMware, Inc. VMware Virtual Platform/440BX\nDesktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n \u003cTASK\u003e\n gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]\n __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389\n update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500\n __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846\n __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107\n __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]\n ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195\n ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79\n __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338\n __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\nAllocated by task 65:\n gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]\n gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]\n gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]\n gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]\n tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391\n tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39\n flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445\n process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229\n worker_thread+0x3dc/0x950 kernel/workqueue.c:3391\n kthread+0x2a3/0x370 kernel/kthread.c:389\n ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257\n\nFreed by task 3367:\n kfree+0x126/0x420 mm/slub.c:4580\n gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\n[Analysis]\ngsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux\ncan be freed by multi threads through ioctl,which leads\nto the occurrence of uaf. Protect it by gsm tx lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50073",
"url": "https://www.suse.com/security/cve/CVE-2024-50073"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232520 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1232520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "important"
}
],
"title": "CVE-2024-50073"
},
{
"cve": "CVE-2024-50085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow\n\nSyzkaller reported this splat:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n Read of size 4 at addr ffff8880569ac858 by task syz.1.2799/14662\n\n CPU: 0 UID: 0 PID: 14662 Comm: syz.1.2799 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:914 [inline]\n mptcp_nl_remove_id_zero_address+0x305/0x4a0 net/mptcp/pm_netlink.c:1572\n mptcp_pm_nl_del_addr_doit+0x5c9/0x770 net/mptcp/pm_netlink.c:1603\n genl_family_rcv_msg_doit+0x202/0x2f0 net/netlink/genetlink.c:1115\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0x565/0x800 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x165/0x410 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg net/socket.c:744 [inline]\n ____sys_sendmsg+0x9ae/0xb40 net/socket.c:2607\n ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661\n __sys_sendmsg+0x117/0x1f0 net/socket.c:2690\n do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]\n __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386\n do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411\n entry_SYSENTER_compat_after_hwframe+0x84/0x8e\n RIP: 0023:0xf7fe4579\n Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 \u003c5d\u003e 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00\n RSP: 002b:00000000f574556c EFLAGS: 00000296 ORIG_RAX: 0000000000000172\n RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000020000140\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\n Allocated by task 5387:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kmalloc_noprof include/linux/slab.h:878 [inline]\n kzalloc_noprof include/linux/slab.h:1014 [inline]\n subflow_create_ctx+0x87/0x2a0 net/mptcp/subflow.c:1803\n subflow_ulp_init+0xc3/0x4d0 net/mptcp/subflow.c:1956\n __tcp_set_ulp net/ipv4/tcp_ulp.c:146 [inline]\n tcp_set_ulp+0x326/0x7f0 net/ipv4/tcp_ulp.c:167\n mptcp_subflow_create_socket+0x4ae/0x10a0 net/mptcp/subflow.c:1764\n __mptcp_subflow_connect+0x3cc/0x1490 net/mptcp/subflow.c:1592\n mptcp_pm_create_subflow_or_signal_addr+0xbda/0x23a0 net/mptcp/pm_netlink.c:642\n mptcp_pm_nl_fully_established net/mptcp/pm_netlink.c:650 [inline]\n mptcp_pm_nl_work+0x3a1/0x4f0 net/mptcp/pm_netlink.c:943\n mptcp_worker+0x15a/0x1240 net/mptcp/protocol.c:2777\n process_one_work+0x958/0x1b30 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/ke\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50085",
"url": "https://www.suse.com/security/cve/CVE-2024-50085"
},
{
"category": "external",
"summary": "SUSE Bug 1232508 for CVE-2024-50085",
"url": "https://bugzilla.suse.com/1232508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-50085"
},
{
"cve": "CVE-2024-50115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory\n\nIgnore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits\n4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn\u0027t\nenforce 32-byte alignment of nCR3.\n\nIn the absolute worst case scenario, failure to ignore bits 4:0 can result\nin an out-of-bounds read, e.g. if the target page is at the end of a\nmemslot, and the VMM isn\u0027t using guard pages.\n\nPer the APM:\n\n The CR3 register points to the base address of the page-directory-pointer\n table. The page-directory-pointer table is aligned on a 32-byte boundary,\n with the low 5 address bits 4:0 assumed to be 0.\n\nAnd the SDM\u0027s much more explicit:\n\n 4:0 Ignored\n\nNote, KVM gets this right when loading PDPTRs, it\u0027s only the nSVM flow\nthat is broken.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50115",
"url": "https://www.suse.com/security/cve/CVE-2024-50115"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232919 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "external",
"summary": "SUSE Bug 1233019 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1233019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "important"
}
],
"title": "CVE-2024-50115"
},
{
"cve": "CVE-2024-50142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset\n\nThis expands the validation introduced in commit 07bf7908950a (\"xfrm:\nValidate address prefix lengths in the xfrm selector.\")\n\nsyzbot created an SA with\n usersa.sel.family = AF_UNSPEC\n usersa.sel.prefixlen_s = 128\n usersa.family = AF_INET\n\nBecause of the AF_UNSPEC selector, verify_newsa_info doesn\u0027t put\nlimits on prefixlen_{s,d}. But then copy_from_user_state sets\nx-\u003esel.family to usersa.family (AF_INET). Do the same conversion in\nverify_newsa_info before validating prefixlen_{s,d}, since that\u0027s how\nprefixlen is going to be used later on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50142",
"url": "https://www.suse.com/security/cve/CVE-2024-50142"
},
{
"category": "external",
"summary": "SUSE Bug 1233028 for CVE-2024-50142",
"url": "https://bugzilla.suse.com/1233028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-50142"
},
{
"cve": "CVE-2024-50185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50185"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle consistently DSS corruption\n\nBugged peer implementation can send corrupted DSS options, consistently\nhitting a few warning in the data path. Use DEBUG_NET assertions, to\navoid the splat on some builds and handle consistently the error, dumping\nrelated MIBs and performing fallback and/or reset according to the\nsubflow type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50185",
"url": "https://www.suse.com/security/cve/CVE-2024-50185"
},
{
"category": "external",
"summary": "SUSE Bug 1233109 for CVE-2024-50185",
"url": "https://bugzilla.suse.com/1233109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-50185"
},
{
"cve": "CVE-2024-50294",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50294"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix missing locking causing hanging calls\n\nIf a call gets aborted (e.g. because kafs saw a signal) between it being\nqueued for connection and the I/O thread picking up the call, the abort\nwill be prioritised over the connection and it will be removed from\nlocal-\u003enew_client_calls by rxrpc_disconnect_client_call() without a lock\nbeing held. This may cause other calls on the list to disappear if a race\noccurs.\n\nFix this by taking the client_call_lock when removing a call from whatever\nlist its -\u003ewait_link happens to be on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50294",
"url": "https://www.suse.com/security/cve/CVE-2024-50294"
},
{
"category": "external",
"summary": "SUSE Bug 1233483 for CVE-2024-50294",
"url": "https://bugzilla.suse.com/1233483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-50294"
},
{
"cve": "CVE-2024-53123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: error out earlier on disconnect\n\nEric reported a division by zero splat in the MPTCP protocol:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainted\n6.12.0-rc5-syzkaller-00291-g05b92660cdfe #0\nHardware name: Google Google Compute Engine/Google Compute Engine,\nBIOS Google 09/13/2024\nRIP: 0010:__tcp_select_window+0x5b4/0x1310 net/ipv4/tcp_output.c:3163\nCode: f6 44 01 e3 89 df e8 9b 75 09 f8 44 39 f3 0f 8d 11 ff ff ff e8\n0d 74 09 f8 45 89 f4 e9 04 ff ff ff e8 00 74 09 f8 44 89 f0 99 \u003cf7\u003e 7c\n24 14 41 29 d6 45 89 f4 e9 ec fe ff ff e8 e8 73 09 f8 48 89\nRSP: 0018:ffffc900041f7930 EFLAGS: 00010293\nRAX: 0000000000017e67 RBX: 0000000000017e67 RCX: ffffffff8983314b\nRDX: 0000000000000000 RSI: ffffffff898331b0 RDI: 0000000000000004\nRBP: 00000000005d6000 R08: 0000000000000004 R09: 0000000000017e67\nR10: 0000000000003e80 R11: 0000000000000000 R12: 0000000000003e80\nR13: ffff888031d9b440 R14: 0000000000017e67 R15: 00000000002eb000\nFS: 00007feb5d7f16c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007feb5d8adbb8 CR3: 0000000074e4c000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n__tcp_cleanup_rbuf+0x3e7/0x4b0 net/ipv4/tcp.c:1493\nmptcp_rcv_space_adjust net/mptcp/protocol.c:2085 [inline]\nmptcp_recvmsg+0x2156/0x2600 net/mptcp/protocol.c:2289\ninet_recvmsg+0x469/0x6a0 net/ipv4/af_inet.c:885\nsock_recvmsg_nosec net/socket.c:1051 [inline]\nsock_recvmsg+0x1b2/0x250 net/socket.c:1073\n__sys_recvfrom+0x1a5/0x2e0 net/socket.c:2265\n__do_sys_recvfrom net/socket.c:2283 [inline]\n__se_sys_recvfrom net/socket.c:2279 [inline]\n__x64_sys_recvfrom+0xe0/0x1c0 net/socket.c:2279\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7feb5d857559\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d\n01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007feb5d7f1208 EFLAGS: 00000246 ORIG_RAX: 000000000000002d\nRAX: ffffffffffffffda RBX: 00007feb5d8e1318 RCX: 00007feb5d857559\nRDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 00007feb5d8e1310 R08: 0000000000000000 R09: ffffffff81000000\nR10: 0000000000000100 R11: 0000000000000246 R12: 00007feb5d8e131c\nR13: 00007feb5d8ae074 R14: 000000800000000e R15: 00000000fffffdef\n\nand provided a nice reproducer.\n\nThe root cause is the current bad handling of racing disconnect.\nAfter the blamed commit below, sk_wait_data() can return (with\nerror) with the underlying socket disconnected and a zero rcv_mss.\n\nCatch the error and return without performing any additional\noperations on the current socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53123",
"url": "https://www.suse.com/security/cve/CVE-2024-53123"
},
{
"category": "external",
"summary": "SUSE Bug 1234070 for CVE-2024-53123",
"url": "https://bugzilla.suse.com/1234070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-53123"
},
{
"cve": "CVE-2024-53147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix out-of-bounds access of directory entries\n\nIn the case of the directory size is greater than or equal to\nthe cluster size, if start_clu becomes an EOF cluster(an invalid\ncluster) due to file system corruption, then the directory entry\nwhere ei-\u003ehint_femp.eidx hint is outside the directory, resulting\nin an out-of-bounds access, which may cause further file system\ncorruption.\n\nThis commit adds a check for start_clu, if it is an invalid cluster,\nthe file or directory will be treated as empty.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53147",
"url": "https://www.suse.com/security/cve/CVE-2024-53147"
},
{
"category": "external",
"summary": "SUSE Bug 1234857 for CVE-2024-53147",
"url": "https://bugzilla.suse.com/1234857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-53147"
},
{
"cve": "CVE-2024-53173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.0: Fix a use-after-free problem in the asynchronous open()\n\nYang Erkun reports that when two threads are opening files at the same\ntime, and are forced to abort before a reply is seen, then the call to\nnfs_release_seqid() in nfs4_opendata_free() can result in a\nuse-after-free of the pointer to the defunct rpc task of the other\nthread.\nThe fix is to ensure that if the RPC call is aborted before the call to\nnfs_wait_on_sequence() is complete, then we must call nfs_release_seqid()\nin nfs4_open_release() before the rpc_task is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53173",
"url": "https://www.suse.com/security/cve/CVE-2024-53173"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234891 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "external",
"summary": "SUSE Bug 1234892 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "important"
}
],
"title": "CVE-2024-53173"
},
{
"cve": "CVE-2024-53176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53176"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: During unmount, ensure all cached dir instances drop their dentry\n\nThe unmount process (cifs_kill_sb() calling close_all_cached_dirs()) can\nrace with various cached directory operations, which ultimately results\nin dentries not being dropped and these kernel BUGs:\n\nBUG: Dentry ffff88814f37e358{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nVFS: Busy inodes after unmount of cifs (cifs)\n------------[ cut here ]------------\nkernel BUG at fs/super.c:661!\n\nThis happens when a cfid is in the process of being cleaned up when, and\nhas been removed from the cfids-\u003eentries list, including:\n\n- Receiving a lease break from the server\n- Server reconnection triggers invalidate_all_cached_dirs(), which\n removes all the cfids from the list\n- The laundromat thread decides to expire an old cfid.\n\nTo solve these problems, dropping the dentry is done in queued work done\nin a newly-added cfid_put_wq workqueue, and close_all_cached_dirs()\nflushes that workqueue after it drops all the dentries of which it\u0027s\naware. This is a global workqueue (rather than scoped to a mount), but\nthe queued work is minimal.\n\nThe final cleanup work for cleaning up a cfid is performed via work\nqueued in the serverclose_wq workqueue; this is done separate from\ndropping the dentries so that close_all_cached_dirs() doesn\u0027t block on\nany server operations.\n\nBoth of these queued works expect to invoked with a cfid reference and\na tcon reference to avoid those objects from being freed while the work\nis ongoing.\n\nWhile we\u0027re here, add proper locking to close_all_cached_dirs(), and\nlocking around the freeing of cfid-\u003edentry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53176",
"url": "https://www.suse.com/security/cve/CVE-2024-53176"
},
{
"category": "external",
"summary": "SUSE Bug 1234894 for CVE-2024-53176",
"url": "https://bugzilla.suse.com/1234894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-53176"
},
{
"cve": "CVE-2024-53177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: prevent use-after-free due to open_cached_dir error paths\n\nIf open_cached_dir() encounters an error parsing the lease from the\nserver, the error handling may race with receiving a lease break,\nresulting in open_cached_dir() freeing the cfid while the queued work is\npending.\n\nUpdate open_cached_dir() to drop refs rather than directly freeing the\ncfid.\n\nHave cached_dir_lease_break(), cfids_laundromat_worker(), and\ninvalidate_all_cached_dirs() clear has_lease immediately while still\nholding cfids-\u003ecfid_list_lock, and then use this to also simplify the\nreference counting in cfids_laundromat_worker() and\ninvalidate_all_cached_dirs().\n\nFixes this KASAN splat (which manually injects an error and lease break\nin open_cached_dir()):\n\n==================================================================\nBUG: KASAN: slab-use-after-free in smb2_cached_lease_break+0x27/0xb0\nRead of size 8 at addr ffff88811cc24c10 by task kworker/3:1/65\n\nCPU: 3 UID: 0 PID: 65 Comm: kworker/3:1 Not tainted 6.12.0-rc6-g255cf264e6e5-dirty #87\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nWorkqueue: cifsiod smb2_cached_lease_break\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x77/0xb0\n print_report+0xce/0x660\n kasan_report+0xd3/0x110\n smb2_cached_lease_break+0x27/0xb0\n process_one_work+0x50a/0xc50\n worker_thread+0x2ba/0x530\n kthread+0x17c/0x1c0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n open_cached_dir+0xa7d/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x51/0x70\n kfree+0x174/0x520\n open_cached_dir+0x97f/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nLast potentially related work creation:\n kasan_save_stack+0x33/0x60\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x32/0x100\n __queue_work+0x5c9/0x870\n queue_work_on+0x82/0x90\n open_cached_dir+0x1369/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe buggy address belongs to the object at ffff88811cc24c00\n which belongs to the cache kmalloc-1k of size 1024\nThe buggy address is located 16 bytes inside of\n freed 1024-byte region [ffff88811cc24c00, ffff88811cc25000)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53177",
"url": "https://www.suse.com/security/cve/CVE-2024-53177"
},
{
"category": "external",
"summary": "SUSE Bug 1234896 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "external",
"summary": "SUSE Bug 1235103 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1235103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "important"
}
],
"title": "CVE-2024-53177"
},
{
"cve": "CVE-2024-53178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53178"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: Don\u0027t leak cfid when reconnect races with open_cached_dir\n\nopen_cached_dir() may either race with the tcon reconnection even before\ncompound_send_recv() or directly trigger a reconnection via\nSMB2_open_init() or SMB_query_info_init().\n\nThe reconnection process invokes invalidate_all_cached_dirs() via\ncifs_mark_open_files_invalid(), which removes all cfids from the\ncfids-\u003eentries list but doesn\u0027t drop a ref if has_lease isn\u0027t true. This\nresults in the currently-being-constructed cfid not being on the list,\nbut still having a refcount of 2. It leaks if returned from\nopen_cached_dir().\n\nFix this by setting cfid-\u003ehas_lease when the ref is actually taken; the\ncfid will not be used by other threads until it has a valid time.\n\nAddresses these kmemleaks:\n\nunreferenced object 0xffff8881090c4000 (size 1024):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 32 bytes):\n 00 01 00 00 00 00 ad de 22 01 00 00 00 00 ad de ........\".......\n 00 ca 45 22 81 88 ff ff f8 dc 4f 04 81 88 ff ff ..E\"......O.....\n backtrace (crc 6f58c20f):\n [\u003cffffffff8b895a1e\u003e] __kmalloc_cache_noprof+0x2be/0x350\n [\u003cffffffff8bda06e3\u003e] open_cached_dir+0x993/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\nunreferenced object 0xffff8881044fdcf8 (size 8):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 8 bytes):\n 00 cc cc cc cc cc cc cc ........\n backtrace (crc 10c106a9):\n [\u003cffffffff8b89a3d3\u003e] __kmalloc_node_track_caller_noprof+0x363/0x480\n [\u003cffffffff8b7d7256\u003e] kstrdup+0x36/0x60\n [\u003cffffffff8bda0700\u003e] open_cached_dir+0x9b0/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAnd addresses these BUG splats when unmounting the SMB filesystem:\n\nBUG: Dentry ffff888140590ba0{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nWARNING: CPU: 3 PID: 3433 at fs/dcache.c:1536 umount_check+0xd0/0x100\nModules linked in:\nCPU: 3 UID: 0 PID: 3433 Comm: bash Not tainted 6.12.0-rc4-g850925a8133c-dirty #49\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nRIP: 0010:umount_check+0xd0/0x100\nCode: 8d 7c 24 40 e8 31 5a f4 ff 49 8b 54 24 40 41 56 49 89 e9 45 89 e8 48 89 d9 41 57 48 89 de 48 c7 c7 80 e7 db ac e8 f0 72 9a ff \u003c0f\u003e 0b 58 31 c0 5a 5b 5d 41 5c 41 5d 41 5e 41 5f e9 2b e5 5d 01 41\nRSP: 0018:ffff88811cc27978 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888140590ba0 RCX: ffffffffaaf20bae\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881f6fb6f40\nRBP: ffff8881462ec000 R08: 0000000000000001 R09: ffffed1023984ee3\nR10: ffff88811cc2771f R11: 00000000016cfcc0 R12: ffff888134383e08\nR13: 0000000000000002 R14: ffff8881462ec668 R15: ffffffffaceab4c0\nFS: 00007f23bfa98740(0000) GS:ffff8881f6f80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556de4a6f808 CR3: 0000000123c80000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n d_walk+0x6a/0x530\n shrink_dcache_for_umount+0x6a/0x200\n generic_shutdown_super+0x52/0x2a0\n kill_anon_super+0x22/0x40\n cifs_kill_sb+0x159/0x1e0\n deactivate_locked_super+0x66/0xe0\n cleanup_mnt+0x140/0x210\n task_work_run+0xfb/0x170\n syscall_exit_to_user_mode+0x29f/0x2b0\n do_syscall_64+0xa1/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f23bfb93ae7\nCode: ff ff ff ff c3 66 0f 1f 44 00 00 48 8b 0d 11 93 0d 00 f7 d8 64 89 01 b8 ff ff ff ff eb bf 0f 1f 44 00 00 b8 50 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d e9 92 0d 00 f7 d8 64 89 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53178",
"url": "https://www.suse.com/security/cve/CVE-2024-53178"
},
{
"category": "external",
"summary": "SUSE Bug 1234895 for CVE-2024-53178",
"url": "https://bugzilla.suse.com/1234895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-53178"
},
{
"cve": "CVE-2024-53226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53226"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()\n\nib_map_mr_sg() allows ULPs to specify NULL as the sg_offset argument.\nThe driver needs to check whether it is a NULL pointer before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53226",
"url": "https://www.suse.com/security/cve/CVE-2024-53226"
},
{
"category": "external",
"summary": "SUSE Bug 1236576 for CVE-2024-53226",
"url": "https://bugzilla.suse.com/1236576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-53226"
},
{
"cve": "CVE-2024-53239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: 6fire: Release resources at card release\n\nThe current 6fire code tries to release the resources right after the\ncall of usb6fire_chip_abort(). But at this moment, the card object\nmight be still in use (as we\u0027re calling snd_card_free_when_closed()).\n\nFor avoid potential UAFs, move the release of resources to the card\u0027s\nprivate_free instead of the manual call of usb6fire_chip_destroy() at\nthe USB disconnect callback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53239",
"url": "https://www.suse.com/security/cve/CVE-2024-53239"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235054 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "external",
"summary": "SUSE Bug 1235055 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "important"
}
],
"title": "CVE-2024-53239"
},
{
"cve": "CVE-2024-56539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()\n\nReplace one-element array with a flexible-array member in `struct\nmwifiex_ie_types_wildcard_ssid_params` to fix the following warning\non a MT8173 Chromebook (mt8173-elm-hana):\n\n[ 356.775250] ------------[ cut here ]------------\n[ 356.784543] memcpy: detected field-spanning write (size 6) of single field \"wildcard_ssid_tlv-\u003essid\" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1)\n[ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex]\n\nThe \"(size 6)\" above is exactly the length of the SSID of the network\nthis device was connected to. The source of the warning looks like:\n\n ssid_len = user_scan_in-\u003essid_list[i].ssid_len;\n [...]\n memcpy(wildcard_ssid_tlv-\u003essid,\n user_scan_in-\u003essid_list[i].ssid, ssid_len);\n\nThere is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this\nstruct, but it already didn\u0027t account for the size of the one-element\narray, so it doesn\u0027t need to be changed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56539",
"url": "https://www.suse.com/security/cve/CVE-2024-56539"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234963 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "external",
"summary": "SUSE Bug 1234964 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "important"
}
],
"title": "CVE-2024-56539"
},
{
"cve": "CVE-2024-56548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: don\u0027t query the device logical block size multiple times\n\nDevices block sizes may change. One of these cases is a loop device by\nusing ioctl LOOP_SET_BLOCK_SIZE.\n\nWhile this may cause other issues like IO being rejected, in the case of\nhfsplus, it will allocate a block by using that size and potentially write\nout-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the\nlatter function reads a different io_size.\n\nUsing a new min_io_size initally set to sb_min_blocksize works for the\npurposes of the original fix, since it will be set to the max between\nHFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the\nmax between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not\ninitialized.\n\nTested by mounting an hfsplus filesystem with loop block sizes 512, 1024\nand 4096.\n\nThe produced KASAN report before the fix looks like this:\n\n[ 419.944641] ==================================================================\n[ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a\n[ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678\n[ 419.947612]\n[ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84\n[ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 419.950035] Call Trace:\n[ 419.950384] \u003cTASK\u003e\n[ 419.950676] dump_stack_lvl+0x57/0x78\n[ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.951830] print_report+0x14c/0x49e\n[ 419.952361] ? __virt_addr_valid+0x267/0x278\n[ 419.952979] ? kmem_cache_debug_flags+0xc/0x1d\n[ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.954231] kasan_report+0x89/0xb0\n[ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955367] hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10\n[ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9\n[ 419.957214] ? _raw_spin_unlock+0x1a/0x2e\n[ 419.957772] hfsplus_fill_super+0x348/0x1590\n[ 419.958355] ? hlock_class+0x4c/0x109\n[ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.959499] ? __pfx_string+0x10/0x10\n[ 419.960006] ? lock_acquire+0x3e2/0x454\n[ 419.960532] ? bdev_name.constprop.0+0xce/0x243\n[ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10\n[ 419.961799] ? pointer+0x3f0/0x62f\n[ 419.962277] ? __pfx_pointer+0x10/0x10\n[ 419.962761] ? vsnprintf+0x6c4/0xfba\n[ 419.963178] ? __pfx_vsnprintf+0x10/0x10\n[ 419.963621] ? setup_bdev_super+0x376/0x3b3\n[ 419.964029] ? snprintf+0x9d/0xd2\n[ 419.964344] ? __pfx_snprintf+0x10/0x10\n[ 419.964675] ? lock_acquired+0x45c/0x5e9\n[ 419.965016] ? set_blocksize+0x139/0x1c1\n[ 419.965381] ? sb_set_blocksize+0x6d/0xae\n[ 419.965742] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.966179] mount_bdev+0x12f/0x1bf\n[ 419.966512] ? __pfx_mount_bdev+0x10/0x10\n[ 419.966886] ? vfs_parse_fs_string+0xce/0x111\n[ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10\n[ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10\n[ 419.968073] legacy_get_tree+0x104/0x178\n[ 419.968414] vfs_get_tree+0x86/0x296\n[ 419.968751] path_mount+0xba3/0xd0b\n[ 419.969157] ? __pfx_path_mount+0x10/0x10\n[ 419.969594] ? kmem_cache_free+0x1e2/0x260\n[ 419.970311] do_mount+0x99/0xe0\n[ 419.970630] ? __pfx_do_mount+0x10/0x10\n[ 419.971008] __do_sys_mount+0x199/0x1c9\n[ 419.971397] do_syscall_64+0xd0/0x135\n[ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 419.972233] RIP: 0033:0x7c3cb812972e\n[ 419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48\n[ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5\n[ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e\n[ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI:\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56548",
"url": "https://www.suse.com/security/cve/CVE-2024-56548"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235073 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "external",
"summary": "SUSE Bug 1235074 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "important"
}
],
"title": "CVE-2024-56548"
},
{
"cve": "CVE-2024-56579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56579"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: amphion: Set video drvdata before register video device\n\nThe video drvdata should be set before the video device is registered,\notherwise video_drvdata() may return NULL in the open() file ops, and led\nto oops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56579",
"url": "https://www.suse.com/security/cve/CVE-2024-56579"
},
{
"category": "external",
"summary": "SUSE Bug 1236575 for CVE-2024-56579",
"url": "https://bugzilla.suse.com/1236575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-56579"
},
{
"cve": "CVE-2024-56605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56605"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()\n\nbt_sock_alloc() allocates the sk object and attaches it to the provided\nsock object. On error l2cap_sock_alloc() frees the sk object, but the\ndangling pointer is still attached to the sock object, which may create\nuse-after-free in other code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56605",
"url": "https://www.suse.com/security/cve/CVE-2024-56605"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235061 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "external",
"summary": "SUSE Bug 1235062 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "important"
}
],
"title": "CVE-2024-56605"
},
{
"cve": "CVE-2024-56633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg\n\nThe current sk memory accounting logic in __SK_REDIRECT is pre-uncharging\ntosend bytes, which is either msg-\u003esg.size or a smaller value apply_bytes.\n\nPotential problems with this strategy are as follows:\n\n- If the actual sent bytes are smaller than tosend, we need to charge some\n bytes back, as in line 487, which is okay but seems not clean.\n\n- When tosend is set to apply_bytes, as in line 417, and (ret \u003c 0), we may\n miss uncharging (msg-\u003esg.size - apply_bytes) bytes.\n\n[...]\n415 tosend = msg-\u003esg.size;\n416 if (psock-\u003eapply_bytes \u0026\u0026 psock-\u003eapply_bytes \u003c tosend)\n417 tosend = psock-\u003eapply_bytes;\n[...]\n443 sk_msg_return(sk, msg, tosend);\n444 release_sock(sk);\n446 origsize = msg-\u003esg.size;\n447 ret = tcp_bpf_sendmsg_redir(sk_redir, redir_ingress,\n448 msg, tosend, flags);\n449 sent = origsize - msg-\u003esg.size;\n[...]\n454 lock_sock(sk);\n455 if (unlikely(ret \u003c 0)) {\n456 int free = sk_msg_free_nocharge(sk, msg);\n458 if (!cork)\n459 *copied -= free;\n460 }\n[...]\n487 if (eval == __SK_REDIRECT)\n488 sk_mem_charge(sk, tosend - sent);\n[...]\n\nWhen running the selftest test_txmsg_redir_wait_sndmem with txmsg_apply,\nthe following warning will be reported:\n\n------------[ cut here ]------------\nWARNING: CPU: 6 PID: 57 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x190/0x1a0\nModules linked in:\nCPU: 6 UID: 0 PID: 57 Comm: kworker/6:0 Not tainted 6.12.0-rc1.bm.1-amd64+ #43\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nWorkqueue: events sk_psock_destroy\nRIP: 0010:inet_sock_destruct+0x190/0x1a0\nRSP: 0018:ffffad0a8021fe08 EFLAGS: 00010206\nRAX: 0000000000000011 RBX: ffff9aab4475b900 RCX: ffff9aab481a0800\nRDX: 0000000000000303 RSI: 0000000000000011 RDI: ffff9aab4475b900\nRBP: ffff9aab4475b990 R08: 0000000000000000 R09: ffff9aab40050ec0\nR10: 0000000000000000 R11: ffff9aae6fdb1d01 R12: ffff9aab49c60400\nR13: ffff9aab49c60598 R14: ffff9aab49c60598 R15: dead000000000100\nFS: 0000000000000000(0000) GS:ffff9aae6fd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffec7e47bd8 CR3: 00000001a1a1c004 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x89/0x130\n? inet_sock_destruct+0x190/0x1a0\n? report_bug+0xfc/0x1e0\n? handle_bug+0x5c/0xa0\n? exc_invalid_op+0x17/0x70\n? asm_exc_invalid_op+0x1a/0x20\n? inet_sock_destruct+0x190/0x1a0\n__sk_destruct+0x25/0x220\nsk_psock_destroy+0x2b2/0x310\nprocess_scheduled_works+0xa3/0x3e0\nworker_thread+0x117/0x240\n? __pfx_worker_thread+0x10/0x10\nkthread+0xcf/0x100\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x31/0x40\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\n\nIn __SK_REDIRECT, a more concise way is delaying the uncharging after sent\nbytes are finalized, and uncharge this value. When (ret \u003c 0), we shall\ninvoke sk_msg_free.\n\nSame thing happens in case __SK_DROP, when tosend is set to apply_bytes,\nwe may miss uncharging (msg-\u003esg.size - apply_bytes) bytes. The same\nwarning will be reported in selftest.\n\n[...]\n468 case __SK_DROP:\n469 default:\n470 sk_msg_free_partial(sk, msg, tosend);\n471 sk_msg_apply_bytes(psock, tosend);\n472 *copied -= (tosend + delta);\n473 return -EACCES;\n[...]\n\nSo instead of sk_msg_free_partial we can do sk_msg_free here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56633",
"url": "https://www.suse.com/security/cve/CVE-2024-56633"
},
{
"category": "external",
"summary": "SUSE Bug 1235485 for CVE-2024-56633",
"url": "https://bugzilla.suse.com/1235485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-56633"
},
{
"cve": "CVE-2024-56647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix icmp host relookup triggering ip_rt_bug\n\narp link failure may trigger ip_rt_bug while xfrm enabled, call trace is:\n\nWARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20\nModules linked in:\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:ip_rt_bug+0x14/0x20\nCall Trace:\n \u003cIRQ\u003e\n ip_send_skb+0x14/0x40\n __icmp_send+0x42d/0x6a0\n ipv4_link_failure+0xe2/0x1d0\n arp_error_report+0x3c/0x50\n neigh_invalidate+0x8d/0x100\n neigh_timer_handler+0x2e1/0x330\n call_timer_fn+0x21/0x120\n __run_timer_base.part.0+0x1c9/0x270\n run_timer_softirq+0x4c/0x80\n handle_softirqs+0xac/0x280\n irq_exit_rcu+0x62/0x80\n sysvec_apic_timer_interrupt+0x77/0x90\n\nThe script below reproduces this scenario:\nip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \\\n\tdir out priority 0 ptype main flag localok icmp\nip l a veth1 type veth\nip a a 192.168.141.111/24 dev veth0\nip l s veth0 up\nping 192.168.141.155 -c 1\n\nicmp_route_lookup() create input routes for locally generated packets\nwhile xfrm relookup ICMP traffic.Then it will set input route\n(dst-\u003eout = ip_rt_bug) to skb for DESTUNREACH.\n\nFor ICMP err triggered by locally generated packets, dst-\u003edev of output\nroute is loopback. Generally, xfrm relookup verification is not required\non loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1).\n\nSkip icmp relookup for locally generated packets to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56647",
"url": "https://www.suse.com/security/cve/CVE-2024-56647"
},
{
"category": "external",
"summary": "SUSE Bug 1235435 for CVE-2024-56647",
"url": "https://bugzilla.suse.com/1235435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-56647"
},
{
"cve": "CVE-2024-56720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56720"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Several fixes to bpf_msg_pop_data\n\nSeveral fixes to bpf_msg_pop_data,\n1. In sk_msg_shift_left, we should put_page\n2. if (len == 0), return early is better\n3. pop the entire sk_msg (last == msg-\u003esg.size) should be supported\n4. Fix for the value of variable \"a\"\n5. In sk_msg_shift_left, after shifting, i has already pointed to the next\nelement. Addtional sk_msg_iter_var_next may result in BUG.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56720",
"url": "https://www.suse.com/security/cve/CVE-2024-56720"
},
{
"category": "external",
"summary": "SUSE Bug 1235592 for CVE-2024-56720",
"url": "https://bugzilla.suse.com/1235592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-56720"
},
{
"cve": "CVE-2024-57889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking\n\nIf a device uses MCP23xxx IO expander to receive IRQs, the following\nbug can happen:\n\n BUG: sleeping function called from invalid context\n at kernel/locking/mutex.c:283\n in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ...\n preempt_count: 1, expected: 0\n ...\n Call Trace:\n ...\n __might_resched+0x104/0x10e\n __might_sleep+0x3e/0x62\n mutex_lock+0x20/0x4c\n regmap_lock_mutex+0x10/0x18\n regmap_update_bits_base+0x2c/0x66\n mcp23s08_irq_set_type+0x1ae/0x1d6\n __irq_set_trigger+0x56/0x172\n __setup_irq+0x1e6/0x646\n request_threaded_irq+0xb6/0x160\n ...\n\nWe observed the problem while experimenting with a touchscreen driver which\nused MCP23017 IO expander (I2C).\n\nThe regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from\nconcurrent accesses, which is the default for regmaps without .fast_io,\n.disable_locking, etc.\n\nmcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter\nlocks the mutex.\n\nHowever, __setup_irq() locks desc-\u003elock spinlock before calling these\nfunctions. As a result, the system tries to lock the mutex whole holding\nthe spinlock.\n\nIt seems, the internal regmap locks are not needed in this driver at all.\nmcp-\u003elock seems to protect the regmap from concurrent accesses already,\nexcept, probably, in mcp_pinconf_get/set.\n\nmcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under\nchip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes\nmcp-\u003elock and enables regmap caching, so that the potentially slow I2C\naccesses are deferred until chip_bus_unlock().\n\nThe accesses to the regmap from mcp23s08_probe_one() do not need additional\nlocking.\n\nIn all remaining places where the regmap is accessed, except\nmcp_pinconf_get/set(), the driver already takes mcp-\u003elock.\n\nThis patch adds locking in mcp_pinconf_get/set() and disables internal\nlocking in the regmap config. Among other things, it fixes the sleeping\nin atomic context described above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57889",
"url": "https://www.suse.com/security/cve/CVE-2024-57889"
},
{
"category": "external",
"summary": "SUSE Bug 1236573 for CVE-2024-57889",
"url": "https://bugzilla.suse.com/1236573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-57889"
},
{
"cve": "CVE-2024-57948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: check local interfaces before deleting sdata list\n\nsyzkaller reported a corrupted list in ieee802154_if_remove. [1]\n\nRemove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4\nhardware device from the system.\n\nCPU0\t\t\t\t\tCPU1\n====\t\t\t\t\t====\ngenl_family_rcv_msg_doit\t\tieee802154_unregister_hw\nieee802154_del_iface\t\t\tieee802154_remove_interfaces\nrdev_del_virtual_intf_deprecated\tlist_del(\u0026sdata-\u003elist)\nieee802154_if_remove\nlist_del_rcu\n\nThe net device has been unregistered, since the rcu grace period,\nunregistration must be run before ieee802154_if_remove.\n\nTo avoid this issue, add a check for local-\u003einterfaces before deleting\nsdata list.\n\n[1]\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 UID: 0 PID: 6277 Comm: syz-executor157 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:__list_del_entry_valid_or_report+0xf4/0x140 lib/list_debug.c:56\nCode: e8 a1 7e 00 07 90 0f 0b 48 c7 c7 e0 37 60 8c 4c 89 fe e8 8f 7e 00 07 90 0f 0b 48 c7 c7 40 38 60 8c 4c 89 fe e8 7d 7e 00 07 90 \u003c0f\u003e 0b 48 c7 c7 a0 38 60 8c 4c 89 fe e8 6b 7e 00 07 90 0f 0b 48 c7\nRSP: 0018:ffffc9000490f3d0 EFLAGS: 00010246\nRAX: 000000000000004e RBX: dead000000000122 RCX: d211eee56bb28d00\nRDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\nRBP: ffff88805b278dd8 R08: ffffffff8174a12c R09: 1ffffffff2852f0d\nR10: dffffc0000000000 R11: fffffbfff2852f0e R12: dffffc0000000000\nR13: dffffc0000000000 R14: dead000000000100 R15: ffff88805b278cc0\nFS: 0000555572f94380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000056262e4a3000 CR3: 0000000078496000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __list_del_entry_valid include/linux/list.h:124 [inline]\n __list_del_entry include/linux/list.h:215 [inline]\n list_del_rcu include/linux/rculist.h:157 [inline]\n ieee802154_if_remove+0x86/0x1e0 net/mac802154/iface.c:687\n rdev_del_virtual_intf_deprecated net/ieee802154/rdev-ops.h:24 [inline]\n ieee802154_del_iface+0x2c0/0x5c0 net/ieee802154/nl-phy.c:323\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:744\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2607\n ___sys_sendmsg net/socket.c:2661 [inline]\n __sys_sendmsg+0x292/0x380 net/socket.c:2690\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57948",
"url": "https://www.suse.com/security/cve/CVE-2024-57948"
},
{
"category": "external",
"summary": "SUSE Bug 1236677 for CVE-2024-57948",
"url": "https://bugzilla.suse.com/1236677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-57948"
},
{
"cve": "CVE-2024-57994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()\n\nJakub added a lockdep_assert_no_hardirq() check in __page_pool_put_page()\nto increase test coverage.\n\nsyzbot found a splat caused by hard irq blocking in\nptr_ring_resize_multiple() [1]\n\nAs current users of ptr_ring_resize_multiple() do not require\nhard irqs being masked, replace it to only block BH.\n\nRename helpers to better reflect they are safe against BH only.\n\n- ptr_ring_resize_multiple() to ptr_ring_resize_multiple_bh()\n- skb_array_resize_multiple() to skb_array_resize_multiple_bh()\n\n[1]\n\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 __page_pool_put_page net/core/page_pool.c:709 [inline]\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nModules linked in:\nCPU: 1 UID: 0 PID: 9150 Comm: syz.1.1052 Not tainted 6.11.0-rc3-syzkaller-00202-gf8669d7b5f5d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:__page_pool_put_page net/core/page_pool.c:709 [inline]\nRIP: 0010:page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nCode: 74 0e e8 7c aa fb f7 eb 43 e8 75 aa fb f7 eb 3c 65 8b 1d 38 a8 6a 76 31 ff 89 de e8 a3 ae fb f7 85 db 74 0b e8 5a aa fb f7 90 \u003c0f\u003e 0b 90 eb 1d 65 8b 1d 15 a8 6a 76 31 ff 89 de e8 84 ae fb f7 85\nRSP: 0018:ffffc9000bda6b58 EFLAGS: 00010083\nRAX: ffffffff8997e523 RBX: 0000000000000000 RCX: 0000000000040000\nRDX: ffffc9000fbd0000 RSI: 0000000000001842 RDI: 0000000000001843\nRBP: 0000000000000000 R08: ffffffff8997df2c R09: 1ffffd40003a000d\nR10: dffffc0000000000 R11: fffff940003a000e R12: ffffea0001d00040\nR13: ffff88802e8a4000 R14: dffffc0000000000 R15: 00000000ffffffff\nFS: 00007fb7aaf716c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fa15a0d4b72 CR3: 00000000561b0000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n tun_ptr_free drivers/net/tun.c:617 [inline]\n __ptr_ring_swap_queue include/linux/ptr_ring.h:571 [inline]\n ptr_ring_resize_multiple_noprof include/linux/ptr_ring.h:643 [inline]\n tun_queue_resize drivers/net/tun.c:3694 [inline]\n tun_device_event+0xaaf/0x1080 drivers/net/tun.c:3714\n notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93\n call_netdevice_notifiers_extack net/core/dev.c:2032 [inline]\n call_netdevice_notifiers net/core/dev.c:2046 [inline]\n dev_change_tx_queue_len+0x158/0x2a0 net/core/dev.c:9024\n do_setlink+0xff6/0x41f0 net/core/rtnetlink.c:2923\n rtnl_setlink+0x40d/0x5a0 net/core/rtnetlink.c:3201\n rtnetlink_rcv_msg+0x73f/0xcf0 net/core/rtnetlink.c:6647\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2550",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57994",
"url": "https://www.suse.com/security/cve/CVE-2024-57994"
},
{
"category": "external",
"summary": "SUSE Bug 1237901 for CVE-2024-57994",
"url": "https://bugzilla.suse.com/1237901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-57994"
},
{
"cve": "CVE-2025-21636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21636"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.probe_interval\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21636",
"url": "https://www.suse.com/security/cve/CVE-2025-21636"
},
{
"category": "external",
"summary": "SUSE Bug 1236113 for CVE-2025-21636",
"url": "https://bugzilla.suse.com/1236113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21636"
},
{
"cve": "CVE-2025-21637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21637"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: udp_port: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21637",
"url": "https://www.suse.com/security/cve/CVE-2025-21637"
},
{
"category": "external",
"summary": "SUSE Bug 1236114 for CVE-2025-21637",
"url": "https://bugzilla.suse.com/1236114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21637"
},
{
"cve": "CVE-2025-21638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: auth_enable: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21638",
"url": "https://www.suse.com/security/cve/CVE-2025-21638"
},
{
"category": "external",
"summary": "SUSE Bug 1236115 for CVE-2025-21638",
"url": "https://bugzilla.suse.com/1236115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21638"
},
{
"cve": "CVE-2025-21639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21639"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: rto_min/max: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.rto_min/max\u0027 is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21639",
"url": "https://www.suse.com/security/cve/CVE-2025-21639"
},
{
"category": "external",
"summary": "SUSE Bug 1236122 for CVE-2025-21639",
"url": "https://bugzilla.suse.com/1236122"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21639"
},
{
"cve": "CVE-2025-21640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.sctp_hmac_alg\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21640",
"url": "https://www.suse.com/security/cve/CVE-2025-21640"
},
{
"category": "external",
"summary": "SUSE Bug 1236123 for CVE-2025-21640",
"url": "https://bugzilla.suse.com/1236123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21640"
},
{
"cve": "CVE-2025-21647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: add bounds checks to host bulk flow fairness counts\n\nEven though we fixed a logic error in the commit cited below, syzbot\nstill managed to trigger an underflow of the per-host bulk flow\ncounters, leading to an out of bounds memory access.\n\nTo avoid any such logic errors causing out of bounds memory accesses,\nthis commit factors out all accesses to the per-host bulk flow counters\nto a series of helpers that perform bounds-checking before any\nincrements and decrements. This also has the benefit of improving\nreadability by moving the conditional checks for the flow mode into\nthese helpers, instead of having them spread out throughout the\ncode (which was the cause of the original logic error).\n\nAs part of this change, the flow quantum calculation is consolidated\ninto a helper function, which means that the dithering applied to the\nost load scaling is now applied both in the DRR rotation and when a\nsparse flow\u0027s quantum is first initiated. The only user-visible effect\nof this is that the maximum packet size that can be sent while a flow\nstays sparse will now vary with +/- one byte in some cases. This should\nnot make a noticeable difference in practice, and thus it\u0027s not worth\ncomplicating the code to preserve the old behaviour.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21647",
"url": "https://www.suse.com/security/cve/CVE-2025-21647"
},
{
"category": "external",
"summary": "SUSE Bug 1236133 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "external",
"summary": "SUSE Bug 1236134 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "important"
}
],
"title": "CVE-2025-21647"
},
{
"cve": "CVE-2025-21665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilemap: avoid truncating 64-bit offset to 32 bits\n\nOn 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a\n64-bit value to 32 bits, leading to a possible infinite loop when writing\nto an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21665",
"url": "https://www.suse.com/security/cve/CVE-2025-21665"
},
{
"category": "external",
"summary": "SUSE Bug 1236684 for CVE-2025-21665",
"url": "https://bugzilla.suse.com/1236684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21665"
},
{
"cve": "CVE-2025-21667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21667"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: avoid avoid truncating 64-bit offset to 32 bits\n\non 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a\n32-bit position due to folio_next_index() returning an unsigned long.\nThis could lead to an infinite loop when writing to an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21667",
"url": "https://www.suse.com/security/cve/CVE-2025-21667"
},
{
"category": "external",
"summary": "SUSE Bug 1236681 for CVE-2025-21667",
"url": "https://bugzilla.suse.com/1236681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21667"
},
{
"cve": "CVE-2025-21668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8mp-blk-ctrl: add missing loop break condition\n\nCurrently imx8mp_blk_ctrl_remove() will continue the for loop\nuntil an out-of-bounds exception occurs.\n\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : dev_pm_domain_detach+0x8/0x48\nlr : imx8mp_blk_ctrl_shutdown+0x58/0x90\nsp : ffffffc084f8bbf0\nx29: ffffffc084f8bbf0 x28: ffffff80daf32ac0 x27: 0000000000000000\nx26: ffffffc081658d78 x25: 0000000000000001 x24: ffffffc08201b028\nx23: ffffff80d0db9490 x22: ffffffc082340a78 x21: 00000000000005b0\nx20: ffffff80d19bc180 x19: 000000000000000a x18: ffffffffffffffff\nx17: ffffffc080a39e08 x16: ffffffc080a39c98 x15: 4f435f464f006c72\nx14: 0000000000000004 x13: ffffff80d0172110 x12: 0000000000000000\nx11: ffffff80d0537740 x10: ffffff80d05376c0 x9 : ffffffc0808ed2d8\nx8 : ffffffc084f8bab0 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : ffffff80d19b9420 x4 : fffffffe03466e60 x3 : 0000000080800077\nx2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000000\nCall trace:\n dev_pm_domain_detach+0x8/0x48\n platform_shutdown+0x2c/0x48\n device_shutdown+0x158/0x268\n kernel_restart_prepare+0x40/0x58\n kernel_kexec+0x58/0xe8\n __do_sys_reboot+0x198/0x258\n __arm64_sys_reboot+0x2c/0x40\n invoke_syscall+0x5c/0x138\n el0_svc_common.constprop.0+0x48/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x38/0xc8\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x190/0x198\nCode: 8128c2d0 ffffffc0 aa1e03e9 d503201f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21668",
"url": "https://www.suse.com/security/cve/CVE-2025-21668"
},
{
"category": "external",
"summary": "SUSE Bug 1236682 for CVE-2025-21668",
"url": "https://bugzilla.suse.com/1236682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21668"
},
{
"cve": "CVE-2025-21673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double free of TCP_Server_Info::hostname\n\nWhen shutting down the server in cifs_put_tcp_session(), cifsd thread\nmight be reconnecting to multiple DFS targets before it realizes it\nshould exit the loop, so @server-\u003ehostname can\u0027t be freed as long as\ncifsd thread isn\u0027t done. Otherwise the following can happen:\n\n RIP: 0010:__slab_free+0x223/0x3c0\n Code: 5e 41 5f c3 cc cc cc cc 4c 89 de 4c 89 cf 44 89 44 24 08 4c 89\n 1c 24 e8 fb cf 8e 00 44 8b 44 24 08 4c 8b 1c 24 e9 5f fe ff ff \u003c0f\u003e\n 0b 41 f7 45 08 00 0d 21 00 0f 85 2d ff ff ff e9 1f ff ff ff 80\n RSP: 0018:ffffb26180dbfd08 EFLAGS: 00010246\n RAX: ffff8ea34728e510 RBX: ffff8ea34728e500 RCX: 0000000000800068\n RDX: 0000000000800068 RSI: 0000000000000000 RDI: ffff8ea340042400\n RBP: ffffe112041ca380 R08: 0000000000000001 R09: 0000000000000000\n R10: 6170732e31303000 R11: 70726f632e786563 R12: ffff8ea34728e500\n R13: ffff8ea340042400 R14: ffff8ea34728e500 R15: 0000000000800068\n FS: 0000000000000000(0000) GS:ffff8ea66fd80000(0000)\n 000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ffc25376080 CR3: 000000012a2ba001 CR4:\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? show_trace_log_lvl+0x1c4/0x2df\n ? show_trace_log_lvl+0x1c4/0x2df\n ? __reconnect_target_unlocked+0x3e/0x160 [cifs]\n ? __die_body.cold+0x8/0xd\n ? die+0x2b/0x50\n ? do_trap+0xce/0x120\n ? __slab_free+0x223/0x3c0\n ? do_error_trap+0x65/0x80\n ? __slab_free+0x223/0x3c0\n ? exc_invalid_op+0x4e/0x70\n ? __slab_free+0x223/0x3c0\n ? asm_exc_invalid_op+0x16/0x20\n ? __slab_free+0x223/0x3c0\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? __kmalloc+0x4b/0x140\n __reconnect_target_unlocked+0x3e/0x160 [cifs]\n reconnect_dfs_server+0x145/0x430 [cifs]\n cifs_handle_standard+0x1ad/0x1d0 [cifs]\n cifs_demultiplex_thread+0x592/0x730 [cifs]\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n kthread+0xdd/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x50\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21673",
"url": "https://www.suse.com/security/cve/CVE-2025-21673"
},
{
"category": "external",
"summary": "SUSE Bug 1236689 for CVE-2025-21673",
"url": "https://bugzilla.suse.com/1236689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21673"
},
{
"cve": "CVE-2025-21680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: Avoid out-of-bounds access in get_imix_entries\n\nPassing a sufficient amount of imix entries leads to invalid access to the\npkt_dev-\u003eimix_entries array because of the incorrect boundary check.\n\nUBSAN: array-index-out-of-bounds in net/core/pktgen.c:874:24\nindex 20 is out of range for type \u0027imix_pkt [20]\u0027\nCPU: 2 PID: 1210 Comm: bash Not tainted 6.10.0-rc1 #121\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl lib/dump_stack.c:117\n__ubsan_handle_out_of_bounds lib/ubsan.c:429\nget_imix_entries net/core/pktgen.c:874\npktgen_if_write net/core/pktgen.c:1063\npde_write fs/proc/inode.c:334\nproc_reg_write fs/proc/inode.c:346\nvfs_write fs/read_write.c:593\nksys_write fs/read_write.c:644\ndo_syscall_64 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe arch/x86/entry/entry_64.S:130\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[ fp: allow to fill the array completely; minor changelog cleanup ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21680",
"url": "https://www.suse.com/security/cve/CVE-2025-21680"
},
{
"category": "external",
"summary": "SUSE Bug 1236700 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "external",
"summary": "SUSE Bug 1236701 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "important"
}
],
"title": "CVE-2025-21680"
},
{
"cve": "CVE-2025-21681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: fix lockup on tx to unregistering netdev with carrier\n\nCommit in a fixes tag attempted to fix the issue in the following\nsequence of calls:\n\n do_output\n -\u003e ovs_vport_send\n -\u003e dev_queue_xmit\n -\u003e __dev_queue_xmit\n -\u003e netdev_core_pick_tx\n -\u003e skb_tx_hash\n\nWhen device is unregistering, the \u0027dev-\u003ereal_num_tx_queues\u0027 goes to\nzero and the \u0027while (unlikely(hash \u003e= qcount))\u0027 loop inside the\n\u0027skb_tx_hash\u0027 becomes infinite, locking up the core forever.\n\nBut unfortunately, checking just the carrier status is not enough to\nfix the issue, because some devices may still be in unregistering\nstate while reporting carrier status OK.\n\nOne example of such device is a net/dummy. It sets carrier ON\non start, but it doesn\u0027t implement .ndo_stop to set the carrier off.\nAnd it makes sense, because dummy doesn\u0027t really have a carrier.\nTherefore, while this device is unregistering, it\u0027s still easy to hit\nthe infinite loop in the skb_tx_hash() from the OVS datapath. There\nmight be other drivers that do the same, but dummy by itself is\nimportant for the OVS ecosystem, because it is frequently used as a\npacket sink for tcpdump while debugging OVS deployments. And when the\nissue is hit, the only way to recover is to reboot.\n\nFix that by also checking if the device is running. The running\nstate is handled by the net core during unregistering, so it covers\nunregistering case better, and we don\u0027t really need to send packets\nto devices that are not running anyway.\n\nWhile only checking the running state might be enough, the carrier\ncheck is preserved. The running and the carrier states seem disjoined\nthroughout the code and different drivers. And other core functions\nlike __dev_direct_xmit() check both before attempting to transmit\na packet. So, it seems safer to check both flags in OVS as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21681",
"url": "https://www.suse.com/security/cve/CVE-2025-21681"
},
{
"category": "external",
"summary": "SUSE Bug 1236702 for CVE-2025-21681",
"url": "https://bugzilla.suse.com/1236702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21681"
},
{
"cve": "CVE-2025-21684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21684"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: xilinx: Convert gpio_lock to raw spinlock\n\nirq_chip functions may be called in raw spinlock context. Therefore, we\nmust also use a raw spinlock for our own internal locking.\n\nThis fixes the following lockdep splat:\n\n[ 5.349336] =============================\n[ 5.353349] [ BUG: Invalid wait context ]\n[ 5.357361] 6.13.0-rc5+ #69 Tainted: G W\n[ 5.363031] -----------------------------\n[ 5.367045] kworker/u17:1/44 is trying to lock:\n[ 5.371587] ffffff88018b02c0 (\u0026chip-\u003egpio_lock){....}-{3:3}, at: xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.380079] other info that might help us debug this:\n[ 5.385138] context-{5:5}\n[ 5.387762] 5 locks held by kworker/u17:1/44:\n[ 5.392123] #0: ffffff8800014958 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3204)\n[ 5.402260] #1: ffffffc082fcbdd8 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3205)\n[ 5.411528] #2: ffffff880172c900 (\u0026dev-\u003emutex){....}-{4:4}, at: __device_attach (drivers/base/dd.c:1006)\n[ 5.419929] #3: ffffff88039c8268 (request_class#2){+.+.}-{4:4}, at: __setup_irq (kernel/irq/internals.h:156 kernel/irq/manage.c:1596)\n[ 5.428331] #4: ffffff88039c80c8 (lock_class#2){....}-{2:2}, at: __setup_irq (kernel/irq/manage.c:1614)\n[ 5.436472] stack backtrace:\n[ 5.439359] CPU: 2 UID: 0 PID: 44 Comm: kworker/u17:1 Tainted: G W 6.13.0-rc5+ #69\n[ 5.448690] Tainted: [W]=WARN\n[ 5.451656] Hardware name: xlnx,zynqmp (DT)\n[ 5.455845] Workqueue: events_unbound deferred_probe_work_func\n[ 5.461699] Call trace:\n[ 5.464147] show_stack+0x18/0x24 C\n[ 5.467821] dump_stack_lvl (lib/dump_stack.c:123)\n[ 5.471501] dump_stack (lib/dump_stack.c:130)\n[ 5.474824] __lock_acquire (kernel/locking/lockdep.c:4828 kernel/locking/lockdep.c:4898 kernel/locking/lockdep.c:5176)\n[ 5.478758] lock_acquire (arch/arm64/include/asm/percpu.h:40 kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851 kernel/locking/lockdep.c:5814)\n[ 5.482429] _raw_spin_lock_irqsave (include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\n[ 5.486797] xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.490737] irq_enable (kernel/irq/internals.h:236 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345)\n[ 5.494060] __irq_startup (kernel/irq/internals.h:241 kernel/irq/chip.c:180 kernel/irq/chip.c:250)\n[ 5.497645] irq_startup (kernel/irq/chip.c:270)\n[ 5.501143] __setup_irq (kernel/irq/manage.c:1807)\n[ 5.504728] request_threaded_irq (kernel/irq/manage.c:2208)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21684",
"url": "https://www.suse.com/security/cve/CVE-2025-21684"
},
{
"category": "external",
"summary": "SUSE Bug 1236952 for CVE-2025-21684",
"url": "https://bugzilla.suse.com/1236952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21684"
},
{
"cve": "CVE-2025-21687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/platform: check the bounds of read/write syscalls\n\ncount and offset are passed from user space and not checked, only\noffset is capped to 40 bits, which can be used to read/write out of\nbounds of the device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21687",
"url": "https://www.suse.com/security/cve/CVE-2025-21687"
},
{
"category": "external",
"summary": "SUSE Bug 1237045 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "external",
"summary": "SUSE Bug 1237046 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "important"
}
],
"title": "CVE-2025-21687"
},
{
"cve": "CVE-2025-21688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21688"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Assign job pointer to NULL before signaling the fence\n\nIn commit e4b5ccd392b9 (\"drm/v3d: Ensure job pointer is set to NULL\nafter job completion\"), we introduced a change to assign the job pointer\nto NULL after completing a job, indicating job completion.\n\nHowever, this approach created a race condition between the DRM\nscheduler workqueue and the IRQ execution thread. As soon as the fence is\nsignaled in the IRQ execution thread, a new job starts to be executed.\nThis results in a race condition where the IRQ execution thread sets the\njob pointer to NULL simultaneously as the `run_job()` function assigns\na new job to the pointer.\n\nThis race condition can lead to a NULL pointer dereference if the IRQ\nexecution thread sets the job pointer to NULL after `run_job()` assigns\nit to the new job. When the new job completes and the GPU emits an\ninterrupt, `v3d_irq()` is triggered, potentially causing a crash.\n\n[ 466.310099] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0\n[ 466.318928] Mem abort info:\n[ 466.321723] ESR = 0x0000000096000005\n[ 466.325479] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 466.330807] SET = 0, FnV = 0\n[ 466.333864] EA = 0, S1PTW = 0\n[ 466.337010] FSC = 0x05: level 1 translation fault\n[ 466.341900] Data abort info:\n[ 466.344783] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 466.350285] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 466.355350] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 466.360677] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000089772000\n[ 466.367140] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 466.375875] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[ 466.382163] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device algif_hash algif_skcipher af_alg bnep binfmt_misc vc4 snd_soc_hdmi_codec drm_display_helper cec brcmfmac_wcc spidev rpivid_hevc(C) drm_client_lib brcmfmac hci_uart drm_dma_helper pisp_be btbcm brcmutil snd_soc_core aes_ce_blk v4l2_mem2mem bluetooth aes_ce_cipher snd_compress videobuf2_dma_contig ghash_ce cfg80211 gf128mul snd_pcm_dmaengine videobuf2_memops ecdh_generic sha2_ce ecc videobuf2_v4l2 snd_pcm v3d sha256_arm64 rfkill videodev snd_timer sha1_ce libaes gpu_sched snd videobuf2_common sha1_generic drm_shmem_helper mc rp1_pio drm_kms_helper raspberrypi_hwmon spi_bcm2835 gpio_keys i2c_brcmstb rp1 raspberrypi_gpiomem rp1_mailbox rp1_adc nvmem_rmem uio_pdrv_genirq uio i2c_dev drm ledtrig_pattern drm_panel_orientation_quirks backlight fuse dm_mod ip_tables x_tables ipv6\n[ 466.458429] CPU: 0 UID: 1000 PID: 2008 Comm: chromium Tainted: G C 6.13.0-v8+ #18\n[ 466.467336] Tainted: [C]=CRAP\n[ 466.470306] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\n[ 466.476157] pstate: 404000c9 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 466.483143] pc : v3d_irq+0x118/0x2e0 [v3d]\n[ 466.487258] lr : __handle_irq_event_percpu+0x60/0x228\n[ 466.492327] sp : ffffffc080003ea0\n[ 466.495646] x29: ffffffc080003ea0 x28: ffffff80c0c94200 x27: 0000000000000000\n[ 466.502807] x26: ffffffd08dd81d7b x25: ffffff80c0c94200 x24: ffffff8003bdc200\n[ 466.509969] x23: 0000000000000001 x22: 00000000000000a7 x21: 0000000000000000\n[ 466.517130] x20: ffffff8041bb0000 x19: 0000000000000001 x18: 0000000000000000\n[ 466.524291] x17: ffffffafadfb0000 x16: ffffffc080000000 x15: 0000000000000000\n[ 466.531452] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 466.538613] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffffd08c527eb0\n[ 466.545777] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n[ 466.552941] x5 : ffffffd08c4100d0 x4 : ffffffafadfb0000 x3 : ffffffc080003f70\n[ 466.560102] x2 : ffffffc0829e8058 x1 : 0000000000000001 x0 : 0000000000000000\n[ 466.567263] Call trace:\n[ 466.569711] v3d_irq+0x118/0x2e0 [v3d] (P)\n[ 466.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21688",
"url": "https://www.suse.com/security/cve/CVE-2025-21688"
},
{
"category": "external",
"summary": "SUSE Bug 1237007 for CVE-2025-21688",
"url": "https://bugzilla.suse.com/1237007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21688"
},
{
"cve": "CVE-2025-21689",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21689"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()\n\nThis patch addresses a null-ptr-deref in qt2_process_read_urb() due to\nan incorrect bounds check in the following:\n\n if (newport \u003e serial-\u003enum_ports) {\n dev_err(\u0026port-\u003edev,\n \"%s - port change to invalid port: %i\\n\",\n __func__, newport);\n break;\n }\n\nThe condition doesn\u0027t account for the valid range of the serial-\u003eport\nbuffer, which is from 0 to serial-\u003enum_ports - 1. When newport is equal\nto serial-\u003enum_ports, the assignment of \"port\" in the\nfollowing code is out-of-bounds and NULL:\n\n serial_priv-\u003ecurrent_port = newport;\n port = serial-\u003eport[serial_priv-\u003ecurrent_port];\n\nThe fix checks if newport is greater than or equal to serial-\u003enum_ports\nindicating it is out-of-bounds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21689",
"url": "https://www.suse.com/security/cve/CVE-2025-21689"
},
{
"category": "external",
"summary": "SUSE Bug 1237017 for CVE-2025-21689",
"url": "https://bugzilla.suse.com/1237017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21689"
},
{
"cve": "CVE-2025-21690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21690"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Ratelimit warning logs to prevent VM denial of service\n\nIf there\u0027s a persistent error in the hypervisor, the SCSI warning for\nfailed I/O can flood the kernel log and max out CPU utilization,\npreventing troubleshooting from the VM side. Ratelimit the warning so\nit doesn\u0027t DoS the VM.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21690",
"url": "https://www.suse.com/security/cve/CVE-2025-21690"
},
{
"category": "external",
"summary": "SUSE Bug 1237025 for CVE-2025-21690",
"url": "https://bugzilla.suse.com/1237025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21690"
},
{
"cve": "CVE-2025-21692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan \u003cg1042620637@gmail.com\u003e found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [ 18.852298] ------------[ cut here ]------------\n [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [ 18.853743] index 18446744073709551615 is out of range for type \u0027ets_class [16]\u0027\n [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [ 18.856532] Call Trace:\n [ 18.857441] \u003cTASK\u003e\n [ 18.858227] dump_stack_lvl+0xc2/0xf0\n [ 18.859607] dump_stack+0x10/0x20\n [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0\n [ 18.864022] ets_class_change+0x3d6/0x3f0\n [ 18.864322] tc_ctl_tclass+0x251/0x910\n [ 18.864587] ? lock_acquire+0x5e/0x140\n [ 18.865113] ? __mutex_lock+0x9c/0xe70\n [ 18.866009] ? __mutex_lock+0xa34/0xe70\n [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0\n [ 18.866806] ? __lock_acquire+0x578/0xc10\n [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [ 18.867503] netlink_rcv_skb+0x59/0x110\n [ 18.867776] rtnetlink_rcv+0x15/0x30\n [ 18.868159] netlink_unicast+0x1c3/0x2b0\n [ 18.868440] netlink_sendmsg+0x239/0x4b0\n [ 18.868721] ____sys_sendmsg+0x3e2/0x410\n [ 18.869012] ___sys_sendmsg+0x88/0xe0\n [ 18.869276] ? rseq_ip_fixup+0x198/0x260\n [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190\n [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0\n [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220\n [ 18.870547] ? do_syscall_64+0x93/0x150\n [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290\n [ 18.871157] __sys_sendmsg+0x69/0xd0\n [ 18.871416] __x64_sys_sendmsg+0x1d/0x30\n [ 18.871699] x64_sys_call+0x9e2/0x2670\n [ 18.871979] do_syscall_64+0x87/0x150\n [ 18.873280] ? do_syscall_64+0x93/0x150\n [ 18.874742] ? lock_release+0x7b/0x160\n [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0\n [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210\n [ 18.879608] ? irqentry_exit+0x77/0xb0\n [ 18.879808] ? clear_bhb_loop+0x15/0x70\n [ 18.880023] ? clear_bhb_loop+0x15/0x70\n [ 18.880223] ? clear_bhb_loop+0x15/0x70\n [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [ 18.880683] RIP: 0033:0x44a957\n [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [ 18.888395] \u003c/TASK\u003e\n [ 18.888610] ---[ end trace ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21692",
"url": "https://www.suse.com/security/cve/CVE-2025-21692"
},
{
"category": "external",
"summary": "SUSE Bug 1237028 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "external",
"summary": "SUSE Bug 1237048 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "important"
}
],
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Ensure job pointer is set to NULL after job completion\n\nAfter a job completes, the corresponding pointer in the device must\nbe set to NULL. Failing to do so triggers a warning when unloading\nthe driver, as it appears the job is still active. To prevent this,\nassign the job pointer to NULL after completing the job, indicating\nthe job has finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21697",
"url": "https://www.suse.com/security/cve/CVE-2025-21697"
},
{
"category": "external",
"summary": "SUSE Bug 1237132 for CVE-2025-21697",
"url": "https://bugzilla.suse.com/1237132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "low"
}
],
"title": "CVE-2025-21697"
},
{
"cve": "CVE-2025-21699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Truncate address space when flipping GFS2_DIF_JDATA flag\n\nTruncate an inode\u0027s address space when flipping the GFS2_DIF_JDATA flag:\ndepending on that flag, the pages in the address space will either use\nbuffer heads or iomap_folio_state structs, and we cannot mix the two.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21699",
"url": "https://www.suse.com/security/cve/CVE-2025-21699"
},
{
"category": "external",
"summary": "SUSE Bug 1237139 for CVE-2025-21699",
"url": "https://bugzilla.suse.com/1237139"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21699"
},
{
"cve": "CVE-2025-21700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: Disallow replacing of child qdisc from one parent to another\n\nLion Ackermann was able to create a UAF which can be abused for privilege\nescalation with the following script\n\nStep 1. create root qdisc\ntc qdisc add dev lo root handle 1:0 drr\n\nstep2. a class for packet aggregation do demonstrate uaf\ntc class add dev lo classid 1:1 drr\n\nstep3. a class for nesting\ntc class add dev lo classid 1:2 drr\n\nstep4. a class to graft qdisc to\ntc class add dev lo classid 1:3 drr\n\nstep5.\ntc qdisc add dev lo parent 1:1 handle 2:0 plug limit 1024\n\nstep6.\ntc qdisc add dev lo parent 1:2 handle 3:0 drr\n\nstep7.\ntc class add dev lo classid 3:1 drr\n\nstep 8.\ntc qdisc add dev lo parent 3:1 handle 4:0 pfifo\n\nstep 9. Display the class/qdisc layout\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nstep10. trigger the bug \u003c=== prevented by this patch\ntc qdisc replace dev lo parent 1:3 handle 4:0\n\nstep 11. Redisplay again the qdiscs/classes\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 1:3 root leaf 4: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 refcnt 2 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nObserve that a) parent for 4:0 does not change despite the replace request.\nThere can only be one parent. b) refcount has gone up by two for 4:0 and\nc) both class 1:3 and 3:1 are pointing to it.\n\nStep 12. send one packet to plug\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10001))\nstep13. send one packet to the grafted fifo\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10003))\n\nstep14. lets trigger the uaf\ntc class delete dev lo classid 1:3\ntc class delete dev lo classid 1:1\n\nThe semantics of \"replace\" is for a del/add _on the same node_ and not\na delete from one node(3:1) and add to another node (1:3) as in step10.\nWhile we could \"fix\" with a more complex approach there could be\nconsequences to expectations so the patch takes the preventive approach of\n\"disallow such config\".\n\nJoint work with Lion Ackermann \u003cnnamrec@gmail.com\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21700",
"url": "https://www.suse.com/security/cve/CVE-2025-21700"
},
{
"category": "external",
"summary": "SUSE Bug 1237159 for CVE-2025-21700",
"url": "https://bugzilla.suse.com/1237159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21700"
},
{
"cve": "CVE-2025-21705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21705"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle fastopen disconnect correctly\n\nSyzbot was able to trigger a data stream corruption:\n\n WARNING: CPU: 0 PID: 9846 at net/mptcp/protocol.c:1024 __mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Modules linked in:\n CPU: 0 UID: 0 PID: 9846 Comm: syz-executor351 Not tainted 6.13.0-rc2-syzkaller-00059-g00a5acdbf398 #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\n RIP: 0010:__mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Code: fa ff ff 48 8b 4c 24 18 80 e1 07 fe c1 38 c1 0f 8c 8e fa ff ff 48 8b 7c 24 18 e8 e0 db 54 f6 e9 7f fa ff ff e8 e6 80 ee f5 90 \u003c0f\u003e 0b 90 4c 8b 6c 24 40 4d 89 f4 e9 04 f5 ff ff 44 89 f1 80 e1 07\n RSP: 0018:ffffc9000c0cf400 EFLAGS: 00010293\n RAX: ffffffff8bb0dd5a RBX: ffff888033f5d230 RCX: ffff888059ce8000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000c0cf518 R08: ffffffff8bb0d1dd R09: 1ffff110170c8928\n R10: dffffc0000000000 R11: ffffed10170c8929 R12: 0000000000000000\n R13: ffff888033f5d220 R14: dffffc0000000000 R15: ffff8880592b8000\n FS: 00007f6e866496c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f6e86f491a0 CR3: 00000000310e6000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n __mptcp_clean_una_wakeup+0x7f/0x2d0 net/mptcp/protocol.c:1074\n mptcp_release_cb+0x7cb/0xb30 net/mptcp/protocol.c:3493\n release_sock+0x1aa/0x1f0 net/core/sock.c:3640\n inet_wait_for_connect net/ipv4/af_inet.c:609 [inline]\n __inet_stream_connect+0x8bd/0xf30 net/ipv4/af_inet.c:703\n mptcp_sendmsg_fastopen+0x2a2/0x530 net/mptcp/protocol.c:1755\n mptcp_sendmsg+0x1884/0x1b10 net/mptcp/protocol.c:1830\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f6e86ebfe69\n Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007f6e86649168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f6e86f491b8 RCX: 00007f6e86ebfe69\n RDX: 0000000030004001 RSI: 0000000020000080 RDI: 0000000000000003\n RBP: 00007f6e86f491b0 R08: 00007f6e866496c0 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6e86f491bc\n R13: 000000000000006e R14: 00007ffe445d9420 R15: 00007ffe445d9508\n \u003c/TASK\u003e\n\nThe root cause is the bad handling of disconnect() generated internally\nby the MPTCP protocol in case of connect FASTOPEN errors.\n\nAddress the issue increasing the socket disconnect counter even on such\na case, to allow other threads waiting on the same socket lock to\nproperly error out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21705",
"url": "https://www.suse.com/security/cve/CVE-2025-21705"
},
{
"category": "external",
"summary": "SUSE Bug 1238525 for CVE-2025-21705",
"url": "https://bugzilla.suse.com/1238525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21705"
},
{
"cve": "CVE-2025-21715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21715"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: davicom: fix UAF in dm9000_drv_remove\n\ndm is netdev private data and it cannot be\nused after free_netdev() call. Using dm after free_netdev()\ncan cause UAF bug. Fix it by moving free_netdev() at the end of the\nfunction.\n\nThis is similar to the issue fixed in commit\nad297cd2db89 (\"net: qcom/emac: fix UAF in emac_remove\").\n\nThis bug is detected by our static analysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21715",
"url": "https://www.suse.com/security/cve/CVE-2025-21715"
},
{
"category": "external",
"summary": "SUSE Bug 1237889 for CVE-2025-21715",
"url": "https://bugzilla.suse.com/1237889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21715"
},
{
"cve": "CVE-2025-21716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21716"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix uninit-value in vxlan_vnifilter_dump()\n\nKMSAN reported an uninit-value access in vxlan_vnifilter_dump() [1].\n\nIf the length of the netlink message payload is less than\nsizeof(struct tunnel_msg), vxlan_vnifilter_dump() accesses bytes\nbeyond the message. This can lead to uninit-value access. Fix this by\nreturning an error in such situations.\n\n[1]\nBUG: KMSAN: uninit-value in vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6786\n netlink_dump+0x93e/0x15f0 net/netlink/af_netlink.c:2317\n __netlink_dump_start+0x716/0xd60 net/netlink/af_netlink.c:2432\n netlink_dump_start include/linux/netlink.h:340 [inline]\n rtnetlink_dump_start net/core/rtnetlink.c:6815 [inline]\n rtnetlink_rcv_msg+0x1256/0x14a0 net/core/rtnetlink.c:6882\n netlink_rcv_skb+0x467/0x660 net/netlink/af_netlink.c:2542\n rtnetlink_rcv+0x35/0x40 net/core/rtnetlink.c:6944\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0xed6/0x1290 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x1092/0x1230 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4110 [inline]\n slab_alloc_node mm/slub.c:4153 [inline]\n kmem_cache_alloc_node_noprof+0x800/0xe80 mm/slub.c:4205\n kmalloc_reserve+0x13b/0x4b0 net/core/skbuff.c:587\n __alloc_skb+0x347/0x7d0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1323 [inline]\n netlink_alloc_large_skb+0xa5/0x280 net/netlink/af_netlink.c:1196\n netlink_sendmsg+0xac9/0x1230 net/netlink/af_netlink.c:1866\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 30991 Comm: syz.4.10630 Not tainted 6.12.0-10694-gc44daa7e3c73 #29\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21716",
"url": "https://www.suse.com/security/cve/CVE-2025-21716"
},
{
"category": "external",
"summary": "SUSE Bug 1237891 for CVE-2025-21716",
"url": "https://bugzilla.suse.com/1237891"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21716"
},
{
"cve": "CVE-2025-21719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmr: do not call mr_mfc_uses_dev() for unres entries\n\nsyzbot found that calling mr_mfc_uses_dev() for unres entries\nwould crash [1], because c-\u003emfc_un.res.minvif / c-\u003emfc_un.res.maxvif\nalias to \"struct sk_buff_head unresolved\", which contain two pointers.\n\nThis code never worked, lets remove it.\n\n[1]\nUnable to handle kernel paging request at virtual address ffff5fff2d536613\nKASAN: maybe wild-memory-access in range [0xfffefff96a9b3098-0xfffefff96a9b309f]\nModules linked in:\nCPU: 1 UID: 0 PID: 7321 Comm: syz.0.16 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline]\n pc : mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334\n lr : mr_mfc_uses_dev net/ipv4/ipmr_base.c:289 [inline]\n lr : mr_table_dump+0x694/0x8b0 net/ipv4/ipmr_base.c:334\nCall trace:\n mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline] (P)\n mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334 (P)\n mr_rtm_dumproute+0x254/0x454 net/ipv4/ipmr_base.c:382\n ipmr_rtm_dumproute+0x248/0x4b4 net/ipv4/ipmr.c:2648\n rtnl_dump_all+0x2e4/0x4e8 net/core/rtnetlink.c:4327\n rtnl_dumpit+0x98/0x1d0 net/core/rtnetlink.c:6791\n netlink_dump+0x4f0/0xbc0 net/netlink/af_netlink.c:2317\n netlink_recvmsg+0x56c/0xe64 net/netlink/af_netlink.c:1973\n sock_recvmsg_nosec net/socket.c:1033 [inline]\n sock_recvmsg net/socket.c:1055 [inline]\n sock_read_iter+0x2d8/0x40c net/socket.c:1125\n new_sync_read fs/read_write.c:484 [inline]\n vfs_read+0x740/0x970 fs/read_write.c:565\n ksys_read+0x15c/0x26c fs/read_write.c:708",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21719",
"url": "https://www.suse.com/security/cve/CVE-2025-21719"
},
{
"category": "external",
"summary": "SUSE Bug 1238860 for CVE-2025-21719",
"url": "https://bugzilla.suse.com/1238860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21719"
},
{
"cve": "CVE-2025-21724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()\n\nResolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index()\nwhere shifting the constant \"1\" (of type int) by bitmap-\u003emapped.pgshift\n(an unsigned long value) could result in undefined behavior.\n\nThe constant \"1\" defaults to a 32-bit \"int\", and when \"pgshift\" exceeds\n31 (e.g., pgshift = 63) the shift operation overflows, as the result\ncannot be represented in a 32-bit type.\n\nTo resolve this, the constant is updated to \"1UL\", promoting it to an\nunsigned long type to match the operand\u0027s type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21724",
"url": "https://www.suse.com/security/cve/CVE-2025-21724"
},
{
"category": "external",
"summary": "SUSE Bug 1238863 for CVE-2025-21724",
"url": "https://bugzilla.suse.com/1238863"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21724"
},
{
"cve": "CVE-2025-21725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix oops due to unset link speed\n\nIt isn\u0027t guaranteed that NETWORK_INTERFACE_INFO::LinkSpeed will always\nbe set by the server, so the client must handle any values and then\nprevent oopses like below from happening:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 1323 Comm: cat Not tainted 6.13.0-rc7 #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41\n04/01/2014\nRIP: 0010:cifs_debug_data_proc_show+0xa45/0x1460 [cifs] Code: 00 00 48\n89 df e8 3b cd 1b c1 41 f6 44 24 2c 04 0f 84 50 01 00 00 48 89 ef e8\ne7 d0 1b c1 49 8b 44 24 18 31 d2 49 8d 7c 24 28 \u003c48\u003e f7 74 24 18 48 89\nc3 e8 6e cf 1b c1 41 8b 6c 24 28 49 8d 7c 24\nRSP: 0018:ffffc90001817be0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88811230022c RCX: ffffffffc041bd99\nRDX: 0000000000000000 RSI: 0000000000000567 RDI: ffff888112300228\nRBP: ffff888112300218 R08: fffff52000302f5f R09: ffffed1022fa58ac\nR10: ffff888117d2c566 R11: 00000000fffffffe R12: ffff888112300200\nR13: 000000012a15343f R14: 0000000000000001 R15: ffff888113f2db58\nFS: 00007fe27119e740(0000) GS:ffff888148600000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fe2633c5000 CR3: 0000000124da0000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? die+0x2e/0x50\n ? do_trap+0x159/0x1b0\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? do_error_trap+0x90/0x130\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? exc_divide_error+0x39/0x50\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? asm_exc_divide_error+0x1a/0x20\n ? cifs_debug_data_proc_show+0xa39/0x1460 [cifs]\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? seq_read_iter+0x42e/0x790\n seq_read_iter+0x19a/0x790\n proc_reg_read_iter+0xbe/0x110\n ? __pfx_proc_reg_read_iter+0x10/0x10\n vfs_read+0x469/0x570\n ? do_user_addr_fault+0x398/0x760\n ? __pfx_vfs_read+0x10/0x10\n ? find_held_lock+0x8a/0xa0\n ? __pfx_lock_release+0x10/0x10\n ksys_read+0xd3/0x170\n ? __pfx_ksys_read+0x10/0x10\n ? __rcu_read_unlock+0x50/0x270\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe271288911\nCode: 00 48 8b 15 01 25 10 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8\n20 ad 01 00 f3 0f 1e fa 80 3d b5 a7 10 00 00 74 13 31 c0 0f 05 \u003c48\u003e 3d\n00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec\nRSP: 002b:00007ffe87c079d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\nRAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007fe271288911\nRDX: 0000000000040000 RSI: 00007fe2633c6000 RDI: 0000000000000003\nRBP: 00007ffe87c07a00 R08: 0000000000000000 R09: 00007fe2713e6380\nR10: 0000000000000022 R11: 0000000000000246 R12: 0000000000040000\nR13: 00007fe2633c6000 R14: 0000000000000003 R15: 0000000000000000\n \u003c/TASK\u003e\n\nFix this by setting cifs_server_iface::speed to a sane value (1Gbps)\nby default when link speed is unset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21725",
"url": "https://www.suse.com/security/cve/CVE-2025-21725"
},
{
"category": "external",
"summary": "SUSE Bug 1238877 for CVE-2025-21725",
"url": "https://bugzilla.suse.com/1238877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21725"
},
{
"cve": "CVE-2025-21728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Send signals asynchronously if !preemptible\n\nBPF programs can execute in all kinds of contexts and when a program\nrunning in a non-preemptible context uses the bpf_send_signal() kfunc,\nit will cause issues because this kfunc can sleep.\nChange `irqs_disabled()` to `!preemptible()`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21728",
"url": "https://www.suse.com/security/cve/CVE-2025-21728"
},
{
"category": "external",
"summary": "SUSE Bug 1237879 for CVE-2025-21728",
"url": "https://bugzilla.suse.com/1237879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21728"
},
{
"cve": "CVE-2025-21767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21767"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context\n\nThe following bug report happened with a PREEMPT_RT kernel:\n\n BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog\n preempt_count: 1, expected: 0\n RCU nest depth: 0, expected: 0\n get_random_u32+0x4f/0x110\n clocksource_verify_choose_cpus+0xab/0x1a0\n clocksource_verify_percpu.part.0+0x6b/0x330\n clocksource_watchdog_kthread+0x193/0x1a0\n\nIt is due to the fact that clocksource_verify_choose_cpus() is invoked with\npreemption disabled. This function invokes get_random_u32() to obtain\nrandom numbers for choosing CPUs. The batched_entropy_32 local lock and/or\nthe base_crng.lock spinlock in driver/char/random.c will be acquired during\nthe call. In PREEMPT_RT kernel, they are both sleeping locks and so cannot\nbe acquired in atomic context.\n\nFix this problem by using migrate_disable() to allow smp_processor_id() to\nbe reliably used without introducing atomic context. preempt_disable() is\nthen called after clocksource_verify_choose_cpus() but before the\nclocksource measurement is being run to avoid introducing unexpected\nlatency.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21767",
"url": "https://www.suse.com/security/cve/CVE-2025-21767"
},
{
"category": "external",
"summary": "SUSE Bug 1238509 for CVE-2025-21767",
"url": "https://bugzilla.suse.com/1238509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21767"
},
{
"cve": "CVE-2025-21790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21790"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: check vxlan_vnigroup_init() return value\n\nvxlan_init() must check vxlan_vnigroup_init() success\notherwise a crash happens later, spotted by syzbot.\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000002c: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000160-0x0000000000000167]\nCPU: 0 UID: 0 PID: 7313 Comm: syz-executor147 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:vxlan_vnigroup_uninit+0x89/0x500 drivers/net/vxlan/vxlan_vnifilter.c:912\nCode: 00 48 8b 44 24 08 4c 8b b0 98 41 00 00 49 8d 86 60 01 00 00 48 89 c2 48 89 44 24 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 4d 04 00 00 49 8b 86 60 01 00 00 48 ba 00 00 00\nRSP: 0018:ffffc9000cc1eea8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8672effb\nRDX: 000000000000002c RSI: ffffffff8672ecb9 RDI: ffff8880461b4f18\nRBP: ffff8880461b4ef4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000020000\nR13: ffff8880461b0d80 R14: 0000000000000000 R15: dffffc0000000000\nFS: 00007fecfa95d6c0(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fecfa95cfb8 CR3: 000000004472c000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vxlan_uninit+0x1ab/0x200 drivers/net/vxlan/vxlan_core.c:2942\n unregister_netdevice_many_notify+0x12d6/0x1f30 net/core/dev.c:11824\n unregister_netdevice_many net/core/dev.c:11866 [inline]\n unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11736\n register_netdevice+0x1829/0x1eb0 net/core/dev.c:10901\n __vxlan_dev_create+0x7c6/0xa30 drivers/net/vxlan/vxlan_core.c:3981\n vxlan_newlink+0xd1/0x130 drivers/net/vxlan/vxlan_core.c:4407\n rtnl_newlink_create net/core/rtnetlink.c:3795 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21790",
"url": "https://www.suse.com/security/cve/CVE-2025-21790"
},
{
"category": "external",
"summary": "SUSE Bug 1238753 for CVE-2025-21790",
"url": "https://bugzilla.suse.com/1238753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21790"
},
{
"cve": "CVE-2025-21795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21795"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: fix hang in nfsd4_shutdown_callback\n\nIf nfs4_client is in courtesy state then there is no point to send\nthe callback. This causes nfsd4_shutdown_callback to hang since\ncl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP\nnotifies NFSD that the connection was dropped.\n\nThis patch modifies nfsd4_run_cb_work to skip the RPC call if\nnfs4_client is in courtesy state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21795",
"url": "https://www.suse.com/security/cve/CVE-2025-21795"
},
{
"category": "external",
"summary": "SUSE Bug 1238759 for CVE-2025-21795",
"url": "https://bugzilla.suse.com/1238759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21795"
},
{
"cve": "CVE-2025-21799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21799"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()\n\nWhen getting the IRQ we use k3_udma_glue_tx_get_irq() which returns\nnegative error value on error. So not NULL check is not sufficient\nto deteremine if IRQ is valid. Check that IRQ is greater then zero\nto ensure it is valid.\n\nThere is no issue at probe time but at runtime user can invoke\n.set_channels which results in the following call chain.\nam65_cpsw_set_channels()\n am65_cpsw_nuss_update_tx_rx_chns()\n am65_cpsw_nuss_remove_tx_chns()\n am65_cpsw_nuss_init_tx_chns()\n\nAt this point if am65_cpsw_nuss_init_tx_chns() fails due to\nk3_udma_glue_tx_get_irq() then tx_chn-\u003eirq will be set to a\nnegative value.\n\nThen, at subsequent .set_channels with higher channel count we\nwill attempt to free an invalid IRQ in am65_cpsw_nuss_remove_tx_chns()\nleading to a kernel warning.\n\nThe issue is present in the original commit that introduced this driver,\nalthough there, am65_cpsw_nuss_update_tx_rx_chns() existed as\nam65_cpsw_nuss_update_tx_chns().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21799",
"url": "https://www.suse.com/security/cve/CVE-2025-21799"
},
{
"category": "external",
"summary": "SUSE Bug 1238739 for CVE-2025-21799",
"url": "https://bugzilla.suse.com/1238739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21799"
},
{
"cve": "CVE-2025-21802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21802"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix oops when unload drivers paralleling\n\nWhen unload hclge driver, it tries to disable sriov first for each\nae_dev node from hnae3_ae_dev_list. If user unloads hns3 driver at\nthe time, because it removes all the ae_dev nodes, and it may cause\noops.\n\nBut we can\u0027t simply use hnae3_common_lock for this. Because in the\nprocess flow of pci_disable_sriov(), it will trigger the remove flow\nof VF, which will also take hnae3_common_lock.\n\nTo fixes it, introduce a new mutex to protect the unload process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21802",
"url": "https://www.suse.com/security/cve/CVE-2025-21802"
},
{
"category": "external",
"summary": "SUSE Bug 1238751 for CVE-2025-21802",
"url": "https://bugzilla.suse.com/1238751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21802"
}
]
}
suse-su-2025:0847-1
Vulnerability from csaf_suse
Published
2025-03-12 13:00
Modified
2025-03-12 13:00
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).
- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).
- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).
- CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439).
- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).
- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).
- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).
- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).
- CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028).
- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).
- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).
- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).
- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).
- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).
- CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032).
- CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244).
- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).
- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).
- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).
- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).
- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113).
- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114).
- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115).
- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122).
- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123).
- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).
- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).
- CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680).
- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).
- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).
- CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).
- CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).
- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).
- CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).
- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).
- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).
- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).
- CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).
- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).
- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).
- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).
- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).
- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).
- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).
- CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494).
- CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496).
- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).
- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).
- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).
- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).
- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).
The following non-security bugs were fixed:
- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).
- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).
- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).
- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).
- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).
- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).
- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).
- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).
- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).
- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).
- ALSA: seq: Make dependency on UMP clearer (git-fixes).
- ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes).
- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).
- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).
- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).
- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).
- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).
- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).
- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).
- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).
- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).
- ASoC: es8328: fix route from DAC to output (git-fixes).
- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).
- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).
- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).
- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).
- Fix memory-hotplug regression (bsc#1237504).
- Grab mm lock before grabbing pt lock (git-fixes).
- HID: Wacom: Add PCI Wacom device support (stable-fixes).
- HID: hid-steam: Add Deck IMU support (stable-fixes).
- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).
- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).
- HID: hid-steam: Clean up locking (stable-fixes).
- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).
- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).
- HID: hid-steam: Fix cleanup in probe() (git-fixes).
- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).
- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).
- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).
- HID: hid-steam: remove pointless error message (stable-fixes).
- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).
- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).
- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)
- Input: allocate keycode for phone linking (stable-fixes).
- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).
- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).
- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).
- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).
- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).
- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).
- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).
- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)
- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).
- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).
- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).
- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).
- KVM: x86/mmu: Skip the 'try unsync' path iff the old SPTE was a leaf SPTE (git-fixes).
- KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes).
- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).
- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).
- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).
- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).
- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).
- KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes).
- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).
- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).
- PCI: Use downstream bridges for distributing resources (bsc#1237325).
- PCI: hookup irq_get_affinity callback (bsc#1236896).
- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).
- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).
- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)
- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)
- RDMA/efa: Reset device on probe failure (git-fixes)
- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)
- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).
- RDMA/mlx5: Fix AH static rate parsing (git-fixes)
- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)
- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)
- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)
- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)
- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)
- RDMA/rxe: Improve newline in printing messages (git-fixes)
- Revert 'blk-throttle: Fix IO hang for a corner case' (git-fixes).
- Revert 'drm/amd/display: Use HW lock mgr for PSR1' (stable-fixes).
- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).
- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).
- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).
- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).
- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).
- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).
- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).
- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).
- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).
- USB: serial: option: drop MeiG Smart defines (stable-fixes).
- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).
- Update 'drm/mgag200: Added support for the new device G200eH5' (jsc#PED-12094).
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- acct: block access to kernel internal filesystems (git-fixes).
- acct: perform last write from workqueue (git-fixes).
- add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE.
- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).
- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).
- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)
- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)
- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).
- batman-adv: Drop unmanaged ELP metric worker (git-fixes).
- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).
- batman-adv: fix panic during interface removal (git-fixes).
- bio-integrity: do not restrict the size of integrity metadata (git-fixes).
- blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558).
- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).
- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).
- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).
- blk-mq: add number of queue calc helper (bsc#1236897).
- blk-mq: create correct map for fallback case (bsc#1236896).
- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).
- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).
- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).
- blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes).
- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).
- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).
- blk_iocost: remove some duplicate irq disable/enables (git-fixes).
- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).
- block: Clear zone limits for a non-zoned stacked queue (git-fixes).
- block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes).
- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).
- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).
- block: Provide bdev_open_* functions (git-fixes).
- block: Remove special-casing of compound pages (git-fixes).
- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).
- block: add a disk_has_partscan helper (git-fixes).
- block: add a partscan sysfs attribute for disks (git-fixes).
- block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes).
- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).
- block: change rq_integrity_vec to respect the iterator (git-fixes).
- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).
- block: ensure we hold a queue reference when using queue limits (git-fixes).
- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).
- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).
- block: fix integer overflow in BLKSECDISCARD (git-fixes).
- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).
- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).
- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).
- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).
- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).
- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).
- block: retry call probe after request_module in blk_request_module (git-fixes).
- block: return unsigned int from bdev_io_min (git-fixes).
- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).
- block: support to account io_ticks precisely (git-fixes).
- block: use the right type for stub rq_integrity_vec() (git-fixes).
- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).
- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).
- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).
- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).
- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).
- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).
- can: ctucanfd: handle skb allocation failure (git-fixes).
- can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes).
- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).
- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).
- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).
- cifs: Remove intermediate object of failed create reparse call (git-fixes).
- cifs: commands that are retried should have replay flag set (bsc#1231432).
- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).
- cifs: helper function to check replayable error codes (bsc#1231432).
- cifs: new mount option called retrans (bsc#1231432).
- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).
- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).
- cifs: update desired access while requesting for directory lease (git-fixes).
- cifs: update the same create_guid on replay (git-fixes).
- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).
- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).
- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).
- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).
- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).
- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).
- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).
- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).
- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).
- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).
- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).
- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).
- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).
- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).
- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).
- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).
- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).
- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).
- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).
- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).
- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).
- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).
- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).
- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).
- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).
- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).
- cxgb4: Avoid removal of uninserted tid (git-fixes).
- cxgb4: use port number to set mac addr (git-fixes).
- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).
- dlm: fix srcu_read_lock() return type to int (git-fixes).
- doc/README.SUSE: Point to the updated version of LKMPG
- doc: update managed_irq documentation (bsc#1236897).
- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).
- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).
- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).
- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).
- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).
- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).
- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).
- drm/amdkfd: only flush the validate MES contex (stable-fixes).
- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).
- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).
- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).
- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).
- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).
- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).
- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).
- drm/i915/selftests: avoid using uninitialized context (git-fixes).
- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).
- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).
- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).
- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).
- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)
- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).
- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).
- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).
- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).
- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).
- drm/msm: Avoid rounding up to one jiffy (git-fixes).
- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).
- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).
- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).
- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).
- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).
- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).
- drm/virtio: New fence for every plane update (stable-fixes).
- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).
- efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes).
- eth: gve: use appropriate helper to set xdp_features (git-fixes).
- exfat: convert to ctime accessor functions (git-fixes).
- exfat: fix file being changed by unaligned direct write (git-fixes).
- exfat: fix zero the unwritten part for dio read (git-fixes).
- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).
- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).
- futex: Do not include process MM in futex key on no-MMU (git-fixes).
- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).
- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).
- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).
- gpio: pca953x: Improve interrupt support (git-fixes).
- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).
- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).
- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).
- gup: make the stack expansion warning a bit more targeted (bsc#1238214).
- hfs: Sanity check the root record (git-fixes).
- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).
- i2c: ls2x: Fix frequency division register access (git-fixes).
- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).
- iavf: allow changing VLAN state without calling PF (git-fixes).
- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).
- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).
- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).
- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).
- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).
- ice: fix max values for dpll pin phase adjust (git-fixes).
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).
- ice: gather page_count()'s of each frag right before XDP prog call (git-fixes).
- ice: put Rx buffers after being done with current frame (git-fixes).
- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).
- ice: use internal pf id instead of function number (git-fixes).
- idpf: add read memory barrier when checking descriptor done bit (git-fixes).
- idpf: call set_real_num_queues in idpf_open (bsc#1236661).
- idpf: convert workqueues to unbound (git-fixes).
- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).
- idpf: fix handling rsc packet with a single segment (git-fixes).
- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).
- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).
- igc: return early when failing to read EECD register (git-fixes).
- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).
- kabi: fix bus type (bsc#1236896).
- kabi: fix group_cpus_evenly (bsc#1236897).
- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).
- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).
- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).
- kernel-source: Also replace bin/env
- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).
- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).
- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).
- lib: stackinit: hide never-taken branch from compiler (stable-fixes).
- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).
- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).
- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).
- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).
- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).
- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).
- md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes).
- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).
- md/md-cluster: fix spares warnings for __le64 (git-fixes).
- md/raid0: do not free conf on raid0_run failure (git-fixes).
- md/raid1: do not free conf on raid0_run failure (git-fixes).
- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).
- md: Do not flush sync_work in md_write_start() (git-fixes).
- md: convert comma to semicolon (git-fixes).
- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).
- media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes).
- media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes).
- media: ov08x40: Fix hblank out of range issue (git-fixes).
- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).
- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).
- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).
- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).
- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).
- mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)).
- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).
- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).
- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).
- mptcp: export local_address (git-fixes)
- mptcp: fix NL PM announced address accounting (git-fixes)
- mptcp: fix data races on local_id (git-fixes)
- mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)
- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)
- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)
- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)
- mptcp: pm: deny endp with signal + subflow + port (git-fixes)
- mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes)
- mptcp: pm: do not try to create sf if alloc failed (git-fixes)
- mptcp: pm: fullmesh: select the right ID later (git-fixes)
- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)
- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)
- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)
- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)
- mptcp: pm: re-using ID of unused removed subflows (git-fixes)
- mptcp: pm: reduce indentation blocks (git-fixes)
- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)
- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)
- mptcp: unify pm get_local_id interfaces (git-fixes)
- mptcp: unify pm set_flags interfaces (git-fixes)
- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).
- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).
- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).
- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).
- nbd: Fix signal handling (git-fixes).
- nbd: Improve the documentation of the locking assumptions (git-fixes).
- nbd: do not allow reconnect after disconnect (git-fixes).
- net/mlx5: Correct TASR typo into TSAR (git-fixes).
- net/mlx5: Fix RDMA TX steering prio (git-fixes).
- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).
- net/mlx5: SF, Fix add port error handling (git-fixes).
- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).
- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).
- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).
- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).
- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).
- net: Fix undefined behavior in netdev name allocation (bsc#1233749).
- net: avoid UAF on deleted altname (bsc#1233749).
- net: check for altname conflicts when changing netdev's netns (bsc#1233749).
- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).
- net: do not send a MOVE event when netdev changes netns (bsc#1233749).
- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).
- net: fix ifname in netlink ntf during netns move (bsc#1233749).
- net: fix removing a namespace with conflicting altnames (bsc#1233749).
- net: free altname using an RCU callback (bsc#1233749).
- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: move altnames together with the netdevice (bsc#1233749).
- net: reduce indentation of __dev_alloc_name() (bsc#1233749).
- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).
- net: remove else after return in dev_prep_valid_name() (bsc#1233749).
- net: rose: lock the socket in rose_bind() (git-fixes).
- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).
- net: smc: fix spurious error message from __sock_release() (bsc#1237126).
- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).
- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).
- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).
- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).
- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).
- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).
- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).
- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).
- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).
- null_blk: fix validation of block size (git-fixes).
- nvme-fc: use ctrl state getter (git-fixes).
- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).
- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).
- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).
- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).
- nvme/ioctl: add missing space in err message (git-fixes).
- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).
- nvme: make nvme_tls_attrs_group static (git-fixes).
- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- nvme: tcp: Fix compilation warning with W=1 (git-fixes).
- nvmet: Fix crash when a namespace is disabled (git-fixes).
- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).
- padata: Clean up in padata_do_multithreaded() (bsc#1237563).
- padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563).
- partitions: ldm: remove the initial kernel-doc notation (git-fixes).
- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).
- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).
- phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes).
- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).
- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).
- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).
- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).
- platform/x86: ISST: Ignore minor version change (bsc#1237452).
- platform/x86: acer-wmi: Ignore AC events (stable-fixes).
- platform/x86: int3472: Check for adev == NULL (stable-fixes).
- power: supply: da9150-fg: fix potential overflow (git-fixes).
- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).
- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).
- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).
- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).
- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932).
- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).
- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).
- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).
- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).
- rbd: do not move requests to the running list on errors (git-fixes).
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).
- regmap-irq: Add missing kfree() (git-fixes).
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205).
- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).
- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).
- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).
- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).
- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).
- s390/pci: Ignore RID for isolated VFs (bsc#1236752).
- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).
- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).
- s390/pci: Use topology ID for multi-function devices (bsc#1236752).
- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).
- s390/topology: Improve topology detection (bsc#1236591).
- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).
- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).
- scsi: core: Clear driver private data when retrying request (git-fixes).
- scsi: core: Handle depopulation and restoration in progress (git-fixes).
- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).
- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).
- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).
- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).
- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).
- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).
- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- selftest: hugetlb_dio: fix test naming (git-fixes).
- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).
- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).
- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).
- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).
- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).
- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).
- selftests: mptcp: connect: -f: no reconnect (git-fixes).
- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).
- serial: 8250: Fix fifo underflow on flush (git-fixes).
- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).
- smb3: fix creating FIFOs when mounting with 'sfu' mount option (git-fixes).
- smb3: request handle caching when caching directories (bsc#1231432).
- smb3: retrying on failed server close (bsc#1231432).
- smb: cached directories can be more than root file handle (bsc#1231432).
- smb: cilent: set reparse mount points as automounts (git-fixes).
- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).
- smb: client: Fix minor whitespace errors and warnings (git-fixes).
- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).
- smb: client: add support for WSL reparse points (git-fixes).
- smb: client: allow creating special files via reparse points (git-fixes).
- smb: client: allow creating symlinks via reparse points (git-fixes).
- smb: client: cleanup smb2_query_reparse_point() (git-fixes).
- smb: client: do not query reparse points twice on symlinks (git-fixes).
- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).
- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).
- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).
- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).
- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).
- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).
- smb: client: fix hardlinking of reparse points (git-fixes).
- smb: client: fix missing mode bits for SMB symlinks (git-fixes).
- smb: client: fix possible double free in smb2_set_ea() (git-fixes).
- smb: client: fix potential broken compound request (git-fixes).
- smb: client: fix renaming of reparse points (git-fixes).
- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).
- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).
- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).
- smb: client: handle path separator of created SMB symlinks (git-fixes).
- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).
- smb: client: ignore unhandled reparse tags (git-fixes).
- smb: client: implement ->query_reparse_point() for SMB1 (git-fixes).
- smb: client: instantiate when creating SFU files (git-fixes).
- smb: client: introduce ->parse_reparse_point() (git-fixes).
- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).
- smb: client: introduce cifs_sfu_make_node() (git-fixes).
- smb: client: introduce reparse mount option (git-fixes).
- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).
- smb: client: move most of reparse point handling code to common file (git-fixes).
- smb: client: move some params to cifs_open_info_data (bsc#1231432).
- smb: client: optimise reparse point querying (git-fixes).
- smb: client: parse owner/group when creating reparse points (git-fixes).
- smb: client: parse reparse point flag in create response (bsc#1231432).
- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).
- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).
- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).
- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).
- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).
- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).
- smb: client: retry compound request without reusing lease (git-fixes).
- smb: client: return reparse type in /proc/mounts (git-fixes).
- smb: client: reuse file lease key in compound operations (git-fixes).
- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).
- smb: client: set correct file type from NFS reparse points (git-fixes).
- smb: client: stop revalidating reparse points unnecessarily (git-fixes).
- smb: use kernel_connect() and kernel_bind() (git-fixes).
- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).
- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).
- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).
- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).
- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).
- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).
- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).
- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).
- spi: sn-f-ospi: Fix division by zero (git-fixes).
- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).
- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).
- tools: fix annoying 'mkdir -p ...' logs when building tools in parallel (git-fixes).
- tty: xilinx_uartps: split sysrq handling (git-fixes).
- ublk: fix error code for unsupported command (git-fixes).
- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).
- ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes).
- ublk: move zone report data out of request pdu (git-fixes).
- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).
- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes).
- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).
- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).
- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).
- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).
- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).
- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).
- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).
- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).
- usb: roles: set switch registered flag early on (git-fixes).
- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).
- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).
- usbnet: ipheth: document scope of NCM implementation (stable-fixes).
- util_macros.h: fix/rework find_closest() macros (git-fixes).
- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).
- virtio-mem: check if the config changed before fake offlining memory (git-fixes).
- virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes).
- virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes).
- virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes).
- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- virtio: hookup irq_get_affinity callback (bsc#1236896).
- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).
- vsock/virtio: cancel close work in the destructor (git-fixes)
- vsock: Keep the binding until socket destruction (git-fixes)
- vsock: reset socket state when de-assigning the transport (git-fixes)
- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).
- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).
- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).
- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).
- wifi: iwlwifi: avoid memory leak (stable-fixes).
- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).
- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).
- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).
- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).
- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).
- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).
- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).
- x86/asm: Make serialize() always_inline (git-fixes).
- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).
- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).
- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).
- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
- xen/swiotlb: relax alignment requirements (git-fixes).
- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).
- zram: clear IDLE flag after recompression (git-fixes).
- zram: clear IDLE flag in mark_idle() (git-fixes).
- zram: do not mark idle slots that cannot be idle (git-fixes).
- zram: fix potential UAF of zram table (git-fixes).
- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).
- zram: refuse to use zero sized block device as backing device (git-fixes).
- zram: split memory-tracking and ac-time tracking (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).
- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)
- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)
- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)
- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes).
- drm/sched: Fix preprocessor guard (git-fixes).
- exfat: do not zero the extended part (bsc#1237356).
- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).
- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).
- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).
- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).
- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- scsi: core: Do not retry I/Os during depopulation (git-fixes).
- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).
- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).
- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).
- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).
- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).
- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).
- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).
- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).
- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).
- scsi: myrb: Remove dead code (git-fixes).
- scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).
- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).
- scsi: sg: Enable runtime power management (git-fixes).
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).
- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).
- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).
- wifi: iwlwifi: limit printed string from FW file (git-fixes).
- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).
- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).
Patchnames
SUSE-2025-847,SUSE-SLE-Module-Public-Cloud-15-SP6-2025-847,openSUSE-SLE-15.6-2025-847
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).\n- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).\n- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).\n- CVE-2024-45010: mptcp: pm: only mark \u0027subflow\u0027 endp as available (bsc#1230439).\n- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).\n- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).\n- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).\n- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).\n- CVE-2024-50142: xfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset (bsc#1233028).\n- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).\n- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).\n- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).\n- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).\n- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).\n- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).\n- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).\n- CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032).\n- CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244).\n- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).\n- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).\n- CVE-2024-56658: net: defer final \u0027struct net\u0027 free in netns dismantle (bsc#1235441).\n- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).\n- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).\n- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).\n- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy (bsc#1236113).\n- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current-\u003ensproxy (bsc#1236114).\n- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current-\u003ensproxy (bsc#1236115).\n- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current-\u003ensproxy (bsc#1236122).\n- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy (bsc#1236123).\n- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).\n- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).\n- CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680).\n- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).\n- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).\n- CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).\n- CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).\n- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).\n- CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).\n- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).\n- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).\n- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).\n- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).\n- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).\n- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).\n- CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).\n- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).\n- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).\n- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).\n- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).\n- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).\n- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).\n- CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494).\n- CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496).\n- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).\n- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).\n- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).\n- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).\n- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).\n\nThe following non-security bugs were fixed:\n\n- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).\n- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).\n- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).\n- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).\n- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).\n- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).\n- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).\n- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).\n- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).\n- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).\n- ALSA: seq: Make dependency on UMP clearer (git-fixes).\n- ALSA: seq: remove redundant \u0027tristate\u0027 for SND_SEQ_UMP_CLIENT (stable-fixes).\n- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).\n- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).\n- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).\n- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).\n- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).\n- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).\n- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).\n- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).\n- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).\n- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).\n- ASoC: es8328: fix route from DAC to output (git-fixes).\n- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).\n- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).\n- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).\n- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).\n- Fix memory-hotplug regression (bsc#1237504).\n- Grab mm lock before grabbing pt lock (git-fixes).\n- HID: Wacom: Add PCI Wacom device support (stable-fixes).\n- HID: hid-steam: Add Deck IMU support (stable-fixes).\n- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).\n- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).\n- HID: hid-steam: Clean up locking (stable-fixes).\n- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).\n- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).\n- HID: hid-steam: Fix cleanup in probe() (git-fixes).\n- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).\n- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).\n- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).\n- HID: hid-steam: remove pointless error message (stable-fixes).\n- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).\n- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).\n- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)\n- Input: allocate keycode for phone linking (stable-fixes).\n- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).\n- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).\n- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).\n- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).\n- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).\n- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).\n- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).\n- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)\n- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).\n- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).\n- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).\n- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).\n- KVM: x86/mmu: Skip the \u0027try unsync\u0027 path iff the old SPTE was a leaf SPTE (git-fixes).\n- KVM: x86: AMD\u0027s IBPB is not equivalent to Intel\u0027s IBPB (git-fixes).\n- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).\n- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).\n- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).\n- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).\n- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).\n- KVM: x86: Reject Hyper-V\u0027s SEND_IPI hypercalls if local APIC isn\u0027t in-kernel (git-fixes).\n- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).\n- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).\n- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).\n- PCI: Use downstream bridges for distributing resources (bsc#1237325).\n- PCI: hookup irq_get_affinity callback (bsc#1236896).\n- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).\n- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).\n- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)\n- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)\n- RDMA/efa: Reset device on probe failure (git-fixes)\n- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)\n- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).\n- RDMA/mlx5: Fix AH static rate parsing (git-fixes)\n- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)\n- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)\n- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)\n- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)\n- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)\n- RDMA/rxe: Improve newline in printing messages (git-fixes)\n- Revert \u0027blk-throttle: Fix IO hang for a corner case\u0027 (git-fixes).\n- Revert \u0027drm/amd/display: Use HW lock mgr for PSR1\u0027 (stable-fixes).\n- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).\n- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).\n- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).\n- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).\n- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).\n- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).\n- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).\n- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).\n- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).\n- USB: serial: option: drop MeiG Smart defines (stable-fixes).\n- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).\n- Update \u0027drm/mgag200: Added support for the new device G200eH5\u0027 (jsc#PED-12094).\n- Use gcc-13 for build on SLE16 (jsc#PED-10028).\n- acct: block access to kernel internal filesystems (git-fixes).\n- acct: perform last write from workqueue (git-fixes).\n- add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE.\n- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).\n- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).\n- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)\n- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)\n- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)\n- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).\n- batman-adv: Drop unmanaged ELP metric worker (git-fixes).\n- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).\n- batman-adv: fix panic during interface removal (git-fixes).\n- bio-integrity: do not restrict the size of integrity metadata (git-fixes).\n- blk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage (bsc#1237558).\n- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).\n- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).\n- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).\n- blk-mq: add number of queue calc helper (bsc#1236897).\n- blk-mq: create correct map for fallback case (bsc#1236896).\n- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).\n- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).\n- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).\n- blk-mq: move cpuhp callback registering out of q-\u003esysfs_lock (git-fixes).\n- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).\n- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).\n- blk_iocost: remove some duplicate irq disable/enables (git-fixes).\n- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).\n- block: Clear zone limits for a non-zoned stacked queue (git-fixes).\n- block: Fix elevator_get_default() checking for NULL q-\u003etag_set (git-fixes).\n- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).\n- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).\n- block: Provide bdev_open_* functions (git-fixes).\n- block: Remove special-casing of compound pages (git-fixes).\n- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).\n- block: add a disk_has_partscan helper (git-fixes).\n- block: add a partscan sysfs attribute for disks (git-fixes).\n- block: add check of \u0027minors\u0027 and \u0027first_minor\u0027 in device_add_disk() (git-fixes).\n- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).\n- block: change rq_integrity_vec to respect the iterator (git-fixes).\n- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).\n- block: ensure we hold a queue reference when using queue limits (git-fixes).\n- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).\n- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).\n- block: fix integer overflow in BLKSECDISCARD (git-fixes).\n- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).\n- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).\n- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).\n- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).\n- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).\n- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).\n- block: retry call probe after request_module in blk_request_module (git-fixes).\n- block: return unsigned int from bdev_io_min (git-fixes).\n- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).\n- block: support to account io_ticks precisely (git-fixes).\n- block: use the right type for stub rq_integrity_vec() (git-fixes).\n- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).\n- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).\n- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).\n- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).\n- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).\n- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).\n- can: ctucanfd: handle skb allocation failure (git-fixes).\n- can: etas_es58x: fix potential NULL pointer dereference on udev-\u003eserial (git-fixes).\n- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).\n- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).\n- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).\n- cifs: Remove intermediate object of failed create reparse call (git-fixes).\n- cifs: commands that are retried should have replay flag set (bsc#1231432).\n- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).\n- cifs: helper function to check replayable error codes (bsc#1231432).\n- cifs: new mount option called retrans (bsc#1231432).\n- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).\n- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).\n- cifs: update desired access while requesting for directory lease (git-fixes).\n- cifs: update the same create_guid on replay (git-fixes).\n- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).\n- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).\n- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).\n- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).\n- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).\n- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).\n- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).\n- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).\n- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).\n- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).\n- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).\n- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).\n- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).\n- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).\n- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).\n- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).\n- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).\n- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).\n- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).\n- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).\n- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).\n- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).\n- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).\n- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).\n- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).\n- cxgb4: Avoid removal of uninserted tid (git-fixes).\n- cxgb4: use port number to set mac addr (git-fixes).\n- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).\n- dlm: fix srcu_read_lock() return type to int (git-fixes).\n- doc/README.SUSE: Point to the updated version of LKMPG\n- doc: update managed_irq documentation (bsc#1236897).\n- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).\n- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).\n- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).\n- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).\n- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).\n- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).\n- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).\n- drm/amdkfd: only flush the validate MES contex (stable-fixes).\n- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).\n- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).\n- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).\n- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).\n- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).\n- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).\n- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).\n- drm/i915/selftests: avoid using uninitialized context (git-fixes).\n- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).\n- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).\n- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).\n- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).\n- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)\n- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).\n- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).\n- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).\n- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).\n- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).\n- drm/msm: Avoid rounding up to one jiffy (git-fixes).\n- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).\n- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).\n- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).\n- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).\n- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).\n- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).\n- drm/virtio: New fence for every plane update (stable-fixes).\n- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).\n- efi: libstub: Use \u0027-std=gnu11\u0027 to fix build with GCC 15 (stable-fixes).\n- eth: gve: use appropriate helper to set xdp_features (git-fixes).\n- exfat: convert to ctime accessor functions (git-fixes).\n- exfat: fix file being changed by unaligned direct write (git-fixes).\n- exfat: fix zero the unwritten part for dio read (git-fixes).\n- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).\n- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).\n- futex: Do not include process MM in futex key on no-MMU (git-fixes).\n- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).\n- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).\n- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).\n- gpio: pca953x: Improve interrupt support (git-fixes).\n- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).\n- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).\n- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).\n- gup: make the stack expansion warning a bit more targeted (bsc#1238214).\n- hfs: Sanity check the root record (git-fixes).\n- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).\n- i2c: ls2x: Fix frequency division register access (git-fixes).\n- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).\n- iavf: allow changing VLAN state without calling PF (git-fixes).\n- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).\n- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).\n- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).\n- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).\n- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).\n- ice: fix max values for dpll pin phase adjust (git-fixes).\n- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).\n- ice: gather page_count()\u0027s of each frag right before XDP prog call (git-fixes).\n- ice: put Rx buffers after being done with current frame (git-fixes).\n- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).\n- ice: use internal pf id instead of function number (git-fixes).\n- idpf: add read memory barrier when checking descriptor done bit (git-fixes).\n- idpf: call set_real_num_queues in idpf_open (bsc#1236661).\n- idpf: convert workqueues to unbound (git-fixes).\n- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).\n- idpf: fix handling rsc packet with a single segment (git-fixes).\n- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).\n- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).\n- igc: return early when failing to read EECD register (git-fixes).\n- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).\n- kabi: fix bus type (bsc#1236896).\n- kabi: fix group_cpus_evenly (bsc#1236897).\n- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).\n- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).\n- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).\n- kernel-source: Also replace bin/env\n- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).\n- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).\n- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).\n- lib: stackinit: hide never-taken branch from compiler (stable-fixes).\n- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).\n- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).\n- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).\n- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).\n- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).\n- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).\n- md/md-bitmap: add \u0027sync_size\u0027 into struct md_bitmap_stats (git-fixes).\n- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).\n- md/md-cluster: fix spares warnings for __le64 (git-fixes).\n- md/raid0: do not free conf on raid0_run failure (git-fixes).\n- md/raid1: do not free conf on raid0_run failure (git-fixes).\n- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).\n- md: Do not flush sync_work in md_write_start() (git-fixes).\n- md: convert comma to semicolon (git-fixes).\n- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).\n- media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes).\n- media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes).\n- media: ov08x40: Fix hblank out of range issue (git-fixes).\n- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).\n- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).\n- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).\n- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).\n- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).\n- mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)).\n- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).\n- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).\n- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).\n- mptcp: export local_address (git-fixes)\n- mptcp: fix NL PM announced address accounting (git-fixes)\n- mptcp: fix data races on local_id (git-fixes)\n- mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)\n- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)\n- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)\n- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)\n- mptcp: pm: deny endp with signal + subflow + port (git-fixes)\n- mptcp: pm: do not ignore \u0027subflow\u0027 if \u0027signal\u0027 flag is also set (git-fixes)\n- mptcp: pm: do not try to create sf if alloc failed (git-fixes)\n- mptcp: pm: fullmesh: select the right ID later (git-fixes)\n- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)\n- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)\n- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)\n- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)\n- mptcp: pm: re-using ID of unused removed subflows (git-fixes)\n- mptcp: pm: reduce indentation blocks (git-fixes)\n- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)\n- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)\n- mptcp: unify pm get_local_id interfaces (git-fixes)\n- mptcp: unify pm set_flags interfaces (git-fixes)\n- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).\n- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).\n- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).\n- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).\n- nbd: Fix signal handling (git-fixes).\n- nbd: Improve the documentation of the locking assumptions (git-fixes).\n- nbd: do not allow reconnect after disconnect (git-fixes).\n- net/mlx5: Correct TASR typo into TSAR (git-fixes).\n- net/mlx5: Fix RDMA TX steering prio (git-fixes).\n- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).\n- net/mlx5: SF, Fix add port error handling (git-fixes).\n- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).\n- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).\n- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).\n- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).\n- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).\n- net: Fix undefined behavior in netdev name allocation (bsc#1233749).\n- net: avoid UAF on deleted altname (bsc#1233749).\n- net: check for altname conflicts when changing netdev\u0027s netns (bsc#1233749).\n- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).\n- net: do not send a MOVE event when netdev changes netns (bsc#1233749).\n- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).\n- net: fix ifname in netlink ntf during netns move (bsc#1233749).\n- net: fix removing a namespace with conflicting altnames (bsc#1233749).\n- net: free altname using an RCU callback (bsc#1233749).\n- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).\n- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).\n- net: move altnames together with the netdevice (bsc#1233749).\n- net: reduce indentation of __dev_alloc_name() (bsc#1233749).\n- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).\n- net: remove else after return in dev_prep_valid_name() (bsc#1233749).\n- net: rose: lock the socket in rose_bind() (git-fixes).\n- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).\n- net: smc: fix spurious error message from __sock_release() (bsc#1237126).\n- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).\n- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).\n- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).\n- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).\n- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).\n- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).\n- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).\n- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).\n- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).\n- null_blk: fix validation of block size (git-fixes).\n- nvme-fc: use ctrl state getter (git-fixes).\n- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).\n- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).\n- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).\n- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).\n- nvme/ioctl: add missing space in err message (git-fixes).\n- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).\n- nvme: make nvme_tls_attrs_group static (git-fixes).\n- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- nvme: tcp: Fix compilation warning with W=1 (git-fixes).\n- nvmet: Fix crash when a namespace is disabled (git-fixes).\n- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).\n- padata: Clean up in padata_do_multithreaded() (bsc#1237563).\n- padata: Honor the caller\u0027s alignment in case of chunk_size 0 (bsc#1237563).\n- partitions: ldm: remove the initial kernel-doc notation (git-fixes).\n- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).\n- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).\n- phy: tegra: xusb: reset VBUS \u0026 ID OVERRIDE (git-fixes).\n- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).\n- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).\n- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).\n- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).\n- platform/x86: ISST: Ignore minor version change (bsc#1237452).\n- platform/x86: acer-wmi: Ignore AC events (stable-fixes).\n- platform/x86: int3472: Check for adev == NULL (stable-fixes).\n- power: supply: da9150-fg: fix potential overflow (git-fixes).\n- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).\n- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).\n- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).\n- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).\n- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932).\n- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).\n- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).\n- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).\n- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).\n- rbd: do not move requests to the running list on errors (git-fixes).\n- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).\n- regmap-irq: Add missing kfree() (git-fixes).\n- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)\n- s390/cio: rename bitmap_size() -\u003e idset_bitmap_size() (git-fixes bsc#1236205).\n- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).\n- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).\n- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).\n- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).\n- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).\n- s390/pci: Ignore RID for isolated VFs (bsc#1236752).\n- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).\n- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).\n- s390/pci: Use topology ID for multi-function devices (bsc#1236752).\n- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).\n- s390/topology: Improve topology detection (bsc#1236591).\n- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).\n- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).\n- scsi: core: Clear driver private data when retrying request (git-fixes).\n- scsi: core: Handle depopulation and restoration in progress (git-fixes).\n- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).\n- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).\n- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).\n- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).\n- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).\n- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).\n- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).\n- scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- selftest: hugetlb_dio: fix test naming (git-fixes).\n- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).\n- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).\n- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).\n- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).\n- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).\n- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).\n- selftests: mptcp: connect: -f: no reconnect (git-fixes).\n- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).\n- serial: 8250: Fix fifo underflow on flush (git-fixes).\n- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).\n- smb3: fix creating FIFOs when mounting with \u0027sfu\u0027 mount option (git-fixes).\n- smb3: request handle caching when caching directories (bsc#1231432).\n- smb3: retrying on failed server close (bsc#1231432).\n- smb: cached directories can be more than root file handle (bsc#1231432).\n- smb: cilent: set reparse mount points as automounts (git-fixes).\n- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).\n- smb: client: Fix minor whitespace errors and warnings (git-fixes).\n- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).\n- smb: client: add support for WSL reparse points (git-fixes).\n- smb: client: allow creating special files via reparse points (git-fixes).\n- smb: client: allow creating symlinks via reparse points (git-fixes).\n- smb: client: cleanup smb2_query_reparse_point() (git-fixes).\n- smb: client: do not query reparse points twice on symlinks (git-fixes).\n- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).\n- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).\n- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).\n- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).\n- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).\n- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).\n- smb: client: fix hardlinking of reparse points (git-fixes).\n- smb: client: fix missing mode bits for SMB symlinks (git-fixes).\n- smb: client: fix possible double free in smb2_set_ea() (git-fixes).\n- smb: client: fix potential broken compound request (git-fixes).\n- smb: client: fix renaming of reparse points (git-fixes).\n- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).\n- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).\n- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).\n- smb: client: handle path separator of created SMB symlinks (git-fixes).\n- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).\n- smb: client: ignore unhandled reparse tags (git-fixes).\n- smb: client: implement -\u003equery_reparse_point() for SMB1 (git-fixes).\n- smb: client: instantiate when creating SFU files (git-fixes).\n- smb: client: introduce -\u003eparse_reparse_point() (git-fixes).\n- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).\n- smb: client: introduce cifs_sfu_make_node() (git-fixes).\n- smb: client: introduce reparse mount option (git-fixes).\n- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).\n- smb: client: move most of reparse point handling code to common file (git-fixes).\n- smb: client: move some params to cifs_open_info_data (bsc#1231432).\n- smb: client: optimise reparse point querying (git-fixes).\n- smb: client: parse owner/group when creating reparse points (git-fixes).\n- smb: client: parse reparse point flag in create response (bsc#1231432).\n- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).\n- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).\n- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).\n- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).\n- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).\n- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).\n- smb: client: retry compound request without reusing lease (git-fixes).\n- smb: client: return reparse type in /proc/mounts (git-fixes).\n- smb: client: reuse file lease key in compound operations (git-fixes).\n- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).\n- smb: client: set correct file type from NFS reparse points (git-fixes).\n- smb: client: stop revalidating reparse points unnecessarily (git-fixes).\n- smb: use kernel_connect() and kernel_bind() (git-fixes).\n- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).\n- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).\n- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).\n- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).\n- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).\n- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).\n- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).\n- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).\n- spi: sn-f-ospi: Fix division by zero (git-fixes).\n- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).\n- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).\n- tools: fix annoying \u0027mkdir -p ...\u0027 logs when building tools in parallel (git-fixes).\n- tty: xilinx_uartps: split sysrq handling (git-fixes).\n- ublk: fix error code for unsupported command (git-fixes).\n- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).\n- ublk: move ublk_cancel_dev() out of ub-\u003emutex (git-fixes).\n- ublk: move zone report data out of request pdu (git-fixes).\n- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).\n- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).\n- usb: chipidea: ci_hdrc_imx: decrement device\u0027s refcount in .remove() and in the error path of .probe() (git-fixes).\n- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).\n- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).\n- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).\n- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).\n- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).\n- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).\n- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).\n- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).\n- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).\n- usb: roles: set switch registered flag early on (git-fixes).\n- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).\n- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).\n- usbnet: ipheth: document scope of NCM implementation (stable-fixes).\n- util_macros.h: fix/rework find_closest() macros (git-fixes).\n- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).\n- virtio-mem: check if the config changed before fake offlining memory (git-fixes).\n- virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes).\n- virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes).\n- virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes).\n- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- virtio: hookup irq_get_affinity callback (bsc#1236896).\n- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).\n- vsock/virtio: cancel close work in the destructor (git-fixes)\n- vsock: Keep the binding until socket destruction (git-fixes)\n- vsock: reset socket state when de-assigning the transport (git-fixes)\n- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).\n- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).\n- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).\n- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).\n- wifi: iwlwifi: avoid memory leak (stable-fixes).\n- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).\n- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).\n- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).\n- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).\n- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).\n- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).\n- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).\n- x86/asm: Make serialize() always_inline (git-fixes).\n- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).\n- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).\n- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).\n- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).\n- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).\n- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).\n- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).\n- xen/swiotlb: relax alignment requirements (git-fixes).\n- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).\n- zram: clear IDLE flag after recompression (git-fixes).\n- zram: clear IDLE flag in mark_idle() (git-fixes).\n- zram: do not mark idle slots that cannot be idle (git-fixes).\n- zram: fix potential UAF of zram table (git-fixes).\n- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).\n- zram: refuse to use zero sized block device as backing device (git-fixes).\n- zram: split memory-tracking and ac-time tracking (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).\n- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)\n- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)\n- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)\n- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).\n- drm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in resource_build_scaling_params (git-fixes).\n- drm/sched: Fix preprocessor guard (git-fixes).\n- exfat: do not zero the extended part (bsc#1237356).\n- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).\n- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).\n- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).\n- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).\n- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)\n- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)\n- scsi: core: Do not retry I/Os during depopulation (git-fixes).\n- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).\n- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).\n- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).\n- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).\n- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).\n- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).\n- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).\n- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).\n- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).\n- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).\n- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).\n- scsi: myrb: Remove dead code (git-fixes).\n- scsi: qedi: Fix potential deadlock on \u0026qedi_percpu-\u003ep_work_lock (git-fixes).\n- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).\n- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).\n- scsi: sg: Enable runtime power management (git-fixes).\n- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).\n- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).\n- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).\n- wifi: iwlwifi: limit printed string from FW file (git-fixes).\n- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).\n- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-847,SUSE-SLE-Module-Public-Cloud-15-SP6-2025-847,openSUSE-SLE-15.6-2025-847",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0847-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0847-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0847-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020505.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1219367",
"url": "https://bugzilla.suse.com/1219367"
},
{
"category": "self",
"summary": "SUSE Bug 1222672",
"url": "https://bugzilla.suse.com/1222672"
},
{
"category": "self",
"summary": "SUSE Bug 1222803",
"url": "https://bugzilla.suse.com/1222803"
},
{
"category": "self",
"summary": "SUSE Bug 1225606",
"url": "https://bugzilla.suse.com/1225606"
},
{
"category": "self",
"summary": "SUSE Bug 1225742",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "self",
"summary": "SUSE Bug 1225981",
"url": "https://bugzilla.suse.com/1225981"
},
{
"category": "self",
"summary": "SUSE Bug 1227937",
"url": "https://bugzilla.suse.com/1227937"
},
{
"category": "self",
"summary": "SUSE Bug 1228521",
"url": "https://bugzilla.suse.com/1228521"
},
{
"category": "self",
"summary": "SUSE Bug 1230235",
"url": "https://bugzilla.suse.com/1230235"
},
{
"category": "self",
"summary": "SUSE Bug 1230438",
"url": "https://bugzilla.suse.com/1230438"
},
{
"category": "self",
"summary": "SUSE Bug 1230439",
"url": "https://bugzilla.suse.com/1230439"
},
{
"category": "self",
"summary": "SUSE Bug 1230497",
"url": "https://bugzilla.suse.com/1230497"
},
{
"category": "self",
"summary": "SUSE Bug 1231088",
"url": "https://bugzilla.suse.com/1231088"
},
{
"category": "self",
"summary": "SUSE Bug 1231432",
"url": "https://bugzilla.suse.com/1231432"
},
{
"category": "self",
"summary": "SUSE Bug 1231912",
"url": "https://bugzilla.suse.com/1231912"
},
{
"category": "self",
"summary": "SUSE Bug 1231920",
"url": "https://bugzilla.suse.com/1231920"
},
{
"category": "self",
"summary": "SUSE Bug 1231949",
"url": "https://bugzilla.suse.com/1231949"
},
{
"category": "self",
"summary": "SUSE Bug 1232159",
"url": "https://bugzilla.suse.com/1232159"
},
{
"category": "self",
"summary": "SUSE Bug 1232198",
"url": "https://bugzilla.suse.com/1232198"
},
{
"category": "self",
"summary": "SUSE Bug 1232201",
"url": "https://bugzilla.suse.com/1232201"
},
{
"category": "self",
"summary": "SUSE Bug 1232299",
"url": "https://bugzilla.suse.com/1232299"
},
{
"category": "self",
"summary": "SUSE Bug 1232508",
"url": "https://bugzilla.suse.com/1232508"
},
{
"category": "self",
"summary": "SUSE Bug 1232520",
"url": "https://bugzilla.suse.com/1232520"
},
{
"category": "self",
"summary": "SUSE Bug 1232919",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "self",
"summary": "SUSE Bug 1233028",
"url": "https://bugzilla.suse.com/1233028"
},
{
"category": "self",
"summary": "SUSE Bug 1233109",
"url": "https://bugzilla.suse.com/1233109"
},
{
"category": "self",
"summary": "SUSE Bug 1233483",
"url": "https://bugzilla.suse.com/1233483"
},
{
"category": "self",
"summary": "SUSE Bug 1233749",
"url": "https://bugzilla.suse.com/1233749"
},
{
"category": "self",
"summary": "SUSE Bug 1234070",
"url": "https://bugzilla.suse.com/1234070"
},
{
"category": "self",
"summary": "SUSE Bug 1234853",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "self",
"summary": "SUSE Bug 1234857",
"url": "https://bugzilla.suse.com/1234857"
},
{
"category": "self",
"summary": "SUSE Bug 1234891",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "self",
"summary": "SUSE Bug 1234894",
"url": "https://bugzilla.suse.com/1234894"
},
{
"category": "self",
"summary": "SUSE Bug 1234895",
"url": "https://bugzilla.suse.com/1234895"
},
{
"category": "self",
"summary": "SUSE Bug 1234896",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "self",
"summary": "SUSE Bug 1234963",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "self",
"summary": "SUSE Bug 1235032",
"url": "https://bugzilla.suse.com/1235032"
},
{
"category": "self",
"summary": "SUSE Bug 1235054",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "self",
"summary": "SUSE Bug 1235061",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "self",
"summary": "SUSE Bug 1235073",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "self",
"summary": "SUSE Bug 1235244",
"url": "https://bugzilla.suse.com/1235244"
},
{
"category": "self",
"summary": "SUSE Bug 1235435",
"url": "https://bugzilla.suse.com/1235435"
},
{
"category": "self",
"summary": "SUSE Bug 1235441",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "self",
"summary": "SUSE Bug 1235485",
"url": "https://bugzilla.suse.com/1235485"
},
{
"category": "self",
"summary": "SUSE Bug 1235592",
"url": "https://bugzilla.suse.com/1235592"
},
{
"category": "self",
"summary": "SUSE Bug 1235599",
"url": "https://bugzilla.suse.com/1235599"
},
{
"category": "self",
"summary": "SUSE Bug 1235609",
"url": "https://bugzilla.suse.com/1235609"
},
{
"category": "self",
"summary": "SUSE Bug 1235914",
"url": "https://bugzilla.suse.com/1235914"
},
{
"category": "self",
"summary": "SUSE Bug 1235932",
"url": "https://bugzilla.suse.com/1235932"
},
{
"category": "self",
"summary": "SUSE Bug 1235933",
"url": "https://bugzilla.suse.com/1235933"
},
{
"category": "self",
"summary": "SUSE Bug 1236113",
"url": "https://bugzilla.suse.com/1236113"
},
{
"category": "self",
"summary": "SUSE Bug 1236114",
"url": "https://bugzilla.suse.com/1236114"
},
{
"category": "self",
"summary": "SUSE Bug 1236115",
"url": "https://bugzilla.suse.com/1236115"
},
{
"category": "self",
"summary": "SUSE Bug 1236122",
"url": "https://bugzilla.suse.com/1236122"
},
{
"category": "self",
"summary": "SUSE Bug 1236123",
"url": "https://bugzilla.suse.com/1236123"
},
{
"category": "self",
"summary": "SUSE Bug 1236133",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "self",
"summary": "SUSE Bug 1236138",
"url": "https://bugzilla.suse.com/1236138"
},
{
"category": "self",
"summary": "SUSE Bug 1236199",
"url": "https://bugzilla.suse.com/1236199"
},
{
"category": "self",
"summary": "SUSE Bug 1236200",
"url": "https://bugzilla.suse.com/1236200"
},
{
"category": "self",
"summary": "SUSE Bug 1236203",
"url": "https://bugzilla.suse.com/1236203"
},
{
"category": "self",
"summary": "SUSE Bug 1236205",
"url": "https://bugzilla.suse.com/1236205"
},
{
"category": "self",
"summary": "SUSE Bug 1236573",
"url": "https://bugzilla.suse.com/1236573"
},
{
"category": "self",
"summary": "SUSE Bug 1236575",
"url": "https://bugzilla.suse.com/1236575"
},
{
"category": "self",
"summary": "SUSE Bug 1236576",
"url": "https://bugzilla.suse.com/1236576"
},
{
"category": "self",
"summary": "SUSE Bug 1236591",
"url": "https://bugzilla.suse.com/1236591"
},
{
"category": "self",
"summary": "SUSE Bug 1236661",
"url": "https://bugzilla.suse.com/1236661"
},
{
"category": "self",
"summary": "SUSE Bug 1236677",
"url": "https://bugzilla.suse.com/1236677"
},
{
"category": "self",
"summary": "SUSE Bug 1236680",
"url": "https://bugzilla.suse.com/1236680"
},
{
"category": "self",
"summary": "SUSE Bug 1236681",
"url": "https://bugzilla.suse.com/1236681"
},
{
"category": "self",
"summary": "SUSE Bug 1236682",
"url": "https://bugzilla.suse.com/1236682"
},
{
"category": "self",
"summary": "SUSE Bug 1236683",
"url": "https://bugzilla.suse.com/1236683"
},
{
"category": "self",
"summary": "SUSE Bug 1236684",
"url": "https://bugzilla.suse.com/1236684"
},
{
"category": "self",
"summary": "SUSE Bug 1236685",
"url": "https://bugzilla.suse.com/1236685"
},
{
"category": "self",
"summary": "SUSE Bug 1236689",
"url": "https://bugzilla.suse.com/1236689"
},
{
"category": "self",
"summary": "SUSE Bug 1236694",
"url": "https://bugzilla.suse.com/1236694"
},
{
"category": "self",
"summary": "SUSE Bug 1236700",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "self",
"summary": "SUSE Bug 1236702",
"url": "https://bugzilla.suse.com/1236702"
},
{
"category": "self",
"summary": "SUSE Bug 1236752",
"url": "https://bugzilla.suse.com/1236752"
},
{
"category": "self",
"summary": "SUSE Bug 1236759",
"url": "https://bugzilla.suse.com/1236759"
},
{
"category": "self",
"summary": "SUSE Bug 1236761",
"url": "https://bugzilla.suse.com/1236761"
},
{
"category": "self",
"summary": "SUSE Bug 1236821",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "self",
"summary": "SUSE Bug 1236822",
"url": "https://bugzilla.suse.com/1236822"
},
{
"category": "self",
"summary": "SUSE Bug 1236896",
"url": "https://bugzilla.suse.com/1236896"
},
{
"category": "self",
"summary": "SUSE Bug 1236897",
"url": "https://bugzilla.suse.com/1236897"
},
{
"category": "self",
"summary": "SUSE Bug 1236952",
"url": "https://bugzilla.suse.com/1236952"
},
{
"category": "self",
"summary": "SUSE Bug 1236967",
"url": "https://bugzilla.suse.com/1236967"
},
{
"category": "self",
"summary": "SUSE Bug 1236994",
"url": "https://bugzilla.suse.com/1236994"
},
{
"category": "self",
"summary": "SUSE Bug 1237007",
"url": "https://bugzilla.suse.com/1237007"
},
{
"category": "self",
"summary": "SUSE Bug 1237017",
"url": "https://bugzilla.suse.com/1237017"
},
{
"category": "self",
"summary": "SUSE Bug 1237025",
"url": "https://bugzilla.suse.com/1237025"
},
{
"category": "self",
"summary": "SUSE Bug 1237028",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "self",
"summary": "SUSE Bug 1237045",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "self",
"summary": "SUSE Bug 1237126",
"url": "https://bugzilla.suse.com/1237126"
},
{
"category": "self",
"summary": "SUSE Bug 1237132",
"url": "https://bugzilla.suse.com/1237132"
},
{
"category": "self",
"summary": "SUSE Bug 1237139",
"url": "https://bugzilla.suse.com/1237139"
},
{
"category": "self",
"summary": "SUSE Bug 1237155",
"url": "https://bugzilla.suse.com/1237155"
},
{
"category": "self",
"summary": "SUSE Bug 1237158",
"url": "https://bugzilla.suse.com/1237158"
},
{
"category": "self",
"summary": "SUSE Bug 1237159",
"url": "https://bugzilla.suse.com/1237159"
},
{
"category": "self",
"summary": "SUSE Bug 1237232",
"url": "https://bugzilla.suse.com/1237232"
},
{
"category": "self",
"summary": "SUSE Bug 1237234",
"url": "https://bugzilla.suse.com/1237234"
},
{
"category": "self",
"summary": "SUSE Bug 1237325",
"url": "https://bugzilla.suse.com/1237325"
},
{
"category": "self",
"summary": "SUSE Bug 1237356",
"url": "https://bugzilla.suse.com/1237356"
},
{
"category": "self",
"summary": "SUSE Bug 1237415",
"url": "https://bugzilla.suse.com/1237415"
},
{
"category": "self",
"summary": "SUSE Bug 1237452",
"url": "https://bugzilla.suse.com/1237452"
},
{
"category": "self",
"summary": "SUSE Bug 1237504",
"url": "https://bugzilla.suse.com/1237504"
},
{
"category": "self",
"summary": "SUSE Bug 1237521",
"url": "https://bugzilla.suse.com/1237521"
},
{
"category": "self",
"summary": "SUSE Bug 1237558",
"url": "https://bugzilla.suse.com/1237558"
},
{
"category": "self",
"summary": "SUSE Bug 1237562",
"url": "https://bugzilla.suse.com/1237562"
},
{
"category": "self",
"summary": "SUSE Bug 1237563",
"url": "https://bugzilla.suse.com/1237563"
},
{
"category": "self",
"summary": "SUSE Bug 1237848",
"url": "https://bugzilla.suse.com/1237848"
},
{
"category": "self",
"summary": "SUSE Bug 1237849",
"url": "https://bugzilla.suse.com/1237849"
},
{
"category": "self",
"summary": "SUSE Bug 1237879",
"url": "https://bugzilla.suse.com/1237879"
},
{
"category": "self",
"summary": "SUSE Bug 1237889",
"url": "https://bugzilla.suse.com/1237889"
},
{
"category": "self",
"summary": "SUSE Bug 1237891",
"url": "https://bugzilla.suse.com/1237891"
},
{
"category": "self",
"summary": "SUSE Bug 1237901",
"url": "https://bugzilla.suse.com/1237901"
},
{
"category": "self",
"summary": "SUSE Bug 1237950",
"url": "https://bugzilla.suse.com/1237950"
},
{
"category": "self",
"summary": "SUSE Bug 1238214",
"url": "https://bugzilla.suse.com/1238214"
},
{
"category": "self",
"summary": "SUSE Bug 1238303",
"url": "https://bugzilla.suse.com/1238303"
},
{
"category": "self",
"summary": "SUSE Bug 1238347",
"url": "https://bugzilla.suse.com/1238347"
},
{
"category": "self",
"summary": "SUSE Bug 1238368",
"url": "https://bugzilla.suse.com/1238368"
},
{
"category": "self",
"summary": "SUSE Bug 1238494",
"url": "https://bugzilla.suse.com/1238494"
},
{
"category": "self",
"summary": "SUSE Bug 1238496",
"url": "https://bugzilla.suse.com/1238496"
},
{
"category": "self",
"summary": "SUSE Bug 1238509",
"url": "https://bugzilla.suse.com/1238509"
},
{
"category": "self",
"summary": "SUSE Bug 1238521",
"url": "https://bugzilla.suse.com/1238521"
},
{
"category": "self",
"summary": "SUSE Bug 1238525",
"url": "https://bugzilla.suse.com/1238525"
},
{
"category": "self",
"summary": "SUSE Bug 1238570",
"url": "https://bugzilla.suse.com/1238570"
},
{
"category": "self",
"summary": "SUSE Bug 1238739",
"url": "https://bugzilla.suse.com/1238739"
},
{
"category": "self",
"summary": "SUSE Bug 1238751",
"url": "https://bugzilla.suse.com/1238751"
},
{
"category": "self",
"summary": "SUSE Bug 1238753",
"url": "https://bugzilla.suse.com/1238753"
},
{
"category": "self",
"summary": "SUSE Bug 1238759",
"url": "https://bugzilla.suse.com/1238759"
},
{
"category": "self",
"summary": "SUSE Bug 1238860",
"url": "https://bugzilla.suse.com/1238860"
},
{
"category": "self",
"summary": "SUSE Bug 1238863",
"url": "https://bugzilla.suse.com/1238863"
},
{
"category": "self",
"summary": "SUSE Bug 1238877",
"url": "https://bugzilla.suse.com/1238877"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52924 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52925 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26708 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26810 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45010 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46858 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47701 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49884 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49950 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50029 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50036 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50073 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50115 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50142 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50185 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50294 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50294/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53123 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53147 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53173 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53177 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53178 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53226 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53239 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56539 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56548 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56568 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56568/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56579 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56592 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56592/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56605 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56605/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56633 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56647 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56658 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56720 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57882 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57889 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57948 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57979 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57979/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21636 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21637 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21638 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21639 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21640 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21647 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21665 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21666 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21667 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21668 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21669 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21670 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21675 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21675/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21680 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21681 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21684 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21687 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21688 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21689 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21689/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21690 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21699 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21705 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21715 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21716 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21719 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21733 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21767 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21790 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21799 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21802 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21802/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-03-12T13:00:02Z",
"generator": {
"date": "2025-03-12T13:00:02Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0847-1",
"initial_release_date": "2025-03-12T13:00:02Z",
"revision_history": [
{
"date": "2025-03-12T13:00:02Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"product": {
"name": "cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"product_id": "cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"product": {
"name": "dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"product_id": "dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"product": {
"name": "gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"product_id": "gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-6.4.0-150600.8.31.1.aarch64",
"product": {
"name": "kernel-azure-6.4.0-150600.8.31.1.aarch64",
"product_id": "kernel-azure-6.4.0-150600.8.31.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"product": {
"name": "kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"product_id": "kernel-azure-devel-6.4.0-150600.8.31.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"product": {
"name": "kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"product_id": "kernel-azure-extra-6.4.0-150600.8.31.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"product": {
"name": "kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"product_id": "kernel-azure-optional-6.4.0-150600.8.31.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"product": {
"name": "kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"product_id": "kernel-syms-azure-6.4.0-150600.8.31.1.aarch64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"product": {
"name": "kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"product_id": "kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"product": {
"name": "ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"product_id": "ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"product": {
"name": "reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"product_id": "reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"product": {
"name": "kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"product_id": "kernel-devel-azure-6.4.0-150600.8.31.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"product": {
"name": "kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"product_id": "kernel-source-azure-6.4.0-150600.8.31.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"product": {
"name": "cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"product_id": "cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"product": {
"name": "dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"product_id": "dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"product": {
"name": "gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"product_id": "gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-6.4.0-150600.8.31.1.x86_64",
"product": {
"name": "kernel-azure-6.4.0-150600.8.31.1.x86_64",
"product_id": "kernel-azure-6.4.0-150600.8.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"product": {
"name": "kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"product_id": "kernel-azure-devel-6.4.0-150600.8.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"product": {
"name": "kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"product_id": "kernel-azure-extra-6.4.0-150600.8.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"product": {
"name": "kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"product_id": "kernel-azure-optional-6.4.0-150600.8.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"product": {
"name": "kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"product_id": "kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"product": {
"name": "kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"product_id": "kernel-syms-azure-6.4.0-150600.8.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"product": {
"name": "kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"product_id": "kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"product": {
"name": "ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"product_id": "ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"product": {
"name": "reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"product_id": "reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-6.4.0-150600.8.31.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64"
},
"product_reference": "kernel-azure-6.4.0-150600.8.31.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-6.4.0-150600.8.31.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "kernel-azure-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-6.4.0-150600.8.31.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64"
},
"product_reference": "kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-6.4.0-150600.8.31.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-azure-6.4.0-150600.8.31.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch"
},
"product_reference": "kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-azure-6.4.0-150600.8.31.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch"
},
"product_reference": "kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-6.4.0-150600.8.31.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64"
},
"product_reference": "kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-6.4.0-150600.8.31.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64"
},
"product_reference": "cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64"
},
"product_reference": "dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64"
},
"product_reference": "gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-6.4.0-150600.8.31.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64"
},
"product_reference": "kernel-azure-6.4.0-150600.8.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-6.4.0-150600.8.31.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "kernel-azure-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-6.4.0-150600.8.31.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64"
},
"product_reference": "kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-6.4.0-150600.8.31.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-extra-6.4.0-150600.8.31.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64"
},
"product_reference": "kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-extra-6.4.0-150600.8.31.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-optional-6.4.0-150600.8.31.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64"
},
"product_reference": "kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-optional-6.4.0-150600.8.31.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-azure-6.4.0-150600.8.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch"
},
"product_reference": "kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-azure-6.4.0-150600.8.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch"
},
"product_reference": "kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-6.4.0-150600.8.31.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64"
},
"product_reference": "kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-6.4.0-150600.8.31.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64"
},
"product_reference": "kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64"
},
"product_reference": "ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64"
},
"product_reference": "reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t skip expired elements during walk\n\nThere is an asymmetry between commit/abort and preparation phase if the\nfollowing conditions are met:\n\n1. set is a verdict map (\"1.2.3.4 : jump foo\")\n2. timeouts are enabled\n\nIn this case, following sequence is problematic:\n\n1. element E in set S refers to chain C\n2. userspace requests removal of set S\n3. kernel does a set walk to decrement chain-\u003euse count for all elements\n from preparation phase\n4. kernel does another set walk to remove elements from the commit phase\n (or another walk to do a chain-\u003euse increment for all elements from\n abort phase)\n\nIf E has already expired in 1), it will be ignored during list walk, so its use count\nwon\u0027t have been changed.\n\nThen, when set is culled, -\u003edestroy callback will zap the element via\nnf_tables_set_elem_destroy(), but this function is only safe for\nelements that have been deactivated earlier from the preparation phase:\nlack of earlier deactivate removes the element but leaks the chain use\ncount, which results in a WARN splat when the chain gets removed later,\nplus a leak of the nft_chain structure.\n\nUpdate pipapo_get() not to skip expired elements, otherwise flush\ncommand reports bogus ENOENT errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52924",
"url": "https://www.suse.com/security/cve/CVE-2023-52924"
},
{
"category": "external",
"summary": "SUSE Bug 1236821 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "external",
"summary": "SUSE Bug 1244630 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1244630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2023-52924"
},
{
"cve": "CVE-2023-52925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t fail inserts if duplicate has expired\n\nnftables selftests fail:\nrun-tests.sh testcases/sets/0044interval_overlap_0\nExpected: 0-2 . 0-3, got:\nW: [FAILED] ./testcases/sets/0044interval_overlap_0: got 1\n\nInsertion must ignore duplicate but expired entries.\n\nMoreover, there is a strange asymmetry in nft_pipapo_activate:\n\nIt refetches the current element, whereas the other -\u003eactivate callbacks\n(bitmap, hash, rhash, rbtree) use elem-\u003epriv.\nSame for .remove: other set implementations take elem-\u003epriv,\nnft_pipapo_remove fetches elem-\u003epriv, then does a relookup,\nremove this.\n\nI suspect this was the reason for the change that prompted the\nremoval of the expired check in pipapo_get() in the first place,\nbut skipping exired elements there makes no sense to me, this helper\nis used for normal get requests, insertions (duplicate check)\nand deactivate callback.\n\nIn first two cases expired elements must be skipped.\n\nFor -\u003edeactivate(), this gets called for DELSETELEM, so it\nseems to me that expired elements should be skipped as well, i.e.\ndelete request should fail with -ENOENT error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52925",
"url": "https://www.suse.com/security/cve/CVE-2023-52925"
},
{
"category": "external",
"summary": "SUSE Bug 1236822 for CVE-2023-52925",
"url": "https://bugzilla.suse.com/1236822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2023-52925"
},
{
"cve": "CVE-2024-26708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: really cope with fastopen race\n\nFastopen and PM-trigger subflow shutdown can race, as reported by\nsyzkaller.\n\nIn my first attempt to close such race, I missed the fact that\nthe subflow status can change again before the subflow_state_change\ncallback is invoked.\n\nAddress the issue additionally copying with all the states directly\nreachable from TCP_FIN_WAIT1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26708",
"url": "https://www.suse.com/security/cve/CVE-2024-26708"
},
{
"category": "external",
"summary": "SUSE Bug 1222672 for CVE-2024-26708",
"url": "https://bugzilla.suse.com/1222672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-26708"
},
{
"cve": "CVE-2024-26810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Lock external INTx masking ops\n\nMask operations through config space changes to DisINTx may race INTx\nconfiguration changes via ioctl. Create wrappers that add locking for\npaths outside of the core interrupt code.\n\nIn particular, irq_type is updated holding igate, therefore testing\nis_intx() requires holding igate. For example clearing DisINTx from\nconfig space can otherwise race changes of the interrupt configuration.\n\nThis aligns interfaces which may trigger the INTx eventfd into two\ncamps, one side serialized by igate and the other only enabled while\nINTx is configured. A subsequent patch introduces synchronization for\nthe latter flows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26810",
"url": "https://www.suse.com/security/cve/CVE-2024-26810"
},
{
"category": "external",
"summary": "SUSE Bug 1222803 for CVE-2024-26810",
"url": "https://bugzilla.suse.com/1222803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-26810"
},
{
"cve": "CVE-2024-40980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: replace spin_lock by raw_spin_lock\n\ntrace_drop_common() is called with preemption disabled, and it acquires\na spin_lock. This is problematic for RT kernels because spin_locks are\nsleeping locks in this configuration, which causes the following splat:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47\npreempt_count: 1, expected: 0\nRCU nest depth: 2, expected: 2\n5 locks held by rcuc/47/449:\n #0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210\n #1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130\n #2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210\n #3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70\n #4: ff1100086ee07520 (\u0026data-\u003elock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290\nirq event stamp: 139909\nhardirqs last enabled at (139908): [\u003cffffffffb1df2b33\u003e] _raw_spin_unlock_irqrestore+0x63/0x80\nhardirqs last disabled at (139909): [\u003cffffffffb19bd03d\u003e] trace_drop_common.constprop.0+0x26d/0x290\nsoftirqs last enabled at (139892): [\u003cffffffffb07a1083\u003e] __local_bh_enable_ip+0x103/0x170\nsoftirqs last disabled at (139898): [\u003cffffffffb0909b33\u003e] rcu_cpu_kthread+0x93/0x1f0\nPreemption disabled at:\n[\u003cffffffffb1de786b\u003e] rt_mutex_slowunlock+0xab/0x2e0\nCPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7\nHardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x8c/0xd0\n dump_stack+0x14/0x20\n __might_resched+0x21e/0x2f0\n rt_spin_lock+0x5e/0x130\n ? trace_drop_common.constprop.0+0xb5/0x290\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_drop_common.constprop.0+0xb5/0x290\n ? preempt_count_sub+0x1c/0xd0\n ? _raw_spin_unlock_irqrestore+0x4a/0x80\n ? __pfx_trace_drop_common.constprop.0+0x10/0x10\n ? rt_mutex_slowunlock+0x26a/0x2e0\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_rt_mutex_slowunlock+0x10/0x10\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_kfree_skb_hit+0x15/0x20\n trace_kfree_skb+0xe9/0x150\n kfree_skb_reason+0x7b/0x110\n skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_skb_queue_purge_reason.part.0+0x10/0x10\n ? mark_lock.part.0+0x8a/0x520\n...\n\ntrace_drop_common() also disables interrupts, but this is a minor issue\nbecause we could easily replace it with a local_lock.\n\nReplace the spin_lock with raw_spin_lock to avoid sleeping in atomic\ncontext.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40980",
"url": "https://www.suse.com/security/cve/CVE-2024-40980"
},
{
"category": "external",
"summary": "SUSE Bug 1227937 for CVE-2024-40980",
"url": "https://bugzilla.suse.com/1227937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-40980"
},
{
"cve": "CVE-2024-41055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: prevent derefencing NULL ptr in pfn_section_valid()\n\nCommit 5ec8e8ea8b77 (\"mm/sparsemem: fix race in accessing\nmemory_section-\u003eusage\") changed pfn_section_valid() to add a READ_ONCE()\ncall around \"ms-\u003eusage\" to fix a race with section_deactivate() where\nms-\u003eusage can be cleared. The READ_ONCE() call, by itself, is not enough\nto prevent NULL pointer dereference. We need to check its value before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41055",
"url": "https://www.suse.com/security/cve/CVE-2024-41055"
},
{
"category": "external",
"summary": "SUSE Bug 1228521 for CVE-2024-41055",
"url": "https://bugzilla.suse.com/1228521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-41055"
},
{
"cve": "CVE-2024-44974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44974",
"url": "https://www.suse.com/security/cve/CVE-2024-44974"
},
{
"category": "external",
"summary": "SUSE Bug 1230235 for CVE-2024-44974",
"url": "https://bugzilla.suse.com/1230235"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-44974"
},
{
"cve": "CVE-2024-45009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the \"remove single subflow\" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \u0027subflow\u0027 endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\u0027s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45009",
"url": "https://www.suse.com/security/cve/CVE-2024-45009"
},
{
"category": "external",
"summary": "SUSE Bug 1230438 for CVE-2024-45009",
"url": "https://bugzilla.suse.com/1230438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-45009"
},
{
"cve": "CVE-2024-45010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \u0027subflow\u0027 endp as available\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the \"remove single address\" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \u0027signal\u0027 endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\u0027subflow\u0027 endpoints, and here it is a \u0027signal\u0027 endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \u0027subflow\u0027 endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45010",
"url": "https://www.suse.com/security/cve/CVE-2024-45010"
},
{
"category": "external",
"summary": "SUSE Bug 1230439 for CVE-2024-45010",
"url": "https://bugzilla.suse.com/1230439"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-45010"
},
{
"cve": "CVE-2024-46858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: Fix uaf in __timer_delete_sync\n\nThere are two paths to access mptcp_pm_del_add_timer, result in a race\ncondition:\n\n CPU1\t\t\t\tCPU2\n ==== ====\n net_rx_action\n napi_poll netlink_sendmsg\n __napi_poll netlink_unicast\n process_backlog netlink_unicast_kernel\n __netif_receive_skb genl_rcv\n __netif_receive_skb_one_core netlink_rcv_skb\n NF_HOOK genl_rcv_msg\n ip_local_deliver_finish genl_family_rcv_msg\n ip_protocol_deliver_rcu genl_family_rcv_msg_doit\n tcp_v4_rcv mptcp_pm_nl_flush_addrs_doit\n tcp_v4_do_rcv mptcp_nl_remove_addrs_list\n tcp_rcv_established mptcp_pm_remove_addrs_and_subflows\n tcp_data_queue remove_anno_list_by_saddr\n mptcp_incoming_options mptcp_pm_del_add_timer\n mptcp_pm_del_add_timer kfree(entry)\n\nIn remove_anno_list_by_saddr(running on CPU2), after leaving the critical\nzone protected by \"pm.lock\", the entry will be released, which leads to the\noccurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1).\n\nKeeping a reference to add_timer inside the lock, and calling\nsk_stop_timer_sync() with this reference, instead of \"entry-\u003eadd_timer\".\n\nMove list_del(\u0026entry-\u003elist) to mptcp_pm_del_add_timer and inside the pm lock,\ndo not directly access any members of the entry outside the pm lock, which\ncan avoid similar \"entry-\u003ex\" uaf.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46858",
"url": "https://www.suse.com/security/cve/CVE-2024-46858"
},
{
"category": "external",
"summary": "SUSE Bug 1231088 for CVE-2024-46858",
"url": "https://bugzilla.suse.com/1231088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-46858"
},
{
"cve": "CVE-2024-47701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid OOB when system.data xattr changes underneath the filesystem\n\nWhen looking up for an entry in an inlined directory, if e_value_offs is\nchanged underneath the filesystem by some change in the block device, it\nwill lead to an out-of-bounds access that KASAN detects as an UAF.\n\nEXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.\nloop0: detected capacity change from 2048 to 2047\n==================================================================\nBUG: KASAN: use-after-free in ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\nRead of size 1 at addr ffff88803e91130f by task syz-executor269/5103\n\nCPU: 0 UID: 0 PID: 5103 Comm: syz-executor269 Not tainted 6.11.0-rc4-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\n ext4_find_inline_entry+0x4be/0x5e0 fs/ext4/inline.c:1697\n __ext4_find_entry+0x2b4/0x1b30 fs/ext4/namei.c:1573\n ext4_lookup_entry fs/ext4/namei.c:1727 [inline]\n ext4_lookup+0x15f/0x750 fs/ext4/namei.c:1795\n lookup_one_qstr_excl+0x11f/0x260 fs/namei.c:1633\n filename_create+0x297/0x540 fs/namei.c:3980\n do_symlinkat+0xf9/0x3a0 fs/namei.c:4587\n __do_sys_symlinkat fs/namei.c:4610 [inline]\n __se_sys_symlinkat fs/namei.c:4607 [inline]\n __x64_sys_symlinkat+0x95/0xb0 fs/namei.c:4607\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f3e73ced469\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff4d40c258 EFLAGS: 00000246 ORIG_RAX: 000000000000010a\nRAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f3e73ced469\nRDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0\nRBP: 0000000000000000 R08: 00007fff4d40c290 R09: 00007fff4d40c290\nR10: 0023706f6f6c2f76 R11: 0000000000000246 R12: 00007fff4d40c27c\nR13: 0000000000000003 R14: 431bde82d7b634db R15: 00007fff4d40c2b0\n \u003c/TASK\u003e\n\nCalling ext4_xattr_ibody_find right after reading the inode with\next4_get_inode_loc will lead to a check of the validity of the xattrs,\navoiding this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47701",
"url": "https://www.suse.com/security/cve/CVE-2024-47701"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1231920 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1231920"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-47701"
},
{
"cve": "CVE-2024-49884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix slab-use-after-free in ext4_split_extent_at()\n\nWe hit the following use-after-free:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_split_extent_at+0xba8/0xcc0\nRead of size 2 at addr ffff88810548ed08 by task kworker/u20:0/40\nCPU: 0 PID: 40 Comm: kworker/u20:0 Not tainted 6.9.0-dirty #724\nCall Trace:\n \u003cTASK\u003e\n kasan_report+0x93/0xc0\n ext4_split_extent_at+0xba8/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nAllocated by task 40:\n __kmalloc_noprof+0x1ac/0x480\n ext4_find_extent+0xf3b/0x1e70\n ext4_ext_map_blocks+0x188/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nFreed by task 40:\n kfree+0xf1/0x2b0\n ext4_find_extent+0xa71/0x1e70\n ext4_ext_insert_extent+0xa22/0x3260\n ext4_split_extent_at+0x3ef/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n==================================================================\n\nThe flow of issue triggering is as follows:\n\next4_split_extent_at\n path = *ppath\n ext4_ext_insert_extent(ppath)\n ext4_ext_create_new_leaf(ppath)\n ext4_find_extent(orig_path)\n path = *orig_path\n read_extent_tree_block\n // return -ENOMEM or -EIO\n ext4_free_ext_path(path)\n kfree(path)\n *orig_path = NULL\n a. If err is -ENOMEM:\n ext4_ext_dirty(path + path-\u003ep_depth)\n // path use-after-free !!!\n b. If err is -EIO and we have EXT_DEBUG defined:\n ext4_ext_show_leaf(path)\n eh = path[depth].p_hdr\n // path also use-after-free !!!\n\nSo when trying to zeroout or fix the extent length, call ext4_find_extent()\nto update the path.\n\nIn addition we use *ppath directly as an ext4_ext_show_leaf() input to\navoid possible use-after-free when EXT_DEBUG is defined, and to avoid\nunnecessary path updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49884",
"url": "https://www.suse.com/security/cve/CVE-2024-49884"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232198 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1232198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-49884"
},
{
"cve": "CVE-2024-49950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49950"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix uaf in l2cap_connect\n\n[Syzbot reported]\nBUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\nRead of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nWorkqueue: hci2 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\n l2cap_connect_req net/bluetooth/l2cap_core.c:4080 [inline]\n l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline]\n l2cap_recv_frame+0xf0b/0x8eb0 net/bluetooth/l2cap_core.c:6825\n l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514\n hci_acldata_packet net/bluetooth/hci_core.c:3791 [inline]\n hci_rx_work+0xaab/0x1610 net/bluetooth/hci_core.c:4028\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n...\n\nFreed by task 5245:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579\n poison_slab_object+0xf7/0x160 mm/kasan/common.c:240\n __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2256 [inline]\n slab_free mm/slub.c:4477 [inline]\n kfree+0x12a/0x3b0 mm/slub.c:4598\n l2cap_conn_free net/bluetooth/l2cap_core.c:1810 [inline]\n kref_put include/linux/kref.h:65 [inline]\n l2cap_conn_put net/bluetooth/l2cap_core.c:1822 [inline]\n l2cap_conn_del+0x59d/0x730 net/bluetooth/l2cap_core.c:1802\n l2cap_connect_cfm+0x9e6/0xf80 net/bluetooth/l2cap_core.c:7241\n hci_connect_cfm include/net/bluetooth/hci_core.h:1960 [inline]\n hci_conn_failed+0x1c3/0x370 net/bluetooth/hci_conn.c:1265\n hci_abort_conn_sync+0x75a/0xb50 net/bluetooth/hci_sync.c:5583\n abort_conn_sync+0x197/0x360 net/bluetooth/hci_conn.c:2917\n hci_cmd_sync_work+0x1a4/0x410 net/bluetooth/hci_sync.c:328\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49950",
"url": "https://www.suse.com/security/cve/CVE-2024-49950"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232159 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1232159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-49950"
},
{
"cve": "CVE-2024-50029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50029"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync\n\nThis checks if the ACL connection remains valid as it could be destroyed\nwhile hci_enhanced_setup_sync is pending on cmd_sync leading to the\nfollowing trace:\n\nBUG: KASAN: slab-use-after-free in hci_enhanced_setup_sync+0x91b/0xa60\nRead of size 1 at addr ffff888002328ffd by task kworker/u5:2/37\n\nCPU: 0 UID: 0 PID: 37 Comm: kworker/u5:2 Not tainted 6.11.0-rc6-01300-g810be445d8d6 #7099\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ? hci_enhanced_setup_sync+0x91b/0xa60\n print_report+0x152/0x4c0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n ? __virt_addr_valid+0x1fa/0x420\n ? hci_enhanced_setup_sync+0x91b/0xa60\n kasan_report+0xda/0x1b0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n hci_enhanced_setup_sync+0x91b/0xa60\n ? __pfx_hci_enhanced_setup_sync+0x10/0x10\n ? __pfx___mutex_lock+0x10/0x10\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n ? __pfx_lock_acquire+0x10/0x10\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x167/0x240\n worker_thread+0x5b7/0xf60\n ? __kthread_parkme+0xac/0x1c0\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x293/0x360\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2f/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 34:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n __hci_conn_add+0x187/0x17d0\n hci_connect_sco+0x2e1/0xb90\n sco_sock_connect+0x2a2/0xb80\n __sys_connect+0x227/0x2a0\n __x64_sys_connect+0x6d/0xb0\n do_syscall_64+0x71/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 37:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x101/0x160\n kfree+0xd0/0x250\n device_release+0x9a/0x210\n kobject_put+0x151/0x280\n hci_conn_del+0x448/0xbf0\n hci_abort_conn_sync+0x46f/0x980\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n worker_thread+0x5b7/0xf60\n kthread+0x293/0x360\n ret_from_fork+0x2f/0x70\n ret_from_fork_asm+0x1a/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50029",
"url": "https://www.suse.com/security/cve/CVE-2024-50029"
},
{
"category": "external",
"summary": "SUSE Bug 1231949 for CVE-2024-50029",
"url": "https://bugzilla.suse.com/1231949"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-50029"
},
{
"cve": "CVE-2024-50036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not delay dst_entries_add() in dst_release()\n\ndst_entries_add() uses per-cpu data that might be freed at netns\ndismantle from ip6_route_net_exit() calling dst_entries_destroy()\n\nBefore ip6_route_net_exit() can be called, we release all\nthe dsts associated with this netns, via calls to dst_release(),\nwhich waits an rcu grace period before calling dst_destroy()\n\ndst_entries_add() use in dst_destroy() is racy, because\ndst_entries_destroy() could have been called already.\n\nDecrementing the number of dsts must happen sooner.\n\nNotes:\n\n1) in CONFIG_XFRM case, dst_destroy() can call\n dst_release_immediate(child), this might also cause UAF\n if the child does not have DST_NOCOUNT set.\n IPSEC maintainers might take a look and see how to address this.\n\n2) There is also discussion about removing this count of dst,\n which might happen in future kernels.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50036",
"url": "https://www.suse.com/security/cve/CVE-2024-50036"
},
{
"category": "external",
"summary": "SUSE Bug 1231912 for CVE-2024-50036",
"url": "https://bugzilla.suse.com/1231912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-50036"
},
{
"cve": "CVE-2024-50073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50073"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Fix use-after-free in gsm_cleanup_mux\n\nBUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0\ndrivers/tty/n_gsm.c:3160 [n_gsm]\nRead of size 8 at addr ffff88815fe99c00 by task poc/3379\nCPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56\nHardware name: VMware, Inc. VMware Virtual Platform/440BX\nDesktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n \u003cTASK\u003e\n gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]\n __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389\n update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500\n __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846\n __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107\n __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]\n ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195\n ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79\n __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338\n __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\nAllocated by task 65:\n gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]\n gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]\n gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]\n gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]\n tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391\n tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39\n flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445\n process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229\n worker_thread+0x3dc/0x950 kernel/workqueue.c:3391\n kthread+0x2a3/0x370 kernel/kthread.c:389\n ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257\n\nFreed by task 3367:\n kfree+0x126/0x420 mm/slub.c:4580\n gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\n[Analysis]\ngsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux\ncan be freed by multi threads through ioctl,which leads\nto the occurrence of uaf. Protect it by gsm tx lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50073",
"url": "https://www.suse.com/security/cve/CVE-2024-50073"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232520 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1232520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2024-50073"
},
{
"cve": "CVE-2024-50085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow\n\nSyzkaller reported this splat:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n Read of size 4 at addr ffff8880569ac858 by task syz.1.2799/14662\n\n CPU: 0 UID: 0 PID: 14662 Comm: syz.1.2799 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:914 [inline]\n mptcp_nl_remove_id_zero_address+0x305/0x4a0 net/mptcp/pm_netlink.c:1572\n mptcp_pm_nl_del_addr_doit+0x5c9/0x770 net/mptcp/pm_netlink.c:1603\n genl_family_rcv_msg_doit+0x202/0x2f0 net/netlink/genetlink.c:1115\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0x565/0x800 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x165/0x410 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg net/socket.c:744 [inline]\n ____sys_sendmsg+0x9ae/0xb40 net/socket.c:2607\n ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661\n __sys_sendmsg+0x117/0x1f0 net/socket.c:2690\n do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]\n __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386\n do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411\n entry_SYSENTER_compat_after_hwframe+0x84/0x8e\n RIP: 0023:0xf7fe4579\n Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 \u003c5d\u003e 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00\n RSP: 002b:00000000f574556c EFLAGS: 00000296 ORIG_RAX: 0000000000000172\n RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000020000140\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\n Allocated by task 5387:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kmalloc_noprof include/linux/slab.h:878 [inline]\n kzalloc_noprof include/linux/slab.h:1014 [inline]\n subflow_create_ctx+0x87/0x2a0 net/mptcp/subflow.c:1803\n subflow_ulp_init+0xc3/0x4d0 net/mptcp/subflow.c:1956\n __tcp_set_ulp net/ipv4/tcp_ulp.c:146 [inline]\n tcp_set_ulp+0x326/0x7f0 net/ipv4/tcp_ulp.c:167\n mptcp_subflow_create_socket+0x4ae/0x10a0 net/mptcp/subflow.c:1764\n __mptcp_subflow_connect+0x3cc/0x1490 net/mptcp/subflow.c:1592\n mptcp_pm_create_subflow_or_signal_addr+0xbda/0x23a0 net/mptcp/pm_netlink.c:642\n mptcp_pm_nl_fully_established net/mptcp/pm_netlink.c:650 [inline]\n mptcp_pm_nl_work+0x3a1/0x4f0 net/mptcp/pm_netlink.c:943\n mptcp_worker+0x15a/0x1240 net/mptcp/protocol.c:2777\n process_one_work+0x958/0x1b30 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/ke\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50085",
"url": "https://www.suse.com/security/cve/CVE-2024-50085"
},
{
"category": "external",
"summary": "SUSE Bug 1232508 for CVE-2024-50085",
"url": "https://bugzilla.suse.com/1232508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-50085"
},
{
"cve": "CVE-2024-50115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory\n\nIgnore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits\n4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn\u0027t\nenforce 32-byte alignment of nCR3.\n\nIn the absolute worst case scenario, failure to ignore bits 4:0 can result\nin an out-of-bounds read, e.g. if the target page is at the end of a\nmemslot, and the VMM isn\u0027t using guard pages.\n\nPer the APM:\n\n The CR3 register points to the base address of the page-directory-pointer\n table. The page-directory-pointer table is aligned on a 32-byte boundary,\n with the low 5 address bits 4:0 assumed to be 0.\n\nAnd the SDM\u0027s much more explicit:\n\n 4:0 Ignored\n\nNote, KVM gets this right when loading PDPTRs, it\u0027s only the nSVM flow\nthat is broken.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50115",
"url": "https://www.suse.com/security/cve/CVE-2024-50115"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232919 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "external",
"summary": "SUSE Bug 1233019 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1233019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2024-50115"
},
{
"cve": "CVE-2024-50142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset\n\nThis expands the validation introduced in commit 07bf7908950a (\"xfrm:\nValidate address prefix lengths in the xfrm selector.\")\n\nsyzbot created an SA with\n usersa.sel.family = AF_UNSPEC\n usersa.sel.prefixlen_s = 128\n usersa.family = AF_INET\n\nBecause of the AF_UNSPEC selector, verify_newsa_info doesn\u0027t put\nlimits on prefixlen_{s,d}. But then copy_from_user_state sets\nx-\u003esel.family to usersa.family (AF_INET). Do the same conversion in\nverify_newsa_info before validating prefixlen_{s,d}, since that\u0027s how\nprefixlen is going to be used later on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50142",
"url": "https://www.suse.com/security/cve/CVE-2024-50142"
},
{
"category": "external",
"summary": "SUSE Bug 1233028 for CVE-2024-50142",
"url": "https://bugzilla.suse.com/1233028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-50142"
},
{
"cve": "CVE-2024-50185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50185"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle consistently DSS corruption\n\nBugged peer implementation can send corrupted DSS options, consistently\nhitting a few warning in the data path. Use DEBUG_NET assertions, to\navoid the splat on some builds and handle consistently the error, dumping\nrelated MIBs and performing fallback and/or reset according to the\nsubflow type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50185",
"url": "https://www.suse.com/security/cve/CVE-2024-50185"
},
{
"category": "external",
"summary": "SUSE Bug 1233109 for CVE-2024-50185",
"url": "https://bugzilla.suse.com/1233109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-50185"
},
{
"cve": "CVE-2024-50294",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50294"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix missing locking causing hanging calls\n\nIf a call gets aborted (e.g. because kafs saw a signal) between it being\nqueued for connection and the I/O thread picking up the call, the abort\nwill be prioritised over the connection and it will be removed from\nlocal-\u003enew_client_calls by rxrpc_disconnect_client_call() without a lock\nbeing held. This may cause other calls on the list to disappear if a race\noccurs.\n\nFix this by taking the client_call_lock when removing a call from whatever\nlist its -\u003ewait_link happens to be on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50294",
"url": "https://www.suse.com/security/cve/CVE-2024-50294"
},
{
"category": "external",
"summary": "SUSE Bug 1233483 for CVE-2024-50294",
"url": "https://bugzilla.suse.com/1233483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-50294"
},
{
"cve": "CVE-2024-53123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: error out earlier on disconnect\n\nEric reported a division by zero splat in the MPTCP protocol:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainted\n6.12.0-rc5-syzkaller-00291-g05b92660cdfe #0\nHardware name: Google Google Compute Engine/Google Compute Engine,\nBIOS Google 09/13/2024\nRIP: 0010:__tcp_select_window+0x5b4/0x1310 net/ipv4/tcp_output.c:3163\nCode: f6 44 01 e3 89 df e8 9b 75 09 f8 44 39 f3 0f 8d 11 ff ff ff e8\n0d 74 09 f8 45 89 f4 e9 04 ff ff ff e8 00 74 09 f8 44 89 f0 99 \u003cf7\u003e 7c\n24 14 41 29 d6 45 89 f4 e9 ec fe ff ff e8 e8 73 09 f8 48 89\nRSP: 0018:ffffc900041f7930 EFLAGS: 00010293\nRAX: 0000000000017e67 RBX: 0000000000017e67 RCX: ffffffff8983314b\nRDX: 0000000000000000 RSI: ffffffff898331b0 RDI: 0000000000000004\nRBP: 00000000005d6000 R08: 0000000000000004 R09: 0000000000017e67\nR10: 0000000000003e80 R11: 0000000000000000 R12: 0000000000003e80\nR13: ffff888031d9b440 R14: 0000000000017e67 R15: 00000000002eb000\nFS: 00007feb5d7f16c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007feb5d8adbb8 CR3: 0000000074e4c000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n__tcp_cleanup_rbuf+0x3e7/0x4b0 net/ipv4/tcp.c:1493\nmptcp_rcv_space_adjust net/mptcp/protocol.c:2085 [inline]\nmptcp_recvmsg+0x2156/0x2600 net/mptcp/protocol.c:2289\ninet_recvmsg+0x469/0x6a0 net/ipv4/af_inet.c:885\nsock_recvmsg_nosec net/socket.c:1051 [inline]\nsock_recvmsg+0x1b2/0x250 net/socket.c:1073\n__sys_recvfrom+0x1a5/0x2e0 net/socket.c:2265\n__do_sys_recvfrom net/socket.c:2283 [inline]\n__se_sys_recvfrom net/socket.c:2279 [inline]\n__x64_sys_recvfrom+0xe0/0x1c0 net/socket.c:2279\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7feb5d857559\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d\n01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007feb5d7f1208 EFLAGS: 00000246 ORIG_RAX: 000000000000002d\nRAX: ffffffffffffffda RBX: 00007feb5d8e1318 RCX: 00007feb5d857559\nRDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 00007feb5d8e1310 R08: 0000000000000000 R09: ffffffff81000000\nR10: 0000000000000100 R11: 0000000000000246 R12: 00007feb5d8e131c\nR13: 00007feb5d8ae074 R14: 000000800000000e R15: 00000000fffffdef\n\nand provided a nice reproducer.\n\nThe root cause is the current bad handling of racing disconnect.\nAfter the blamed commit below, sk_wait_data() can return (with\nerror) with the underlying socket disconnected and a zero rcv_mss.\n\nCatch the error and return without performing any additional\noperations on the current socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53123",
"url": "https://www.suse.com/security/cve/CVE-2024-53123"
},
{
"category": "external",
"summary": "SUSE Bug 1234070 for CVE-2024-53123",
"url": "https://bugzilla.suse.com/1234070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-53123"
},
{
"cve": "CVE-2024-53147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix out-of-bounds access of directory entries\n\nIn the case of the directory size is greater than or equal to\nthe cluster size, if start_clu becomes an EOF cluster(an invalid\ncluster) due to file system corruption, then the directory entry\nwhere ei-\u003ehint_femp.eidx hint is outside the directory, resulting\nin an out-of-bounds access, which may cause further file system\ncorruption.\n\nThis commit adds a check for start_clu, if it is an invalid cluster,\nthe file or directory will be treated as empty.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53147",
"url": "https://www.suse.com/security/cve/CVE-2024-53147"
},
{
"category": "external",
"summary": "SUSE Bug 1234857 for CVE-2024-53147",
"url": "https://bugzilla.suse.com/1234857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-53147"
},
{
"cve": "CVE-2024-53173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.0: Fix a use-after-free problem in the asynchronous open()\n\nYang Erkun reports that when two threads are opening files at the same\ntime, and are forced to abort before a reply is seen, then the call to\nnfs_release_seqid() in nfs4_opendata_free() can result in a\nuse-after-free of the pointer to the defunct rpc task of the other\nthread.\nThe fix is to ensure that if the RPC call is aborted before the call to\nnfs_wait_on_sequence() is complete, then we must call nfs_release_seqid()\nin nfs4_open_release() before the rpc_task is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53173",
"url": "https://www.suse.com/security/cve/CVE-2024-53173"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234891 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "external",
"summary": "SUSE Bug 1234892 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2024-53173"
},
{
"cve": "CVE-2024-53176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53176"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: During unmount, ensure all cached dir instances drop their dentry\n\nThe unmount process (cifs_kill_sb() calling close_all_cached_dirs()) can\nrace with various cached directory operations, which ultimately results\nin dentries not being dropped and these kernel BUGs:\n\nBUG: Dentry ffff88814f37e358{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nVFS: Busy inodes after unmount of cifs (cifs)\n------------[ cut here ]------------\nkernel BUG at fs/super.c:661!\n\nThis happens when a cfid is in the process of being cleaned up when, and\nhas been removed from the cfids-\u003eentries list, including:\n\n- Receiving a lease break from the server\n- Server reconnection triggers invalidate_all_cached_dirs(), which\n removes all the cfids from the list\n- The laundromat thread decides to expire an old cfid.\n\nTo solve these problems, dropping the dentry is done in queued work done\nin a newly-added cfid_put_wq workqueue, and close_all_cached_dirs()\nflushes that workqueue after it drops all the dentries of which it\u0027s\naware. This is a global workqueue (rather than scoped to a mount), but\nthe queued work is minimal.\n\nThe final cleanup work for cleaning up a cfid is performed via work\nqueued in the serverclose_wq workqueue; this is done separate from\ndropping the dentries so that close_all_cached_dirs() doesn\u0027t block on\nany server operations.\n\nBoth of these queued works expect to invoked with a cfid reference and\na tcon reference to avoid those objects from being freed while the work\nis ongoing.\n\nWhile we\u0027re here, add proper locking to close_all_cached_dirs(), and\nlocking around the freeing of cfid-\u003edentry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53176",
"url": "https://www.suse.com/security/cve/CVE-2024-53176"
},
{
"category": "external",
"summary": "SUSE Bug 1234894 for CVE-2024-53176",
"url": "https://bugzilla.suse.com/1234894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-53176"
},
{
"cve": "CVE-2024-53177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: prevent use-after-free due to open_cached_dir error paths\n\nIf open_cached_dir() encounters an error parsing the lease from the\nserver, the error handling may race with receiving a lease break,\nresulting in open_cached_dir() freeing the cfid while the queued work is\npending.\n\nUpdate open_cached_dir() to drop refs rather than directly freeing the\ncfid.\n\nHave cached_dir_lease_break(), cfids_laundromat_worker(), and\ninvalidate_all_cached_dirs() clear has_lease immediately while still\nholding cfids-\u003ecfid_list_lock, and then use this to also simplify the\nreference counting in cfids_laundromat_worker() and\ninvalidate_all_cached_dirs().\n\nFixes this KASAN splat (which manually injects an error and lease break\nin open_cached_dir()):\n\n==================================================================\nBUG: KASAN: slab-use-after-free in smb2_cached_lease_break+0x27/0xb0\nRead of size 8 at addr ffff88811cc24c10 by task kworker/3:1/65\n\nCPU: 3 UID: 0 PID: 65 Comm: kworker/3:1 Not tainted 6.12.0-rc6-g255cf264e6e5-dirty #87\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nWorkqueue: cifsiod smb2_cached_lease_break\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x77/0xb0\n print_report+0xce/0x660\n kasan_report+0xd3/0x110\n smb2_cached_lease_break+0x27/0xb0\n process_one_work+0x50a/0xc50\n worker_thread+0x2ba/0x530\n kthread+0x17c/0x1c0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n open_cached_dir+0xa7d/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x51/0x70\n kfree+0x174/0x520\n open_cached_dir+0x97f/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nLast potentially related work creation:\n kasan_save_stack+0x33/0x60\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x32/0x100\n __queue_work+0x5c9/0x870\n queue_work_on+0x82/0x90\n open_cached_dir+0x1369/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe buggy address belongs to the object at ffff88811cc24c00\n which belongs to the cache kmalloc-1k of size 1024\nThe buggy address is located 16 bytes inside of\n freed 1024-byte region [ffff88811cc24c00, ffff88811cc25000)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53177",
"url": "https://www.suse.com/security/cve/CVE-2024-53177"
},
{
"category": "external",
"summary": "SUSE Bug 1234896 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "external",
"summary": "SUSE Bug 1235103 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1235103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2024-53177"
},
{
"cve": "CVE-2024-53178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53178"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: Don\u0027t leak cfid when reconnect races with open_cached_dir\n\nopen_cached_dir() may either race with the tcon reconnection even before\ncompound_send_recv() or directly trigger a reconnection via\nSMB2_open_init() or SMB_query_info_init().\n\nThe reconnection process invokes invalidate_all_cached_dirs() via\ncifs_mark_open_files_invalid(), which removes all cfids from the\ncfids-\u003eentries list but doesn\u0027t drop a ref if has_lease isn\u0027t true. This\nresults in the currently-being-constructed cfid not being on the list,\nbut still having a refcount of 2. It leaks if returned from\nopen_cached_dir().\n\nFix this by setting cfid-\u003ehas_lease when the ref is actually taken; the\ncfid will not be used by other threads until it has a valid time.\n\nAddresses these kmemleaks:\n\nunreferenced object 0xffff8881090c4000 (size 1024):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 32 bytes):\n 00 01 00 00 00 00 ad de 22 01 00 00 00 00 ad de ........\".......\n 00 ca 45 22 81 88 ff ff f8 dc 4f 04 81 88 ff ff ..E\"......O.....\n backtrace (crc 6f58c20f):\n [\u003cffffffff8b895a1e\u003e] __kmalloc_cache_noprof+0x2be/0x350\n [\u003cffffffff8bda06e3\u003e] open_cached_dir+0x993/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\nunreferenced object 0xffff8881044fdcf8 (size 8):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 8 bytes):\n 00 cc cc cc cc cc cc cc ........\n backtrace (crc 10c106a9):\n [\u003cffffffff8b89a3d3\u003e] __kmalloc_node_track_caller_noprof+0x363/0x480\n [\u003cffffffff8b7d7256\u003e] kstrdup+0x36/0x60\n [\u003cffffffff8bda0700\u003e] open_cached_dir+0x9b0/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAnd addresses these BUG splats when unmounting the SMB filesystem:\n\nBUG: Dentry ffff888140590ba0{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nWARNING: CPU: 3 PID: 3433 at fs/dcache.c:1536 umount_check+0xd0/0x100\nModules linked in:\nCPU: 3 UID: 0 PID: 3433 Comm: bash Not tainted 6.12.0-rc4-g850925a8133c-dirty #49\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nRIP: 0010:umount_check+0xd0/0x100\nCode: 8d 7c 24 40 e8 31 5a f4 ff 49 8b 54 24 40 41 56 49 89 e9 45 89 e8 48 89 d9 41 57 48 89 de 48 c7 c7 80 e7 db ac e8 f0 72 9a ff \u003c0f\u003e 0b 58 31 c0 5a 5b 5d 41 5c 41 5d 41 5e 41 5f e9 2b e5 5d 01 41\nRSP: 0018:ffff88811cc27978 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888140590ba0 RCX: ffffffffaaf20bae\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881f6fb6f40\nRBP: ffff8881462ec000 R08: 0000000000000001 R09: ffffed1023984ee3\nR10: ffff88811cc2771f R11: 00000000016cfcc0 R12: ffff888134383e08\nR13: 0000000000000002 R14: ffff8881462ec668 R15: ffffffffaceab4c0\nFS: 00007f23bfa98740(0000) GS:ffff8881f6f80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556de4a6f808 CR3: 0000000123c80000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n d_walk+0x6a/0x530\n shrink_dcache_for_umount+0x6a/0x200\n generic_shutdown_super+0x52/0x2a0\n kill_anon_super+0x22/0x40\n cifs_kill_sb+0x159/0x1e0\n deactivate_locked_super+0x66/0xe0\n cleanup_mnt+0x140/0x210\n task_work_run+0xfb/0x170\n syscall_exit_to_user_mode+0x29f/0x2b0\n do_syscall_64+0xa1/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f23bfb93ae7\nCode: ff ff ff ff c3 66 0f 1f 44 00 00 48 8b 0d 11 93 0d 00 f7 d8 64 89 01 b8 ff ff ff ff eb bf 0f 1f 44 00 00 b8 50 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d e9 92 0d 00 f7 d8 64 89 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53178",
"url": "https://www.suse.com/security/cve/CVE-2024-53178"
},
{
"category": "external",
"summary": "SUSE Bug 1234895 for CVE-2024-53178",
"url": "https://bugzilla.suse.com/1234895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-53178"
},
{
"cve": "CVE-2024-53226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53226"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()\n\nib_map_mr_sg() allows ULPs to specify NULL as the sg_offset argument.\nThe driver needs to check whether it is a NULL pointer before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53226",
"url": "https://www.suse.com/security/cve/CVE-2024-53226"
},
{
"category": "external",
"summary": "SUSE Bug 1236576 for CVE-2024-53226",
"url": "https://bugzilla.suse.com/1236576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-53226"
},
{
"cve": "CVE-2024-53239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: 6fire: Release resources at card release\n\nThe current 6fire code tries to release the resources right after the\ncall of usb6fire_chip_abort(). But at this moment, the card object\nmight be still in use (as we\u0027re calling snd_card_free_when_closed()).\n\nFor avoid potential UAFs, move the release of resources to the card\u0027s\nprivate_free instead of the manual call of usb6fire_chip_destroy() at\nthe USB disconnect callback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53239",
"url": "https://www.suse.com/security/cve/CVE-2024-53239"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235054 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "external",
"summary": "SUSE Bug 1235055 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2024-53239"
},
{
"cve": "CVE-2024-56539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()\n\nReplace one-element array with a flexible-array member in `struct\nmwifiex_ie_types_wildcard_ssid_params` to fix the following warning\non a MT8173 Chromebook (mt8173-elm-hana):\n\n[ 356.775250] ------------[ cut here ]------------\n[ 356.784543] memcpy: detected field-spanning write (size 6) of single field \"wildcard_ssid_tlv-\u003essid\" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1)\n[ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex]\n\nThe \"(size 6)\" above is exactly the length of the SSID of the network\nthis device was connected to. The source of the warning looks like:\n\n ssid_len = user_scan_in-\u003essid_list[i].ssid_len;\n [...]\n memcpy(wildcard_ssid_tlv-\u003essid,\n user_scan_in-\u003essid_list[i].ssid, ssid_len);\n\nThere is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this\nstruct, but it already didn\u0027t account for the size of the one-element\narray, so it doesn\u0027t need to be changed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56539",
"url": "https://www.suse.com/security/cve/CVE-2024-56539"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234963 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "external",
"summary": "SUSE Bug 1234964 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2024-56539"
},
{
"cve": "CVE-2024-56548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: don\u0027t query the device logical block size multiple times\n\nDevices block sizes may change. One of these cases is a loop device by\nusing ioctl LOOP_SET_BLOCK_SIZE.\n\nWhile this may cause other issues like IO being rejected, in the case of\nhfsplus, it will allocate a block by using that size and potentially write\nout-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the\nlatter function reads a different io_size.\n\nUsing a new min_io_size initally set to sb_min_blocksize works for the\npurposes of the original fix, since it will be set to the max between\nHFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the\nmax between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not\ninitialized.\n\nTested by mounting an hfsplus filesystem with loop block sizes 512, 1024\nand 4096.\n\nThe produced KASAN report before the fix looks like this:\n\n[ 419.944641] ==================================================================\n[ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a\n[ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678\n[ 419.947612]\n[ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84\n[ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 419.950035] Call Trace:\n[ 419.950384] \u003cTASK\u003e\n[ 419.950676] dump_stack_lvl+0x57/0x78\n[ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.951830] print_report+0x14c/0x49e\n[ 419.952361] ? __virt_addr_valid+0x267/0x278\n[ 419.952979] ? kmem_cache_debug_flags+0xc/0x1d\n[ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.954231] kasan_report+0x89/0xb0\n[ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955367] hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10\n[ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9\n[ 419.957214] ? _raw_spin_unlock+0x1a/0x2e\n[ 419.957772] hfsplus_fill_super+0x348/0x1590\n[ 419.958355] ? hlock_class+0x4c/0x109\n[ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.959499] ? __pfx_string+0x10/0x10\n[ 419.960006] ? lock_acquire+0x3e2/0x454\n[ 419.960532] ? bdev_name.constprop.0+0xce/0x243\n[ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10\n[ 419.961799] ? pointer+0x3f0/0x62f\n[ 419.962277] ? __pfx_pointer+0x10/0x10\n[ 419.962761] ? vsnprintf+0x6c4/0xfba\n[ 419.963178] ? __pfx_vsnprintf+0x10/0x10\n[ 419.963621] ? setup_bdev_super+0x376/0x3b3\n[ 419.964029] ? snprintf+0x9d/0xd2\n[ 419.964344] ? __pfx_snprintf+0x10/0x10\n[ 419.964675] ? lock_acquired+0x45c/0x5e9\n[ 419.965016] ? set_blocksize+0x139/0x1c1\n[ 419.965381] ? sb_set_blocksize+0x6d/0xae\n[ 419.965742] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.966179] mount_bdev+0x12f/0x1bf\n[ 419.966512] ? __pfx_mount_bdev+0x10/0x10\n[ 419.966886] ? vfs_parse_fs_string+0xce/0x111\n[ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10\n[ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10\n[ 419.968073] legacy_get_tree+0x104/0x178\n[ 419.968414] vfs_get_tree+0x86/0x296\n[ 419.968751] path_mount+0xba3/0xd0b\n[ 419.969157] ? __pfx_path_mount+0x10/0x10\n[ 419.969594] ? kmem_cache_free+0x1e2/0x260\n[ 419.970311] do_mount+0x99/0xe0\n[ 419.970630] ? __pfx_do_mount+0x10/0x10\n[ 419.971008] __do_sys_mount+0x199/0x1c9\n[ 419.971397] do_syscall_64+0xd0/0x135\n[ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 419.972233] RIP: 0033:0x7c3cb812972e\n[ 419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48\n[ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5\n[ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e\n[ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI:\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56548",
"url": "https://www.suse.com/security/cve/CVE-2024-56548"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235073 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "external",
"summary": "SUSE Bug 1235074 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2024-56548"
},
{
"cve": "CVE-2024-56568",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56568"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/arm-smmu: Defer probe of clients after smmu device bound\n\nNull pointer dereference occurs due to a race between smmu\ndriver probe and client driver probe, when of_dma_configure()\nfor client is called after the iommu_device_register() for smmu driver\nprobe has executed but before the driver_bound() for smmu driver\nhas been called.\n\nFollowing is how the race occurs:\n\nT1:Smmu device probe\t\tT2: Client device probe\n\nreally_probe()\narm_smmu_device_probe()\niommu_device_register()\n\t\t\t\t\treally_probe()\n\t\t\t\t\tplatform_dma_configure()\n\t\t\t\t\tof_dma_configure()\n\t\t\t\t\tof_dma_configure_id()\n\t\t\t\t\tof_iommu_configure()\n\t\t\t\t\tiommu_probe_device()\n\t\t\t\t\tiommu_init_device()\n\t\t\t\t\tarm_smmu_probe_device()\n\t\t\t\t\tarm_smmu_get_by_fwnode()\n\t\t\t\t\t\tdriver_find_device_by_fwnode()\n\t\t\t\t\t\tdriver_find_device()\n\t\t\t\t\t\tnext_device()\n\t\t\t\t\t\tklist_next()\n\t\t\t\t\t\t /* null ptr\n\t\t\t\t\t\t assigned to smmu */\n\t\t\t\t\t/* null ptr dereference\n\t\t\t\t\t while smmu-\u003estreamid_mask */\ndriver_bound()\n\tklist_add_tail()\n\nWhen this null smmu pointer is dereferenced later in\narm_smmu_probe_device, the device crashes.\n\nFix this by deferring the probe of the client device\nuntil the smmu device has bound to the arm smmu driver.\n\n[will: Add comment]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56568",
"url": "https://www.suse.com/security/cve/CVE-2024-56568"
},
{
"category": "external",
"summary": "SUSE Bug 1235032 for CVE-2024-56568",
"url": "https://bugzilla.suse.com/1235032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-56568"
},
{
"cve": "CVE-2024-56579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56579"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: amphion: Set video drvdata before register video device\n\nThe video drvdata should be set before the video device is registered,\notherwise video_drvdata() may return NULL in the open() file ops, and led\nto oops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56579",
"url": "https://www.suse.com/security/cve/CVE-2024-56579"
},
{
"category": "external",
"summary": "SUSE Bug 1236575 for CVE-2024-56579",
"url": "https://bugzilla.suse.com/1236575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-56579"
},
{
"cve": "CVE-2024-56592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56592"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Call free_htab_elem() after htab_unlock_bucket()\n\nFor htab of maps, when the map is removed from the htab, it may hold the\nlast reference of the map. bpf_map_fd_put_ptr() will invoke\nbpf_map_free_id() to free the id of the removed map element. However,\nbpf_map_fd_put_ptr() is invoked while holding a bucket lock\n(raw_spin_lock_t), and bpf_map_free_id() attempts to acquire map_idr_lock\n(spinlock_t), triggering the following lockdep warning:\n\n =============================\n [ BUG: Invalid wait context ]\n 6.11.0-rc4+ #49 Not tainted\n -----------------------------\n test_maps/4881 is trying to lock:\n ffffffff84884578 (map_idr_lock){+...}-{3:3}, at: bpf_map_free_id.part.0+0x21/0x70\n other info that might help us debug this:\n context-{5:5}\n 2 locks held by test_maps/4881:\n #0: ffffffff846caf60 (rcu_read_lock){....}-{1:3}, at: bpf_fd_htab_map_update_elem+0xf9/0x270\n #1: ffff888149ced148 (\u0026htab-\u003elockdep_key#2){....}-{2:2}, at: htab_map_update_elem+0x178/0xa80\n stack backtrace:\n CPU: 0 UID: 0 PID: 4881 Comm: test_maps Not tainted 6.11.0-rc4+ #49\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), ...\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6e/0xb0\n dump_stack+0x10/0x20\n __lock_acquire+0x73e/0x36c0\n lock_acquire+0x182/0x450\n _raw_spin_lock_irqsave+0x43/0x70\n bpf_map_free_id.part.0+0x21/0x70\n bpf_map_put+0xcf/0x110\n bpf_map_fd_put_ptr+0x9a/0xb0\n free_htab_elem+0x69/0xe0\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n bpf_map_update_value+0x266/0x380\n __sys_bpf+0x21bb/0x36b0\n __x64_sys_bpf+0x45/0x60\n x64_sys_call+0x1b2a/0x20d0\n do_syscall_64+0x5d/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nOne way to fix the lockdep warning is using raw_spinlock_t for\nmap_idr_lock as well. However, bpf_map_alloc_id() invokes\nidr_alloc_cyclic() after acquiring map_idr_lock, it will trigger a\nsimilar lockdep warning because the slab\u0027s lock (s-\u003ecpu_slab-\u003elock) is\nstill a spinlock.\n\nInstead of changing map_idr_lock\u0027s type, fix the issue by invoking\nhtab_put_fd_value() after htab_unlock_bucket(). However, only deferring\nthe invocation of htab_put_fd_value() is not enough, because the old map\npointers in htab of maps can not be saved during batched deletion.\nTherefore, also defer the invocation of free_htab_elem(), so these\nto-be-freed elements could be linked together similar to lru map.\n\nThere are four callers for -\u003emap_fd_put_ptr:\n\n(1) alloc_htab_elem() (through htab_put_fd_value())\nIt invokes -\u003emap_fd_put_ptr() under a raw_spinlock_t. The invocation of\nhtab_put_fd_value() can not simply move after htab_unlock_bucket(),\nbecause the old element has already been stashed in htab-\u003eextra_elems.\nIt may be reused immediately after htab_unlock_bucket() and the\ninvocation of htab_put_fd_value() after htab_unlock_bucket() may release\nthe newly-added element incorrectly. Therefore, saving the map pointer\nof the old element for htab of maps before unlocking the bucket and\nreleasing the map_ptr after unlock. Beside the map pointer in the old\nelement, should do the same thing for the special fields in the old\nelement as well.\n\n(2) free_htab_elem() (through htab_put_fd_value())\nIts caller includes __htab_map_lookup_and_delete_elem(),\nhtab_map_delete_elem() and __htab_map_lookup_and_delete_batch().\n\nFor htab_map_delete_elem(), simply invoke free_htab_elem() after\nhtab_unlock_bucket(). For __htab_map_lookup_and_delete_batch(), just\nlike lru map, linking the to-be-freed element into node_to_free list\nand invoking free_htab_elem() for these element after unlock. It is safe\nto reuse batch_flink as the link for node_to_free, because these\nelements have been removed from the hash llist.\n\nBecause htab of maps doesn\u0027t support lookup_and_delete operation,\n__htab_map_lookup_and_delete_elem() doesn\u0027t have the problem, so kept\nit as\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56592",
"url": "https://www.suse.com/security/cve/CVE-2024-56592"
},
{
"category": "external",
"summary": "SUSE Bug 1235244 for CVE-2024-56592",
"url": "https://bugzilla.suse.com/1235244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-56592"
},
{
"cve": "CVE-2024-56605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56605"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()\n\nbt_sock_alloc() allocates the sk object and attaches it to the provided\nsock object. On error l2cap_sock_alloc() frees the sk object, but the\ndangling pointer is still attached to the sock object, which may create\nuse-after-free in other code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56605",
"url": "https://www.suse.com/security/cve/CVE-2024-56605"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235061 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "external",
"summary": "SUSE Bug 1235062 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2024-56605"
},
{
"cve": "CVE-2024-56633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg\n\nThe current sk memory accounting logic in __SK_REDIRECT is pre-uncharging\ntosend bytes, which is either msg-\u003esg.size or a smaller value apply_bytes.\n\nPotential problems with this strategy are as follows:\n\n- If the actual sent bytes are smaller than tosend, we need to charge some\n bytes back, as in line 487, which is okay but seems not clean.\n\n- When tosend is set to apply_bytes, as in line 417, and (ret \u003c 0), we may\n miss uncharging (msg-\u003esg.size - apply_bytes) bytes.\n\n[...]\n415 tosend = msg-\u003esg.size;\n416 if (psock-\u003eapply_bytes \u0026\u0026 psock-\u003eapply_bytes \u003c tosend)\n417 tosend = psock-\u003eapply_bytes;\n[...]\n443 sk_msg_return(sk, msg, tosend);\n444 release_sock(sk);\n446 origsize = msg-\u003esg.size;\n447 ret = tcp_bpf_sendmsg_redir(sk_redir, redir_ingress,\n448 msg, tosend, flags);\n449 sent = origsize - msg-\u003esg.size;\n[...]\n454 lock_sock(sk);\n455 if (unlikely(ret \u003c 0)) {\n456 int free = sk_msg_free_nocharge(sk, msg);\n458 if (!cork)\n459 *copied -= free;\n460 }\n[...]\n487 if (eval == __SK_REDIRECT)\n488 sk_mem_charge(sk, tosend - sent);\n[...]\n\nWhen running the selftest test_txmsg_redir_wait_sndmem with txmsg_apply,\nthe following warning will be reported:\n\n------------[ cut here ]------------\nWARNING: CPU: 6 PID: 57 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x190/0x1a0\nModules linked in:\nCPU: 6 UID: 0 PID: 57 Comm: kworker/6:0 Not tainted 6.12.0-rc1.bm.1-amd64+ #43\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nWorkqueue: events sk_psock_destroy\nRIP: 0010:inet_sock_destruct+0x190/0x1a0\nRSP: 0018:ffffad0a8021fe08 EFLAGS: 00010206\nRAX: 0000000000000011 RBX: ffff9aab4475b900 RCX: ffff9aab481a0800\nRDX: 0000000000000303 RSI: 0000000000000011 RDI: ffff9aab4475b900\nRBP: ffff9aab4475b990 R08: 0000000000000000 R09: ffff9aab40050ec0\nR10: 0000000000000000 R11: ffff9aae6fdb1d01 R12: ffff9aab49c60400\nR13: ffff9aab49c60598 R14: ffff9aab49c60598 R15: dead000000000100\nFS: 0000000000000000(0000) GS:ffff9aae6fd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffec7e47bd8 CR3: 00000001a1a1c004 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x89/0x130\n? inet_sock_destruct+0x190/0x1a0\n? report_bug+0xfc/0x1e0\n? handle_bug+0x5c/0xa0\n? exc_invalid_op+0x17/0x70\n? asm_exc_invalid_op+0x1a/0x20\n? inet_sock_destruct+0x190/0x1a0\n__sk_destruct+0x25/0x220\nsk_psock_destroy+0x2b2/0x310\nprocess_scheduled_works+0xa3/0x3e0\nworker_thread+0x117/0x240\n? __pfx_worker_thread+0x10/0x10\nkthread+0xcf/0x100\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x31/0x40\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\n\nIn __SK_REDIRECT, a more concise way is delaying the uncharging after sent\nbytes are finalized, and uncharge this value. When (ret \u003c 0), we shall\ninvoke sk_msg_free.\n\nSame thing happens in case __SK_DROP, when tosend is set to apply_bytes,\nwe may miss uncharging (msg-\u003esg.size - apply_bytes) bytes. The same\nwarning will be reported in selftest.\n\n[...]\n468 case __SK_DROP:\n469 default:\n470 sk_msg_free_partial(sk, msg, tosend);\n471 sk_msg_apply_bytes(psock, tosend);\n472 *copied -= (tosend + delta);\n473 return -EACCES;\n[...]\n\nSo instead of sk_msg_free_partial we can do sk_msg_free here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56633",
"url": "https://www.suse.com/security/cve/CVE-2024-56633"
},
{
"category": "external",
"summary": "SUSE Bug 1235485 for CVE-2024-56633",
"url": "https://bugzilla.suse.com/1235485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-56633"
},
{
"cve": "CVE-2024-56647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix icmp host relookup triggering ip_rt_bug\n\narp link failure may trigger ip_rt_bug while xfrm enabled, call trace is:\n\nWARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20\nModules linked in:\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:ip_rt_bug+0x14/0x20\nCall Trace:\n \u003cIRQ\u003e\n ip_send_skb+0x14/0x40\n __icmp_send+0x42d/0x6a0\n ipv4_link_failure+0xe2/0x1d0\n arp_error_report+0x3c/0x50\n neigh_invalidate+0x8d/0x100\n neigh_timer_handler+0x2e1/0x330\n call_timer_fn+0x21/0x120\n __run_timer_base.part.0+0x1c9/0x270\n run_timer_softirq+0x4c/0x80\n handle_softirqs+0xac/0x280\n irq_exit_rcu+0x62/0x80\n sysvec_apic_timer_interrupt+0x77/0x90\n\nThe script below reproduces this scenario:\nip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \\\n\tdir out priority 0 ptype main flag localok icmp\nip l a veth1 type veth\nip a a 192.168.141.111/24 dev veth0\nip l s veth0 up\nping 192.168.141.155 -c 1\n\nicmp_route_lookup() create input routes for locally generated packets\nwhile xfrm relookup ICMP traffic.Then it will set input route\n(dst-\u003eout = ip_rt_bug) to skb for DESTUNREACH.\n\nFor ICMP err triggered by locally generated packets, dst-\u003edev of output\nroute is loopback. Generally, xfrm relookup verification is not required\non loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1).\n\nSkip icmp relookup for locally generated packets to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56647",
"url": "https://www.suse.com/security/cve/CVE-2024-56647"
},
{
"category": "external",
"summary": "SUSE Bug 1235435 for CVE-2024-56647",
"url": "https://bugzilla.suse.com/1235435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-56647"
},
{
"cve": "CVE-2024-56658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: defer final \u0027struct net\u0027 free in netns dismantle\n\nIlya reported a slab-use-after-free in dst_destroy [1]\n\nIssue is in xfrm6_net_init() and xfrm4_net_init() :\n\nThey copy xfrm[46]_dst_ops_template into net-\u003exfrm.xfrm[46]_dst_ops.\n\nBut net structure might be freed before all the dst callbacks are\ncalled. So when dst_destroy() calls later :\n\nif (dst-\u003eops-\u003edestroy)\n dst-\u003eops-\u003edestroy(dst);\n\ndst-\u003eops points to the old net-\u003exfrm.xfrm[46]_dst_ops, which has been freed.\n\nSee a relevant issue fixed in :\n\nac888d58869b (\"net: do not delay dst_entries_add() in dst_release()\")\n\nA fix is to queue the \u0027struct net\u0027 to be freed after one\nanother cleanup_net() round (and existing rcu_barrier())\n\n[1]\n\nBUG: KASAN: slab-use-after-free in dst_destroy (net/core/dst.c:112)\nRead of size 8 at addr ffff8882137ccab0 by task swapper/37/0\nDec 03 05:46:18 kernel:\nCPU: 37 UID: 0 PID: 0 Comm: swapper/37 Kdump: loaded Not tainted 6.12.0 #67\nHardware name: Red Hat KVM/RHEL, BIOS 1.16.1-1.el9 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\ndump_stack_lvl (lib/dump_stack.c:124)\nprint_address_description.constprop.0 (mm/kasan/report.c:378)\n? dst_destroy (net/core/dst.c:112)\nprint_report (mm/kasan/report.c:489)\n? dst_destroy (net/core/dst.c:112)\n? kasan_addr_to_slab (mm/kasan/common.c:37)\nkasan_report (mm/kasan/report.c:603)\n? dst_destroy (net/core/dst.c:112)\n? rcu_do_batch (kernel/rcu/tree.c:2567)\ndst_destroy (net/core/dst.c:112)\nrcu_do_batch (kernel/rcu/tree.c:2567)\n? __pfx_rcu_do_batch (kernel/rcu/tree.c:2491)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4339 kernel/locking/lockdep.c:4406)\nrcu_core (kernel/rcu/tree.c:2825)\nhandle_softirqs (kernel/softirq.c:554)\n__irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637)\nirq_exit_rcu (kernel/softirq.c:651)\nsysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1049 arch/x86/kernel/apic/apic.c:1049)\n \u003c/IRQ\u003e\n \u003cTASK\u003e\nasm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702)\nRIP: 0010:default_idle (./arch/x86/include/asm/irqflags.h:37 ./arch/x86/include/asm/irqflags.h:92 arch/x86/kernel/process.c:743)\nCode: 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 6e ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 0f 00 2d c7 c9 27 00 fb f4 \u003cfa\u003e c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90\nRSP: 0018:ffff888100d2fe00 EFLAGS: 00000246\nRAX: 00000000001870ed RBX: 1ffff110201a5fc2 RCX: ffffffffb61a3e46\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffb3d4d123\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed11c7e1835d\nR10: ffff888e3f0c1aeb R11: 0000000000000000 R12: 0000000000000000\nR13: ffff888100d20000 R14: dffffc0000000000 R15: 0000000000000000\n? ct_kernel_exit.constprop.0 (kernel/context_tracking.c:148)\n? cpuidle_idle_call (kernel/sched/idle.c:186)\ndefault_idle_call (./include/linux/cpuidle.h:143 kernel/sched/idle.c:118)\ncpuidle_idle_call (kernel/sched/idle.c:186)\n? __pfx_cpuidle_idle_call (kernel/sched/idle.c:168)\n? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406)\n? tsc_verify_tsc_adjust (arch/x86/kernel/tsc_sync.c:59)\ndo_idle (kernel/sched/idle.c:326)\ncpu_startup_entry (kernel/sched/idle.c:423 (discriminator 1))\nstart_secondary (arch/x86/kernel/smpboot.c:202 arch/x86/kernel/smpboot.c:282)\n? __pfx_start_secondary (arch/x86/kernel/smpboot.c:232)\n? soft_restart_cpu (arch/x86/kernel/head_64.S:452)\ncommon_startup_64 (arch/x86/kernel/head_64.S:414)\n \u003c/TASK\u003e\nDec 03 05:46:18 kernel:\nAllocated by task 12184:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69)\n__kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\nkmem_cache_alloc_noprof (mm/slub.c:4085 mm/slub.c:4134 mm/slub.c:4141)\ncopy_net_ns (net/core/net_namespace.c:421 net/core/net_namespace.c:480)\ncreate_new_namespaces\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56658",
"url": "https://www.suse.com/security/cve/CVE-2024-56658"
},
{
"category": "external",
"summary": "SUSE Bug 1235441 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "external",
"summary": "SUSE Bug 1235442 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2024-56658"
},
{
"cve": "CVE-2024-56720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56720"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Several fixes to bpf_msg_pop_data\n\nSeveral fixes to bpf_msg_pop_data,\n1. In sk_msg_shift_left, we should put_page\n2. if (len == 0), return early is better\n3. pop the entire sk_msg (last == msg-\u003esg.size) should be supported\n4. Fix for the value of variable \"a\"\n5. In sk_msg_shift_left, after shifting, i has already pointed to the next\nelement. Addtional sk_msg_iter_var_next may result in BUG.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56720",
"url": "https://www.suse.com/security/cve/CVE-2024-56720"
},
{
"category": "external",
"summary": "SUSE Bug 1235592 for CVE-2024-56720",
"url": "https://bugzilla.suse.com/1235592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-56720"
},
{
"cve": "CVE-2024-57882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57882"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix TCP options overflow.\n\nSyzbot reported the following splat:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 UID: 0 PID: 5836 Comm: sshd Not tainted 6.13.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\nRIP: 0010:_compound_head include/linux/page-flags.h:242 [inline]\nRIP: 0010:put_page+0x23/0x260 include/linux/mm.h:1552\nCode: 90 90 90 90 90 90 90 55 41 57 41 56 53 49 89 fe 48 bd 00 00 00 00 00 fc ff df e8 f8 5e 12 f8 49 8d 5e 08 48 89 d8 48 c1 e8 03 \u003c80\u003e 3c 28 00 74 08 48 89 df e8 8f c7 78 f8 48 8b 1b 48 89 de 48 83\nRSP: 0000:ffffc90003916c90 EFLAGS: 00010202\nRAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888030458000\nRDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: dffffc0000000000 R08: ffffffff898ca81d R09: 1ffff110054414ac\nR10: dffffc0000000000 R11: ffffed10054414ad R12: 0000000000000007\nR13: ffff88802a20a542 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f34f496e800(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f9d6ec9ec28 CR3: 000000004d260000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n skb_page_unref include/linux/skbuff_ref.h:43 [inline]\n __skb_frag_unref include/linux/skbuff_ref.h:56 [inline]\n skb_release_data+0x483/0x8a0 net/core/skbuff.c:1119\n skb_release_all net/core/skbuff.c:1190 [inline]\n __kfree_skb+0x55/0x70 net/core/skbuff.c:1204\n tcp_clean_rtx_queue net/ipv4/tcp_input.c:3436 [inline]\n tcp_ack+0x2442/0x6bc0 net/ipv4/tcp_input.c:4032\n tcp_rcv_state_process+0x8eb/0x44e0 net/ipv4/tcp_input.c:6805\n tcp_v4_do_rcv+0x77d/0xc70 net/ipv4/tcp_ipv4.c:1939\n tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2351\n ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n __netif_receive_skb_one_core net/core/dev.c:5672 [inline]\n __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5785\n process_backlog+0x662/0x15b0 net/core/dev.c:6117\n __napi_poll+0xcb/0x490 net/core/dev.c:6883\n napi_poll net/core/dev.c:6952 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:7074\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0x57/0xc0 arch/x86/kernel/apic/apic.c:1049\n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702\nRIP: 0033:0x7f34f4519ad5\nCode: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83\nRSP: 002b:00007ffec5b32ce0 EFLAGS: 00000246\nRAX: 0000000000000001 RBX: 00000000000668a0 RCX: 00007f34f4519ad5\nRDX: 00007ffec5b32d00 RSI: 0000000000000004 RDI: 0000564f4bc6cae0\nRBP: 0000564f4bc6b5a0 R08: 0000000000000008 R09: 0000000000000000\nR10: 00007ffec5b32de8 R11: 0000000000000246 R12: 0000564f48ea8aa4\nR13: 0000000000000001 R14: 0000564f48ea93e8 R15: 00007ffec5b32d68\n \u003c/TASK\u003e\n\nEric noted a probable shinfo-\u003enr_frags corruption, which indeed\noccurs.\n\nThe root cause is a buggy MPTCP option len computation in some\ncircumstances: the ADD_ADDR option should be mutually exclusive\nwith DSS since the blamed commit.\n\nStill, mptcp_established_options_add_addr() tries to set the\nrelevant info in mptcp_out_options, if \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57882",
"url": "https://www.suse.com/security/cve/CVE-2024-57882"
},
{
"category": "external",
"summary": "SUSE Bug 1235914 for CVE-2024-57882",
"url": "https://bugzilla.suse.com/1235914"
},
{
"category": "external",
"summary": "SUSE Bug 1235916 for CVE-2024-57882",
"url": "https://bugzilla.suse.com/1235916"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2024-57882"
},
{
"cve": "CVE-2024-57889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking\n\nIf a device uses MCP23xxx IO expander to receive IRQs, the following\nbug can happen:\n\n BUG: sleeping function called from invalid context\n at kernel/locking/mutex.c:283\n in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ...\n preempt_count: 1, expected: 0\n ...\n Call Trace:\n ...\n __might_resched+0x104/0x10e\n __might_sleep+0x3e/0x62\n mutex_lock+0x20/0x4c\n regmap_lock_mutex+0x10/0x18\n regmap_update_bits_base+0x2c/0x66\n mcp23s08_irq_set_type+0x1ae/0x1d6\n __irq_set_trigger+0x56/0x172\n __setup_irq+0x1e6/0x646\n request_threaded_irq+0xb6/0x160\n ...\n\nWe observed the problem while experimenting with a touchscreen driver which\nused MCP23017 IO expander (I2C).\n\nThe regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from\nconcurrent accesses, which is the default for regmaps without .fast_io,\n.disable_locking, etc.\n\nmcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter\nlocks the mutex.\n\nHowever, __setup_irq() locks desc-\u003elock spinlock before calling these\nfunctions. As a result, the system tries to lock the mutex whole holding\nthe spinlock.\n\nIt seems, the internal regmap locks are not needed in this driver at all.\nmcp-\u003elock seems to protect the regmap from concurrent accesses already,\nexcept, probably, in mcp_pinconf_get/set.\n\nmcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under\nchip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes\nmcp-\u003elock and enables regmap caching, so that the potentially slow I2C\naccesses are deferred until chip_bus_unlock().\n\nThe accesses to the regmap from mcp23s08_probe_one() do not need additional\nlocking.\n\nIn all remaining places where the regmap is accessed, except\nmcp_pinconf_get/set(), the driver already takes mcp-\u003elock.\n\nThis patch adds locking in mcp_pinconf_get/set() and disables internal\nlocking in the regmap config. Among other things, it fixes the sleeping\nin atomic context described above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57889",
"url": "https://www.suse.com/security/cve/CVE-2024-57889"
},
{
"category": "external",
"summary": "SUSE Bug 1236573 for CVE-2024-57889",
"url": "https://bugzilla.suse.com/1236573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-57889"
},
{
"cve": "CVE-2024-57948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: check local interfaces before deleting sdata list\n\nsyzkaller reported a corrupted list in ieee802154_if_remove. [1]\n\nRemove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4\nhardware device from the system.\n\nCPU0\t\t\t\t\tCPU1\n====\t\t\t\t\t====\ngenl_family_rcv_msg_doit\t\tieee802154_unregister_hw\nieee802154_del_iface\t\t\tieee802154_remove_interfaces\nrdev_del_virtual_intf_deprecated\tlist_del(\u0026sdata-\u003elist)\nieee802154_if_remove\nlist_del_rcu\n\nThe net device has been unregistered, since the rcu grace period,\nunregistration must be run before ieee802154_if_remove.\n\nTo avoid this issue, add a check for local-\u003einterfaces before deleting\nsdata list.\n\n[1]\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 UID: 0 PID: 6277 Comm: syz-executor157 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:__list_del_entry_valid_or_report+0xf4/0x140 lib/list_debug.c:56\nCode: e8 a1 7e 00 07 90 0f 0b 48 c7 c7 e0 37 60 8c 4c 89 fe e8 8f 7e 00 07 90 0f 0b 48 c7 c7 40 38 60 8c 4c 89 fe e8 7d 7e 00 07 90 \u003c0f\u003e 0b 48 c7 c7 a0 38 60 8c 4c 89 fe e8 6b 7e 00 07 90 0f 0b 48 c7\nRSP: 0018:ffffc9000490f3d0 EFLAGS: 00010246\nRAX: 000000000000004e RBX: dead000000000122 RCX: d211eee56bb28d00\nRDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\nRBP: ffff88805b278dd8 R08: ffffffff8174a12c R09: 1ffffffff2852f0d\nR10: dffffc0000000000 R11: fffffbfff2852f0e R12: dffffc0000000000\nR13: dffffc0000000000 R14: dead000000000100 R15: ffff88805b278cc0\nFS: 0000555572f94380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000056262e4a3000 CR3: 0000000078496000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __list_del_entry_valid include/linux/list.h:124 [inline]\n __list_del_entry include/linux/list.h:215 [inline]\n list_del_rcu include/linux/rculist.h:157 [inline]\n ieee802154_if_remove+0x86/0x1e0 net/mac802154/iface.c:687\n rdev_del_virtual_intf_deprecated net/ieee802154/rdev-ops.h:24 [inline]\n ieee802154_del_iface+0x2c0/0x5c0 net/ieee802154/nl-phy.c:323\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:744\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2607\n ___sys_sendmsg net/socket.c:2661 [inline]\n __sys_sendmsg+0x292/0x380 net/socket.c:2690\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57948",
"url": "https://www.suse.com/security/cve/CVE-2024-57948"
},
{
"category": "external",
"summary": "SUSE Bug 1236677 for CVE-2024-57948",
"url": "https://bugzilla.suse.com/1236677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-57948"
},
{
"cve": "CVE-2024-57979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57979"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npps: Fix a use-after-free\n\nOn a board running ntpd and gpsd, I\u0027m seeing a consistent use-after-free\nin sys_exit() from gpsd when rebooting:\n\n pps pps1: removed\n ------------[ cut here ]------------\n kobject: \u0027(null)\u0027 (00000000db4bec24): is not initialized, yet kobject_put() is being called.\n WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150\n CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1\n Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : kobject_put+0x120/0x150\n lr : kobject_put+0x120/0x150\n sp : ffffffc0803d3ae0\n x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001\n x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440\n x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600\n x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20\n x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000\n x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n kobject_put+0x120/0x150\n cdev_put+0x20/0x3c\n __fput+0x2c4/0x2d8\n ____fput+0x1c/0x38\n task_work_run+0x70/0xfc\n do_exit+0x2a0/0x924\n do_group_exit+0x34/0x90\n get_signal+0x7fc/0x8c0\n do_signal+0x128/0x13b4\n do_notify_resume+0xdc/0x160\n el0_svc+0xd4/0xf8\n el0t_64_sync_handler+0x140/0x14c\n el0t_64_sync+0x190/0x194\n ---[ end trace 0000000000000000 ]---\n\n...followed by more symptoms of corruption, with similar stacks:\n\n refcount_t: underflow; use-after-free.\n kernel BUG at lib/list_debug.c:62!\n Kernel panic - not syncing: Oops - BUG: Fatal exception\n\nThis happens because pps_device_destruct() frees the pps_device with the\nembedded cdev immediately after calling cdev_del(), but, as the comment\nabove cdev_del() notes, fops for previously opened cdevs are still\ncallable even after cdev_del() returns. I think this bug has always\nbeen there: I can\u0027t explain why it suddenly started happening every time\nI reboot this particular board.\n\nIn commit d953e0e837e6 (\"pps: Fix a use-after free bug when\nunregistering a source.\"), George Spelvin suggested removing the\nembedded cdev. That seems like the simplest way to fix this, so I\u0027ve\nimplemented his suggestion, using __register_chrdev() with pps_idr\nbecoming the source of truth for which minor corresponds to which\ndevice.\n\nBut now that pps_idr defines userspace visibility instead of cdev_add(),\nwe need to be sure the pps-\u003edev refcount can\u0027t reach zero while\nuserspace can still find it again. So, the idr_remove() call moves to\npps_unregister_cdev(), and pps_idr now holds a reference to pps-\u003edev.\n\n pps_core: source serial1 got cdev (251:1)\n \u003c...\u003e\n pps pps1: removed\n pps_core: unregistering pps1\n pps_core: deallocating pps1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57979",
"url": "https://www.suse.com/security/cve/CVE-2024-57979"
},
{
"category": "external",
"summary": "SUSE Bug 1238521 for CVE-2024-57979",
"url": "https://bugzilla.suse.com/1238521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-57979"
},
{
"cve": "CVE-2024-57994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()\n\nJakub added a lockdep_assert_no_hardirq() check in __page_pool_put_page()\nto increase test coverage.\n\nsyzbot found a splat caused by hard irq blocking in\nptr_ring_resize_multiple() [1]\n\nAs current users of ptr_ring_resize_multiple() do not require\nhard irqs being masked, replace it to only block BH.\n\nRename helpers to better reflect they are safe against BH only.\n\n- ptr_ring_resize_multiple() to ptr_ring_resize_multiple_bh()\n- skb_array_resize_multiple() to skb_array_resize_multiple_bh()\n\n[1]\n\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 __page_pool_put_page net/core/page_pool.c:709 [inline]\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nModules linked in:\nCPU: 1 UID: 0 PID: 9150 Comm: syz.1.1052 Not tainted 6.11.0-rc3-syzkaller-00202-gf8669d7b5f5d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:__page_pool_put_page net/core/page_pool.c:709 [inline]\nRIP: 0010:page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nCode: 74 0e e8 7c aa fb f7 eb 43 e8 75 aa fb f7 eb 3c 65 8b 1d 38 a8 6a 76 31 ff 89 de e8 a3 ae fb f7 85 db 74 0b e8 5a aa fb f7 90 \u003c0f\u003e 0b 90 eb 1d 65 8b 1d 15 a8 6a 76 31 ff 89 de e8 84 ae fb f7 85\nRSP: 0018:ffffc9000bda6b58 EFLAGS: 00010083\nRAX: ffffffff8997e523 RBX: 0000000000000000 RCX: 0000000000040000\nRDX: ffffc9000fbd0000 RSI: 0000000000001842 RDI: 0000000000001843\nRBP: 0000000000000000 R08: ffffffff8997df2c R09: 1ffffd40003a000d\nR10: dffffc0000000000 R11: fffff940003a000e R12: ffffea0001d00040\nR13: ffff88802e8a4000 R14: dffffc0000000000 R15: 00000000ffffffff\nFS: 00007fb7aaf716c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fa15a0d4b72 CR3: 00000000561b0000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n tun_ptr_free drivers/net/tun.c:617 [inline]\n __ptr_ring_swap_queue include/linux/ptr_ring.h:571 [inline]\n ptr_ring_resize_multiple_noprof include/linux/ptr_ring.h:643 [inline]\n tun_queue_resize drivers/net/tun.c:3694 [inline]\n tun_device_event+0xaaf/0x1080 drivers/net/tun.c:3714\n notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93\n call_netdevice_notifiers_extack net/core/dev.c:2032 [inline]\n call_netdevice_notifiers net/core/dev.c:2046 [inline]\n dev_change_tx_queue_len+0x158/0x2a0 net/core/dev.c:9024\n do_setlink+0xff6/0x41f0 net/core/rtnetlink.c:2923\n rtnl_setlink+0x40d/0x5a0 net/core/rtnetlink.c:3201\n rtnetlink_rcv_msg+0x73f/0xcf0 net/core/rtnetlink.c:6647\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2550",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57994",
"url": "https://www.suse.com/security/cve/CVE-2024-57994"
},
{
"category": "external",
"summary": "SUSE Bug 1237901 for CVE-2024-57994",
"url": "https://bugzilla.suse.com/1237901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-57994"
},
{
"cve": "CVE-2025-21636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21636"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.probe_interval\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21636",
"url": "https://www.suse.com/security/cve/CVE-2025-21636"
},
{
"category": "external",
"summary": "SUSE Bug 1236113 for CVE-2025-21636",
"url": "https://bugzilla.suse.com/1236113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21636"
},
{
"cve": "CVE-2025-21637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21637"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: udp_port: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21637",
"url": "https://www.suse.com/security/cve/CVE-2025-21637"
},
{
"category": "external",
"summary": "SUSE Bug 1236114 for CVE-2025-21637",
"url": "https://bugzilla.suse.com/1236114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21637"
},
{
"cve": "CVE-2025-21638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: auth_enable: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21638",
"url": "https://www.suse.com/security/cve/CVE-2025-21638"
},
{
"category": "external",
"summary": "SUSE Bug 1236115 for CVE-2025-21638",
"url": "https://bugzilla.suse.com/1236115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21638"
},
{
"cve": "CVE-2025-21639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21639"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: rto_min/max: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.rto_min/max\u0027 is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21639",
"url": "https://www.suse.com/security/cve/CVE-2025-21639"
},
{
"category": "external",
"summary": "SUSE Bug 1236122 for CVE-2025-21639",
"url": "https://bugzilla.suse.com/1236122"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21639"
},
{
"cve": "CVE-2025-21640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.sctp_hmac_alg\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21640",
"url": "https://www.suse.com/security/cve/CVE-2025-21640"
},
{
"category": "external",
"summary": "SUSE Bug 1236123 for CVE-2025-21640",
"url": "https://bugzilla.suse.com/1236123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21640"
},
{
"cve": "CVE-2025-21647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: add bounds checks to host bulk flow fairness counts\n\nEven though we fixed a logic error in the commit cited below, syzbot\nstill managed to trigger an underflow of the per-host bulk flow\ncounters, leading to an out of bounds memory access.\n\nTo avoid any such logic errors causing out of bounds memory accesses,\nthis commit factors out all accesses to the per-host bulk flow counters\nto a series of helpers that perform bounds-checking before any\nincrements and decrements. This also has the benefit of improving\nreadability by moving the conditional checks for the flow mode into\nthese helpers, instead of having them spread out throughout the\ncode (which was the cause of the original logic error).\n\nAs part of this change, the flow quantum calculation is consolidated\ninto a helper function, which means that the dithering applied to the\nost load scaling is now applied both in the DRR rotation and when a\nsparse flow\u0027s quantum is first initiated. The only user-visible effect\nof this is that the maximum packet size that can be sent while a flow\nstays sparse will now vary with +/- one byte in some cases. This should\nnot make a noticeable difference in practice, and thus it\u0027s not worth\ncomplicating the code to preserve the old behaviour.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21647",
"url": "https://www.suse.com/security/cve/CVE-2025-21647"
},
{
"category": "external",
"summary": "SUSE Bug 1236133 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "external",
"summary": "SUSE Bug 1236134 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2025-21647"
},
{
"cve": "CVE-2025-21665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilemap: avoid truncating 64-bit offset to 32 bits\n\nOn 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a\n64-bit value to 32 bits, leading to a possible infinite loop when writing\nto an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21665",
"url": "https://www.suse.com/security/cve/CVE-2025-21665"
},
{
"category": "external",
"summary": "SUSE Bug 1236684 for CVE-2025-21665",
"url": "https://bugzilla.suse.com/1236684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21665"
},
{
"cve": "CVE-2025-21666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21666"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: prevent null-ptr-deref in vsock_*[has_data|has_space]\n\nRecent reports have shown how we sometimes call vsock_*_has_data()\nwhen a vsock socket has been de-assigned from a transport (see attached\nlinks), but we shouldn\u0027t.\n\nPrevious commits should have solved the real problems, but we may have\nmore in the future, so to avoid null-ptr-deref, we can return 0\n(no space, no data available) but with a warning.\n\nThis way the code should continue to run in a nearly consistent state\nand have a warning that allows us to debug future problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21666",
"url": "https://www.suse.com/security/cve/CVE-2025-21666"
},
{
"category": "external",
"summary": "SUSE Bug 1236680 for CVE-2025-21666",
"url": "https://bugzilla.suse.com/1236680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21666"
},
{
"cve": "CVE-2025-21667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21667"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: avoid avoid truncating 64-bit offset to 32 bits\n\non 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a\n32-bit position due to folio_next_index() returning an unsigned long.\nThis could lead to an infinite loop when writing to an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21667",
"url": "https://www.suse.com/security/cve/CVE-2025-21667"
},
{
"category": "external",
"summary": "SUSE Bug 1236681 for CVE-2025-21667",
"url": "https://bugzilla.suse.com/1236681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21667"
},
{
"cve": "CVE-2025-21668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8mp-blk-ctrl: add missing loop break condition\n\nCurrently imx8mp_blk_ctrl_remove() will continue the for loop\nuntil an out-of-bounds exception occurs.\n\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : dev_pm_domain_detach+0x8/0x48\nlr : imx8mp_blk_ctrl_shutdown+0x58/0x90\nsp : ffffffc084f8bbf0\nx29: ffffffc084f8bbf0 x28: ffffff80daf32ac0 x27: 0000000000000000\nx26: ffffffc081658d78 x25: 0000000000000001 x24: ffffffc08201b028\nx23: ffffff80d0db9490 x22: ffffffc082340a78 x21: 00000000000005b0\nx20: ffffff80d19bc180 x19: 000000000000000a x18: ffffffffffffffff\nx17: ffffffc080a39e08 x16: ffffffc080a39c98 x15: 4f435f464f006c72\nx14: 0000000000000004 x13: ffffff80d0172110 x12: 0000000000000000\nx11: ffffff80d0537740 x10: ffffff80d05376c0 x9 : ffffffc0808ed2d8\nx8 : ffffffc084f8bab0 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : ffffff80d19b9420 x4 : fffffffe03466e60 x3 : 0000000080800077\nx2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000000\nCall trace:\n dev_pm_domain_detach+0x8/0x48\n platform_shutdown+0x2c/0x48\n device_shutdown+0x158/0x268\n kernel_restart_prepare+0x40/0x58\n kernel_kexec+0x58/0xe8\n __do_sys_reboot+0x198/0x258\n __arm64_sys_reboot+0x2c/0x40\n invoke_syscall+0x5c/0x138\n el0_svc_common.constprop.0+0x48/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x38/0xc8\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x190/0x198\nCode: 8128c2d0 ffffffc0 aa1e03e9 d503201f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21668",
"url": "https://www.suse.com/security/cve/CVE-2025-21668"
},
{
"category": "external",
"summary": "SUSE Bug 1236682 for CVE-2025-21668",
"url": "https://bugzilla.suse.com/1236682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21668"
},
{
"cve": "CVE-2025-21669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21669"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: discard packets if the transport changes\n\nIf the socket has been de-assigned or assigned to another transport,\nwe must discard any packets received because they are not expected\nand would cause issues when we access vsk-\u003etransport.\n\nA possible scenario is described by Hyunwoo Kim in the attached link,\nwhere after a first connect() interrupted by a signal, and a second\nconnect() failed, we can find `vsk-\u003etransport` at NULL, leading to a\nNULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21669",
"url": "https://www.suse.com/security/cve/CVE-2025-21669"
},
{
"category": "external",
"summary": "SUSE Bug 1236683 for CVE-2025-21669",
"url": "https://bugzilla.suse.com/1236683"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21669"
},
{
"cve": "CVE-2025-21670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21670"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/bpf: return early if transport is not assigned\n\nSome of the core functions can only be called if the transport\nhas been assigned.\n\nAs Michal reported, a socket might have the transport at NULL,\nfor example after a failed connect(), causing the following trace:\n\n BUG: kernel NULL pointer dereference, address: 00000000000000a0\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+\n RIP: 0010:vsock_connectible_has_data+0x1f/0x40\n Call Trace:\n vsock_bpf_recvmsg+0xca/0x5e0\n sock_recvmsg+0xb9/0xc0\n __sys_recvfrom+0xb3/0x130\n __x64_sys_recvfrom+0x20/0x30\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nSo we need to check the `vsk-\u003etransport` in vsock_bpf_recvmsg(),\nespecially for connected sockets (stream/seqpacket) as we already\ndo in __vsock_connectible_recvmsg().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21670",
"url": "https://www.suse.com/security/cve/CVE-2025-21670"
},
{
"category": "external",
"summary": "SUSE Bug 1236685 for CVE-2025-21670",
"url": "https://bugzilla.suse.com/1236685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21670"
},
{
"cve": "CVE-2025-21673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double free of TCP_Server_Info::hostname\n\nWhen shutting down the server in cifs_put_tcp_session(), cifsd thread\nmight be reconnecting to multiple DFS targets before it realizes it\nshould exit the loop, so @server-\u003ehostname can\u0027t be freed as long as\ncifsd thread isn\u0027t done. Otherwise the following can happen:\n\n RIP: 0010:__slab_free+0x223/0x3c0\n Code: 5e 41 5f c3 cc cc cc cc 4c 89 de 4c 89 cf 44 89 44 24 08 4c 89\n 1c 24 e8 fb cf 8e 00 44 8b 44 24 08 4c 8b 1c 24 e9 5f fe ff ff \u003c0f\u003e\n 0b 41 f7 45 08 00 0d 21 00 0f 85 2d ff ff ff e9 1f ff ff ff 80\n RSP: 0018:ffffb26180dbfd08 EFLAGS: 00010246\n RAX: ffff8ea34728e510 RBX: ffff8ea34728e500 RCX: 0000000000800068\n RDX: 0000000000800068 RSI: 0000000000000000 RDI: ffff8ea340042400\n RBP: ffffe112041ca380 R08: 0000000000000001 R09: 0000000000000000\n R10: 6170732e31303000 R11: 70726f632e786563 R12: ffff8ea34728e500\n R13: ffff8ea340042400 R14: ffff8ea34728e500 R15: 0000000000800068\n FS: 0000000000000000(0000) GS:ffff8ea66fd80000(0000)\n 000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ffc25376080 CR3: 000000012a2ba001 CR4:\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? show_trace_log_lvl+0x1c4/0x2df\n ? show_trace_log_lvl+0x1c4/0x2df\n ? __reconnect_target_unlocked+0x3e/0x160 [cifs]\n ? __die_body.cold+0x8/0xd\n ? die+0x2b/0x50\n ? do_trap+0xce/0x120\n ? __slab_free+0x223/0x3c0\n ? do_error_trap+0x65/0x80\n ? __slab_free+0x223/0x3c0\n ? exc_invalid_op+0x4e/0x70\n ? __slab_free+0x223/0x3c0\n ? asm_exc_invalid_op+0x16/0x20\n ? __slab_free+0x223/0x3c0\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? __kmalloc+0x4b/0x140\n __reconnect_target_unlocked+0x3e/0x160 [cifs]\n reconnect_dfs_server+0x145/0x430 [cifs]\n cifs_handle_standard+0x1ad/0x1d0 [cifs]\n cifs_demultiplex_thread+0x592/0x730 [cifs]\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n kthread+0xdd/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x50\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21673",
"url": "https://www.suse.com/security/cve/CVE-2025-21673"
},
{
"category": "external",
"summary": "SUSE Bug 1236689 for CVE-2025-21673",
"url": "https://bugzilla.suse.com/1236689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21673"
},
{
"cve": "CVE-2025-21675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21675"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Clear port select structure when fail to create\n\nClear the port select structure on error so no stale values left after\ndefiners are destroyed. That\u0027s because the mlx5_lag_destroy_definers()\nalways try to destroy all lag definers in the tt_map, so in the flow\nbelow lag definers get double-destroyed and cause kernel crash:\n\n mlx5_lag_port_sel_create()\n mlx5_lag_create_definers()\n mlx5_lag_create_definer() \u003c- Failed on tt 1\n mlx5_lag_destroy_definers() \u003c- definers[tt=0] gets destroyed\n mlx5_lag_port_sel_create()\n mlx5_lag_create_definers()\n mlx5_lag_create_definer() \u003c- Failed on tt 0\n mlx5_lag_destroy_definers() \u003c- definers[tt=0] gets double-destroyed\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008\n Mem abort info:\n ESR = 0x0000000096000005\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x05: level 1 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n user pgtable: 64k pages, 48-bit VAs, pgdp=0000000112ce2e00\n [0000000000000008] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n Modules linked in: iptable_raw bonding ip_gre ip6_gre gre ip6_tunnel tunnel6 geneve ip6_udp_tunnel udp_tunnel ipip tunnel4 ip_tunnel rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) mlx5_fwctl(OE) fwctl(OE) mlx5_core(OE) mlxdevm(OE) ib_core(OE) mlxfw(OE) memtrack(OE) mlx_compat(OE) openvswitch nsh nf_conncount psample xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo xt_addrtype iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter bridge stp llc netconsole overlay efi_pstore sch_fq_codel zram ip_tables crct10dif_ce qemu_fw_cfg fuse ipv6 crc_ccitt [last unloaded: mlx_compat(OE)]\n CPU: 3 UID: 0 PID: 217 Comm: kworker/u53:2 Tainted: G OE 6.11.0+ #2\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\n Workqueue: mlx5_lag mlx5_do_bond_work [mlx5_core]\n pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mlx5_del_flow_rules+0x24/0x2c0 [mlx5_core]\n lr : mlx5_lag_destroy_definer+0x54/0x100 [mlx5_core]\n sp : ffff800085fafb00\n x29: ffff800085fafb00 x28: ffff0000da0c8000 x27: 0000000000000000\n x26: ffff0000da0c8000 x25: ffff0000da0c8000 x24: ffff0000da0c8000\n x23: ffff0000c31f81a0 x22: 0400000000000000 x21: ffff0000da0c8000\n x20: 0000000000000000 x19: 0000000000000001 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff8b0c9350\n x14: 0000000000000000 x13: ffff800081390d18 x12: ffff800081dc3cc0\n x11: 0000000000000001 x10: 0000000000000b10 x9 : ffff80007ab7304c\n x8 : ffff0000d00711f0 x7 : 0000000000000004 x6 : 0000000000000190\n x5 : ffff00027edb3010 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : ffff0000d39b8000 x1 : ffff0000d39b8000 x0 : 0400000000000000\n Call trace:\n mlx5_del_flow_rules+0x24/0x2c0 [mlx5_core]\n mlx5_lag_destroy_definer+0x54/0x100 [mlx5_core]\n mlx5_lag_destroy_definers+0xa0/0x108 [mlx5_core]\n mlx5_lag_port_sel_create+0x2d4/0x6f8 [mlx5_core]\n mlx5_activate_lag+0x60c/0x6f8 [mlx5_core]\n mlx5_do_bond_work+0x284/0x5c8 [mlx5_core]\n process_one_work+0x170/0x3e0\n worker_thread+0x2d8/0x3e0\n kthread+0x11c/0x128\n ret_from_fork+0x10/0x20\n Code: a9025bf5 aa0003f6 a90363f7 f90023f9 (f9400400)\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21675",
"url": "https://www.suse.com/security/cve/CVE-2025-21675"
},
{
"category": "external",
"summary": "SUSE Bug 1236694 for CVE-2025-21675",
"url": "https://bugzilla.suse.com/1236694"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21675"
},
{
"cve": "CVE-2025-21680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: Avoid out-of-bounds access in get_imix_entries\n\nPassing a sufficient amount of imix entries leads to invalid access to the\npkt_dev-\u003eimix_entries array because of the incorrect boundary check.\n\nUBSAN: array-index-out-of-bounds in net/core/pktgen.c:874:24\nindex 20 is out of range for type \u0027imix_pkt [20]\u0027\nCPU: 2 PID: 1210 Comm: bash Not tainted 6.10.0-rc1 #121\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl lib/dump_stack.c:117\n__ubsan_handle_out_of_bounds lib/ubsan.c:429\nget_imix_entries net/core/pktgen.c:874\npktgen_if_write net/core/pktgen.c:1063\npde_write fs/proc/inode.c:334\nproc_reg_write fs/proc/inode.c:346\nvfs_write fs/read_write.c:593\nksys_write fs/read_write.c:644\ndo_syscall_64 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe arch/x86/entry/entry_64.S:130\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[ fp: allow to fill the array completely; minor changelog cleanup ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21680",
"url": "https://www.suse.com/security/cve/CVE-2025-21680"
},
{
"category": "external",
"summary": "SUSE Bug 1236700 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "external",
"summary": "SUSE Bug 1236701 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2025-21680"
},
{
"cve": "CVE-2025-21681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: fix lockup on tx to unregistering netdev with carrier\n\nCommit in a fixes tag attempted to fix the issue in the following\nsequence of calls:\n\n do_output\n -\u003e ovs_vport_send\n -\u003e dev_queue_xmit\n -\u003e __dev_queue_xmit\n -\u003e netdev_core_pick_tx\n -\u003e skb_tx_hash\n\nWhen device is unregistering, the \u0027dev-\u003ereal_num_tx_queues\u0027 goes to\nzero and the \u0027while (unlikely(hash \u003e= qcount))\u0027 loop inside the\n\u0027skb_tx_hash\u0027 becomes infinite, locking up the core forever.\n\nBut unfortunately, checking just the carrier status is not enough to\nfix the issue, because some devices may still be in unregistering\nstate while reporting carrier status OK.\n\nOne example of such device is a net/dummy. It sets carrier ON\non start, but it doesn\u0027t implement .ndo_stop to set the carrier off.\nAnd it makes sense, because dummy doesn\u0027t really have a carrier.\nTherefore, while this device is unregistering, it\u0027s still easy to hit\nthe infinite loop in the skb_tx_hash() from the OVS datapath. There\nmight be other drivers that do the same, but dummy by itself is\nimportant for the OVS ecosystem, because it is frequently used as a\npacket sink for tcpdump while debugging OVS deployments. And when the\nissue is hit, the only way to recover is to reboot.\n\nFix that by also checking if the device is running. The running\nstate is handled by the net core during unregistering, so it covers\nunregistering case better, and we don\u0027t really need to send packets\nto devices that are not running anyway.\n\nWhile only checking the running state might be enough, the carrier\ncheck is preserved. The running and the carrier states seem disjoined\nthroughout the code and different drivers. And other core functions\nlike __dev_direct_xmit() check both before attempting to transmit\na packet. So, it seems safer to check both flags in OVS as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21681",
"url": "https://www.suse.com/security/cve/CVE-2025-21681"
},
{
"category": "external",
"summary": "SUSE Bug 1236702 for CVE-2025-21681",
"url": "https://bugzilla.suse.com/1236702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21681"
},
{
"cve": "CVE-2025-21684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21684"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: xilinx: Convert gpio_lock to raw spinlock\n\nirq_chip functions may be called in raw spinlock context. Therefore, we\nmust also use a raw spinlock for our own internal locking.\n\nThis fixes the following lockdep splat:\n\n[ 5.349336] =============================\n[ 5.353349] [ BUG: Invalid wait context ]\n[ 5.357361] 6.13.0-rc5+ #69 Tainted: G W\n[ 5.363031] -----------------------------\n[ 5.367045] kworker/u17:1/44 is trying to lock:\n[ 5.371587] ffffff88018b02c0 (\u0026chip-\u003egpio_lock){....}-{3:3}, at: xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.380079] other info that might help us debug this:\n[ 5.385138] context-{5:5}\n[ 5.387762] 5 locks held by kworker/u17:1/44:\n[ 5.392123] #0: ffffff8800014958 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3204)\n[ 5.402260] #1: ffffffc082fcbdd8 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3205)\n[ 5.411528] #2: ffffff880172c900 (\u0026dev-\u003emutex){....}-{4:4}, at: __device_attach (drivers/base/dd.c:1006)\n[ 5.419929] #3: ffffff88039c8268 (request_class#2){+.+.}-{4:4}, at: __setup_irq (kernel/irq/internals.h:156 kernel/irq/manage.c:1596)\n[ 5.428331] #4: ffffff88039c80c8 (lock_class#2){....}-{2:2}, at: __setup_irq (kernel/irq/manage.c:1614)\n[ 5.436472] stack backtrace:\n[ 5.439359] CPU: 2 UID: 0 PID: 44 Comm: kworker/u17:1 Tainted: G W 6.13.0-rc5+ #69\n[ 5.448690] Tainted: [W]=WARN\n[ 5.451656] Hardware name: xlnx,zynqmp (DT)\n[ 5.455845] Workqueue: events_unbound deferred_probe_work_func\n[ 5.461699] Call trace:\n[ 5.464147] show_stack+0x18/0x24 C\n[ 5.467821] dump_stack_lvl (lib/dump_stack.c:123)\n[ 5.471501] dump_stack (lib/dump_stack.c:130)\n[ 5.474824] __lock_acquire (kernel/locking/lockdep.c:4828 kernel/locking/lockdep.c:4898 kernel/locking/lockdep.c:5176)\n[ 5.478758] lock_acquire (arch/arm64/include/asm/percpu.h:40 kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851 kernel/locking/lockdep.c:5814)\n[ 5.482429] _raw_spin_lock_irqsave (include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\n[ 5.486797] xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.490737] irq_enable (kernel/irq/internals.h:236 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345)\n[ 5.494060] __irq_startup (kernel/irq/internals.h:241 kernel/irq/chip.c:180 kernel/irq/chip.c:250)\n[ 5.497645] irq_startup (kernel/irq/chip.c:270)\n[ 5.501143] __setup_irq (kernel/irq/manage.c:1807)\n[ 5.504728] request_threaded_irq (kernel/irq/manage.c:2208)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21684",
"url": "https://www.suse.com/security/cve/CVE-2025-21684"
},
{
"category": "external",
"summary": "SUSE Bug 1236952 for CVE-2025-21684",
"url": "https://bugzilla.suse.com/1236952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21684"
},
{
"cve": "CVE-2025-21687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/platform: check the bounds of read/write syscalls\n\ncount and offset are passed from user space and not checked, only\noffset is capped to 40 bits, which can be used to read/write out of\nbounds of the device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21687",
"url": "https://www.suse.com/security/cve/CVE-2025-21687"
},
{
"category": "external",
"summary": "SUSE Bug 1237045 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "external",
"summary": "SUSE Bug 1237046 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2025-21687"
},
{
"cve": "CVE-2025-21688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21688"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Assign job pointer to NULL before signaling the fence\n\nIn commit e4b5ccd392b9 (\"drm/v3d: Ensure job pointer is set to NULL\nafter job completion\"), we introduced a change to assign the job pointer\nto NULL after completing a job, indicating job completion.\n\nHowever, this approach created a race condition between the DRM\nscheduler workqueue and the IRQ execution thread. As soon as the fence is\nsignaled in the IRQ execution thread, a new job starts to be executed.\nThis results in a race condition where the IRQ execution thread sets the\njob pointer to NULL simultaneously as the `run_job()` function assigns\na new job to the pointer.\n\nThis race condition can lead to a NULL pointer dereference if the IRQ\nexecution thread sets the job pointer to NULL after `run_job()` assigns\nit to the new job. When the new job completes and the GPU emits an\ninterrupt, `v3d_irq()` is triggered, potentially causing a crash.\n\n[ 466.310099] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0\n[ 466.318928] Mem abort info:\n[ 466.321723] ESR = 0x0000000096000005\n[ 466.325479] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 466.330807] SET = 0, FnV = 0\n[ 466.333864] EA = 0, S1PTW = 0\n[ 466.337010] FSC = 0x05: level 1 translation fault\n[ 466.341900] Data abort info:\n[ 466.344783] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 466.350285] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 466.355350] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 466.360677] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000089772000\n[ 466.367140] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 466.375875] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[ 466.382163] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device algif_hash algif_skcipher af_alg bnep binfmt_misc vc4 snd_soc_hdmi_codec drm_display_helper cec brcmfmac_wcc spidev rpivid_hevc(C) drm_client_lib brcmfmac hci_uart drm_dma_helper pisp_be btbcm brcmutil snd_soc_core aes_ce_blk v4l2_mem2mem bluetooth aes_ce_cipher snd_compress videobuf2_dma_contig ghash_ce cfg80211 gf128mul snd_pcm_dmaengine videobuf2_memops ecdh_generic sha2_ce ecc videobuf2_v4l2 snd_pcm v3d sha256_arm64 rfkill videodev snd_timer sha1_ce libaes gpu_sched snd videobuf2_common sha1_generic drm_shmem_helper mc rp1_pio drm_kms_helper raspberrypi_hwmon spi_bcm2835 gpio_keys i2c_brcmstb rp1 raspberrypi_gpiomem rp1_mailbox rp1_adc nvmem_rmem uio_pdrv_genirq uio i2c_dev drm ledtrig_pattern drm_panel_orientation_quirks backlight fuse dm_mod ip_tables x_tables ipv6\n[ 466.458429] CPU: 0 UID: 1000 PID: 2008 Comm: chromium Tainted: G C 6.13.0-v8+ #18\n[ 466.467336] Tainted: [C]=CRAP\n[ 466.470306] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\n[ 466.476157] pstate: 404000c9 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 466.483143] pc : v3d_irq+0x118/0x2e0 [v3d]\n[ 466.487258] lr : __handle_irq_event_percpu+0x60/0x228\n[ 466.492327] sp : ffffffc080003ea0\n[ 466.495646] x29: ffffffc080003ea0 x28: ffffff80c0c94200 x27: 0000000000000000\n[ 466.502807] x26: ffffffd08dd81d7b x25: ffffff80c0c94200 x24: ffffff8003bdc200\n[ 466.509969] x23: 0000000000000001 x22: 00000000000000a7 x21: 0000000000000000\n[ 466.517130] x20: ffffff8041bb0000 x19: 0000000000000001 x18: 0000000000000000\n[ 466.524291] x17: ffffffafadfb0000 x16: ffffffc080000000 x15: 0000000000000000\n[ 466.531452] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 466.538613] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffffd08c527eb0\n[ 466.545777] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n[ 466.552941] x5 : ffffffd08c4100d0 x4 : ffffffafadfb0000 x3 : ffffffc080003f70\n[ 466.560102] x2 : ffffffc0829e8058 x1 : 0000000000000001 x0 : 0000000000000000\n[ 466.567263] Call trace:\n[ 466.569711] v3d_irq+0x118/0x2e0 [v3d] (P)\n[ 466.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21688",
"url": "https://www.suse.com/security/cve/CVE-2025-21688"
},
{
"category": "external",
"summary": "SUSE Bug 1237007 for CVE-2025-21688",
"url": "https://bugzilla.suse.com/1237007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21688"
},
{
"cve": "CVE-2025-21689",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21689"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()\n\nThis patch addresses a null-ptr-deref in qt2_process_read_urb() due to\nan incorrect bounds check in the following:\n\n if (newport \u003e serial-\u003enum_ports) {\n dev_err(\u0026port-\u003edev,\n \"%s - port change to invalid port: %i\\n\",\n __func__, newport);\n break;\n }\n\nThe condition doesn\u0027t account for the valid range of the serial-\u003eport\nbuffer, which is from 0 to serial-\u003enum_ports - 1. When newport is equal\nto serial-\u003enum_ports, the assignment of \"port\" in the\nfollowing code is out-of-bounds and NULL:\n\n serial_priv-\u003ecurrent_port = newport;\n port = serial-\u003eport[serial_priv-\u003ecurrent_port];\n\nThe fix checks if newport is greater than or equal to serial-\u003enum_ports\nindicating it is out-of-bounds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21689",
"url": "https://www.suse.com/security/cve/CVE-2025-21689"
},
{
"category": "external",
"summary": "SUSE Bug 1237017 for CVE-2025-21689",
"url": "https://bugzilla.suse.com/1237017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21689"
},
{
"cve": "CVE-2025-21690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21690"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Ratelimit warning logs to prevent VM denial of service\n\nIf there\u0027s a persistent error in the hypervisor, the SCSI warning for\nfailed I/O can flood the kernel log and max out CPU utilization,\npreventing troubleshooting from the VM side. Ratelimit the warning so\nit doesn\u0027t DoS the VM.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21690",
"url": "https://www.suse.com/security/cve/CVE-2025-21690"
},
{
"category": "external",
"summary": "SUSE Bug 1237025 for CVE-2025-21690",
"url": "https://bugzilla.suse.com/1237025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21690"
},
{
"cve": "CVE-2025-21692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan \u003cg1042620637@gmail.com\u003e found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [ 18.852298] ------------[ cut here ]------------\n [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [ 18.853743] index 18446744073709551615 is out of range for type \u0027ets_class [16]\u0027\n [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [ 18.856532] Call Trace:\n [ 18.857441] \u003cTASK\u003e\n [ 18.858227] dump_stack_lvl+0xc2/0xf0\n [ 18.859607] dump_stack+0x10/0x20\n [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0\n [ 18.864022] ets_class_change+0x3d6/0x3f0\n [ 18.864322] tc_ctl_tclass+0x251/0x910\n [ 18.864587] ? lock_acquire+0x5e/0x140\n [ 18.865113] ? __mutex_lock+0x9c/0xe70\n [ 18.866009] ? __mutex_lock+0xa34/0xe70\n [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0\n [ 18.866806] ? __lock_acquire+0x578/0xc10\n [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [ 18.867503] netlink_rcv_skb+0x59/0x110\n [ 18.867776] rtnetlink_rcv+0x15/0x30\n [ 18.868159] netlink_unicast+0x1c3/0x2b0\n [ 18.868440] netlink_sendmsg+0x239/0x4b0\n [ 18.868721] ____sys_sendmsg+0x3e2/0x410\n [ 18.869012] ___sys_sendmsg+0x88/0xe0\n [ 18.869276] ? rseq_ip_fixup+0x198/0x260\n [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190\n [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0\n [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220\n [ 18.870547] ? do_syscall_64+0x93/0x150\n [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290\n [ 18.871157] __sys_sendmsg+0x69/0xd0\n [ 18.871416] __x64_sys_sendmsg+0x1d/0x30\n [ 18.871699] x64_sys_call+0x9e2/0x2670\n [ 18.871979] do_syscall_64+0x87/0x150\n [ 18.873280] ? do_syscall_64+0x93/0x150\n [ 18.874742] ? lock_release+0x7b/0x160\n [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0\n [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210\n [ 18.879608] ? irqentry_exit+0x77/0xb0\n [ 18.879808] ? clear_bhb_loop+0x15/0x70\n [ 18.880023] ? clear_bhb_loop+0x15/0x70\n [ 18.880223] ? clear_bhb_loop+0x15/0x70\n [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [ 18.880683] RIP: 0033:0x44a957\n [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [ 18.888395] \u003c/TASK\u003e\n [ 18.888610] ---[ end trace ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21692",
"url": "https://www.suse.com/security/cve/CVE-2025-21692"
},
{
"category": "external",
"summary": "SUSE Bug 1237028 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "external",
"summary": "SUSE Bug 1237048 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Ensure job pointer is set to NULL after job completion\n\nAfter a job completes, the corresponding pointer in the device must\nbe set to NULL. Failing to do so triggers a warning when unloading\nthe driver, as it appears the job is still active. To prevent this,\nassign the job pointer to NULL after completing the job, indicating\nthe job has finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21697",
"url": "https://www.suse.com/security/cve/CVE-2025-21697"
},
{
"category": "external",
"summary": "SUSE Bug 1237132 for CVE-2025-21697",
"url": "https://bugzilla.suse.com/1237132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "low"
}
],
"title": "CVE-2025-21697"
},
{
"cve": "CVE-2025-21699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Truncate address space when flipping GFS2_DIF_JDATA flag\n\nTruncate an inode\u0027s address space when flipping the GFS2_DIF_JDATA flag:\ndepending on that flag, the pages in the address space will either use\nbuffer heads or iomap_folio_state structs, and we cannot mix the two.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21699",
"url": "https://www.suse.com/security/cve/CVE-2025-21699"
},
{
"category": "external",
"summary": "SUSE Bug 1237139 for CVE-2025-21699",
"url": "https://bugzilla.suse.com/1237139"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21699"
},
{
"cve": "CVE-2025-21700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: Disallow replacing of child qdisc from one parent to another\n\nLion Ackermann was able to create a UAF which can be abused for privilege\nescalation with the following script\n\nStep 1. create root qdisc\ntc qdisc add dev lo root handle 1:0 drr\n\nstep2. a class for packet aggregation do demonstrate uaf\ntc class add dev lo classid 1:1 drr\n\nstep3. a class for nesting\ntc class add dev lo classid 1:2 drr\n\nstep4. a class to graft qdisc to\ntc class add dev lo classid 1:3 drr\n\nstep5.\ntc qdisc add dev lo parent 1:1 handle 2:0 plug limit 1024\n\nstep6.\ntc qdisc add dev lo parent 1:2 handle 3:0 drr\n\nstep7.\ntc class add dev lo classid 3:1 drr\n\nstep 8.\ntc qdisc add dev lo parent 3:1 handle 4:0 pfifo\n\nstep 9. Display the class/qdisc layout\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nstep10. trigger the bug \u003c=== prevented by this patch\ntc qdisc replace dev lo parent 1:3 handle 4:0\n\nstep 11. Redisplay again the qdiscs/classes\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 1:3 root leaf 4: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 refcnt 2 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nObserve that a) parent for 4:0 does not change despite the replace request.\nThere can only be one parent. b) refcount has gone up by two for 4:0 and\nc) both class 1:3 and 3:1 are pointing to it.\n\nStep 12. send one packet to plug\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10001))\nstep13. send one packet to the grafted fifo\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10003))\n\nstep14. lets trigger the uaf\ntc class delete dev lo classid 1:3\ntc class delete dev lo classid 1:1\n\nThe semantics of \"replace\" is for a del/add _on the same node_ and not\na delete from one node(3:1) and add to another node (1:3) as in step10.\nWhile we could \"fix\" with a more complex approach there could be\nconsequences to expectations so the patch takes the preventive approach of\n\"disallow such config\".\n\nJoint work with Lion Ackermann \u003cnnamrec@gmail.com\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21700",
"url": "https://www.suse.com/security/cve/CVE-2025-21700"
},
{
"category": "external",
"summary": "SUSE Bug 1237159 for CVE-2025-21700",
"url": "https://bugzilla.suse.com/1237159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21700"
},
{
"cve": "CVE-2025-21705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21705"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle fastopen disconnect correctly\n\nSyzbot was able to trigger a data stream corruption:\n\n WARNING: CPU: 0 PID: 9846 at net/mptcp/protocol.c:1024 __mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Modules linked in:\n CPU: 0 UID: 0 PID: 9846 Comm: syz-executor351 Not tainted 6.13.0-rc2-syzkaller-00059-g00a5acdbf398 #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\n RIP: 0010:__mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Code: fa ff ff 48 8b 4c 24 18 80 e1 07 fe c1 38 c1 0f 8c 8e fa ff ff 48 8b 7c 24 18 e8 e0 db 54 f6 e9 7f fa ff ff e8 e6 80 ee f5 90 \u003c0f\u003e 0b 90 4c 8b 6c 24 40 4d 89 f4 e9 04 f5 ff ff 44 89 f1 80 e1 07\n RSP: 0018:ffffc9000c0cf400 EFLAGS: 00010293\n RAX: ffffffff8bb0dd5a RBX: ffff888033f5d230 RCX: ffff888059ce8000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000c0cf518 R08: ffffffff8bb0d1dd R09: 1ffff110170c8928\n R10: dffffc0000000000 R11: ffffed10170c8929 R12: 0000000000000000\n R13: ffff888033f5d220 R14: dffffc0000000000 R15: ffff8880592b8000\n FS: 00007f6e866496c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f6e86f491a0 CR3: 00000000310e6000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n __mptcp_clean_una_wakeup+0x7f/0x2d0 net/mptcp/protocol.c:1074\n mptcp_release_cb+0x7cb/0xb30 net/mptcp/protocol.c:3493\n release_sock+0x1aa/0x1f0 net/core/sock.c:3640\n inet_wait_for_connect net/ipv4/af_inet.c:609 [inline]\n __inet_stream_connect+0x8bd/0xf30 net/ipv4/af_inet.c:703\n mptcp_sendmsg_fastopen+0x2a2/0x530 net/mptcp/protocol.c:1755\n mptcp_sendmsg+0x1884/0x1b10 net/mptcp/protocol.c:1830\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f6e86ebfe69\n Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007f6e86649168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f6e86f491b8 RCX: 00007f6e86ebfe69\n RDX: 0000000030004001 RSI: 0000000020000080 RDI: 0000000000000003\n RBP: 00007f6e86f491b0 R08: 00007f6e866496c0 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6e86f491bc\n R13: 000000000000006e R14: 00007ffe445d9420 R15: 00007ffe445d9508\n \u003c/TASK\u003e\n\nThe root cause is the bad handling of disconnect() generated internally\nby the MPTCP protocol in case of connect FASTOPEN errors.\n\nAddress the issue increasing the socket disconnect counter even on such\na case, to allow other threads waiting on the same socket lock to\nproperly error out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21705",
"url": "https://www.suse.com/security/cve/CVE-2025-21705"
},
{
"category": "external",
"summary": "SUSE Bug 1238525 for CVE-2025-21705",
"url": "https://bugzilla.suse.com/1238525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21705"
},
{
"cve": "CVE-2025-21715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21715"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: davicom: fix UAF in dm9000_drv_remove\n\ndm is netdev private data and it cannot be\nused after free_netdev() call. Using dm after free_netdev()\ncan cause UAF bug. Fix it by moving free_netdev() at the end of the\nfunction.\n\nThis is similar to the issue fixed in commit\nad297cd2db89 (\"net: qcom/emac: fix UAF in emac_remove\").\n\nThis bug is detected by our static analysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21715",
"url": "https://www.suse.com/security/cve/CVE-2025-21715"
},
{
"category": "external",
"summary": "SUSE Bug 1237889 for CVE-2025-21715",
"url": "https://bugzilla.suse.com/1237889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21715"
},
{
"cve": "CVE-2025-21716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21716"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix uninit-value in vxlan_vnifilter_dump()\n\nKMSAN reported an uninit-value access in vxlan_vnifilter_dump() [1].\n\nIf the length of the netlink message payload is less than\nsizeof(struct tunnel_msg), vxlan_vnifilter_dump() accesses bytes\nbeyond the message. This can lead to uninit-value access. Fix this by\nreturning an error in such situations.\n\n[1]\nBUG: KMSAN: uninit-value in vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6786\n netlink_dump+0x93e/0x15f0 net/netlink/af_netlink.c:2317\n __netlink_dump_start+0x716/0xd60 net/netlink/af_netlink.c:2432\n netlink_dump_start include/linux/netlink.h:340 [inline]\n rtnetlink_dump_start net/core/rtnetlink.c:6815 [inline]\n rtnetlink_rcv_msg+0x1256/0x14a0 net/core/rtnetlink.c:6882\n netlink_rcv_skb+0x467/0x660 net/netlink/af_netlink.c:2542\n rtnetlink_rcv+0x35/0x40 net/core/rtnetlink.c:6944\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0xed6/0x1290 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x1092/0x1230 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4110 [inline]\n slab_alloc_node mm/slub.c:4153 [inline]\n kmem_cache_alloc_node_noprof+0x800/0xe80 mm/slub.c:4205\n kmalloc_reserve+0x13b/0x4b0 net/core/skbuff.c:587\n __alloc_skb+0x347/0x7d0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1323 [inline]\n netlink_alloc_large_skb+0xa5/0x280 net/netlink/af_netlink.c:1196\n netlink_sendmsg+0xac9/0x1230 net/netlink/af_netlink.c:1866\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 30991 Comm: syz.4.10630 Not tainted 6.12.0-10694-gc44daa7e3c73 #29\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21716",
"url": "https://www.suse.com/security/cve/CVE-2025-21716"
},
{
"category": "external",
"summary": "SUSE Bug 1237891 for CVE-2025-21716",
"url": "https://bugzilla.suse.com/1237891"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21716"
},
{
"cve": "CVE-2025-21719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmr: do not call mr_mfc_uses_dev() for unres entries\n\nsyzbot found that calling mr_mfc_uses_dev() for unres entries\nwould crash [1], because c-\u003emfc_un.res.minvif / c-\u003emfc_un.res.maxvif\nalias to \"struct sk_buff_head unresolved\", which contain two pointers.\n\nThis code never worked, lets remove it.\n\n[1]\nUnable to handle kernel paging request at virtual address ffff5fff2d536613\nKASAN: maybe wild-memory-access in range [0xfffefff96a9b3098-0xfffefff96a9b309f]\nModules linked in:\nCPU: 1 UID: 0 PID: 7321 Comm: syz.0.16 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline]\n pc : mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334\n lr : mr_mfc_uses_dev net/ipv4/ipmr_base.c:289 [inline]\n lr : mr_table_dump+0x694/0x8b0 net/ipv4/ipmr_base.c:334\nCall trace:\n mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline] (P)\n mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334 (P)\n mr_rtm_dumproute+0x254/0x454 net/ipv4/ipmr_base.c:382\n ipmr_rtm_dumproute+0x248/0x4b4 net/ipv4/ipmr.c:2648\n rtnl_dump_all+0x2e4/0x4e8 net/core/rtnetlink.c:4327\n rtnl_dumpit+0x98/0x1d0 net/core/rtnetlink.c:6791\n netlink_dump+0x4f0/0xbc0 net/netlink/af_netlink.c:2317\n netlink_recvmsg+0x56c/0xe64 net/netlink/af_netlink.c:1973\n sock_recvmsg_nosec net/socket.c:1033 [inline]\n sock_recvmsg net/socket.c:1055 [inline]\n sock_read_iter+0x2d8/0x40c net/socket.c:1125\n new_sync_read fs/read_write.c:484 [inline]\n vfs_read+0x740/0x970 fs/read_write.c:565\n ksys_read+0x15c/0x26c fs/read_write.c:708",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21719",
"url": "https://www.suse.com/security/cve/CVE-2025-21719"
},
{
"category": "external",
"summary": "SUSE Bug 1238860 for CVE-2025-21719",
"url": "https://bugzilla.suse.com/1238860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21719"
},
{
"cve": "CVE-2025-21724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()\n\nResolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index()\nwhere shifting the constant \"1\" (of type int) by bitmap-\u003emapped.pgshift\n(an unsigned long value) could result in undefined behavior.\n\nThe constant \"1\" defaults to a 32-bit \"int\", and when \"pgshift\" exceeds\n31 (e.g., pgshift = 63) the shift operation overflows, as the result\ncannot be represented in a 32-bit type.\n\nTo resolve this, the constant is updated to \"1UL\", promoting it to an\nunsigned long type to match the operand\u0027s type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21724",
"url": "https://www.suse.com/security/cve/CVE-2025-21724"
},
{
"category": "external",
"summary": "SUSE Bug 1238863 for CVE-2025-21724",
"url": "https://bugzilla.suse.com/1238863"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21724"
},
{
"cve": "CVE-2025-21725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix oops due to unset link speed\n\nIt isn\u0027t guaranteed that NETWORK_INTERFACE_INFO::LinkSpeed will always\nbe set by the server, so the client must handle any values and then\nprevent oopses like below from happening:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 1323 Comm: cat Not tainted 6.13.0-rc7 #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41\n04/01/2014\nRIP: 0010:cifs_debug_data_proc_show+0xa45/0x1460 [cifs] Code: 00 00 48\n89 df e8 3b cd 1b c1 41 f6 44 24 2c 04 0f 84 50 01 00 00 48 89 ef e8\ne7 d0 1b c1 49 8b 44 24 18 31 d2 49 8d 7c 24 28 \u003c48\u003e f7 74 24 18 48 89\nc3 e8 6e cf 1b c1 41 8b 6c 24 28 49 8d 7c 24\nRSP: 0018:ffffc90001817be0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88811230022c RCX: ffffffffc041bd99\nRDX: 0000000000000000 RSI: 0000000000000567 RDI: ffff888112300228\nRBP: ffff888112300218 R08: fffff52000302f5f R09: ffffed1022fa58ac\nR10: ffff888117d2c566 R11: 00000000fffffffe R12: ffff888112300200\nR13: 000000012a15343f R14: 0000000000000001 R15: ffff888113f2db58\nFS: 00007fe27119e740(0000) GS:ffff888148600000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fe2633c5000 CR3: 0000000124da0000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? die+0x2e/0x50\n ? do_trap+0x159/0x1b0\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? do_error_trap+0x90/0x130\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? exc_divide_error+0x39/0x50\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? asm_exc_divide_error+0x1a/0x20\n ? cifs_debug_data_proc_show+0xa39/0x1460 [cifs]\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? seq_read_iter+0x42e/0x790\n seq_read_iter+0x19a/0x790\n proc_reg_read_iter+0xbe/0x110\n ? __pfx_proc_reg_read_iter+0x10/0x10\n vfs_read+0x469/0x570\n ? do_user_addr_fault+0x398/0x760\n ? __pfx_vfs_read+0x10/0x10\n ? find_held_lock+0x8a/0xa0\n ? __pfx_lock_release+0x10/0x10\n ksys_read+0xd3/0x170\n ? __pfx_ksys_read+0x10/0x10\n ? __rcu_read_unlock+0x50/0x270\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe271288911\nCode: 00 48 8b 15 01 25 10 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8\n20 ad 01 00 f3 0f 1e fa 80 3d b5 a7 10 00 00 74 13 31 c0 0f 05 \u003c48\u003e 3d\n00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec\nRSP: 002b:00007ffe87c079d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\nRAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007fe271288911\nRDX: 0000000000040000 RSI: 00007fe2633c6000 RDI: 0000000000000003\nRBP: 00007ffe87c07a00 R08: 0000000000000000 R09: 00007fe2713e6380\nR10: 0000000000000022 R11: 0000000000000246 R12: 0000000000040000\nR13: 00007fe2633c6000 R14: 0000000000000003 R15: 0000000000000000\n \u003c/TASK\u003e\n\nFix this by setting cifs_server_iface::speed to a sane value (1Gbps)\nby default when link speed is unset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21725",
"url": "https://www.suse.com/security/cve/CVE-2025-21725"
},
{
"category": "external",
"summary": "SUSE Bug 1238877 for CVE-2025-21725",
"url": "https://bugzilla.suse.com/1238877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21725"
},
{
"cve": "CVE-2025-21728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Send signals asynchronously if !preemptible\n\nBPF programs can execute in all kinds of contexts and when a program\nrunning in a non-preemptible context uses the bpf_send_signal() kfunc,\nit will cause issues because this kfunc can sleep.\nChange `irqs_disabled()` to `!preemptible()`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21728",
"url": "https://www.suse.com/security/cve/CVE-2025-21728"
},
{
"category": "external",
"summary": "SUSE Bug 1237879 for CVE-2025-21728",
"url": "https://bugzilla.suse.com/1237879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21728"
},
{
"cve": "CVE-2025-21733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Fix resetting of tracepoints\n\nIf a timerlat tracer is started with the osnoise option OSNOISE_WORKLOAD\ndisabled, but then that option is enabled and timerlat is removed, the\ntracepoints that were enabled on timerlat registration do not get\ndisabled. If the option is disabled again and timelat is started, then it\ntriggers a warning in the tracepoint code due to registering the\ntracepoint again without ever disabling it.\n\nDo not use the same user space defined options to know to disable the\ntracepoints when timerlat is removed. Instead, set a global flag when it\nis enabled and use that flag to know to disable the events.\n\n ~# echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo timerlat \u003e /sys/kernel/tracing/current_tracer\n ~# echo OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo nop \u003e /sys/kernel/tracing/current_tracer\n ~# echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo timerlat \u003e /sys/kernel/tracing/current_tracer\n\nTriggers:\n\n ------------[ cut here ]------------\n WARNING: CPU: 6 PID: 1337 at kernel/tracepoint.c:294 tracepoint_add_func+0x3b6/0x3f0\n Modules linked in:\n CPU: 6 UID: 0 PID: 1337 Comm: rtla Not tainted 6.13.0-rc4-test-00018-ga867c441128e-dirty #73\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:tracepoint_add_func+0x3b6/0x3f0\n Code: 48 8b 53 28 48 8b 73 20 4c 89 04 24 e8 23 59 11 00 4c 8b 04 24 e9 36 fe ff ff 0f 0b b8 ea ff ff ff 45 84 e4 0f 84 68 fe ff ff \u003c0f\u003e 0b e9 61 fe ff ff 48 8b 7b 18 48 85 ff 0f 84 4f ff ff ff 49 8b\n RSP: 0018:ffffb9b003a87ca0 EFLAGS: 00010202\n RAX: 00000000ffffffef RBX: ffffffff92f30860 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffff9bf59e91ccd0 RDI: ffffffff913b6410\n RBP: 000000000000000a R08: 00000000000005c7 R09: 0000000000000002\n R10: ffffb9b003a87ce0 R11: 0000000000000002 R12: 0000000000000001\n R13: ffffb9b003a87ce0 R14: ffffffffffffffef R15: 0000000000000008\n FS: 00007fce81209240(0000) GS:ffff9bf6fdd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055e99b728000 CR3: 00000001277c0002 CR4: 0000000000172ef0\n Call Trace:\n \u003cTASK\u003e\n ? __warn.cold+0xb7/0x14d\n ? tracepoint_add_func+0x3b6/0x3f0\n ? report_bug+0xea/0x170\n ? handle_bug+0x58/0x90\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n ? tracepoint_add_func+0x3b6/0x3f0\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n tracepoint_probe_register+0x78/0xb0\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n osnoise_workload_start+0x2b5/0x370\n timerlat_tracer_init+0x76/0x1b0\n tracing_set_tracer+0x244/0x400\n tracing_set_trace_write+0xa0/0xe0\n vfs_write+0xfc/0x570\n ? do_sys_openat2+0x9c/0xe0\n ksys_write+0x72/0xf0\n do_syscall_64+0x79/0x1c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21733",
"url": "https://www.suse.com/security/cve/CVE-2025-21733"
},
{
"category": "external",
"summary": "SUSE Bug 1238494 for CVE-2025-21733",
"url": "https://bugzilla.suse.com/1238494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21733"
},
{
"cve": "CVE-2025-21754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21754"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix assertion failure when splitting ordered extent after transaction abort\n\nIf while we are doing a direct IO write a transaction abort happens, we\nmark all existing ordered extents with the BTRFS_ORDERED_IOERR flag (done\nat btrfs_destroy_ordered_extents()), and then after that if we enter\nbtrfs_split_ordered_extent() and the ordered extent has bytes left\n(meaning we have a bio that doesn\u0027t cover the whole ordered extent, see\ndetails at btrfs_extract_ordered_extent()), we will fail on the following\nassertion at btrfs_split_ordered_extent():\n\n ASSERT(!(flags \u0026 ~BTRFS_ORDERED_TYPE_FLAGS));\n\nbecause the BTRFS_ORDERED_IOERR flag is set and the definition of\nBTRFS_ORDERED_TYPE_FLAGS is just the union of all flags that identify the\ntype of write (regular, nocow, prealloc, compressed, direct IO, encoded).\n\nFix this by returning an error from btrfs_extract_ordered_extent() if we\nfind the BTRFS_ORDERED_IOERR flag in the ordered extent. The error will\nbe the error that resulted in the transaction abort or -EIO if no\ntransaction abort happened.\n\nThis was recently reported by syzbot with the following trace:\n\n FAULT_INJECTION: forcing a failure.\n name failslab, interval 1, probability 0, space 0, times 1\n CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.13.0-rc5-syzkaller #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n fail_dump lib/fault-inject.c:53 [inline]\n should_fail_ex+0x3b0/0x4e0 lib/fault-inject.c:154\n should_failslab+0xac/0x100 mm/failslab.c:46\n slab_pre_alloc_hook mm/slub.c:4072 [inline]\n slab_alloc_node mm/slub.c:4148 [inline]\n __do_kmalloc_node mm/slub.c:4297 [inline]\n __kmalloc_noprof+0xdd/0x4c0 mm/slub.c:4310\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n btrfs_chunk_alloc_add_chunk_item+0x244/0x1100 fs/btrfs/volumes.c:5742\n reserve_chunk_space+0x1ca/0x2c0 fs/btrfs/block-group.c:4292\n check_system_chunk fs/btrfs/block-group.c:4319 [inline]\n do_chunk_alloc fs/btrfs/block-group.c:3891 [inline]\n btrfs_chunk_alloc+0x77b/0xf80 fs/btrfs/block-group.c:4187\n find_free_extent_update_loop fs/btrfs/extent-tree.c:4166 [inline]\n find_free_extent+0x42d1/0x5810 fs/btrfs/extent-tree.c:4579\n btrfs_reserve_extent+0x422/0x810 fs/btrfs/extent-tree.c:4672\n btrfs_new_extent_direct fs/btrfs/direct-io.c:186 [inline]\n btrfs_get_blocks_direct_write+0x706/0xfa0 fs/btrfs/direct-io.c:321\n btrfs_dio_iomap_begin+0xbb7/0x1180 fs/btrfs/direct-io.c:525\n iomap_iter+0x697/0xf60 fs/iomap/iter.c:90\n __iomap_dio_rw+0xeb9/0x25b0 fs/iomap/direct-io.c:702\n btrfs_dio_write fs/btrfs/direct-io.c:775 [inline]\n btrfs_direct_write+0x610/0xa30 fs/btrfs/direct-io.c:880\n btrfs_do_write_iter+0x2a0/0x760 fs/btrfs/file.c:1397\n do_iter_readv_writev+0x600/0x880\n vfs_writev+0x376/0xba0 fs/read_write.c:1050\n do_pwritev fs/read_write.c:1146 [inline]\n __do_sys_pwritev2 fs/read_write.c:1204 [inline]\n __se_sys_pwritev2+0x196/0x2b0 fs/read_write.c:1195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f1281f85d29\n RSP: 002b:00007f12819fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148\n RAX: ffffffffffffffda RBX: 00007f1282176080 RCX: 00007f1281f85d29\n RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000005\n RBP: 00007f12819fe090 R08: 0000000000000000 R09: 0000000000000003\n R10: 0000000000007000 R11: 0000000000000246 R12: 0000000000000002\n R13: 0000000000000000 R14: 00007f1282176080 R15: 00007ffcb9e23328\n \u003c/TASK\u003e\n BTRFS error (device loop0 state A): Transaction aborted (error -12)\n BTRFS: error (device loop0 state A\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21754",
"url": "https://www.suse.com/security/cve/CVE-2025-21754"
},
{
"category": "external",
"summary": "SUSE Bug 1238496 for CVE-2025-21754",
"url": "https://bugzilla.suse.com/1238496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21754"
},
{
"cve": "CVE-2025-21767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21767"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context\n\nThe following bug report happened with a PREEMPT_RT kernel:\n\n BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog\n preempt_count: 1, expected: 0\n RCU nest depth: 0, expected: 0\n get_random_u32+0x4f/0x110\n clocksource_verify_choose_cpus+0xab/0x1a0\n clocksource_verify_percpu.part.0+0x6b/0x330\n clocksource_watchdog_kthread+0x193/0x1a0\n\nIt is due to the fact that clocksource_verify_choose_cpus() is invoked with\npreemption disabled. This function invokes get_random_u32() to obtain\nrandom numbers for choosing CPUs. The batched_entropy_32 local lock and/or\nthe base_crng.lock spinlock in driver/char/random.c will be acquired during\nthe call. In PREEMPT_RT kernel, they are both sleeping locks and so cannot\nbe acquired in atomic context.\n\nFix this problem by using migrate_disable() to allow smp_processor_id() to\nbe reliably used without introducing atomic context. preempt_disable() is\nthen called after clocksource_verify_choose_cpus() but before the\nclocksource measurement is being run to avoid introducing unexpected\nlatency.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21767",
"url": "https://www.suse.com/security/cve/CVE-2025-21767"
},
{
"category": "external",
"summary": "SUSE Bug 1238509 for CVE-2025-21767",
"url": "https://bugzilla.suse.com/1238509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21767"
},
{
"cve": "CVE-2025-21790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21790"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: check vxlan_vnigroup_init() return value\n\nvxlan_init() must check vxlan_vnigroup_init() success\notherwise a crash happens later, spotted by syzbot.\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000002c: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000160-0x0000000000000167]\nCPU: 0 UID: 0 PID: 7313 Comm: syz-executor147 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:vxlan_vnigroup_uninit+0x89/0x500 drivers/net/vxlan/vxlan_vnifilter.c:912\nCode: 00 48 8b 44 24 08 4c 8b b0 98 41 00 00 49 8d 86 60 01 00 00 48 89 c2 48 89 44 24 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 4d 04 00 00 49 8b 86 60 01 00 00 48 ba 00 00 00\nRSP: 0018:ffffc9000cc1eea8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8672effb\nRDX: 000000000000002c RSI: ffffffff8672ecb9 RDI: ffff8880461b4f18\nRBP: ffff8880461b4ef4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000020000\nR13: ffff8880461b0d80 R14: 0000000000000000 R15: dffffc0000000000\nFS: 00007fecfa95d6c0(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fecfa95cfb8 CR3: 000000004472c000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vxlan_uninit+0x1ab/0x200 drivers/net/vxlan/vxlan_core.c:2942\n unregister_netdevice_many_notify+0x12d6/0x1f30 net/core/dev.c:11824\n unregister_netdevice_many net/core/dev.c:11866 [inline]\n unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11736\n register_netdevice+0x1829/0x1eb0 net/core/dev.c:10901\n __vxlan_dev_create+0x7c6/0xa30 drivers/net/vxlan/vxlan_core.c:3981\n vxlan_newlink+0xd1/0x130 drivers/net/vxlan/vxlan_core.c:4407\n rtnl_newlink_create net/core/rtnetlink.c:3795 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21790",
"url": "https://www.suse.com/security/cve/CVE-2025-21790"
},
{
"category": "external",
"summary": "SUSE Bug 1238753 for CVE-2025-21790",
"url": "https://bugzilla.suse.com/1238753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21790"
},
{
"cve": "CVE-2025-21795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21795"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: fix hang in nfsd4_shutdown_callback\n\nIf nfs4_client is in courtesy state then there is no point to send\nthe callback. This causes nfsd4_shutdown_callback to hang since\ncl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP\nnotifies NFSD that the connection was dropped.\n\nThis patch modifies nfsd4_run_cb_work to skip the RPC call if\nnfs4_client is in courtesy state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21795",
"url": "https://www.suse.com/security/cve/CVE-2025-21795"
},
{
"category": "external",
"summary": "SUSE Bug 1238759 for CVE-2025-21795",
"url": "https://bugzilla.suse.com/1238759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21795"
},
{
"cve": "CVE-2025-21799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21799"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()\n\nWhen getting the IRQ we use k3_udma_glue_tx_get_irq() which returns\nnegative error value on error. So not NULL check is not sufficient\nto deteremine if IRQ is valid. Check that IRQ is greater then zero\nto ensure it is valid.\n\nThere is no issue at probe time but at runtime user can invoke\n.set_channels which results in the following call chain.\nam65_cpsw_set_channels()\n am65_cpsw_nuss_update_tx_rx_chns()\n am65_cpsw_nuss_remove_tx_chns()\n am65_cpsw_nuss_init_tx_chns()\n\nAt this point if am65_cpsw_nuss_init_tx_chns() fails due to\nk3_udma_glue_tx_get_irq() then tx_chn-\u003eirq will be set to a\nnegative value.\n\nThen, at subsequent .set_channels with higher channel count we\nwill attempt to free an invalid IRQ in am65_cpsw_nuss_remove_tx_chns()\nleading to a kernel warning.\n\nThe issue is present in the original commit that introduced this driver,\nalthough there, am65_cpsw_nuss_update_tx_rx_chns() existed as\nam65_cpsw_nuss_update_tx_chns().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21799",
"url": "https://www.suse.com/security/cve/CVE-2025-21799"
},
{
"category": "external",
"summary": "SUSE Bug 1238739 for CVE-2025-21799",
"url": "https://bugzilla.suse.com/1238739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21799"
},
{
"cve": "CVE-2025-21802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21802"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix oops when unload drivers paralleling\n\nWhen unload hclge driver, it tries to disable sriov first for each\nae_dev node from hnae3_ae_dev_list. If user unloads hns3 driver at\nthe time, because it removes all the ae_dev nodes, and it may cause\noops.\n\nBut we can\u0027t simply use hnae3_common_lock for this. Because in the\nprocess flow of pci_disable_sriov(), it will trigger the remove flow\nof VF, which will also take hnae3_common_lock.\n\nTo fixes it, introduce a new mutex to protect the unload process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21802",
"url": "https://www.suse.com/security/cve/CVE-2025-21802"
},
{
"category": "external",
"summary": "SUSE Bug 1238751 for CVE-2025-21802",
"url": "https://bugzilla.suse.com/1238751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21802"
}
]
}
suse-su-2025:20260-1
Vulnerability from csaf_suse
Published
2025-04-17 10:48
Modified
2025-04-17 10:48
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- CVE-2024-35910: tcp: properly terminate timers for kernel sockets (bsc#1224489).
- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).
- CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858).
- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).
- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).
- CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439).
- CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769).
- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).
- CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711).
- CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712).
- CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733).
- CVE-2024-49940: kABI fix for l2tp: prevent possible tunnel refcount underflow (bsc#1232812).
- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).
- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).
- CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389).
- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).
- CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060).
- CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028).
- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).
- CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248).
- CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221).
- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).
- CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).
- CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222).
- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).
- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).
- CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715).
- CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729).
- CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244).
- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).
- CVE-2024-56638: kABI fix for "netfilter: nft_inner: incorrect percpu area handling under softirq" (bsc#1235524).
- CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436).
- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501).
- CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455).
- CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589).
- CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591).
- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).
- CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936).
- CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621).
- CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637).
- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).
- CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973).
- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).
- CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532).
- CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).
- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).
- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
- CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104).
- CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997).
- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).
- CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111).
- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113).
- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114).
- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115).
- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122).
- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123).
- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).
- CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206).
- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).
- CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680).
- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).
- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).
- CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).
- CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).
- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).
- CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).
- CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698).
- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).
- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).
- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).
- CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).
- CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528).
- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).
- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).
- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).
- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).
- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).
- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).
- CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494).
- CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506).
- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).
- CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496).
- CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738).
- CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763).
- CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775).
- CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780).
- CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897).
- CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906).
- CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754).
- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).
- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).
- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).
- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).
- CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971).
- CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512).
- CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479).
- CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486).
- CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478).
- CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483).
- CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474).
- CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482).
- CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481).
- CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191).
- CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183).
- CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189).
- CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173).
- CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186).
The following non-security bugs were fixed:
- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).
- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).
- ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes).
- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).
- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).
- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).
- ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes).
- ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes).
- ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes).
- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).
- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).
- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).
- ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes).
- ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes).
- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes).
- ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes).
- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).
- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes).
- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes).
- ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes).
- ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes).
- ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes).
- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).
- ALSA: seq: Make dependency on UMP clearer (git-fixes).
- ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes).
- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes).
- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).
- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).
- ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes).
- ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes).
- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).
- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).
- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).
- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).
- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes).
- ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes).
- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).
- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).
- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).
- ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes).
- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes).
- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes).
- ASoC: cs35l41: check the return value from spi_setup() (git-fixes).
- ASoC: es8328: fix route from DAC to output (git-fixes).
- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).
- ASoC: ops: Consistently treat platform_max as control value (git-fixes).
- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).
- ASoC: rt722-sdca: add missing readable registers (git-fixes).
- ASoC: tas2764: Fix power control mask (stable-fixes).
- ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes).
- ASoC: tas2770: Fix volume scale (stable-fixes).
- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).
- Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes).
- Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes).
- Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes).
- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).
- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).
- Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes).
- Bluetooth: hci_event: Fix enabling passive scanning (git-fixes).
- Documentation: qat: fix auto_reset attribute details (git-fixes).
- Documentation: qat: fix auto_reset section (git-fixes).
- Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes).
- Fix memory-hotplug regression (bsc#1237504)
- Grab mm lock before grabbing pt lock (git-fixes).
- HID: Enable playstation driver independently of sony driver (git-fixes).
- HID: Wacom: Add PCI Wacom device support (stable-fixes).
- HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes).
- HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes).
- HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes).
- HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes).
- HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes).
- HID: hid-steam: Add Deck IMU support (stable-fixes).
- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).
- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).
- HID: hid-steam: Clean up locking (stable-fixes).
- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).
- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).
- HID: hid-steam: Fix cleanup in probe() (git-fixes).
- HID: hid-steam: Fix use-after-free when detaching device (git-fixes).
- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).
- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).
- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).
- HID: hid-steam: remove pointless error message (stable-fixes).
- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).
- HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes).
- HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes).
- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes).
- HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes).
- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes).
- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).
- HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes).
- HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes).
- IB/mad: Check available slots before posting receive WRs (git-fixes)
- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)
- Input: ads7846 - fix gpiod allocation (git-fixes).
- Input: allocate keycode for phone linking (stable-fixes).
- Input: i8042 - add required quirks for missing old boardnames (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes).
- Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes).
- Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes).
- Input: iqs7222 - preserve system status register (git-fixes).
- Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes).
- Input: xpad - add multiple supported devices (stable-fixes).
- Input: xpad - add support for TECNO Pocket Go (stable-fixes).
- Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes).
- Input: xpad - rename QH controller to Legion Go S (stable-fixes).
- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).
- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).
- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).
- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).
- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).
- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).
- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).
- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)
- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).
- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).
- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).
- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).
- KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf SPTE (git-fixes).
- KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes).
- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).
- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).
- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).
- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).
- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).
- KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes).
- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).
- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).
- Move upstreamed ACPI patch into sorted section
- Move upstreamed PCI and initramfs patches into sorted section
- Move upstreamed nfsd and sunrpc patches into sorted section
- Move upstreamed powerpc and SCSI patches into sorted section
- PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes).
- PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes).
- PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853)
- PCI/DOE: Support discovery version 2 (bsc#1237853)
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).
- PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes).
- PCI: Avoid reset when disabled via sysfs (git-fixes).
- PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes).
- PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes).
- PCI: Use downstream bridges for distributing resources (bsc#1237325).
- PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes).
- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes).
- PCI: brcmstb: Fix potential premature regulator disabling (git-fixes).
- PCI: brcmstb: Set generation limit before PCIe link up (git-fixes).
- PCI: brcmstb: Use internal register to change link capability (git-fixes).
- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes).
- PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes).
- PCI: hookup irq_get_affinity callback (bsc#1236896).
- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).
- PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes).
- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).
- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes).
- PM: sleep: Adjust check before setting power.must_resume (git-fixes).
- PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes).
- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).
- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes)
- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes)
- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)
- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)
- RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes)
- RDMA/efa: Reset device on probe failure (git-fixes)
- RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes)
- RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes)
- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)
- RDMA/hns: Fix missing xa_destroy() (git-fixes)
- RDMA/hns: Fix soft lockup during bt pages loop (git-fixes)
- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes)
- RDMA/hns: Fix wrong value of max_sge_rd (git-fixes)
- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).
- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).
- RDMA/mlx5: Fix AH static rate parsing (git-fixes)
- RDMA/mlx5: Fix MR cache initialization error flow (git-fixes)
- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)
- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)
- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)
- RDMA/mlx5: Fix cache entry update on dereg error (git-fixes)
- RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes)
- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)
- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes)
- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)
- RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes)
- RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes)
- RDMA/rxe: Improve newline in printing messages (git-fixes)
- Reapply "wifi: ath11k: restore country code during resume" (bsc#1207948).
- Revert "blk-throttle: Fix IO hang for a corner case" (git-fixes).
- Revert "dm: requeue IO if mapping table not yet available" (git-fixes).
- Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" (git-fixes).
- Revert "drm/amd/display: Use HW lock mgr for PSR1" (stable-fixes).
- Revert "leds-pca955x: Remove the unused function pca95xx_num_led_regs()" (stable-fixes).
- Revert "wifi: ath11k: restore country code during resume" (bsc#1207948).
- Revert "wifi: ath11k: support hibernation" (bsc#1207948).
- SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes).
- SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes).
- SUNRPC: convert RPC_TASK_* constants to enum (git-fixes).
- UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes).
- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).
- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).
- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).
- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).
- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).
- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).
- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).
- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes).
- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).
- USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes).
- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).
- USB: serial: option: drop MeiG Smart defines (stable-fixes).
- USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes).
- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).
- USB: serial: option: match on interface class for Telit FN990B (stable-fixes).
- Update "drm/mgag200: Added support for the new device G200eH5" (jsc#PED-12094)
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes).
- accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes).
- acct: block access to kernel internal filesystems (git-fixes).
- acct: perform last write from workqueue (git-fixes).
- add nf_tables for iptables non-legacy network handling.
- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).
- af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435).
- af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435).
- af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334).
- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).
- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)
- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)
- arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes)
- arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes)
- arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes)
- arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes)
- arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes)
- arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes)
- arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes)
- arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes)
- arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes)
- arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes)
- arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes)
- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes)
- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes)
- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes)
- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes)
- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)
- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)
- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)
- arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes)
- arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes)
- ata: ahci: Add mask_port_map module parameter (git-fixes).
- ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes).
- ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes).
- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).
- ata: libata: Fix NCQ Non-Data log not supported print (git-fixes).
- ata: pata_parport: add custom version of wait_after_reset (git-fixes).
- ata: pata_parport: fit3: implement IDE command set registers (git-fixes).
- ata: pata_serverworks: Do not use the term blacklist (git-fixes).
- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes).
- ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes).
- auxdisplay: panel: Fix an API misuse in panel.c (git-fixes).
- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes).
- batman-adv: Drop unmanaged ELP metric worker (git-fixes).
- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).
- batman-adv: Ignore own maximum aggregation size during RX (git-fixes).
- batman-adv: fix panic during interface removal (git-fixes).
- bio-integrity: do not restrict the size of integrity metadata (git-fixes).
- bitmap: introduce generic optimized bitmap_size() (git-fixes).
- blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558).
- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).
- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).
- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).
- blk-mq: add number of queue calc helper (bsc#1236897).
- blk-mq: create correct map for fallback case (bsc#1236896).
- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).
- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).
- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).
- blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes).
- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).
- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).
- blk_iocost: remove some duplicate irq disable/enables (git-fixes).
- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).
- block: Clear zone limits for a non-zoned stacked queue (git-fixes).
- block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes).
- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).
- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).
- block: Provide bdev_open_* functions (git-fixes).
- block: Remove special-casing of compound pages (git-fixes).
- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).
- block: add a disk_has_partscan helper (git-fixes).
- block: add a partscan sysfs attribute for disks (git-fixes).
- block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes).
- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).
- block: change rq_integrity_vec to respect the iterator (git-fixes).
- block: cleanup and fix batch completion adding conditions (git-fixes).
- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).
- block: do not revert iter for -EIOCBQUEUED (git-fixes).
- block: ensure we hold a queue reference when using queue limits (git-fixes).
- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).
- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).
- block: fix integer overflow in BLKSECDISCARD (git-fixes).
- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).
- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).
- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).
- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).
- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).
- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).
- block: retry call probe after request_module in blk_request_module (git-fixes).
- block: return unsigned int from bdev_io_min (git-fixes).
- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).
- block: support to account io_ticks precisely (git-fixes).
- block: use the right type for stub rq_integrity_vec() (git-fixes).
- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).
- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).
- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).
- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).
- bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes).
- bpf: Fix a verifier verbose message (git-fixes).
- bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes).
- bpf: Use -Wno-error in certain tests when building with GCC (git-fixes).
- bpf: prevent r10 register from being marked as precise (git-fixes).
- broadcom: fix supported flag check in periodic output function (git-fixes).
- btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605).
- btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045).
- btrfs: drop the backref cache during relocation if we commit (bsc#1239605).
- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).
- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).
- btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045).
- btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045).
- btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045).
- bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes).
- bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes).
- bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes).
- bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes).
- bus: simple-pm-bus: fix forced runtime PM use (git-fixes).
- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).
- can: ctucanfd: handle skb allocation failure (git-fixes).
- can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes).
- can: flexcan: disable transceiver during system PM (git-fixes).
- can: flexcan: only change CAN state when link up in system PM (git-fixes).
- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).
- can: rcar_canfd: Fix page entries in the AFL list (git-fixes).
- can: ucan: fix out of bound read in strscpy() source (git-fixes).
- cdx: Fix possible UAF error in driver_override_show() (git-fixes).
- char: misc: deallocate static minor in error path (git-fixes).
- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).
- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).
- cifs: Remove intermediate object of failed create reparse call (git-fixes).
- cifs: commands that are retried should have replay flag set (bsc#1231432).
- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).
- cifs: helper function to check replayable error codes (bsc#1231432).
- cifs: new mount option called retrans (bsc#1231432).
- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).
- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).
- cifs: update desired access while requesting for directory lease (git-fixes).
- cifs: update the same create_guid on replay (git-fixes).
- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).
- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).
- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).
- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).
- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).
- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).
- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).
- clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes).
- config: Set gcc version (jsc#PED-12251).
- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).
- cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856)
- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).
- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).
- cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707).
- cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856)
- cpufreq/cppc: Move and rename (bsc#1237856)
- cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856)
- cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856)
- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).
- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).
- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).
- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).
- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).
- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).
- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).
- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).
- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).
- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).
- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).
- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).
- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).
- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).
- cpumask: add cpumask_weight_andnot() (bsc#1239015).
- cpumask: define cleanup function for cpumasks (bsc#1239015).
- crypto: ccp - Fix check for the primary ASP device (git-fixes).
- crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes).
- crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes).
- crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes).
- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).
- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).
- crypto: hisilicon/sec2 - fix for sec spec check (git-fixes).
- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).
- crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416).
- crypto: iaa - Change desc->priv to 0 (jsc#PED-12416).
- crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416).
- crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416).
- crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416).
- crypto: iaa - Remove header table code (jsc#PED-12416).
- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416).
- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416).
- crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416).
- crypto: iaa - Test the correct request flag (git-fixes).
- crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416).
- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416).
- crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416).
- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416).
- crypto: iaa - remove unneeded semicolon (jsc#PED-12416).
- crypto: nx - Fix uninitialised hv_nxc on error (git-fixes).
- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416).
- crypto: qat - Constify struct pm_status_row (jsc#PED-12416).
- crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416).
- crypto: qat - Fix spelling mistake "Invalide" -> "Invalid" (jsc#PED-12416).
- crypto: qat - Fix typo "accelaration" (jsc#PED-12416).
- crypto: qat - Fix typo (jsc#PED-12416).
- crypto: qat - Remove trailing space after \n newline (jsc#PED-12416).
- crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416).
- crypto: qat - add admin msgs for telemetry (jsc#PED-12416).
- crypto: qat - add auto reset on error (jsc#PED-12416).
- crypto: qat - add bank save and restore flows (jsc#PED-12416).
- crypto: qat - add fatal error notification (jsc#PED-12416).
- crypto: qat - add fatal error notify method (jsc#PED-12416).
- crypto: qat - add heartbeat error simulator (jsc#PED-12416).
- crypto: qat - add interface for live migration (jsc#PED-12416).
- crypto: qat - add support for 420xx devices (jsc#PED-12416).
- crypto: qat - add support for device telemetry (jsc#PED-12416).
- crypto: qat - add support for ring pair level telemetry (jsc#PED-12416).
- crypto: qat - adf_get_etr_base() helper (jsc#PED-12416).
- crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416).
- crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416).
- crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416).
- crypto: qat - disable arbitration before reset (jsc#PED-12416).
- crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416).
- crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416).
- crypto: qat - fix "Full Going True" macro definition (jsc#PED-12416).
- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416).
- crypto: qat - fix comment structure (jsc#PED-12416).
- crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416).
- crypto: qat - fix recovery flow for VFs (jsc#PED-12416).
- crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416).
- crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416).
- crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416).
- crypto: qat - implement interface for live migration (jsc#PED-12416).
- crypto: qat - improve aer error reset handling (jsc#PED-12416).
- crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416).
- crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416).
- crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416).
- crypto: qat - limit heartbeat notifications (jsc#PED-12416).
- crypto: qat - make adf_ctl_class constant (jsc#PED-12416).
- crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416).
- crypto: qat - move PFVF compat checker to a function (jsc#PED-12416).
- crypto: qat - move fw config related structures (jsc#PED-12416).
- crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416).
- crypto: qat - re-enable sriov after pf reset (jsc#PED-12416).
- crypto: qat - relocate CSR access code (jsc#PED-12416).
- crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416).
- crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416).
- crypto: qat - remove access to parity register for QAT GEN4 (git-fixes).
- crypto: qat - remove unnecessary description from comment (jsc#PED-12416).
- crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416).
- crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416).
- crypto: qat - set parity error mask for qat_420xx (git-fixes).
- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416).
- crypto: qat - update PFVF protocol for recovery (jsc#PED-12416).
- crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416).
- crypto: qat - validate slices count returned by FW (jsc#PED-12416).
- crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416).
- cxgb4: Avoid removal of uninserted tid (git-fixes).
- cxgb4: use port number to set mac addr (git-fixes).
- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).
- dlm: fix srcu_read_lock() return type to int (git-fixes).
- dlm: prevent NPD when writing a positive value to event_done (git-fixes).
- dm array: fix cursor index when skipping across block boundaries (git-fixes).
- dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes).
- dm init: Handle minors larger than 255 (git-fixes).
- dm integrity: fix out-of-range warning (git-fixes).
- dm persistent data: fix memory allocation failure (git-fixes).
- dm resume: do not return EINVAL when signalled (git-fixes).
- dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes).
- dm thin: Add missing destroy_work_on_stack() (git-fixes).
- dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes).
- dm-crypt: track tag_offset in convert_context (git-fixes).
- dm-delay: fix hung task introduced by kthread mode (git-fixes).
- dm-delay: fix max_delay calculations (git-fixes).
- dm-delay: fix workqueue delay_timer race (git-fixes).
- dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes).
- dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes).
- dm-integrity: align the outgoing bio in integrity_recheck (git-fixes).
- dm-integrity: fix a race condition when accessing recalc_sector (git-fixes).
- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes).
- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes).
- dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes).
- dm: Fix typo in error message (git-fixes).
- dma: kmsan: export kmsan_handle_dma() for modules (git-fixes).
- doc/README.SUSE: Point to the updated version of LKMPG
- doc: update managed_irq documentation (bsc#1236897).
- driver core: Remove needless return in void API device_remove_group() (git-fixes).
- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).
- drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes).
- drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes).
- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes).
- drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes).
- drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes).
- drm/amd/display: Fix HPD after gpu reset (stable-fixes).
- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes).
- drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes).
- drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes).
- drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes).
- drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes).
- drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes).
- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).
- drm/amdgpu/umsch: declare umsch firmware (git-fixes).
- drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes).
- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes).
- drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes).
- drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes).
- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).
- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).
- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).
- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).
- drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes).
- drm/amdkfd: only flush the validate MES contex (stable-fixes).
- drm/atomic: Filter out redundant DPMS calls (stable-fixes).
- drm/bridge: Fix spelling mistake "gettin" -> "getting" (git-fixes).
- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).
- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).
- drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes).
- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).
- drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes).
- drm/dp_mst: Fix drm RAD print (git-fixes).
- drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes).
- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes).
- drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes).
- drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes).
- drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes).
- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).
- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).
- drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes).
- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).
- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).
- drm/i915/selftests: avoid using uninitialized context (git-fixes).
- drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes).
- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).
- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).
- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).
- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).
- drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes).
- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes).
- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes).
- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes).
- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)
- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).
- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes).
- drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes).
- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).
- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).
- drm/msm/dpu: do not use active in atomic_check() (git-fixes).
- drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes).
- drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes).
- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).
- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).
- drm/msm: Avoid rounding up to one jiffy (git-fixes).
- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).
- drm/nouveau: Do not override forced connector status (stable-fixes).
- drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes).
- drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes).
- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes).
- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes).
- drm/repaper: fix integer overflows in repeat functions (git-fixes).
- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).
- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).
- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).
- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).
- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).
- drm/sched: Fix fence reference count leak (git-fixes).
- drm/sched: Fix preprocessor guard (git-fixes).
- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes).
- drm/ssd130x: ensure ssd132x pitch is correct (git-fixes).
- drm/ssd130x: fix ssd132x encoding (git-fixes).
- drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes).
- drm/virtio: New fence for every plane update (stable-fixes).
- drm/vkms: Fix use after free and double free on init error (git-fixes).
- drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes).
- drm: xlnx: zynqmp: Fix max dma segment size (git-fixes).
- dummycon: fix default rows/cols (git-fixes).
- eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes).
- efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349).
- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).
- efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes).
- eth: gve: use appropriate helper to set xdp_features (git-fixes).
- exfat: convert to ctime accessor functions (git-fixes).
- exfat: do not zero the extended part (bsc#1237356).
- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).
- exfat: fix file being changed by unaligned direct write (git-fixes).
- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).
- exfat: fix zero the unwritten part for dio read (git-fixes).
- fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes).
- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).
- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).
- fbdev: sm501fb: Add some geometry checks (git-fixes).
- firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes).
- firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes).
- firmware: cs_dsp: Remove async regmap writes (git-fixes).
- firmware: imx-scu: fix OF node leak in .probe() (git-fixes).
- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).
- flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994).
- futex: Do not include process MM in futex key on no-MMU (git-fixes).
- gpio: aggregator: protect driver attr handlers against module unload (git-fixes).
- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).
- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).
- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).
- gpio: pca953x: Improve interrupt support (git-fixes).
- gpio: rcar: Fix missing of_node_put() call (git-fixes).
- gpio: rcar: Use raw_spinlock to protect register access (stable-fixes).
- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).
- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).
- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).
- gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes).
- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes).
- gup: make the stack expansion warning a bit more targeted (bsc#1238214).
- hfs: Sanity check the root record (git-fixes).
- hwmon: (ad7314) Validate leading zero bits and return error (git-fixes).
- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes).
- hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes).
- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes).
- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).
- i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes).
- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes).
- i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes).
- i2c: ls2x: Fix frequency division register access (git-fixes).
- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).
- i2c: omap: fix IRQ storms (git-fixes).
- i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes).
- i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes).
- i3c: master: svc: Fix missing the IBI rules (git-fixes).
- i3c: master: svc: Use readsb helper for reading MDB (git-fixes).
- iavf: allow changing VLAN state without calling PF (git-fixes).
- ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518).
- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).
- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).
- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).
- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).
- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).
- ice: fix max values for dpll pin phase adjust (git-fixes).
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).
- ice: gather page_count()'s of each frag right before XDP prog call (git-fixes).
- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).
- ice: put Rx buffers after being done with current frame (git-fixes).
- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).
- ice: use internal pf id instead of function number (git-fixes).
- idpf: add read memory barrier when checking descriptor done bit (git-fixes).
- idpf: call set_real_num_queues in idpf_open (bsc#1236661).
- idpf: convert workqueues to unbound (git-fixes).
- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).
- idpf: fix handling rsc packet with a single segment (git-fixes).
- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).
- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).
- igc: return early when failing to read EECD register (git-fixes).
- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes).
- iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes).
- iio: adc: ad4130: Fix comparison of channel setups (git-fixes).
- iio: adc: ad7124: Fix comparison of channel configs (git-fixes).
- iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes).
- iio: dac: ad3552r: clear reset status flag (git-fixes).
- iio: filter: admv8818: Force initialization of SDO (git-fixes).
- include/linux/mmzone.h: clean up watermark accessors (bsc#1239600).
- include: net: add static inline dst_dev_overhead() to dst.h (git-fixes).
- init: add initramfs_internal.h (bsc#1232848).
- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).
- initramfs: allocate heap buffers together (bsc#1232848).
- initramfs: fix hardlink hash leak without TRAILER (bsc#1232848).
- intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes).
- intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes).
- intel_th: pci: Add Arrow Lake support (stable-fixes).
- intel_th: pci: Add Panther Lake-H support (stable-fixes).
- intel_th: pci: Add Panther Lake-P/U support (stable-fixes).
- ioam6: improve checks on user data (git-fixes).
- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).
- iommu/vt-d: Fix suspicious RCU usage (git-fixes).
- ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994).
- ipv4: use RCU protection in inet_select_addr() (bsc#1239994).
- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994).
- ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994).
- ipv4: use RCU protection in rt_is_expired() (bsc#1239994).
- ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes).
- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes).
- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes).
- ipv6: Use RCU in ip6_input() (bsc#1239994).
- ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes).
- ipv6: avoid atomic fragment on GSO packets (git-fixes).
- ipv6: fib6_rules: flush route cache when rule is changed (git-fixes).
- ipv6: fib: hide unused 'pn' variable (git-fixes).
- ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes).
- ipv6: fix potential NULL deref in fib6_add() (git-fixes).
- ipv6: icmp: convert to dev_net_rcu() (bsc#1239994).
- ipv6: introduce dst_rt6_info() helper (git-fixes).
- ipv6: ioam: block BH from ioam6_output() (git-fixes).
- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes).
- ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).
- ipv6: sr: add missing seg6_local_exit (git-fixes).
- ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes).
- ipv6: take care of scope when choosing the src addr (git-fixes).
- jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes).
- jfs: add check read-only before txBeginAnon() call (git-fixes).
- jfs: add index corruption check to DT_GETPAGE() (git-fixes).
- jfs: fix slab-out-of-bounds read in ea_get() (git-fixes).
- jfs: reject on-disk inodes of an unsupported type (git-fixes).
- kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes)
- kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).
- kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).
- kABI fix for netlink: terminate outstanding dump on socket close (git-fixes).
- kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes).
- kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes).
- kABI workaround for intel-ish-hid (git-fixes).
- kABI workaround for soc_mixer_control changes (git-fixes).
- kabi: fix bus type (bsc#1236896).
- kabi: fix group_cpus_evenly (bsc#1236897).
- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).
- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).
- kbuild: hdrcheck: fix cross build with clang (git-fixes).
- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).
- kernel-source: Also replace bin/env
- kunit: qemu_configs: sparc: use Zilog console (git-fixes).
- l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes).
- l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes).
- l2tp: fix lockdep splat (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes).
- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).
- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).
- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).
- lib: 842: Improve error handling in sw842_compress() (git-fixes).
- lib: stackinit: hide never-taken branch from compiler (stable-fixes).
- lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes).
- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).
- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).
- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).
- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).
- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).
- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).
- md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes).
- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).
- md/md-cluster: fix spares warnings for __le64 (git-fixes).
- md/raid0: do not free conf on raid0_run failure (git-fixes).
- md/raid1: do not free conf on raid0_run failure (git-fixes).
- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).
- md: Do not flush sync_work in md_write_start() (git-fixes).
- md: convert comma to semicolon (git-fixes).
- mdacon: rework dependency list (git-fixes).
- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).
- media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes).
- media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes).
- media: i2c: adv748x: Fix test pattern selection mask (git-fixes).
- media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes).
- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes).
- media: i2c: ov7251: Set enable GPIO low in probe (git-fixes).
- media: ov08x40: Fix hblank out of range issue (git-fixes).
- media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes).
- media: platform: stm32: Add check for clk_enable() (git-fixes).
- media: siano: Fix error handling in smsdvb_module_init() (git-fixes).
- media: streamzap: fix race between device disconnection and urb callback (git-fixes).
- media: streamzap: prevent processing IR data on URB failure (git-fixes).
- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).
- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).
- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).
- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes).
- media: venus: hfi: add a check to handle OOB in sfr region (git-fixes).
- media: venus: hfi: add check to handle incorrect queue size (git-fixes).
- media: venus: hfi_parser: add check to avoid out of bound access (git-fixes).
- media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes).
- media: verisilicon: HEVC: Initialize start_bit field (git-fixes).
- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).
- media: vim2m: print device name after registering device (git-fixes).
- media: visl: Fix ERANGE error when setting enum controls (git-fixes).
- mei: me: add panther lake P DID (stable-fixes).
- memblock tests: fix warning: "__ALIGN_KERNEL" redefined (git-fixes).
- memory: mtk-smi: Add ostd setting for mt8192 (git-fixes).
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes).
- mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes).
- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).
- mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes).
- mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes).
- mfd: syscon: Fix race in device_node_get_regmap() (git-fixes).
- mfd: syscon: Remove extern from function prototypes (stable-fixes).
- mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes).
- mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)).
- mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600).
- mm: accept to promo watermark (bsc#1239600).
- mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600).
- mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600).
- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)
- mm: zswap: move allocations during CPU init outside the lock (git-fixes).
- mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes).
- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).
- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).
- mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes).
- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes).
- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).
- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes).
- mptcp: export local_address (git-fixes)
- mptcp: fix NL PM announced address accounting (git-fixes)
- mptcp: fix data races on local_id (git-fixes)
- mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)
- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)
- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)
- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)
- mptcp: pm: deny endp with signal + subflow + port (git-fixes)
- mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes)
- mptcp: pm: do not try to create sf if alloc failed (git-fixes)
- mptcp: pm: fullmesh: select the right ID later (git-fixes)
- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)
- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)
- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)
- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)
- mptcp: pm: re-using ID of unused removed subflows (git-fixes)
- mptcp: pm: reduce indentation blocks (git-fixes)
- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)
- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)
- mptcp: unify pm get_local_id interfaces (git-fixes)
- mptcp: unify pm set_flags interfaces (git-fixes)
- mtd: Add check for devm_kcalloc() (git-fixes).
- mtd: Replace kcalloc() with devm_kcalloc() (git-fixes).
- mtd: nand: Fix a kdoc comment (git-fixes).
- mtd: rawnand: brcmnand: fix PM resume warning (git-fixes).
- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).
- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).
- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).
- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).
- nbd: Fix signal handling (git-fixes).
- nbd: Improve the documentation of the locking assumptions (git-fixes).
- nbd: do not allow reconnect after disconnect (git-fixes).
- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994).
- ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994).
- net l2tp: drop flow hash on forward (git-fixes).
- net/mlx5: Correct TASR typo into TSAR (git-fixes).
- net/mlx5: Fix RDMA TX steering prio (git-fixes).
- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).
- net/mlx5: SF, Fix add port error handling (git-fixes).
- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).
- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).
- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).
- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).
- net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes).
- net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes).
- net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes).
- net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes).
- net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes).
- net/sched: flower: Add lock protection when remove filter handle (git-fixes).
- net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes).
- net/sched: tbf: correct backlog statistic for GSO packets (git-fixes).
- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).
- net: Fix undefined behavior in netdev name allocation (bsc#1233749).
- net: add dev_net_rcu() helper (bsc#1239994).
- net: avoid UAF on deleted altname (bsc#1233749).
- net: check for altname conflicts when changing netdev's netns (bsc#1233749).
- net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes).
- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).
- net: do not send a MOVE event when netdev changes netns (bsc#1233749).
- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).
- net: fix ifname in netlink ntf during netns move (bsc#1233749).
- net: fix removing a namespace with conflicting altnames (bsc#1233749).
- net: free altname using an RCU callback (bsc#1233749).
- net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes).
- net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes).
- net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes).
- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes).
- net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes).
- net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes).
- net: ipv6: ioam6: code alignment (git-fixes).
- net: ipv6: ioam6: new feature tunsrc (git-fixes).
- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes).
- net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes).
- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes).
- net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).
- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).
- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: mana: Allow variable size indirection table (bsc#1239016).
- net: mana: Assigning IRQ affinity on HT cores (bsc#1239015).
- net: mana: Avoid open coded arithmetic (bsc#1239016).
- net: mana: Cleanup "mana" debugfs dir after cleanup of all children (bsc#1236760).
- net: mana: Enable debugfs files for MANA device (bsc#1236758).
- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015).
- net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015).
- net: mana: Support holes in device list reply msg (git-fixes).
- net: mana: add a function to spread IRQs per CPUs (bsc#1239015).
- net: mana: cleanup mana struct after debugfs_remove() (git-fixes).
- net: move altnames together with the netdevice (bsc#1233749).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- net: reduce indentation of __dev_alloc_name() (bsc#1233749).
- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).
- net: remove else after return in dev_prep_valid_name() (bsc#1233749).
- net: rose: lock the socket in rose_bind() (git-fixes).
- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).
- net: smc: fix spurious error message from __sock_release() (bsc#1237126).
- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).
- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480).
- net: use unrcu_pointer() helper (git-fixes).
- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).
- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes).
- net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes).
- net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes).
- net_sched: sch_sfq: handle bigger packets (git-fixes).
- nfsd: clear acl_access/acl_default after releasing them (git-fixes).
- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).
- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).
- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).
- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).
- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).
- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).
- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).
- null_blk: fix validation of block size (git-fixes).
- nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649).
- nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649).
- nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649).
- nvme-fc: use ctrl state getter (git-fixes).
- nvme-ioctl: fix leaked requests on mapping error (git-fixes).
- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).
- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).
- nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes).
- nvme-pci: remove stale comment (git-fixes).
- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).
- nvme-tcp: Fix a C2HTermReq error message (git-fixes).
- nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes).
- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).
- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes).
- nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes).
- nvme/ioctl: add missing space in err message (git-fixes).
- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).
- nvme: introduce nvme_disk_is_ns_head helper (git-fixes).
- nvme: make nvme_tls_attrs_group static (git-fixes).
- nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes).
- nvme: move passthrough logging attribute to head (git-fixes).
- nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649).
- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- nvme: tcp: Fix compilation warning with W=1 (git-fixes).
- nvmet-fc: Remove unused functions (git-fixes).
- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes).
- nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes).
- nvmet: Fix crash when a namespace is disabled (git-fixes).
- nvmet: remove old function prototype (git-fixes).
- ocfs2: check dir i_size in ocfs2_find_entry (git-fixes).
- ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes).
- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).
- ocfs2: handle a symlink read error correctly (git-fixes).
- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes).
- ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes).
- orangefs: fix a oob in orangefs_debug_write (git-fixes).
- padata: Clean up in padata_do_multithreaded() (bsc#1237563).
- padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563).
- padata: fix sysfs store callback check (git-fixes).
- partitions: ldm: remove the initial kernel-doc notation (git-fixes).
- partitions: mac: fix handling of bogus partition table (git-fixes).
- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).
- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).
- phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes).
- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes).
- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).
- pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes).
- pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes).
- pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes).
- pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes).
- pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes).
- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).
- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).
- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).
- platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes).
- platform/x86: ISST: Ignore minor version change (bsc#1237452).
- platform/x86: acer-wmi: Ignore AC events (stable-fixes).
- platform/x86: dell-ddv: Fix temperature calculation (git-fixes).
- platform/x86: int3472: Check for adev == NULL (stable-fixes).
- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes).
- platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes).
- platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes).
- pnfs/flexfiles: retry getting layout segment for reads (git-fixes).
- power: supply: da9150-fg: fix potential overflow (git-fixes).
- power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes).
- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).
- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).
- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).
- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).
- powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573).
- powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573).
- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896
bsc#1235932).
- powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055).
- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).
- powerpc: Stop using no_llseek (bsc#1239573).
- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).
- r8169: enable SG/TSO on selected chip versions per default (bsc#1235874).
- rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes).
- rapidio: fix an API misues when rio_add_net() fails (git-fixes).
- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).
- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).
- rbd: do not move requests to the running list on errors (git-fixes).
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).
- regmap-irq: Add missing kfree() (git-fixes).
- regulator: check that dummy regulator has been probed before using it (stable-fixes).
- regulator: core: Fix deadlock in create_regulator() (git-fixes).
- regulator: dummy: force synchronous probing (git-fixes).
- rndis_host: Flag RNDIS modems as WWAN devices (git-fixes).
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- rpm/release-projects: Update the ALP projects again (bsc#1231293).
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205).
- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).
- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).
- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).
- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).
- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).
- s390/pci: Ignore RID for isolated VFs (bsc#1236752).
- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).
- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).
- s390/pci: Use topology ID for multi-function devices (bsc#1236752).
- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).
- s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594).
- s390/topology: Improve topology detection (bsc#1236591).
- s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595).
- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).
- sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743).
- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).
- scsi: core: Clear driver private data when retrying request (git-fixes).
- scsi: core: Do not retry I/Os during depopulation (git-fixes).
- scsi: core: Handle depopulation and restoration in progress (git-fixes).
- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).
- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).
- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).
- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).
- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).
- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).
- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).
- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).
- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).
- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).
- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).
- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).
- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).
- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).
- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).
- scsi: myrb: Remove dead code (git-fixes).
- scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).
- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).
- scsi: sg: Enable runtime power management (git-fixes).
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).
- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- selftest: hugetlb_dio: fix test naming (git-fixes).
- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).
- selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes).
- selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes).
- selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes).
- selftests/bpf: add fp-leaking precise subprog result tests (git-fixes).
- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).
- selftests/mm/cow: fix the incorrect error handling (git-fixes).
- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).
- selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes).
- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).
- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).
- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).
- selftests: mptcp: close fd_in before returning in main_loop (git-fixes).
- selftests: mptcp: connect: -f: no reconnect (git-fixes).
- selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes).
- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).
- seq_file: add helper macro to define attribute for rw file (jsc#PED-12416).
- serial: 8250: Fix fifo underflow on flush (git-fixes).
- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).
- slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes).
- smb3: fix creating FIFOs when mounting with "sfu" mount option (git-fixes).
- smb3: request handle caching when caching directories (bsc#1231432).
- smb3: retrying on failed server close (bsc#1231432).
- smb: cached directories can be more than root file handle (bsc#1231432).
- smb: cilent: set reparse mount points as automounts (git-fixes).
- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).
- smb: client: Fix minor whitespace errors and warnings (git-fixes).
- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).
- smb: client: add support for WSL reparse points (git-fixes).
- smb: client: allow creating special files via reparse points (git-fixes).
- smb: client: allow creating symlinks via reparse points (git-fixes).
- smb: client: cleanup smb2_query_reparse_point() (git-fixes).
- smb: client: destroy cfid_put_wq on module exit (git-fixes).
- smb: client: do not query reparse points twice on symlinks (git-fixes).
- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).
- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).
- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).
- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).
- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).
- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).
- smb: client: fix hardlinking of reparse points (git-fixes).
- smb: client: fix missing mode bits for SMB symlinks (git-fixes).
- smb: client: fix possible double free in smb2_set_ea() (git-fixes).
- smb: client: fix potential broken compound request (git-fixes).
- smb: client: fix renaming of reparse points (git-fixes).
- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).
- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).
- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).
- smb: client: handle path separator of created SMB symlinks (git-fixes).
- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).
- smb: client: ignore unhandled reparse tags (git-fixes).
- smb: client: implement ->query_reparse_point() for SMB1 (git-fixes).
- smb: client: instantiate when creating SFU files (git-fixes).
- smb: client: introduce ->parse_reparse_point() (git-fixes).
- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).
- smb: client: introduce cifs_sfu_make_node() (git-fixes).
- smb: client: introduce reparse mount option (git-fixes).
- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).
- smb: client: move most of reparse point handling code to common file (git-fixes).
- smb: client: move some params to cifs_open_info_data (bsc#1231432).
- smb: client: optimise reparse point querying (git-fixes).
- smb: client: parse owner/group when creating reparse points (git-fixes).
- smb: client: parse reparse point flag in create response (bsc#1231432).
- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).
- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).
- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).
- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).
- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).
- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).
- smb: client: retry compound request without reusing lease (git-fixes).
- smb: client: return reparse type in /proc/mounts (git-fixes).
- smb: client: reuse file lease key in compound operations (git-fixes).
- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).
- smb: client: set correct file type from NFS reparse points (git-fixes).
- smb: client: stop revalidating reparse points unnecessarily (git-fixes).
- smb: use kernel_connect() and kernel_bind() (git-fixes).
- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).
- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).
- soc: imx8m: Remove global soc_uid (stable-fixes).
- soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes).
- soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes).
- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).
- soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes).
- soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes).
- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).
- soc: qcom: pdr: Fix the potential deadlock (git-fixes).
- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).
- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).
- soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes).
- soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes).
- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).
- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).
- spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes).
- spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes).
- spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes).
- spi: sn-f-ospi: Fix division by zero (git-fixes).
- splice: do not checksum AF_UNIX sockets (bsc#1240333).
- sunrpc: suppress warnings for unused procfs functions (git-fixes).
- supported.conf: add now-included qat_420xx (external, intel)
- tcp: Add memory barrier to tcp_push() (git-fixes).
- tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes).
- tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes).
- tcp: Defer ts_recent changes until req is owned (git-fixes).
- tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes).
- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes).
- tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes).
- tcp: Update window clamping condition (git-fixes).
- tcp: add tcp_done_with_error() helper (git-fixes).
- tcp: adjust rcvq_space after updating scaling ratio (git-fixes).
- tcp: annotate data-races around tp->window_clamp (git-fixes).
- tcp: avoid premature drops in tcp_add_backlog() (git-fixes).
- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes).
- tcp: check mptcp-level constraints for backlog coalescing (git-fixes).
- tcp: check space before adding MPTCP SYN options (git-fixes).
- tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes).
- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes).
- tcp: define initial scaling factor value as a macro (git-fixes).
- tcp: derive delack_max from rto_min (git-fixes).
- tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes).
- tcp: fix cookie_init_timestamp() overflows (git-fixes).
- tcp: fix forever orphan socket caused by tcp_abort (git-fixes).
- tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes).
- tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes).
- tcp: fix mid stream window clamp (git-fixes).
- tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes).
- tcp: fix race in tcp_write_err() (git-fixes).
- tcp: fix races in tcp_abort() (git-fixes).
- tcp: fix races in tcp_v_err() (git-fixes).
- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes).
- tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes).
- tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes).
- tcp: increase the default TCP scaling ratio (git-fixes).
- tcp: introduce tcp_clock_ms() (git-fixes).
- tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes).
- tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes).
- tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes).
- tcp: replace tcp_time_stamp_raw() (git-fixes).
- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).
- thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes).
- thermal: int340x: Add NULL check for adev (git-fixes).
- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).
- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes).
- tools: fix annoying "mkdir -p ..." logs when building tools in parallel (git-fixes).
- tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes).
- tpm: do not start chip while suspended (git-fixes).
- tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870).
- tty: xilinx_uartps: split sysrq handling (git-fixes).
- ubi: Add a check for ubi_num (git-fixes).
- ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes).
- ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes).
- ubi: correct the calculation of fastmap size (stable-fixes).
- ubi: eba: properly rollback inside self_check_eba (git-fixes).
- ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes).
- ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes).
- ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes).
- ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes).
- ublk: fix error code for unsupported command (git-fixes).
- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).
- ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes).
- ublk: move zone report data out of request pdu (git-fixes).
- usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes).
- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).
- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes).
- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).
- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).
- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).
- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).
- usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes).
- usb: gadget: Check bmAttributes only if configuration is valid (git-fixes).
- usb: gadget: Fix setting self-powered state on suspend (git-fixes).
- usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes).
- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).
- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).
- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).
- usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).
- usb: hub: lack of clearing xHC resources (git-fixes).
- usb: phy: generic: Use proper helper for property detection (stable-fixes).
- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes).
- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).
- usb: renesas_usbhs: Call clk_put() (git-fixes).
- usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes).
- usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes).
- usb: roles: set switch registered flag early on (git-fixes).
- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes).
- usb: typec: ucsi: Fix NULL pointer access (git-fixes).
- usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes).
- usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes).
- usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes).
- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).
- usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes).
- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).
- usbnet: ipheth: document scope of NCM implementation (stable-fixes).
- util_macros.h: fix/rework find_closest() macros (git-fixes).
- vboxsf: fix building with GCC 15 (stable-fixes).
- vfio/pci: Lock external INTx masking ops (bsc#1222803).
- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).
- virtio-mem: check if the config changed before fake offlining memory (git-fixes).
- virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes).
- virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes).
- virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes).
- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- virtio: hookup irq_get_affinity callback (bsc#1236896).
- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).
- vsock/virtio: cancel close work in the destructor (git-fixes)
- vsock: Keep the binding until socket destruction (git-fixes)
- vsock: reset socket state when de-assigning the transport (git-fixes)
- wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes).
- wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes).
- wifi: ath11k: choose default PM policy for hibernation (bsc#1207948).
- wifi: ath11k: determine PM policy based on machine model (bsc#1207948).
- wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes).
- wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes).
- wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948).
- wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948).
- wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948).
- wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes).
- wifi: ath12k: encode max Tx power in scan channel list command (git-fixes).
- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).
- wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes).
- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).
- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).
- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).
- wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes).
- wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes).
- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).
- wifi: iwlwifi: avoid memory leak (stable-fixes).
- wifi: iwlwifi: limit printed string from FW file (git-fixes).
- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).
- wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes).
- wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes).
- wifi: mt76: Add check for devm_kstrdup() (git-fixes).
- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).
- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).
- wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes).
- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).
- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).
- wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes).
- wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes).
- wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes).
- wifi: mwifiex: Fix premature release of RF calibration data (git-fixes).
- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).
- wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes).
- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).
- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).
- wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes).
- wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes).
- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).
- x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes).
- x86/asm: Make serialize() always_inline (git-fixes).
- x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Temporarily map initrd for microcode loading (git-fixes).
- x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes).
- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).
- x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes).
- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes).
- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).
- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).
- x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes).
- x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes).
- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).
- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes).
- x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes).
- x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes).
- x86/microcode/32: Move early loading after paging enable (git-fixes).
- x86/microcode/amd: Cache builtin microcode too (git-fixes).
- x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes).
- x86/microcode/amd: Use cached microcode for AP load (git-fixes).
- x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes).
- x86/microcode/intel: Add a minimum required revision for late loading (git-fixes).
- x86/microcode/intel: Cleanup code further (git-fixes).
- x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes).
- x86/microcode/intel: Remove debug code (git-fixes).
- x86/microcode/intel: Remove pointless mutex (git-fixes).
- x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes).
- x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes).
- x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes).
- x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes).
- x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes).
- x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes).
- x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes).
- x86/microcode/intel: Simplify early loading (git-fixes).
- x86/microcode/intel: Simplify scan_microcode() (git-fixes).
- x86/microcode/intel: Switch to kvmalloc() (git-fixes).
- x86/microcode/intel: Unify microcode apply() functions (git-fixes).
- x86/microcode: Add per CPU control field (git-fixes).
- x86/microcode: Add per CPU result state (git-fixes).
- x86/microcode: Clarify the late load logic (git-fixes).
- x86/microcode: Clean up mc_cpu_down_prep() (git-fixes).
- x86/microcode: Get rid of the schedule work indirection (git-fixes).
- x86/microcode: Handle "nosmt" correctly (git-fixes).
- x86/microcode: Handle "offline" CPUs correctly (git-fixes).
- x86/microcode: Hide the config knob (git-fixes).
- x86/microcode: Include vendor headers into microcode.h (git-fixes).
- x86/microcode: Make reload_early_microcode() static (git-fixes).
- x86/microcode: Mop up early loading leftovers (git-fixes).
- x86/microcode: Move core specific defines to local header (git-fixes).
- x86/microcode: Prepare for minimal revision check (git-fixes).
- x86/microcode: Protect against instrumentation (git-fixes).
- x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes).
- x86/microcode: Provide new control functions (git-fixes).
- x86/microcode: Remove microcode_mutex (git-fixes).
- x86/microcode: Remove pointless apply() invocation (git-fixes).
- x86/microcode: Rendezvous and load in NMI (git-fixes).
- x86/microcode: Replace the all-in-one rendevous handler (git-fixes).
- x86/microcode: Sanitize __wait_for_cpus() (git-fixes).
- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).
- x86/mm: Remove unused microcode.h include (git-fixes).
- x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes).
- x86/speculation: Add __update_spec_ctrl() helper (git-fixes).
- x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
- xen/swiotlb: relax alignment requirements (git-fixes).
- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes).
- xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes).
- xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701).
- xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701).
- xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes).
- xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes).
- xhci: dbc: Convert to use sysfs_streq() (git-fixes).
- xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes).
- xhci: dbc: Fix STALL transfer event handling (git-fixes).
- xhci: dbc: Replace custom return value with proper Linux error code (git-fixes).
- xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes).
- xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes).
- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).
- xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes).
- xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes).
- xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes).
- xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes).
- xhci: pci: Use standard pattern for device IDs (git-fixes).
- zram: clear IDLE flag after recompression (git-fixes).
- zram: clear IDLE flag in mark_idle() (git-fixes).
- zram: do not mark idle slots that cannot be idle (git-fixes).
- zram: fix potential UAF of zram table (git-fixes).
- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).
- zram: refuse to use zero sized block device as backing device (git-fixes).
- zram: split memory-tracking and ac-time tracking (git-fixes).
Patchnames
SUSE-SLE-Micro-6.1-kernel-8
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).\n- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- CVE-2024-35910: tcp: properly terminate timers for kernel sockets (bsc#1224489).\n- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).\n- CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858).\n- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).\n- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).\n- CVE-2024-45010: mptcp: pm: only mark \u0027subflow\u0027 endp as available (bsc#1230439).\n- CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769).\n- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).\n- CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711).\n- CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712).\n- CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733).\n- CVE-2024-49940: kABI fix for l2tp: prevent possible tunnel refcount underflow (bsc#1232812).\n- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).\n- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).\n- CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389).\n- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).\n- CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060).\n- CVE-2024-50142: xfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset (bsc#1233028).\n- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).\n- CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248).\n- CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221).\n- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).\n- CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522).\n- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).\n- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).\n- CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222).\n- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).\n- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).\n- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).\n- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).\n- CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715).\n- CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729).\n- CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244).\n- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).\n- CVE-2024-56638: kABI fix for \"netfilter: nft_inner: incorrect percpu area handling under softirq\" (bsc#1235524).\n- CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436).\n- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).\n- CVE-2024-56658: net: defer final \u0027struct net\u0027 free in netns dismantle (bsc#1235441).\n- CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501).\n- CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455).\n- CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589).\n- CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591).\n- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).\n- CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936).\n- CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621).\n- CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637).\n- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).\n- CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973).\n- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).\n- CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532).\n- CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).\n- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).\n- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).\n- CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104).\n- CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997).\n- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).\n- CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current-\u003ensproxy (bsc#1236111).\n- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy (bsc#1236113).\n- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current-\u003ensproxy (bsc#1236114).\n- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current-\u003ensproxy (bsc#1236115).\n- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current-\u003ensproxy (bsc#1236122).\n- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy (bsc#1236123).\n- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).\n- CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206).\n- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).\n- CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680).\n- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).\n- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).\n- CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).\n- CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).\n- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).\n- CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).\n- CVE-2025-21678: gtp: Destroy device along with udp socket\u0027s netns dismantle (bsc#1236698).\n- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).\n- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).\n- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).\n- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).\n- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).\n- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).\n- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).\n- CVE-2025-21703: netem: Update sch-\u003eq.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).\n- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).\n- CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528).\n- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).\n- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).\n- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).\n- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).\n- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).\n- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).\n- CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494).\n- CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506).\n- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).\n- CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496).\n- CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738).\n- CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763).\n- CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775).\n- CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780).\n- CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897).\n- CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906).\n- CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754).\n- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).\n- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).\n- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).\n- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).\n- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).\n- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).\n- CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971).\n- CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512).\n- CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479).\n- CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486).\n- CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478).\n- CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483).\n- CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474).\n- CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482).\n- CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481).\n- CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191).\n- CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183).\n- CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189).\n- CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173).\n- CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186).\n\nThe following non-security bugs were fixed:\n\n- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).\n- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).\n- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).\n- ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes).\n- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).\n- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).\n- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).\n- ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes).\n- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes).\n- ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes).\n- ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes).\n- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).\n- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).\n- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).\n- ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes).\n- ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes).\n- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes).\n- ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes).\n- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).\n- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes).\n- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes).\n- ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes).\n- ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes).\n- ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes).\n- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).\n- ALSA: seq: Make dependency on UMP clearer (git-fixes).\n- ALSA: seq: remove redundant \u0027tristate\u0027 for SND_SEQ_UMP_CLIENT (stable-fixes).\n- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes).\n- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).\n- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).\n- ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes).\n- ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes).\n- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).\n- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).\n- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).\n- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).\n- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).\n- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes).\n- ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes).\n- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).\n- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).\n- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).\n- ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes).\n- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes).\n- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes).\n- ASoC: cs35l41: check the return value from spi_setup() (git-fixes).\n- ASoC: es8328: fix route from DAC to output (git-fixes).\n- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).\n- ASoC: ops: Consistently treat platform_max as control value (git-fixes).\n- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).\n- ASoC: rt722-sdca: add missing readable registers (git-fixes).\n- ASoC: tas2764: Fix power control mask (stable-fixes).\n- ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes).\n- ASoC: tas2770: Fix volume scale (stable-fixes).\n- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).\n- Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes).\n- Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes).\n- Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes).\n- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).\n- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).\n- Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes).\n- Bluetooth: hci_event: Fix enabling passive scanning (git-fixes).\n- Documentation: qat: fix auto_reset attribute details (git-fixes).\n- Documentation: qat: fix auto_reset section (git-fixes).\n- Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes).\n- Fix memory-hotplug regression (bsc#1237504)\n- Grab mm lock before grabbing pt lock (git-fixes).\n- HID: Enable playstation driver independently of sony driver (git-fixes).\n- HID: Wacom: Add PCI Wacom device support (stable-fixes).\n- HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes).\n- HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes).\n- HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes).\n- HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes).\n- HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes).\n- HID: hid-steam: Add Deck IMU support (stable-fixes).\n- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).\n- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).\n- HID: hid-steam: Clean up locking (stable-fixes).\n- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).\n- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).\n- HID: hid-steam: Fix cleanup in probe() (git-fixes).\n- HID: hid-steam: Fix use-after-free when detaching device (git-fixes).\n- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).\n- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).\n- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).\n- HID: hid-steam: remove pointless error message (stable-fixes).\n- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).\n- HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes).\n- HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes).\n- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes).\n- HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes).\n- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes).\n- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).\n- HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes).\n- HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes).\n- IB/mad: Check available slots before posting receive WRs (git-fixes)\n- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)\n- Input: ads7846 - fix gpiod allocation (git-fixes).\n- Input: allocate keycode for phone linking (stable-fixes).\n- Input: i8042 - add required quirks for missing old boardnames (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes).\n- Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes).\n- Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes).\n- Input: iqs7222 - preserve system status register (git-fixes).\n- Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes).\n- Input: xpad - add multiple supported devices (stable-fixes).\n- Input: xpad - add support for TECNO Pocket Go (stable-fixes).\n- Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes).\n- Input: xpad - rename QH controller to Legion Go S (stable-fixes).\n- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).\n- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).\n- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).\n- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).\n- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).\n- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).\n- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).\n- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)\n- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).\n- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).\n- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).\n- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).\n- KVM: x86/mmu: Skip the \"try unsync\" path iff the old SPTE was a leaf SPTE (git-fixes).\n- KVM: x86: AMD\u0027s IBPB is not equivalent to Intel\u0027s IBPB (git-fixes).\n- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).\n- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).\n- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).\n- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).\n- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).\n- KVM: x86: Reject Hyper-V\u0027s SEND_IPI hypercalls if local APIC isn\u0027t in-kernel (git-fixes).\n- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).\n- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).\n- Move upstreamed ACPI patch into sorted section\n- Move upstreamed PCI and initramfs patches into sorted section\n- Move upstreamed nfsd and sunrpc patches into sorted section\n- Move upstreamed powerpc and SCSI patches into sorted section\n- PCI/ACS: Fix \u0027pci=config_acs=\u0027 parameter (git-fixes).\n- PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes).\n- PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853)\n- PCI/DOE: Support discovery version 2 (bsc#1237853)\n- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).\n- PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes).\n- PCI: Avoid reset when disabled via sysfs (git-fixes).\n- PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes).\n- PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes).\n- PCI: Use downstream bridges for distributing resources (bsc#1237325).\n- PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes).\n- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes).\n- PCI: brcmstb: Fix potential premature regulator disabling (git-fixes).\n- PCI: brcmstb: Set generation limit before PCIe link up (git-fixes).\n- PCI: brcmstb: Use internal register to change link capability (git-fixes).\n- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes).\n- PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes).\n- PCI: hookup irq_get_affinity callback (bsc#1236896).\n- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).\n- PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes).\n- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).\n- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes).\n- PM: sleep: Adjust check before setting power.must_resume (git-fixes).\n- PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes).\n- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).\n- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes)\n- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes)\n- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)\n- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)\n- RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes)\n- RDMA/efa: Reset device on probe failure (git-fixes)\n- RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes)\n- RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes)\n- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)\n- RDMA/hns: Fix missing xa_destroy() (git-fixes)\n- RDMA/hns: Fix soft lockup during bt pages loop (git-fixes)\n- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes)\n- RDMA/hns: Fix wrong value of max_sge_rd (git-fixes)\n- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).\n- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).\n- RDMA/mlx5: Fix AH static rate parsing (git-fixes)\n- RDMA/mlx5: Fix MR cache initialization error flow (git-fixes)\n- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)\n- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)\n- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)\n- RDMA/mlx5: Fix cache entry update on dereg error (git-fixes)\n- RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes)\n- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)\n- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes)\n- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)\n- RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes)\n- RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes)\n- RDMA/rxe: Improve newline in printing messages (git-fixes)\n- Reapply \"wifi: ath11k: restore country code during resume\" (bsc#1207948).\n- Revert \"blk-throttle: Fix IO hang for a corner case\" (git-fixes).\n- Revert \"dm: requeue IO if mapping table not yet available\" (git-fixes).\n- Revert \"drivers/card_reader/rtsx_usb: Restore interrupt based detection\" (git-fixes).\n- Revert \"drm/amd/display: Use HW lock mgr for PSR1\" (stable-fixes).\n- Revert \"leds-pca955x: Remove the unused function pca95xx_num_led_regs()\" (stable-fixes).\n- Revert \"wifi: ath11k: restore country code during resume\" (bsc#1207948).\n- Revert \"wifi: ath11k: support hibernation\" (bsc#1207948).\n- SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes).\n- SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes).\n- SUNRPC: convert RPC_TASK_* constants to enum (git-fixes).\n- UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes).\n- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).\n- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).\n- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).\n- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).\n- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).\n- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).\n- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).\n- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes).\n- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).\n- USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes).\n- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).\n- USB: serial: option: drop MeiG Smart defines (stable-fixes).\n- USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes).\n- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).\n- USB: serial: option: match on interface class for Telit FN990B (stable-fixes).\n- Update \"drm/mgag200: Added support for the new device G200eH5\" (jsc#PED-12094)\n- Use gcc-13 for build on SLE16 (jsc#PED-10028).\n- accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes).\n- accel/qaic: Fix possible data corruption in BOs \u003e 2G (git-fixes).\n- acct: block access to kernel internal filesystems (git-fixes).\n- acct: perform last write from workqueue (git-fixes).\n- add nf_tables for iptables non-legacy network handling.\n- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).\n- af_unix: Annotate data-race of sk-\u003esk_state in unix_stream_read_skb() (bsc#1239435).\n- af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435).\n- af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334).\n- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).\n- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)\n- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)\n- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)\n- arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes)\n- arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes)\n- arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes)\n- arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes)\n- arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes)\n- arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes)\n- arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes)\n- arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes)\n- arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes)\n- arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes)\n- arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes)\n- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes)\n- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes)\n- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes)\n- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes)\n- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)\n- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)\n- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)\n- arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes)\n- arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes)\n- ata: ahci: Add mask_port_map module parameter (git-fixes).\n- ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes).\n- ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes).\n- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).\n- ata: libata: Fix NCQ Non-Data log not supported print (git-fixes).\n- ata: pata_parport: add custom version of wait_after_reset (git-fixes).\n- ata: pata_parport: fit3: implement IDE command set registers (git-fixes).\n- ata: pata_serverworks: Do not use the term blacklist (git-fixes).\n- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes).\n- ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes).\n- auxdisplay: panel: Fix an API misuse in panel.c (git-fixes).\n- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes).\n- batman-adv: Drop unmanaged ELP metric worker (git-fixes).\n- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).\n- batman-adv: Ignore own maximum aggregation size during RX (git-fixes).\n- batman-adv: fix panic during interface removal (git-fixes).\n- bio-integrity: do not restrict the size of integrity metadata (git-fixes).\n- bitmap: introduce generic optimized bitmap_size() (git-fixes).\n- blk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage (bsc#1237558).\n- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).\n- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).\n- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).\n- blk-mq: add number of queue calc helper (bsc#1236897).\n- blk-mq: create correct map for fallback case (bsc#1236896).\n- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).\n- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).\n- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).\n- blk-mq: move cpuhp callback registering out of q-\u003esysfs_lock (git-fixes).\n- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).\n- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).\n- blk_iocost: remove some duplicate irq disable/enables (git-fixes).\n- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).\n- block: Clear zone limits for a non-zoned stacked queue (git-fixes).\n- block: Fix elevator_get_default() checking for NULL q-\u003etag_set (git-fixes).\n- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).\n- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).\n- block: Provide bdev_open_* functions (git-fixes).\n- block: Remove special-casing of compound pages (git-fixes).\n- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).\n- block: add a disk_has_partscan helper (git-fixes).\n- block: add a partscan sysfs attribute for disks (git-fixes).\n- block: add check of \u0027minors\u0027 and \u0027first_minor\u0027 in device_add_disk() (git-fixes).\n- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).\n- block: change rq_integrity_vec to respect the iterator (git-fixes).\n- block: cleanup and fix batch completion adding conditions (git-fixes).\n- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).\n- block: do not revert iter for -EIOCBQUEUED (git-fixes).\n- block: ensure we hold a queue reference when using queue limits (git-fixes).\n- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).\n- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).\n- block: fix integer overflow in BLKSECDISCARD (git-fixes).\n- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).\n- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).\n- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).\n- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).\n- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).\n- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).\n- block: retry call probe after request_module in blk_request_module (git-fixes).\n- block: return unsigned int from bdev_io_min (git-fixes).\n- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).\n- block: support to account io_ticks precisely (git-fixes).\n- block: use the right type for stub rq_integrity_vec() (git-fixes).\n- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).\n- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).\n- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).\n- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).\n- bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes).\n- bpf: Fix a verifier verbose message (git-fixes).\n- bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes).\n- bpf: Use -Wno-error in certain tests when building with GCC (git-fixes).\n- bpf: prevent r10 register from being marked as precise (git-fixes).\n- broadcom: fix supported flag check in periodic output function (git-fixes).\n- btrfs: check delayed refs when we\u0027re checking if a ref exists (bsc#1239605).\n- btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045).\n- btrfs: drop the backref cache during relocation if we commit (bsc#1239605).\n- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).\n- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).\n- btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045).\n- btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045).\n- btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045).\n- bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes).\n- bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes).\n- bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes).\n- bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes).\n- bus: simple-pm-bus: fix forced runtime PM use (git-fixes).\n- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).\n- can: ctucanfd: handle skb allocation failure (git-fixes).\n- can: etas_es58x: fix potential NULL pointer dereference on udev-\u003eserial (git-fixes).\n- can: flexcan: disable transceiver during system PM (git-fixes).\n- can: flexcan: only change CAN state when link up in system PM (git-fixes).\n- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).\n- can: rcar_canfd: Fix page entries in the AFL list (git-fixes).\n- can: ucan: fix out of bound read in strscpy() source (git-fixes).\n- cdx: Fix possible UAF error in driver_override_show() (git-fixes).\n- char: misc: deallocate static minor in error path (git-fixes).\n- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).\n- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).\n- cifs: Remove intermediate object of failed create reparse call (git-fixes).\n- cifs: commands that are retried should have replay flag set (bsc#1231432).\n- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).\n- cifs: helper function to check replayable error codes (bsc#1231432).\n- cifs: new mount option called retrans (bsc#1231432).\n- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).\n- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).\n- cifs: update desired access while requesting for directory lease (git-fixes).\n- cifs: update the same create_guid on replay (git-fixes).\n- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).\n- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).\n- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).\n- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).\n- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).\n- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).\n- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).\n- clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes).\n- config: Set gcc version (jsc#PED-12251).\n- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).\n- cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856)\n- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).\n- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).\n- cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707).\n- cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856)\n- cpufreq/cppc: Move and rename (bsc#1237856)\n- cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856)\n- cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856)\n- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).\n- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).\n- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).\n- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).\n- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).\n- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).\n- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).\n- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).\n- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).\n- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).\n- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).\n- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).\n- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).\n- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).\n- cpumask: add cpumask_weight_andnot() (bsc#1239015).\n- cpumask: define cleanup function for cpumasks (bsc#1239015).\n- crypto: ccp - Fix check for the primary ASP device (git-fixes).\n- crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).\n- crypto: hisilicon/sec2 - fix for sec spec check (git-fixes).\n- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).\n- crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416).\n- crypto: iaa - Change desc-\u003epriv to 0 (jsc#PED-12416).\n- crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416).\n- crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416).\n- crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416).\n- crypto: iaa - Remove header table code (jsc#PED-12416).\n- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416).\n- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416).\n- crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416).\n- crypto: iaa - Test the correct request flag (git-fixes).\n- crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416).\n- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416).\n- crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416).\n- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416).\n- crypto: iaa - remove unneeded semicolon (jsc#PED-12416).\n- crypto: nx - Fix uninitialised hv_nxc on error (git-fixes).\n- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416).\n- crypto: qat - Constify struct pm_status_row (jsc#PED-12416).\n- crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416).\n- crypto: qat - Fix spelling mistake \"Invalide\" -\u003e \"Invalid\" (jsc#PED-12416).\n- crypto: qat - Fix typo \"accelaration\" (jsc#PED-12416).\n- crypto: qat - Fix typo (jsc#PED-12416).\n- crypto: qat - Remove trailing space after \\n newline (jsc#PED-12416).\n- crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416).\n- crypto: qat - add admin msgs for telemetry (jsc#PED-12416).\n- crypto: qat - add auto reset on error (jsc#PED-12416).\n- crypto: qat - add bank save and restore flows (jsc#PED-12416).\n- crypto: qat - add fatal error notification (jsc#PED-12416).\n- crypto: qat - add fatal error notify method (jsc#PED-12416).\n- crypto: qat - add heartbeat error simulator (jsc#PED-12416).\n- crypto: qat - add interface for live migration (jsc#PED-12416).\n- crypto: qat - add support for 420xx devices (jsc#PED-12416).\n- crypto: qat - add support for device telemetry (jsc#PED-12416).\n- crypto: qat - add support for ring pair level telemetry (jsc#PED-12416).\n- crypto: qat - adf_get_etr_base() helper (jsc#PED-12416).\n- crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416).\n- crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416).\n- crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416).\n- crypto: qat - disable arbitration before reset (jsc#PED-12416).\n- crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416).\n- crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416).\n- crypto: qat - fix \"Full Going True\" macro definition (jsc#PED-12416).\n- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416).\n- crypto: qat - fix comment structure (jsc#PED-12416).\n- crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416).\n- crypto: qat - fix recovery flow for VFs (jsc#PED-12416).\n- crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416).\n- crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416).\n- crypto: qat - implement dh fallback for primes \u003e 4K (jsc#PED-12416).\n- crypto: qat - implement interface for live migration (jsc#PED-12416).\n- crypto: qat - improve aer error reset handling (jsc#PED-12416).\n- crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416).\n- crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416).\n- crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416).\n- crypto: qat - limit heartbeat notifications (jsc#PED-12416).\n- crypto: qat - make adf_ctl_class constant (jsc#PED-12416).\n- crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416).\n- crypto: qat - move PFVF compat checker to a function (jsc#PED-12416).\n- crypto: qat - move fw config related structures (jsc#PED-12416).\n- crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416).\n- crypto: qat - re-enable sriov after pf reset (jsc#PED-12416).\n- crypto: qat - relocate CSR access code (jsc#PED-12416).\n- crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416).\n- crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416).\n- crypto: qat - remove access to parity register for QAT GEN4 (git-fixes).\n- crypto: qat - remove unnecessary description from comment (jsc#PED-12416).\n- crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416).\n- crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416).\n- crypto: qat - set parity error mask for qat_420xx (git-fixes).\n- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416).\n- crypto: qat - update PFVF protocol for recovery (jsc#PED-12416).\n- crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416).\n- crypto: qat - validate slices count returned by FW (jsc#PED-12416).\n- crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416).\n- cxgb4: Avoid removal of uninserted tid (git-fixes).\n- cxgb4: use port number to set mac addr (git-fixes).\n- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).\n- dlm: fix srcu_read_lock() return type to int (git-fixes).\n- dlm: prevent NPD when writing a positive value to event_done (git-fixes).\n- dm array: fix cursor index when skipping across block boundaries (git-fixes).\n- dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes).\n- dm init: Handle minors larger than 255 (git-fixes).\n- dm integrity: fix out-of-range warning (git-fixes).\n- dm persistent data: fix memory allocation failure (git-fixes).\n- dm resume: do not return EINVAL when signalled (git-fixes).\n- dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes).\n- dm thin: Add missing destroy_work_on_stack() (git-fixes).\n- dm-crypt: do not update io-\u003esector after kcryptd_crypt_write_io_submit() (git-fixes).\n- dm-crypt: track tag_offset in convert_context (git-fixes).\n- dm-delay: fix hung task introduced by kthread mode (git-fixes).\n- dm-delay: fix max_delay calculations (git-fixes).\n- dm-delay: fix workqueue delay_timer race (git-fixes).\n- dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes).\n- dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes).\n- dm-integrity: align the outgoing bio in integrity_recheck (git-fixes).\n- dm-integrity: fix a race condition when accessing recalc_sector (git-fixes).\n- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes).\n- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes).\n- dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes).\n- dm: Fix typo in error message (git-fixes).\n- dma: kmsan: export kmsan_handle_dma() for modules (git-fixes).\n- doc/README.SUSE: Point to the updated version of LKMPG\n- doc: update managed_irq documentation (bsc#1236897).\n- driver core: Remove needless return in void API device_remove_group() (git-fixes).\n- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).\n- drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes).\n- drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes).\n- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes).\n- drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes).\n- drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes).\n- drm/amd/display: Fix HPD after gpu reset (stable-fixes).\n- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).\n- drm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in resource_build_scaling_params (git-fixes).\n- drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes).\n- drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes).\n- drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes).\n- drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes).\n- drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes).\n- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).\n- drm/amdgpu/umsch: declare umsch firmware (git-fixes).\n- drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes).\n- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes).\n- drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes).\n- drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes).\n- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).\n- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).\n- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).\n- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).\n- drm/amdkfd: Fix Circular Locking Dependency in \u0027svm_range_cpu_invalidate_pagetables\u0027 (git-fixes).\n- drm/amdkfd: only flush the validate MES contex (stable-fixes).\n- drm/atomic: Filter out redundant DPMS calls (stable-fixes).\n- drm/bridge: Fix spelling mistake \"gettin\" -\u003e \"getting\" (git-fixes).\n- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).\n- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).\n- drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes).\n- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).\n- drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes).\n- drm/dp_mst: Fix drm RAD print (git-fixes).\n- drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes).\n- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes).\n- drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes).\n- drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes).\n- drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes).\n- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).\n- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).\n- drm/i915/dsi: Use TRANS_DDI_FUNC_CTL\u0027s own port width macro (git-fixes).\n- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).\n- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).\n- drm/i915/selftests: avoid using uninitialized context (git-fixes).\n- drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes).\n- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).\n- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).\n- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).\n- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).\n- drm/mediatek: dp: drm_err =\u003e dev_err in HPD path to avoid NULL ptr (git-fixes).\n- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes).\n- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes).\n- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes).\n- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)\n- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).\n- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes).\n- drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes).\n- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).\n- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).\n- drm/msm/dpu: do not use active in atomic_check() (git-fixes).\n- drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes).\n- drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes).\n- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).\n- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).\n- drm/msm: Avoid rounding up to one jiffy (git-fixes).\n- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).\n- drm/nouveau: Do not override forced connector status (stable-fixes).\n- drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes).\n- drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes).\n- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes).\n- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes).\n- drm/repaper: fix integer overflows in repeat functions (git-fixes).\n- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).\n- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).\n- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).\n- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).\n- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).\n- drm/sched: Fix fence reference count leak (git-fixes).\n- drm/sched: Fix preprocessor guard (git-fixes).\n- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes).\n- drm/ssd130x: ensure ssd132x pitch is correct (git-fixes).\n- drm/ssd130x: fix ssd132x encoding (git-fixes).\n- drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes).\n- drm/virtio: New fence for every plane update (stable-fixes).\n- drm/vkms: Fix use after free and double free on init error (git-fixes).\n- drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes).\n- drm: xlnx: zynqmp: Fix max dma segment size (git-fixes).\n- dummycon: fix default rows/cols (git-fixes).\n- eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes).\n- efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349).\n- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).\n- efi: libstub: Use \u0027-std=gnu11\u0027 to fix build with GCC 15 (stable-fixes).\n- eth: gve: use appropriate helper to set xdp_features (git-fixes).\n- exfat: convert to ctime accessor functions (git-fixes).\n- exfat: do not zero the extended part (bsc#1237356).\n- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).\n- exfat: fix file being changed by unaligned direct write (git-fixes).\n- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).\n- exfat: fix zero the unwritten part for dio read (git-fixes).\n- fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes).\n- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).\n- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).\n- fbdev: sm501fb: Add some geometry checks (git-fixes).\n- firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes).\n- firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes).\n- firmware: cs_dsp: Remove async regmap writes (git-fixes).\n- firmware: imx-scu: fix OF node leak in .probe() (git-fixes).\n- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).\n- flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994).\n- futex: Do not include process MM in futex key on no-MMU (git-fixes).\n- gpio: aggregator: protect driver attr handlers against module unload (git-fixes).\n- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).\n- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).\n- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).\n- gpio: pca953x: Improve interrupt support (git-fixes).\n- gpio: rcar: Fix missing of_node_put() call (git-fixes).\n- gpio: rcar: Use raw_spinlock to protect register access (stable-fixes).\n- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).\n- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).\n- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).\n- gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes).\n- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes).\n- gup: make the stack expansion warning a bit more targeted (bsc#1238214).\n- hfs: Sanity check the root record (git-fixes).\n- hwmon: (ad7314) Validate leading zero bits and return error (git-fixes).\n- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes).\n- hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes).\n- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes).\n- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).\n- i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes).\n- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes).\n- i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes).\n- i2c: ls2x: Fix frequency division register access (git-fixes).\n- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).\n- i2c: omap: fix IRQ storms (git-fixes).\n- i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes).\n- i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes).\n- i3c: master: svc: Fix missing the IBI rules (git-fixes).\n- i3c: master: svc: Use readsb helper for reading MDB (git-fixes).\n- iavf: allow changing VLAN state without calling PF (git-fixes).\n- ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518).\n- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).\n- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).\n- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).\n- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).\n- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).\n- ice: fix max values for dpll pin phase adjust (git-fixes).\n- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).\n- ice: gather page_count()\u0027s of each frag right before XDP prog call (git-fixes).\n- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).\n- ice: put Rx buffers after being done with current frame (git-fixes).\n- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).\n- ice: use internal pf id instead of function number (git-fixes).\n- idpf: add read memory barrier when checking descriptor done bit (git-fixes).\n- idpf: call set_real_num_queues in idpf_open (bsc#1236661).\n- idpf: convert workqueues to unbound (git-fixes).\n- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).\n- idpf: fix handling rsc packet with a single segment (git-fixes).\n- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).\n- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).\n- igc: return early when failing to read EECD register (git-fixes).\n- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes).\n- iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes).\n- iio: adc: ad4130: Fix comparison of channel setups (git-fixes).\n- iio: adc: ad7124: Fix comparison of channel configs (git-fixes).\n- iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes).\n- iio: dac: ad3552r: clear reset status flag (git-fixes).\n- iio: filter: admv8818: Force initialization of SDO (git-fixes).\n- include/linux/mmzone.h: clean up watermark accessors (bsc#1239600).\n- include: net: add static inline dst_dev_overhead() to dst.h (git-fixes).\n- init: add initramfs_internal.h (bsc#1232848).\n- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).\n- initramfs: allocate heap buffers together (bsc#1232848).\n- initramfs: fix hardlink hash leak without TRAILER (bsc#1232848).\n- intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes).\n- intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes).\n- intel_th: pci: Add Arrow Lake support (stable-fixes).\n- intel_th: pci: Add Panther Lake-H support (stable-fixes).\n- intel_th: pci: Add Panther Lake-P/U support (stable-fixes).\n- ioam6: improve checks on user data (git-fixes).\n- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).\n- iommu/vt-d: Fix suspicious RCU usage (git-fixes).\n- ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994).\n- ipv4: use RCU protection in inet_select_addr() (bsc#1239994).\n- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994).\n- ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994).\n- ipv4: use RCU protection in rt_is_expired() (bsc#1239994).\n- ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes).\n- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes).\n- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes).\n- ipv6: Use RCU in ip6_input() (bsc#1239994).\n- ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes).\n- ipv6: avoid atomic fragment on GSO packets (git-fixes).\n- ipv6: fib6_rules: flush route cache when rule is changed (git-fixes).\n- ipv6: fib: hide unused \u0027pn\u0027 variable (git-fixes).\n- ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes).\n- ipv6: fix potential NULL deref in fib6_add() (git-fixes).\n- ipv6: icmp: convert to dev_net_rcu() (bsc#1239994).\n- ipv6: introduce dst_rt6_info() helper (git-fixes).\n- ipv6: ioam: block BH from ioam6_output() (git-fixes).\n- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes).\n- ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).\n- ipv6: sr: add missing seg6_local_exit (git-fixes).\n- ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes).\n- ipv6: take care of scope when choosing the src addr (git-fixes).\n- jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes).\n- jfs: add check read-only before txBeginAnon() call (git-fixes).\n- jfs: add index corruption check to DT_GETPAGE() (git-fixes).\n- jfs: fix slab-out-of-bounds read in ea_get() (git-fixes).\n- jfs: reject on-disk inodes of an unsupported type (git-fixes).\n- kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes)\n- kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).\n- kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).\n- kABI fix for netlink: terminate outstanding dump on socket close (git-fixes).\n- kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes).\n- kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes).\n- kABI workaround for intel-ish-hid (git-fixes).\n- kABI workaround for soc_mixer_control changes (git-fixes).\n- kabi: fix bus type (bsc#1236896).\n- kabi: fix group_cpus_evenly (bsc#1236897).\n- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).\n- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).\n- kbuild: hdrcheck: fix cross build with clang (git-fixes).\n- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).\n- kernel-source: Also replace bin/env\n- kunit: qemu_configs: sparc: use Zilog console (git-fixes).\n- l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes).\n- l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes).\n- l2tp: fix lockdep splat (git-fixes).\n- leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes).\n- leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes).\n- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).\n- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).\n- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).\n- lib: 842: Improve error handling in sw842_compress() (git-fixes).\n- lib: stackinit: hide never-taken branch from compiler (stable-fixes).\n- lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes).\n- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).\n- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).\n- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).\n- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).\n- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).\n- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).\n- md/md-bitmap: add \u0027sync_size\u0027 into struct md_bitmap_stats (git-fixes).\n- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).\n- md/md-cluster: fix spares warnings for __le64 (git-fixes).\n- md/raid0: do not free conf on raid0_run failure (git-fixes).\n- md/raid1: do not free conf on raid0_run failure (git-fixes).\n- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).\n- md: Do not flush sync_work in md_write_start() (git-fixes).\n- md: convert comma to semicolon (git-fixes).\n- mdacon: rework dependency list (git-fixes).\n- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).\n- media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes).\n- media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes).\n- media: i2c: adv748x: Fix test pattern selection mask (git-fixes).\n- media: i2c: ccs: Set the device\u0027s runtime PM status correctly in remove (git-fixes).\n- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes).\n- media: i2c: ov7251: Set enable GPIO low in probe (git-fixes).\n- media: ov08x40: Fix hblank out of range issue (git-fixes).\n- media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes).\n- media: platform: stm32: Add check for clk_enable() (git-fixes).\n- media: siano: Fix error handling in smsdvb_module_init() (git-fixes).\n- media: streamzap: fix race between device disconnection and urb callback (git-fixes).\n- media: streamzap: prevent processing IR data on URB failure (git-fixes).\n- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).\n- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).\n- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).\n- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes).\n- media: venus: hfi: add a check to handle OOB in sfr region (git-fixes).\n- media: venus: hfi: add check to handle incorrect queue size (git-fixes).\n- media: venus: hfi_parser: add check to avoid out of bound access (git-fixes).\n- media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes).\n- media: verisilicon: HEVC: Initialize start_bit field (git-fixes).\n- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).\n- media: vim2m: print device name after registering device (git-fixes).\n- media: visl: Fix ERANGE error when setting enum controls (git-fixes).\n- mei: me: add panther lake P DID (stable-fixes).\n- memblock tests: fix warning: \"__ALIGN_KERNEL\" redefined (git-fixes).\n- memory: mtk-smi: Add ostd setting for mt8192 (git-fixes).\n- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes).\n- mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes).\n- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).\n- mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes).\n- mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes).\n- mfd: syscon: Fix race in device_node_get_regmap() (git-fixes).\n- mfd: syscon: Remove extern from function prototypes (stable-fixes).\n- mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes).\n- mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)).\n- mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600).\n- mm: accept to promo watermark (bsc#1239600).\n- mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600).\n- mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600).\n- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)\n- mm: zswap: move allocations during CPU init outside the lock (git-fixes).\n- mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes).\n- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).\n- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).\n- mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes).\n- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes).\n- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).\n- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes).\n- mptcp: export local_address (git-fixes)\n- mptcp: fix NL PM announced address accounting (git-fixes)\n- mptcp: fix data races on local_id (git-fixes)\n- mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)\n- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)\n- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)\n- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)\n- mptcp: pm: deny endp with signal + subflow + port (git-fixes)\n- mptcp: pm: do not ignore \u0027subflow\u0027 if \u0027signal\u0027 flag is also set (git-fixes)\n- mptcp: pm: do not try to create sf if alloc failed (git-fixes)\n- mptcp: pm: fullmesh: select the right ID later (git-fixes)\n- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)\n- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)\n- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)\n- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)\n- mptcp: pm: re-using ID of unused removed subflows (git-fixes)\n- mptcp: pm: reduce indentation blocks (git-fixes)\n- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)\n- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)\n- mptcp: unify pm get_local_id interfaces (git-fixes)\n- mptcp: unify pm set_flags interfaces (git-fixes)\n- mtd: Add check for devm_kcalloc() (git-fixes).\n- mtd: Replace kcalloc() with devm_kcalloc() (git-fixes).\n- mtd: nand: Fix a kdoc comment (git-fixes).\n- mtd: rawnand: brcmnand: fix PM resume warning (git-fixes).\n- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).\n- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).\n- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).\n- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).\n- nbd: Fix signal handling (git-fixes).\n- nbd: Improve the documentation of the locking assumptions (git-fixes).\n- nbd: do not allow reconnect after disconnect (git-fixes).\n- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994).\n- ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994).\n- net l2tp: drop flow hash on forward (git-fixes).\n- net/mlx5: Correct TASR typo into TSAR (git-fixes).\n- net/mlx5: Fix RDMA TX steering prio (git-fixes).\n- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).\n- net/mlx5: SF, Fix add port error handling (git-fixes).\n- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).\n- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).\n- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).\n- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).\n- net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes).\n- net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes).\n- net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes).\n- net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes).\n- net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes).\n- net/sched: flower: Add lock protection when remove filter handle (git-fixes).\n- net/sched: taprio: make q-\u003epicos_per_byte available to fill_sched_entry() (git-fixes).\n- net/sched: tbf: correct backlog statistic for GSO packets (git-fixes).\n- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).\n- net: Fix undefined behavior in netdev name allocation (bsc#1233749).\n- net: add dev_net_rcu() helper (bsc#1239994).\n- net: avoid UAF on deleted altname (bsc#1233749).\n- net: check for altname conflicts when changing netdev\u0027s netns (bsc#1233749).\n- net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes).\n- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).\n- net: do not send a MOVE event when netdev changes netns (bsc#1233749).\n- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).\n- net: fix ifname in netlink ntf during netns move (bsc#1233749).\n- net: fix removing a namespace with conflicting altnames (bsc#1233749).\n- net: free altname using an RCU callback (bsc#1233749).\n- net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes).\n- net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes).\n- net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes).\n- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes).\n- net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes).\n- net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes).\n- net: ipv6: ioam6: code alignment (git-fixes).\n- net: ipv6: ioam6: new feature tunsrc (git-fixes).\n- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes).\n- net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes).\n- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes).\n- net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).\n- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).\n- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).\n- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).\n- net: mana: Allow variable size indirection table (bsc#1239016).\n- net: mana: Assigning IRQ affinity on HT cores (bsc#1239015).\n- net: mana: Avoid open coded arithmetic (bsc#1239016).\n- net: mana: Cleanup \"mana\" debugfs dir after cleanup of all children (bsc#1236760).\n- net: mana: Enable debugfs files for MANA device (bsc#1236758).\n- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015).\n- net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015).\n- net: mana: Support holes in device list reply msg (git-fixes).\n- net: mana: add a function to spread IRQs per CPUs (bsc#1239015).\n- net: mana: cleanup mana struct after debugfs_remove() (git-fixes).\n- net: move altnames together with the netdevice (bsc#1233749).\n- net: netvsc: Update default VMBus channels (bsc#1236757).\n- net: reduce indentation of __dev_alloc_name() (bsc#1233749).\n- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).\n- net: remove else after return in dev_prep_valid_name() (bsc#1233749).\n- net: rose: lock the socket in rose_bind() (git-fixes).\n- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).\n- net: smc: fix spurious error message from __sock_release() (bsc#1237126).\n- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).\n- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480).\n- net: use unrcu_pointer() helper (git-fixes).\n- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).\n- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes).\n- net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes).\n- net_sched: sch_sfq: annotate data-races around q-\u003eperturb_period (git-fixes).\n- net_sched: sch_sfq: handle bigger packets (git-fixes).\n- nfsd: clear acl_access/acl_default after releasing them (git-fixes).\n- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).\n- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).\n- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).\n- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).\n- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).\n- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).\n- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).\n- null_blk: fix validation of block size (git-fixes).\n- nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649).\n- nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649).\n- nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649).\n- nvme-fc: use ctrl state getter (git-fixes).\n- nvme-ioctl: fix leaked requests on mapping error (git-fixes).\n- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).\n- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).\n- nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes).\n- nvme-pci: remove stale comment (git-fixes).\n- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).\n- nvme-tcp: Fix a C2HTermReq error message (git-fixes).\n- nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes).\n- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).\n- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes).\n- nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes).\n- nvme/ioctl: add missing space in err message (git-fixes).\n- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).\n- nvme: introduce nvme_disk_is_ns_head helper (git-fixes).\n- nvme: make nvme_tls_attrs_group static (git-fixes).\n- nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes).\n- nvme: move passthrough logging attribute to head (git-fixes).\n- nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649).\n- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- nvme: tcp: Fix compilation warning with W=1 (git-fixes).\n- nvmet-fc: Remove unused functions (git-fixes).\n- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes).\n- nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes).\n- nvmet: Fix crash when a namespace is disabled (git-fixes).\n- nvmet: remove old function prototype (git-fixes).\n- ocfs2: check dir i_size in ocfs2_find_entry (git-fixes).\n- ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes).\n- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).\n- ocfs2: handle a symlink read error correctly (git-fixes).\n- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes).\n- ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes).\n- orangefs: fix a oob in orangefs_debug_write (git-fixes).\n- padata: Clean up in padata_do_multithreaded() (bsc#1237563).\n- padata: Honor the caller\u0027s alignment in case of chunk_size 0 (bsc#1237563).\n- padata: fix sysfs store callback check (git-fixes).\n- partitions: ldm: remove the initial kernel-doc notation (git-fixes).\n- partitions: mac: fix handling of bogus partition table (git-fixes).\n- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).\n- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).\n- phy: tegra: xusb: reset VBUS \u0026 ID OVERRIDE (git-fixes).\n- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes).\n- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).\n- pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes).\n- pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes).\n- pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes).\n- pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes).\n- pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes).\n- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).\n- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).\n- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).\n- platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes).\n- platform/x86: ISST: Ignore minor version change (bsc#1237452).\n- platform/x86: acer-wmi: Ignore AC events (stable-fixes).\n- platform/x86: dell-ddv: Fix temperature calculation (git-fixes).\n- platform/x86: int3472: Check for adev == NULL (stable-fixes).\n- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes).\n- platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes).\n- platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes).\n- pnfs/flexfiles: retry getting layout segment for reads (git-fixes).\n- power: supply: da9150-fg: fix potential overflow (git-fixes).\n- power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes).\n- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).\n- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).\n- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).\n- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).\n- powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573).\n- powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573).\n- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896\n bsc#1235932).\n- powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055).\n- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).\n- powerpc: Stop using no_llseek (bsc#1239573).\n- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).\n- r8169: enable SG/TSO on selected chip versions per default (bsc#1235874).\n- rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes).\n- rapidio: fix an API misues when rio_add_net() fails (git-fixes).\n- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).\n- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).\n- rbd: do not move requests to the running list on errors (git-fixes).\n- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).\n- regmap-irq: Add missing kfree() (git-fixes).\n- regulator: check that dummy regulator has been probed before using it (stable-fixes).\n- regulator: core: Fix deadlock in create_regulator() (git-fixes).\n- regulator: dummy: force synchronous probing (git-fixes).\n- rndis_host: Flag RNDIS modems as WWAN devices (git-fixes).\n- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)\n- rpm/release-projects: Update the ALP projects again (bsc#1231293).\n- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)\n- s390/cio: rename bitmap_size() -\u003e idset_bitmap_size() (git-fixes bsc#1236205).\n- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).\n- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).\n- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).\n- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).\n- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).\n- s390/pci: Ignore RID for isolated VFs (bsc#1236752).\n- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).\n- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).\n- s390/pci: Use topology ID for multi-function devices (bsc#1236752).\n- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).\n- s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594).\n- s390/topology: Improve topology detection (bsc#1236591).\n- s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595).\n- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).\n- sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743).\n- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).\n- scsi: core: Clear driver private data when retrying request (git-fixes).\n- scsi: core: Do not retry I/Os during depopulation (git-fixes).\n- scsi: core: Handle depopulation and restoration in progress (git-fixes).\n- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).\n- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).\n- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).\n- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).\n- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).\n- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).\n- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).\n- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).\n- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).\n- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).\n- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).\n- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).\n- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).\n- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).\n- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).\n- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).\n- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).\n- scsi: myrb: Remove dead code (git-fixes).\n- scsi: qedi: Fix potential deadlock on \u0026qedi_percpu-\u003ep_work_lock (git-fixes).\n- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).\n- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).\n- scsi: sg: Enable runtime power management (git-fixes).\n- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).\n- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).\n- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).\n- scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- selftest: hugetlb_dio: fix test naming (git-fixes).\n- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).\n- selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes).\n- selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes).\n- selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes).\n- selftests/bpf: add fp-leaking precise subprog result tests (git-fixes).\n- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).\n- selftests/mm/cow: fix the incorrect error handling (git-fixes).\n- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).\n- selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes).\n- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).\n- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).\n- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).\n- selftests: mptcp: close fd_in before returning in main_loop (git-fixes).\n- selftests: mptcp: connect: -f: no reconnect (git-fixes).\n- selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes).\n- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).\n- seq_file: add helper macro to define attribute for rw file (jsc#PED-12416).\n- serial: 8250: Fix fifo underflow on flush (git-fixes).\n- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).\n- slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes).\n- smb3: fix creating FIFOs when mounting with \"sfu\" mount option (git-fixes).\n- smb3: request handle caching when caching directories (bsc#1231432).\n- smb3: retrying on failed server close (bsc#1231432).\n- smb: cached directories can be more than root file handle (bsc#1231432).\n- smb: cilent: set reparse mount points as automounts (git-fixes).\n- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).\n- smb: client: Fix minor whitespace errors and warnings (git-fixes).\n- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).\n- smb: client: add support for WSL reparse points (git-fixes).\n- smb: client: allow creating special files via reparse points (git-fixes).\n- smb: client: allow creating symlinks via reparse points (git-fixes).\n- smb: client: cleanup smb2_query_reparse_point() (git-fixes).\n- smb: client: destroy cfid_put_wq on module exit (git-fixes).\n- smb: client: do not query reparse points twice on symlinks (git-fixes).\n- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).\n- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).\n- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).\n- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).\n- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).\n- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).\n- smb: client: fix hardlinking of reparse points (git-fixes).\n- smb: client: fix missing mode bits for SMB symlinks (git-fixes).\n- smb: client: fix possible double free in smb2_set_ea() (git-fixes).\n- smb: client: fix potential broken compound request (git-fixes).\n- smb: client: fix renaming of reparse points (git-fixes).\n- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).\n- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).\n- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).\n- smb: client: handle path separator of created SMB symlinks (git-fixes).\n- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).\n- smb: client: ignore unhandled reparse tags (git-fixes).\n- smb: client: implement -\u003equery_reparse_point() for SMB1 (git-fixes).\n- smb: client: instantiate when creating SFU files (git-fixes).\n- smb: client: introduce -\u003eparse_reparse_point() (git-fixes).\n- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).\n- smb: client: introduce cifs_sfu_make_node() (git-fixes).\n- smb: client: introduce reparse mount option (git-fixes).\n- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).\n- smb: client: move most of reparse point handling code to common file (git-fixes).\n- smb: client: move some params to cifs_open_info_data (bsc#1231432).\n- smb: client: optimise reparse point querying (git-fixes).\n- smb: client: parse owner/group when creating reparse points (git-fixes).\n- smb: client: parse reparse point flag in create response (bsc#1231432).\n- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).\n- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).\n- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).\n- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).\n- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).\n- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).\n- smb: client: retry compound request without reusing lease (git-fixes).\n- smb: client: return reparse type in /proc/mounts (git-fixes).\n- smb: client: reuse file lease key in compound operations (git-fixes).\n- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).\n- smb: client: set correct file type from NFS reparse points (git-fixes).\n- smb: client: stop revalidating reparse points unnecessarily (git-fixes).\n- smb: use kernel_connect() and kernel_bind() (git-fixes).\n- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).\n- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).\n- soc: imx8m: Remove global soc_uid (stable-fixes).\n- soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes).\n- soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes).\n- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).\n- soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes).\n- soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes).\n- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).\n- soc: qcom: pdr: Fix the potential deadlock (git-fixes).\n- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).\n- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).\n- soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes).\n- soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes).\n- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).\n- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).\n- spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes).\n- spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes).\n- spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes).\n- spi: sn-f-ospi: Fix division by zero (git-fixes).\n- splice: do not checksum AF_UNIX sockets (bsc#1240333).\n- sunrpc: suppress warnings for unused procfs functions (git-fixes).\n- supported.conf: add now-included qat_420xx (external, intel)\n- tcp: Add memory barrier to tcp_push() (git-fixes).\n- tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes).\n- tcp: Annotate data-race around sk-\u003esk_mark in tcp_v4_send_reset (git-fixes).\n- tcp: Defer ts_recent changes until req is owned (git-fixes).\n- tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes).\n- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes).\n- tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes).\n- tcp: Update window clamping condition (git-fixes).\n- tcp: add tcp_done_with_error() helper (git-fixes).\n- tcp: adjust rcvq_space after updating scaling ratio (git-fixes).\n- tcp: annotate data-races around tp-\u003ewindow_clamp (git-fixes).\n- tcp: avoid premature drops in tcp_add_backlog() (git-fixes).\n- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes).\n- tcp: check mptcp-level constraints for backlog coalescing (git-fixes).\n- tcp: check space before adding MPTCP SYN options (git-fixes).\n- tcp: clear tp-\u003eretrans_stamp in tcp_rcv_fastopen_synack() (git-fixes).\n- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes).\n- tcp: define initial scaling factor value as a macro (git-fixes).\n- tcp: derive delack_max from rto_min (git-fixes).\n- tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes).\n- tcp: fix cookie_init_timestamp() overflows (git-fixes).\n- tcp: fix forever orphan socket caused by tcp_abort (git-fixes).\n- tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes).\n- tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes).\n- tcp: fix mid stream window clamp (git-fixes).\n- tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes).\n- tcp: fix race in tcp_write_err() (git-fixes).\n- tcp: fix races in tcp_abort() (git-fixes).\n- tcp: fix races in tcp_v_err() (git-fixes).\n- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it\u0027s safe (git-fixes).\n- tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes).\n- tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes).\n- tcp: increase the default TCP scaling ratio (git-fixes).\n- tcp: introduce tcp_clock_ms() (git-fixes).\n- tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes).\n- tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes).\n- tcp: remove 64 KByte limit for initial tp-\u003ercv_wnd value (git-fixes).\n- tcp: replace tcp_time_stamp_raw() (git-fixes).\n- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).\n- thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes).\n- thermal: int340x: Add NULL check for adev (git-fixes).\n- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).\n- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes).\n- tools: fix annoying \"mkdir -p ...\" logs when building tools in parallel (git-fixes).\n- tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes).\n- tpm: do not start chip while suspended (git-fixes).\n- tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870).\n- tty: xilinx_uartps: split sysrq handling (git-fixes).\n- ubi: Add a check for ubi_num (git-fixes).\n- ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes).\n- ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes).\n- ubi: correct the calculation of fastmap size (stable-fixes).\n- ubi: eba: properly rollback inside self_check_eba (git-fixes).\n- ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes).\n- ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes).\n- ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes).\n- ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes).\n- ublk: fix error code for unsupported command (git-fixes).\n- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).\n- ublk: move ublk_cancel_dev() out of ub-\u003emutex (git-fixes).\n- ublk: move zone report data out of request pdu (git-fixes).\n- usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes).\n- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).\n- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).\n- usb: chipidea: ci_hdrc_imx: decrement device\u0027s refcount in .remove() and in the error path of .probe() (git-fixes).\n- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).\n- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).\n- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).\n- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).\n- usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes).\n- usb: gadget: Check bmAttributes only if configuration is valid (git-fixes).\n- usb: gadget: Fix setting self-powered state on suspend (git-fixes).\n- usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes).\n- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).\n- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).\n- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).\n- usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes).\n- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).\n- usb: hub: lack of clearing xHC resources (git-fixes).\n- usb: phy: generic: Use proper helper for property detection (stable-fixes).\n- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes).\n- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).\n- usb: renesas_usbhs: Call clk_put() (git-fixes).\n- usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes).\n- usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes).\n- usb: roles: set switch registered flag early on (git-fixes).\n- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes).\n- usb: typec: ucsi: Fix NULL pointer access (git-fixes).\n- usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes).\n- usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes).\n- usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes).\n- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).\n- usb: xhci: remove \u0027retval\u0027 from xhci_pci_resume() (git-fixes).\n- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).\n- usbnet: ipheth: document scope of NCM implementation (stable-fixes).\n- util_macros.h: fix/rework find_closest() macros (git-fixes).\n- vboxsf: fix building with GCC 15 (stable-fixes).\n- vfio/pci: Lock external INTx masking ops (bsc#1222803).\n- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).\n- virtio-mem: check if the config changed before fake offlining memory (git-fixes).\n- virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes).\n- virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes).\n- virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes).\n- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- virtio: hookup irq_get_affinity callback (bsc#1236896).\n- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).\n- vsock/virtio: cancel close work in the destructor (git-fixes)\n- vsock: Keep the binding until socket destruction (git-fixes)\n- vsock: reset socket state when de-assigning the transport (git-fixes)\n- wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes).\n- wifi: ath11k: add srng-\u003elock for ath11k_hal_srng_* in monitor mode (git-fixes).\n- wifi: ath11k: choose default PM policy for hibernation (bsc#1207948).\n- wifi: ath11k: determine PM policy based on machine model (bsc#1207948).\n- wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes).\n- wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes).\n- wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948).\n- wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948).\n- wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948).\n- wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes).\n- wifi: ath12k: encode max Tx power in scan channel list command (git-fixes).\n- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).\n- wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes).\n- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).\n- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).\n- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).\n- wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes).\n- wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes).\n- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).\n- wifi: iwlwifi: avoid memory leak (stable-fixes).\n- wifi: iwlwifi: limit printed string from FW file (git-fixes).\n- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).\n- wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes).\n- wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes).\n- wifi: mt76: Add check for devm_kstrdup() (git-fixes).\n- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).\n- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).\n- wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes).\n- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).\n- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).\n- wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes).\n- wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes).\n- wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes).\n- wifi: mwifiex: Fix premature release of RF calibration data (git-fixes).\n- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).\n- wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes).\n- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).\n- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).\n- wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes).\n- wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes).\n- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).\n- x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes).\n- x86/asm: Make serialize() always_inline (git-fixes).\n- x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Temporarily map initrd for microcode loading (git-fixes).\n- x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes).\n- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).\n- x86/coco: Replace \u0027static const cc_mask\u0027 with the newly introduced cc_get_mask() function (git-fixes).\n- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes).\n- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).\n- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).\n- x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes).\n- x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes).\n- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).\n- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes).\n- x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes).\n- x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes).\n- x86/microcode/32: Move early loading after paging enable (git-fixes).\n- x86/microcode/amd: Cache builtin microcode too (git-fixes).\n- x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes).\n- x86/microcode/amd: Use cached microcode for AP load (git-fixes).\n- x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes).\n- x86/microcode/intel: Add a minimum required revision for late loading (git-fixes).\n- x86/microcode/intel: Cleanup code further (git-fixes).\n- x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes).\n- x86/microcode/intel: Remove debug code (git-fixes).\n- x86/microcode/intel: Remove pointless mutex (git-fixes).\n- x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes).\n- x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes).\n- x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes).\n- x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes).\n- x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes).\n- x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes).\n- x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes).\n- x86/microcode/intel: Simplify early loading (git-fixes).\n- x86/microcode/intel: Simplify scan_microcode() (git-fixes).\n- x86/microcode/intel: Switch to kvmalloc() (git-fixes).\n- x86/microcode/intel: Unify microcode apply() functions (git-fixes).\n- x86/microcode: Add per CPU control field (git-fixes).\n- x86/microcode: Add per CPU result state (git-fixes).\n- x86/microcode: Clarify the late load logic (git-fixes).\n- x86/microcode: Clean up mc_cpu_down_prep() (git-fixes).\n- x86/microcode: Get rid of the schedule work indirection (git-fixes).\n- x86/microcode: Handle \"nosmt\" correctly (git-fixes).\n- x86/microcode: Handle \"offline\" CPUs correctly (git-fixes).\n- x86/microcode: Hide the config knob (git-fixes).\n- x86/microcode: Include vendor headers into microcode.h (git-fixes).\n- x86/microcode: Make reload_early_microcode() static (git-fixes).\n- x86/microcode: Mop up early loading leftovers (git-fixes).\n- x86/microcode: Move core specific defines to local header (git-fixes).\n- x86/microcode: Prepare for minimal revision check (git-fixes).\n- x86/microcode: Protect against instrumentation (git-fixes).\n- x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes).\n- x86/microcode: Provide new control functions (git-fixes).\n- x86/microcode: Remove microcode_mutex (git-fixes).\n- x86/microcode: Remove pointless apply() invocation (git-fixes).\n- x86/microcode: Rendezvous and load in NMI (git-fixes).\n- x86/microcode: Replace the all-in-one rendevous handler (git-fixes).\n- x86/microcode: Sanitize __wait_for_cpus() (git-fixes).\n- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).\n- x86/mm: Remove unused microcode.h include (git-fixes).\n- x86/platform/olpc: Remove unused variable \u0027len\u0027 in olpc_dt_compatible_match() (git-fixes).\n- x86/speculation: Add __update_spec_ctrl() helper (git-fixes).\n- x86/usercopy: Fix kernel-doc func param name in clean_cache_range()\u0027s description (git-fixes).\n- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).\n- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).\n- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).\n- xen/swiotlb: relax alignment requirements (git-fixes).\n- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes).\n- xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes).\n- xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701).\n- xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701).\n- xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes).\n- xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes).\n- xhci: dbc: Convert to use sysfs_streq() (git-fixes).\n- xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes).\n- xhci: dbc: Fix STALL transfer event handling (git-fixes).\n- xhci: dbc: Replace custom return value with proper Linux error code (git-fixes).\n- xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes).\n- xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes).\n- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).\n- xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes).\n- xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes).\n- xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes).\n- xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes).\n- xhci: pci: Use standard pattern for device IDs (git-fixes).\n- zram: clear IDLE flag after recompression (git-fixes).\n- zram: clear IDLE flag in mark_idle() (git-fixes).\n- zram: do not mark idle slots that cannot be idle (git-fixes).\n- zram: fix potential UAF of zram table (git-fixes).\n- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).\n- zram: refuse to use zero sized block device as backing device (git-fixes).\n- zram: split memory-tracking and ac-time tracking (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-kernel-8",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20260-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20260-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520260-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20260-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021058.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1207948",
"url": "https://bugzilla.suse.com/1207948"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1215211",
"url": "https://bugzilla.suse.com/1215211"
},
{
"category": "self",
"summary": "SUSE Bug 1218470",
"url": "https://bugzilla.suse.com/1218470"
},
{
"category": "self",
"summary": "SUSE Bug 1219367",
"url": "https://bugzilla.suse.com/1219367"
},
{
"category": "self",
"summary": "SUSE Bug 1221651",
"url": "https://bugzilla.suse.com/1221651"
},
{
"category": "self",
"summary": "SUSE Bug 1222649",
"url": "https://bugzilla.suse.com/1222649"
},
{
"category": "self",
"summary": "SUSE Bug 1222672",
"url": "https://bugzilla.suse.com/1222672"
},
{
"category": "self",
"summary": "SUSE Bug 1222803",
"url": "https://bugzilla.suse.com/1222803"
},
{
"category": "self",
"summary": "SUSE Bug 1223047",
"url": "https://bugzilla.suse.com/1223047"
},
{
"category": "self",
"summary": "SUSE Bug 1224049",
"url": "https://bugzilla.suse.com/1224049"
},
{
"category": "self",
"summary": "SUSE Bug 1224489",
"url": "https://bugzilla.suse.com/1224489"
},
{
"category": "self",
"summary": "SUSE Bug 1224610",
"url": "https://bugzilla.suse.com/1224610"
},
{
"category": "self",
"summary": "SUSE Bug 1225533",
"url": "https://bugzilla.suse.com/1225533"
},
{
"category": "self",
"summary": "SUSE Bug 1225606",
"url": "https://bugzilla.suse.com/1225606"
},
{
"category": "self",
"summary": "SUSE Bug 1225742",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "self",
"summary": "SUSE Bug 1225770",
"url": "https://bugzilla.suse.com/1225770"
},
{
"category": "self",
"summary": "SUSE Bug 1225981",
"url": "https://bugzilla.suse.com/1225981"
},
{
"category": "self",
"summary": "SUSE Bug 1226871",
"url": "https://bugzilla.suse.com/1226871"
},
{
"category": "self",
"summary": "SUSE Bug 1227858",
"url": "https://bugzilla.suse.com/1227858"
},
{
"category": "self",
"summary": "SUSE Bug 1227937",
"url": "https://bugzilla.suse.com/1227937"
},
{
"category": "self",
"summary": "SUSE Bug 1228521",
"url": "https://bugzilla.suse.com/1228521"
},
{
"category": "self",
"summary": "SUSE Bug 1228653",
"url": "https://bugzilla.suse.com/1228653"
},
{
"category": "self",
"summary": "SUSE Bug 1229311",
"url": "https://bugzilla.suse.com/1229311"
},
{
"category": "self",
"summary": "SUSE Bug 1229361",
"url": "https://bugzilla.suse.com/1229361"
},
{
"category": "self",
"summary": "SUSE Bug 1230235",
"url": "https://bugzilla.suse.com/1230235"
},
{
"category": "self",
"summary": "SUSE Bug 1230438",
"url": "https://bugzilla.suse.com/1230438"
},
{
"category": "self",
"summary": "SUSE Bug 1230439",
"url": "https://bugzilla.suse.com/1230439"
},
{
"category": "self",
"summary": "SUSE Bug 1230497",
"url": "https://bugzilla.suse.com/1230497"
},
{
"category": "self",
"summary": "SUSE Bug 1230728",
"url": "https://bugzilla.suse.com/1230728"
},
{
"category": "self",
"summary": "SUSE Bug 1230769",
"url": "https://bugzilla.suse.com/1230769"
},
{
"category": "self",
"summary": "SUSE Bug 1230832",
"url": "https://bugzilla.suse.com/1230832"
},
{
"category": "self",
"summary": "SUSE Bug 1231088",
"url": "https://bugzilla.suse.com/1231088"
},
{
"category": "self",
"summary": "SUSE Bug 1231293",
"url": "https://bugzilla.suse.com/1231293"
},
{
"category": "self",
"summary": "SUSE Bug 1231432",
"url": "https://bugzilla.suse.com/1231432"
},
{
"category": "self",
"summary": "SUSE Bug 1231912",
"url": "https://bugzilla.suse.com/1231912"
},
{
"category": "self",
"summary": "SUSE Bug 1231920",
"url": "https://bugzilla.suse.com/1231920"
},
{
"category": "self",
"summary": "SUSE Bug 1231949",
"url": "https://bugzilla.suse.com/1231949"
},
{
"category": "self",
"summary": "SUSE Bug 1232159",
"url": "https://bugzilla.suse.com/1232159"
},
{
"category": "self",
"summary": "SUSE Bug 1232198",
"url": "https://bugzilla.suse.com/1232198"
},
{
"category": "self",
"summary": "SUSE Bug 1232201",
"url": "https://bugzilla.suse.com/1232201"
},
{
"category": "self",
"summary": "SUSE Bug 1232299",
"url": "https://bugzilla.suse.com/1232299"
},
{
"category": "self",
"summary": "SUSE Bug 1232364",
"url": "https://bugzilla.suse.com/1232364"
},
{
"category": "self",
"summary": "SUSE Bug 1232389",
"url": "https://bugzilla.suse.com/1232389"
},
{
"category": "self",
"summary": "SUSE Bug 1232421",
"url": "https://bugzilla.suse.com/1232421"
},
{
"category": "self",
"summary": "SUSE Bug 1232508",
"url": "https://bugzilla.suse.com/1232508"
},
{
"category": "self",
"summary": "SUSE Bug 1232520",
"url": "https://bugzilla.suse.com/1232520"
},
{
"category": "self",
"summary": "SUSE Bug 1232743",
"url": "https://bugzilla.suse.com/1232743"
},
{
"category": "self",
"summary": "SUSE Bug 1232812",
"url": "https://bugzilla.suse.com/1232812"
},
{
"category": "self",
"summary": "SUSE Bug 1232848",
"url": "https://bugzilla.suse.com/1232848"
},
{
"category": "self",
"summary": "SUSE Bug 1232895",
"url": "https://bugzilla.suse.com/1232895"
},
{
"category": "self",
"summary": "SUSE Bug 1232919",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "self",
"summary": "SUSE Bug 1233028",
"url": "https://bugzilla.suse.com/1233028"
},
{
"category": "self",
"summary": "SUSE Bug 1233033",
"url": "https://bugzilla.suse.com/1233033"
},
{
"category": "self",
"summary": "SUSE Bug 1233060",
"url": "https://bugzilla.suse.com/1233060"
},
{
"category": "self",
"summary": "SUSE Bug 1233109",
"url": "https://bugzilla.suse.com/1233109"
},
{
"category": "self",
"summary": "SUSE Bug 1233221",
"url": "https://bugzilla.suse.com/1233221"
},
{
"category": "self",
"summary": "SUSE Bug 1233248",
"url": "https://bugzilla.suse.com/1233248"
},
{
"category": "self",
"summary": "SUSE Bug 1233259",
"url": "https://bugzilla.suse.com/1233259"
},
{
"category": "self",
"summary": "SUSE Bug 1233260",
"url": "https://bugzilla.suse.com/1233260"
},
{
"category": "self",
"summary": "SUSE Bug 1233479",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "self",
"summary": "SUSE Bug 1233483",
"url": "https://bugzilla.suse.com/1233483"
},
{
"category": "self",
"summary": "SUSE Bug 1233522",
"url": "https://bugzilla.suse.com/1233522"
},
{
"category": "self",
"summary": "SUSE Bug 1233551",
"url": "https://bugzilla.suse.com/1233551"
},
{
"category": "self",
"summary": "SUSE Bug 1233557",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "self",
"summary": "SUSE Bug 1233749",
"url": "https://bugzilla.suse.com/1233749"
},
{
"category": "self",
"summary": "SUSE Bug 1234070",
"url": "https://bugzilla.suse.com/1234070"
},
{
"category": "self",
"summary": "SUSE Bug 1234222",
"url": "https://bugzilla.suse.com/1234222"
},
{
"category": "self",
"summary": "SUSE Bug 1234480",
"url": "https://bugzilla.suse.com/1234480"
},
{
"category": "self",
"summary": "SUSE Bug 1234828",
"url": "https://bugzilla.suse.com/1234828"
},
{
"category": "self",
"summary": "SUSE Bug 1234853",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "self",
"summary": "SUSE Bug 1234857",
"url": "https://bugzilla.suse.com/1234857"
},
{
"category": "self",
"summary": "SUSE Bug 1234891",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "self",
"summary": "SUSE Bug 1234894",
"url": "https://bugzilla.suse.com/1234894"
},
{
"category": "self",
"summary": "SUSE Bug 1234895",
"url": "https://bugzilla.suse.com/1234895"
},
{
"category": "self",
"summary": "SUSE Bug 1234896",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "self",
"summary": "SUSE Bug 1234936",
"url": "https://bugzilla.suse.com/1234936"
},
{
"category": "self",
"summary": "SUSE Bug 1234963",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "self",
"summary": "SUSE Bug 1235054",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "self",
"summary": "SUSE Bug 1235061",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "self",
"summary": "SUSE Bug 1235073",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "self",
"summary": "SUSE Bug 1235244",
"url": "https://bugzilla.suse.com/1235244"
},
{
"category": "self",
"summary": "SUSE Bug 1235435",
"url": "https://bugzilla.suse.com/1235435"
},
{
"category": "self",
"summary": "SUSE Bug 1235436",
"url": "https://bugzilla.suse.com/1235436"
},
{
"category": "self",
"summary": "SUSE Bug 1235441",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "self",
"summary": "SUSE Bug 1235455",
"url": "https://bugzilla.suse.com/1235455"
},
{
"category": "self",
"summary": "SUSE Bug 1235485",
"url": "https://bugzilla.suse.com/1235485"
},
{
"category": "self",
"summary": "SUSE Bug 1235501",
"url": "https://bugzilla.suse.com/1235501"
},
{
"category": "self",
"summary": "SUSE Bug 1235524",
"url": "https://bugzilla.suse.com/1235524"
},
{
"category": "self",
"summary": "SUSE Bug 1235589",
"url": "https://bugzilla.suse.com/1235589"
},
{
"category": "self",
"summary": "SUSE Bug 1235591",
"url": "https://bugzilla.suse.com/1235591"
},
{
"category": "self",
"summary": "SUSE Bug 1235592",
"url": "https://bugzilla.suse.com/1235592"
},
{
"category": "self",
"summary": "SUSE Bug 1235599",
"url": "https://bugzilla.suse.com/1235599"
},
{
"category": "self",
"summary": "SUSE Bug 1235609",
"url": "https://bugzilla.suse.com/1235609"
},
{
"category": "self",
"summary": "SUSE Bug 1235621",
"url": "https://bugzilla.suse.com/1235621"
},
{
"category": "self",
"summary": "SUSE Bug 1235637",
"url": "https://bugzilla.suse.com/1235637"
},
{
"category": "self",
"summary": "SUSE Bug 1235698",
"url": "https://bugzilla.suse.com/1235698"
},
{
"category": "self",
"summary": "SUSE Bug 1235711",
"url": "https://bugzilla.suse.com/1235711"
},
{
"category": "self",
"summary": "SUSE Bug 1235712",
"url": "https://bugzilla.suse.com/1235712"
},
{
"category": "self",
"summary": "SUSE Bug 1235715",
"url": "https://bugzilla.suse.com/1235715"
},
{
"category": "self",
"summary": "SUSE Bug 1235729",
"url": "https://bugzilla.suse.com/1235729"
},
{
"category": "self",
"summary": "SUSE Bug 1235733",
"url": "https://bugzilla.suse.com/1235733"
},
{
"category": "self",
"summary": "SUSE Bug 1235761",
"url": "https://bugzilla.suse.com/1235761"
},
{
"category": "self",
"summary": "SUSE Bug 1235870",
"url": "https://bugzilla.suse.com/1235870"
},
{
"category": "self",
"summary": "SUSE Bug 1235874",
"url": "https://bugzilla.suse.com/1235874"
},
{
"category": "self",
"summary": "SUSE Bug 1235914",
"url": "https://bugzilla.suse.com/1235914"
},
{
"category": "self",
"summary": "SUSE Bug 1235932",
"url": "https://bugzilla.suse.com/1235932"
},
{
"category": "self",
"summary": "SUSE Bug 1235933",
"url": "https://bugzilla.suse.com/1235933"
},
{
"category": "self",
"summary": "SUSE Bug 1235973",
"url": "https://bugzilla.suse.com/1235973"
},
{
"category": "self",
"summary": "SUSE Bug 1236099",
"url": "https://bugzilla.suse.com/1236099"
},
{
"category": "self",
"summary": "SUSE Bug 1236111",
"url": "https://bugzilla.suse.com/1236111"
},
{
"category": "self",
"summary": "SUSE Bug 1236113",
"url": "https://bugzilla.suse.com/1236113"
},
{
"category": "self",
"summary": "SUSE Bug 1236114",
"url": "https://bugzilla.suse.com/1236114"
},
{
"category": "self",
"summary": "SUSE Bug 1236115",
"url": "https://bugzilla.suse.com/1236115"
},
{
"category": "self",
"summary": "SUSE Bug 1236122",
"url": "https://bugzilla.suse.com/1236122"
},
{
"category": "self",
"summary": "SUSE Bug 1236123",
"url": "https://bugzilla.suse.com/1236123"
},
{
"category": "self",
"summary": "SUSE Bug 1236133",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "self",
"summary": "SUSE Bug 1236138",
"url": "https://bugzilla.suse.com/1236138"
},
{
"category": "self",
"summary": "SUSE Bug 1236199",
"url": "https://bugzilla.suse.com/1236199"
},
{
"category": "self",
"summary": "SUSE Bug 1236200",
"url": "https://bugzilla.suse.com/1236200"
},
{
"category": "self",
"summary": "SUSE Bug 1236203",
"url": "https://bugzilla.suse.com/1236203"
},
{
"category": "self",
"summary": "SUSE Bug 1236205",
"url": "https://bugzilla.suse.com/1236205"
},
{
"category": "self",
"summary": "SUSE Bug 1236206",
"url": "https://bugzilla.suse.com/1236206"
},
{
"category": "self",
"summary": "SUSE Bug 1236333",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "self",
"summary": "SUSE Bug 1236573",
"url": "https://bugzilla.suse.com/1236573"
},
{
"category": "self",
"summary": "SUSE Bug 1236575",
"url": "https://bugzilla.suse.com/1236575"
},
{
"category": "self",
"summary": "SUSE Bug 1236576",
"url": "https://bugzilla.suse.com/1236576"
},
{
"category": "self",
"summary": "SUSE Bug 1236591",
"url": "https://bugzilla.suse.com/1236591"
},
{
"category": "self",
"summary": "SUSE Bug 1236661",
"url": "https://bugzilla.suse.com/1236661"
},
{
"category": "self",
"summary": "SUSE Bug 1236677",
"url": "https://bugzilla.suse.com/1236677"
},
{
"category": "self",
"summary": "SUSE Bug 1236680",
"url": "https://bugzilla.suse.com/1236680"
},
{
"category": "self",
"summary": "SUSE Bug 1236681",
"url": "https://bugzilla.suse.com/1236681"
},
{
"category": "self",
"summary": "SUSE Bug 1236682",
"url": "https://bugzilla.suse.com/1236682"
},
{
"category": "self",
"summary": "SUSE Bug 1236683",
"url": "https://bugzilla.suse.com/1236683"
},
{
"category": "self",
"summary": "SUSE Bug 1236684",
"url": "https://bugzilla.suse.com/1236684"
},
{
"category": "self",
"summary": "SUSE Bug 1236685",
"url": "https://bugzilla.suse.com/1236685"
},
{
"category": "self",
"summary": "SUSE Bug 1236689",
"url": "https://bugzilla.suse.com/1236689"
},
{
"category": "self",
"summary": "SUSE Bug 1236692",
"url": "https://bugzilla.suse.com/1236692"
},
{
"category": "self",
"summary": "SUSE Bug 1236694",
"url": "https://bugzilla.suse.com/1236694"
},
{
"category": "self",
"summary": "SUSE Bug 1236698",
"url": "https://bugzilla.suse.com/1236698"
},
{
"category": "self",
"summary": "SUSE Bug 1236700",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "self",
"summary": "SUSE Bug 1236702",
"url": "https://bugzilla.suse.com/1236702"
},
{
"category": "self",
"summary": "SUSE Bug 1236752",
"url": "https://bugzilla.suse.com/1236752"
},
{
"category": "self",
"summary": "SUSE Bug 1236757",
"url": "https://bugzilla.suse.com/1236757"
},
{
"category": "self",
"summary": "SUSE Bug 1236758",
"url": "https://bugzilla.suse.com/1236758"
},
{
"category": "self",
"summary": "SUSE Bug 1236759",
"url": "https://bugzilla.suse.com/1236759"
},
{
"category": "self",
"summary": "SUSE Bug 1236760",
"url": "https://bugzilla.suse.com/1236760"
},
{
"category": "self",
"summary": "SUSE Bug 1236761",
"url": "https://bugzilla.suse.com/1236761"
},
{
"category": "self",
"summary": "SUSE Bug 1236821",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "self",
"summary": "SUSE Bug 1236822",
"url": "https://bugzilla.suse.com/1236822"
},
{
"category": "self",
"summary": "SUSE Bug 1236896",
"url": "https://bugzilla.suse.com/1236896"
},
{
"category": "self",
"summary": "SUSE Bug 1236897",
"url": "https://bugzilla.suse.com/1236897"
},
{
"category": "self",
"summary": "SUSE Bug 1236952",
"url": "https://bugzilla.suse.com/1236952"
},
{
"category": "self",
"summary": "SUSE Bug 1236967",
"url": "https://bugzilla.suse.com/1236967"
},
{
"category": "self",
"summary": "SUSE Bug 1236994",
"url": "https://bugzilla.suse.com/1236994"
},
{
"category": "self",
"summary": "SUSE Bug 1237007",
"url": "https://bugzilla.suse.com/1237007"
},
{
"category": "self",
"summary": "SUSE Bug 1237017",
"url": "https://bugzilla.suse.com/1237017"
},
{
"category": "self",
"summary": "SUSE Bug 1237025",
"url": "https://bugzilla.suse.com/1237025"
},
{
"category": "self",
"summary": "SUSE Bug 1237028",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "self",
"summary": "SUSE Bug 1237029",
"url": "https://bugzilla.suse.com/1237029"
},
{
"category": "self",
"summary": "SUSE Bug 1237045",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "self",
"summary": "SUSE Bug 1237126",
"url": "https://bugzilla.suse.com/1237126"
},
{
"category": "self",
"summary": "SUSE Bug 1237132",
"url": "https://bugzilla.suse.com/1237132"
},
{
"category": "self",
"summary": "SUSE Bug 1237139",
"url": "https://bugzilla.suse.com/1237139"
},
{
"category": "self",
"summary": "SUSE Bug 1237155",
"url": "https://bugzilla.suse.com/1237155"
},
{
"category": "self",
"summary": "SUSE Bug 1237158",
"url": "https://bugzilla.suse.com/1237158"
},
{
"category": "self",
"summary": "SUSE Bug 1237159",
"url": "https://bugzilla.suse.com/1237159"
},
{
"category": "self",
"summary": "SUSE Bug 1237164",
"url": "https://bugzilla.suse.com/1237164"
},
{
"category": "self",
"summary": "SUSE Bug 1237232",
"url": "https://bugzilla.suse.com/1237232"
},
{
"category": "self",
"summary": "SUSE Bug 1237234",
"url": "https://bugzilla.suse.com/1237234"
},
{
"category": "self",
"summary": "SUSE Bug 1237313",
"url": "https://bugzilla.suse.com/1237313"
},
{
"category": "self",
"summary": "SUSE Bug 1237325",
"url": "https://bugzilla.suse.com/1237325"
},
{
"category": "self",
"summary": "SUSE Bug 1237356",
"url": "https://bugzilla.suse.com/1237356"
},
{
"category": "self",
"summary": "SUSE Bug 1237415",
"url": "https://bugzilla.suse.com/1237415"
},
{
"category": "self",
"summary": "SUSE Bug 1237452",
"url": "https://bugzilla.suse.com/1237452"
},
{
"category": "self",
"summary": "SUSE Bug 1237504",
"url": "https://bugzilla.suse.com/1237504"
},
{
"category": "self",
"summary": "SUSE Bug 1237521",
"url": "https://bugzilla.suse.com/1237521"
},
{
"category": "self",
"summary": "SUSE Bug 1237530",
"url": "https://bugzilla.suse.com/1237530"
},
{
"category": "self",
"summary": "SUSE Bug 1237558",
"url": "https://bugzilla.suse.com/1237558"
},
{
"category": "self",
"summary": "SUSE Bug 1237562",
"url": "https://bugzilla.suse.com/1237562"
},
{
"category": "self",
"summary": "SUSE Bug 1237563",
"url": "https://bugzilla.suse.com/1237563"
},
{
"category": "self",
"summary": "SUSE Bug 1237565",
"url": "https://bugzilla.suse.com/1237565"
},
{
"category": "self",
"summary": "SUSE Bug 1237571",
"url": "https://bugzilla.suse.com/1237571"
},
{
"category": "self",
"summary": "SUSE Bug 1237848",
"url": "https://bugzilla.suse.com/1237848"
},
{
"category": "self",
"summary": "SUSE Bug 1237849",
"url": "https://bugzilla.suse.com/1237849"
},
{
"category": "self",
"summary": "SUSE Bug 1237853",
"url": "https://bugzilla.suse.com/1237853"
},
{
"category": "self",
"summary": "SUSE Bug 1237856",
"url": "https://bugzilla.suse.com/1237856"
},
{
"category": "self",
"summary": "SUSE Bug 1237873",
"url": "https://bugzilla.suse.com/1237873"
},
{
"category": "self",
"summary": "SUSE Bug 1237875",
"url": "https://bugzilla.suse.com/1237875"
},
{
"category": "self",
"summary": "SUSE Bug 1237876",
"url": "https://bugzilla.suse.com/1237876"
},
{
"category": "self",
"summary": "SUSE Bug 1237877",
"url": "https://bugzilla.suse.com/1237877"
},
{
"category": "self",
"summary": "SUSE Bug 1237879",
"url": "https://bugzilla.suse.com/1237879"
},
{
"category": "self",
"summary": "SUSE Bug 1237881",
"url": "https://bugzilla.suse.com/1237881"
},
{
"category": "self",
"summary": "SUSE Bug 1237885",
"url": "https://bugzilla.suse.com/1237885"
},
{
"category": "self",
"summary": "SUSE Bug 1237889",
"url": "https://bugzilla.suse.com/1237889"
},
{
"category": "self",
"summary": "SUSE Bug 1237890",
"url": "https://bugzilla.suse.com/1237890"
},
{
"category": "self",
"summary": "SUSE Bug 1237891",
"url": "https://bugzilla.suse.com/1237891"
},
{
"category": "self",
"summary": "SUSE Bug 1237894",
"url": "https://bugzilla.suse.com/1237894"
},
{
"category": "self",
"summary": "SUSE Bug 1237897",
"url": "https://bugzilla.suse.com/1237897"
},
{
"category": "self",
"summary": "SUSE Bug 1237900",
"url": "https://bugzilla.suse.com/1237900"
},
{
"category": "self",
"summary": "SUSE Bug 1237901",
"url": "https://bugzilla.suse.com/1237901"
},
{
"category": "self",
"summary": "SUSE Bug 1237906",
"url": "https://bugzilla.suse.com/1237906"
},
{
"category": "self",
"summary": "SUSE Bug 1237907",
"url": "https://bugzilla.suse.com/1237907"
},
{
"category": "self",
"summary": "SUSE Bug 1237911",
"url": "https://bugzilla.suse.com/1237911"
},
{
"category": "self",
"summary": "SUSE Bug 1237912",
"url": "https://bugzilla.suse.com/1237912"
},
{
"category": "self",
"summary": "SUSE Bug 1237950",
"url": "https://bugzilla.suse.com/1237950"
},
{
"category": "self",
"summary": "SUSE Bug 1238212",
"url": "https://bugzilla.suse.com/1238212"
},
{
"category": "self",
"summary": "SUSE Bug 1238214",
"url": "https://bugzilla.suse.com/1238214"
},
{
"category": "self",
"summary": "SUSE Bug 1238303",
"url": "https://bugzilla.suse.com/1238303"
},
{
"category": "self",
"summary": "SUSE Bug 1238347",
"url": "https://bugzilla.suse.com/1238347"
},
{
"category": "self",
"summary": "SUSE Bug 1238368",
"url": "https://bugzilla.suse.com/1238368"
},
{
"category": "self",
"summary": "SUSE Bug 1238474",
"url": "https://bugzilla.suse.com/1238474"
},
{
"category": "self",
"summary": "SUSE Bug 1238475",
"url": "https://bugzilla.suse.com/1238475"
},
{
"category": "self",
"summary": "SUSE Bug 1238479",
"url": "https://bugzilla.suse.com/1238479"
},
{
"category": "self",
"summary": "SUSE Bug 1238494",
"url": "https://bugzilla.suse.com/1238494"
},
{
"category": "self",
"summary": "SUSE Bug 1238496",
"url": "https://bugzilla.suse.com/1238496"
},
{
"category": "self",
"summary": "SUSE Bug 1238497",
"url": "https://bugzilla.suse.com/1238497"
},
{
"category": "self",
"summary": "SUSE Bug 1238500",
"url": "https://bugzilla.suse.com/1238500"
},
{
"category": "self",
"summary": "SUSE Bug 1238501",
"url": "https://bugzilla.suse.com/1238501"
},
{
"category": "self",
"summary": "SUSE Bug 1238502",
"url": "https://bugzilla.suse.com/1238502"
},
{
"category": "self",
"summary": "SUSE Bug 1238503",
"url": "https://bugzilla.suse.com/1238503"
},
{
"category": "self",
"summary": "SUSE Bug 1238506",
"url": "https://bugzilla.suse.com/1238506"
},
{
"category": "self",
"summary": "SUSE Bug 1238507",
"url": "https://bugzilla.suse.com/1238507"
},
{
"category": "self",
"summary": "SUSE Bug 1238509",
"url": "https://bugzilla.suse.com/1238509"
},
{
"category": "self",
"summary": "SUSE Bug 1238510",
"url": "https://bugzilla.suse.com/1238510"
},
{
"category": "self",
"summary": "SUSE Bug 1238511",
"url": "https://bugzilla.suse.com/1238511"
},
{
"category": "self",
"summary": "SUSE Bug 1238512",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "self",
"summary": "SUSE Bug 1238521",
"url": "https://bugzilla.suse.com/1238521"
},
{
"category": "self",
"summary": "SUSE Bug 1238523",
"url": "https://bugzilla.suse.com/1238523"
},
{
"category": "self",
"summary": "SUSE Bug 1238525",
"url": "https://bugzilla.suse.com/1238525"
},
{
"category": "self",
"summary": "SUSE Bug 1238526",
"url": "https://bugzilla.suse.com/1238526"
},
{
"category": "self",
"summary": "SUSE Bug 1238528",
"url": "https://bugzilla.suse.com/1238528"
},
{
"category": "self",
"summary": "SUSE Bug 1238529",
"url": "https://bugzilla.suse.com/1238529"
},
{
"category": "self",
"summary": "SUSE Bug 1238531",
"url": "https://bugzilla.suse.com/1238531"
},
{
"category": "self",
"summary": "SUSE Bug 1238532",
"url": "https://bugzilla.suse.com/1238532"
},
{
"category": "self",
"summary": "SUSE Bug 1238570",
"url": "https://bugzilla.suse.com/1238570"
},
{
"category": "self",
"summary": "SUSE Bug 1238715",
"url": "https://bugzilla.suse.com/1238715"
},
{
"category": "self",
"summary": "SUSE Bug 1238716",
"url": "https://bugzilla.suse.com/1238716"
},
{
"category": "self",
"summary": "SUSE Bug 1238734",
"url": "https://bugzilla.suse.com/1238734"
},
{
"category": "self",
"summary": "SUSE Bug 1238735",
"url": "https://bugzilla.suse.com/1238735"
},
{
"category": "self",
"summary": "SUSE Bug 1238736",
"url": "https://bugzilla.suse.com/1238736"
},
{
"category": "self",
"summary": "SUSE Bug 1238738",
"url": "https://bugzilla.suse.com/1238738"
},
{
"category": "self",
"summary": "SUSE Bug 1238739",
"url": "https://bugzilla.suse.com/1238739"
},
{
"category": "self",
"summary": "SUSE Bug 1238747",
"url": "https://bugzilla.suse.com/1238747"
},
{
"category": "self",
"summary": "SUSE Bug 1238751",
"url": "https://bugzilla.suse.com/1238751"
},
{
"category": "self",
"summary": "SUSE Bug 1238753",
"url": "https://bugzilla.suse.com/1238753"
},
{
"category": "self",
"summary": "SUSE Bug 1238754",
"url": "https://bugzilla.suse.com/1238754"
},
{
"category": "self",
"summary": "SUSE Bug 1238757",
"url": "https://bugzilla.suse.com/1238757"
},
{
"category": "self",
"summary": "SUSE Bug 1238759",
"url": "https://bugzilla.suse.com/1238759"
},
{
"category": "self",
"summary": "SUSE Bug 1238760",
"url": "https://bugzilla.suse.com/1238760"
},
{
"category": "self",
"summary": "SUSE Bug 1238762",
"url": "https://bugzilla.suse.com/1238762"
},
{
"category": "self",
"summary": "SUSE Bug 1238763",
"url": "https://bugzilla.suse.com/1238763"
},
{
"category": "self",
"summary": "SUSE Bug 1238767",
"url": "https://bugzilla.suse.com/1238767"
},
{
"category": "self",
"summary": "SUSE Bug 1238768",
"url": "https://bugzilla.suse.com/1238768"
},
{
"category": "self",
"summary": "SUSE Bug 1238771",
"url": "https://bugzilla.suse.com/1238771"
},
{
"category": "self",
"summary": "SUSE Bug 1238772",
"url": "https://bugzilla.suse.com/1238772"
},
{
"category": "self",
"summary": "SUSE Bug 1238773",
"url": "https://bugzilla.suse.com/1238773"
},
{
"category": "self",
"summary": "SUSE Bug 1238775",
"url": "https://bugzilla.suse.com/1238775"
},
{
"category": "self",
"summary": "SUSE Bug 1238780",
"url": "https://bugzilla.suse.com/1238780"
},
{
"category": "self",
"summary": "SUSE Bug 1238781",
"url": "https://bugzilla.suse.com/1238781"
},
{
"category": "self",
"summary": "SUSE Bug 1238785",
"url": "https://bugzilla.suse.com/1238785"
},
{
"category": "self",
"summary": "SUSE Bug 1238860",
"url": "https://bugzilla.suse.com/1238860"
},
{
"category": "self",
"summary": "SUSE Bug 1238863",
"url": "https://bugzilla.suse.com/1238863"
},
{
"category": "self",
"summary": "SUSE Bug 1238864",
"url": "https://bugzilla.suse.com/1238864"
},
{
"category": "self",
"summary": "SUSE Bug 1238865",
"url": "https://bugzilla.suse.com/1238865"
},
{
"category": "self",
"summary": "SUSE Bug 1238876",
"url": "https://bugzilla.suse.com/1238876"
},
{
"category": "self",
"summary": "SUSE Bug 1238877",
"url": "https://bugzilla.suse.com/1238877"
},
{
"category": "self",
"summary": "SUSE Bug 1238903",
"url": "https://bugzilla.suse.com/1238903"
},
{
"category": "self",
"summary": "SUSE Bug 1238904",
"url": "https://bugzilla.suse.com/1238904"
},
{
"category": "self",
"summary": "SUSE Bug 1238905",
"url": "https://bugzilla.suse.com/1238905"
},
{
"category": "self",
"summary": "SUSE Bug 1238909",
"url": "https://bugzilla.suse.com/1238909"
},
{
"category": "self",
"summary": "SUSE Bug 1238911",
"url": "https://bugzilla.suse.com/1238911"
},
{
"category": "self",
"summary": "SUSE Bug 1238917",
"url": "https://bugzilla.suse.com/1238917"
},
{
"category": "self",
"summary": "SUSE Bug 1238958",
"url": "https://bugzilla.suse.com/1238958"
},
{
"category": "self",
"summary": "SUSE Bug 1238959",
"url": "https://bugzilla.suse.com/1238959"
},
{
"category": "self",
"summary": "SUSE Bug 1238963",
"url": "https://bugzilla.suse.com/1238963"
},
{
"category": "self",
"summary": "SUSE Bug 1238964",
"url": "https://bugzilla.suse.com/1238964"
},
{
"category": "self",
"summary": "SUSE Bug 1238969",
"url": "https://bugzilla.suse.com/1238969"
},
{
"category": "self",
"summary": "SUSE Bug 1238971",
"url": "https://bugzilla.suse.com/1238971"
},
{
"category": "self",
"summary": "SUSE Bug 1238973",
"url": "https://bugzilla.suse.com/1238973"
},
{
"category": "self",
"summary": "SUSE Bug 1238975",
"url": "https://bugzilla.suse.com/1238975"
},
{
"category": "self",
"summary": "SUSE Bug 1238978",
"url": "https://bugzilla.suse.com/1238978"
},
{
"category": "self",
"summary": "SUSE Bug 1238979",
"url": "https://bugzilla.suse.com/1238979"
},
{
"category": "self",
"summary": "SUSE Bug 1238981",
"url": "https://bugzilla.suse.com/1238981"
},
{
"category": "self",
"summary": "SUSE Bug 1238984",
"url": "https://bugzilla.suse.com/1238984"
},
{
"category": "self",
"summary": "SUSE Bug 1238986",
"url": "https://bugzilla.suse.com/1238986"
},
{
"category": "self",
"summary": "SUSE Bug 1238993",
"url": "https://bugzilla.suse.com/1238993"
},
{
"category": "self",
"summary": "SUSE Bug 1238994",
"url": "https://bugzilla.suse.com/1238994"
},
{
"category": "self",
"summary": "SUSE Bug 1238997",
"url": "https://bugzilla.suse.com/1238997"
},
{
"category": "self",
"summary": "SUSE Bug 1239015",
"url": "https://bugzilla.suse.com/1239015"
},
{
"category": "self",
"summary": "SUSE Bug 1239016",
"url": "https://bugzilla.suse.com/1239016"
},
{
"category": "self",
"summary": "SUSE Bug 1239027",
"url": "https://bugzilla.suse.com/1239027"
},
{
"category": "self",
"summary": "SUSE Bug 1239029",
"url": "https://bugzilla.suse.com/1239029"
},
{
"category": "self",
"summary": "SUSE Bug 1239030",
"url": "https://bugzilla.suse.com/1239030"
},
{
"category": "self",
"summary": "SUSE Bug 1239033",
"url": "https://bugzilla.suse.com/1239033"
},
{
"category": "self",
"summary": "SUSE Bug 1239034",
"url": "https://bugzilla.suse.com/1239034"
},
{
"category": "self",
"summary": "SUSE Bug 1239036",
"url": "https://bugzilla.suse.com/1239036"
},
{
"category": "self",
"summary": "SUSE Bug 1239037",
"url": "https://bugzilla.suse.com/1239037"
},
{
"category": "self",
"summary": "SUSE Bug 1239038",
"url": "https://bugzilla.suse.com/1239038"
},
{
"category": "self",
"summary": "SUSE Bug 1239039",
"url": "https://bugzilla.suse.com/1239039"
},
{
"category": "self",
"summary": "SUSE Bug 1239045",
"url": "https://bugzilla.suse.com/1239045"
},
{
"category": "self",
"summary": "SUSE Bug 1239065",
"url": "https://bugzilla.suse.com/1239065"
},
{
"category": "self",
"summary": "SUSE Bug 1239068",
"url": "https://bugzilla.suse.com/1239068"
},
{
"category": "self",
"summary": "SUSE Bug 1239073",
"url": "https://bugzilla.suse.com/1239073"
},
{
"category": "self",
"summary": "SUSE Bug 1239076",
"url": "https://bugzilla.suse.com/1239076"
},
{
"category": "self",
"summary": "SUSE Bug 1239080",
"url": "https://bugzilla.suse.com/1239080"
},
{
"category": "self",
"summary": "SUSE Bug 1239085",
"url": "https://bugzilla.suse.com/1239085"
},
{
"category": "self",
"summary": "SUSE Bug 1239087",
"url": "https://bugzilla.suse.com/1239087"
},
{
"category": "self",
"summary": "SUSE Bug 1239095",
"url": "https://bugzilla.suse.com/1239095"
},
{
"category": "self",
"summary": "SUSE Bug 1239104",
"url": "https://bugzilla.suse.com/1239104"
},
{
"category": "self",
"summary": "SUSE Bug 1239105",
"url": "https://bugzilla.suse.com/1239105"
},
{
"category": "self",
"summary": "SUSE Bug 1239109",
"url": "https://bugzilla.suse.com/1239109"
},
{
"category": "self",
"summary": "SUSE Bug 1239112",
"url": "https://bugzilla.suse.com/1239112"
},
{
"category": "self",
"summary": "SUSE Bug 1239114",
"url": "https://bugzilla.suse.com/1239114"
},
{
"category": "self",
"summary": "SUSE Bug 1239115",
"url": "https://bugzilla.suse.com/1239115"
},
{
"category": "self",
"summary": "SUSE Bug 1239117",
"url": "https://bugzilla.suse.com/1239117"
},
{
"category": "self",
"summary": "SUSE Bug 1239167",
"url": "https://bugzilla.suse.com/1239167"
},
{
"category": "self",
"summary": "SUSE Bug 1239174",
"url": "https://bugzilla.suse.com/1239174"
},
{
"category": "self",
"summary": "SUSE Bug 1239346",
"url": "https://bugzilla.suse.com/1239346"
},
{
"category": "self",
"summary": "SUSE Bug 1239349",
"url": "https://bugzilla.suse.com/1239349"
},
{
"category": "self",
"summary": "SUSE Bug 1239435",
"url": "https://bugzilla.suse.com/1239435"
},
{
"category": "self",
"summary": "SUSE Bug 1239467",
"url": "https://bugzilla.suse.com/1239467"
},
{
"category": "self",
"summary": "SUSE Bug 1239468",
"url": "https://bugzilla.suse.com/1239468"
},
{
"category": "self",
"summary": "SUSE Bug 1239471",
"url": "https://bugzilla.suse.com/1239471"
},
{
"category": "self",
"summary": "SUSE Bug 1239473",
"url": "https://bugzilla.suse.com/1239473"
},
{
"category": "self",
"summary": "SUSE Bug 1239474",
"url": "https://bugzilla.suse.com/1239474"
},
{
"category": "self",
"summary": "SUSE Bug 1239477",
"url": "https://bugzilla.suse.com/1239477"
},
{
"category": "self",
"summary": "SUSE Bug 1239478",
"url": "https://bugzilla.suse.com/1239478"
},
{
"category": "self",
"summary": "SUSE Bug 1239479",
"url": "https://bugzilla.suse.com/1239479"
},
{
"category": "self",
"summary": "SUSE Bug 1239481",
"url": "https://bugzilla.suse.com/1239481"
},
{
"category": "self",
"summary": "SUSE Bug 1239482",
"url": "https://bugzilla.suse.com/1239482"
},
{
"category": "self",
"summary": "SUSE Bug 1239483",
"url": "https://bugzilla.suse.com/1239483"
},
{
"category": "self",
"summary": "SUSE Bug 1239484",
"url": "https://bugzilla.suse.com/1239484"
},
{
"category": "self",
"summary": "SUSE Bug 1239486",
"url": "https://bugzilla.suse.com/1239486"
},
{
"category": "self",
"summary": "SUSE Bug 1239508",
"url": "https://bugzilla.suse.com/1239508"
},
{
"category": "self",
"summary": "SUSE Bug 1239512",
"url": "https://bugzilla.suse.com/1239512"
},
{
"category": "self",
"summary": "SUSE Bug 1239518",
"url": "https://bugzilla.suse.com/1239518"
},
{
"category": "self",
"summary": "SUSE Bug 1239573",
"url": "https://bugzilla.suse.com/1239573"
},
{
"category": "self",
"summary": "SUSE Bug 1239594",
"url": "https://bugzilla.suse.com/1239594"
},
{
"category": "self",
"summary": "SUSE Bug 1239595",
"url": "https://bugzilla.suse.com/1239595"
},
{
"category": "self",
"summary": "SUSE Bug 1239600",
"url": "https://bugzilla.suse.com/1239600"
},
{
"category": "self",
"summary": "SUSE Bug 1239605",
"url": "https://bugzilla.suse.com/1239605"
},
{
"category": "self",
"summary": "SUSE Bug 1239615",
"url": "https://bugzilla.suse.com/1239615"
},
{
"category": "self",
"summary": "SUSE Bug 1239644",
"url": "https://bugzilla.suse.com/1239644"
},
{
"category": "self",
"summary": "SUSE Bug 1239707",
"url": "https://bugzilla.suse.com/1239707"
},
{
"category": "self",
"summary": "SUSE Bug 1239986",
"url": "https://bugzilla.suse.com/1239986"
},
{
"category": "self",
"summary": "SUSE Bug 1239994",
"url": "https://bugzilla.suse.com/1239994"
},
{
"category": "self",
"summary": "SUSE Bug 1240169",
"url": "https://bugzilla.suse.com/1240169"
},
{
"category": "self",
"summary": "SUSE Bug 1240172",
"url": "https://bugzilla.suse.com/1240172"
},
{
"category": "self",
"summary": "SUSE Bug 1240173",
"url": "https://bugzilla.suse.com/1240173"
},
{
"category": "self",
"summary": "SUSE Bug 1240175",
"url": "https://bugzilla.suse.com/1240175"
},
{
"category": "self",
"summary": "SUSE Bug 1240177",
"url": "https://bugzilla.suse.com/1240177"
},
{
"category": "self",
"summary": "SUSE Bug 1240179",
"url": "https://bugzilla.suse.com/1240179"
},
{
"category": "self",
"summary": "SUSE Bug 1240182",
"url": "https://bugzilla.suse.com/1240182"
},
{
"category": "self",
"summary": "SUSE Bug 1240183",
"url": "https://bugzilla.suse.com/1240183"
},
{
"category": "self",
"summary": "SUSE Bug 1240186",
"url": "https://bugzilla.suse.com/1240186"
},
{
"category": "self",
"summary": "SUSE Bug 1240188",
"url": "https://bugzilla.suse.com/1240188"
},
{
"category": "self",
"summary": "SUSE Bug 1240189",
"url": "https://bugzilla.suse.com/1240189"
},
{
"category": "self",
"summary": "SUSE Bug 1240191",
"url": "https://bugzilla.suse.com/1240191"
},
{
"category": "self",
"summary": "SUSE Bug 1240192",
"url": "https://bugzilla.suse.com/1240192"
},
{
"category": "self",
"summary": "SUSE Bug 1240333",
"url": "https://bugzilla.suse.com/1240333"
},
{
"category": "self",
"summary": "SUSE Bug 1240334",
"url": "https://bugzilla.suse.com/1240334"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52831 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52924 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52925 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52926 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52926/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52927 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26634 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26634/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26708 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26810 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26873 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35826 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35910 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35910/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38606 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41005 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41077 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41149 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41149/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42307 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43820 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45010 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46736 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46782 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46796 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46858 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47408 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47408/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47701 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47794 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49571 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49884 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49924 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49940 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49940/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49950 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50029 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50036 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50073 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50115 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50126 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50140 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50142 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50152 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50185 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50251 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50251/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50258 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50290 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50294 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50294/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50304 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-52559 page",
"url": "https://www.suse.com/security/cve/CVE-2024-52559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53057 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53123 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53140 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53147 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53163 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53173 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53177 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53178 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53226 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53239 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53680 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-54683 page",
"url": "https://www.suse.com/security/cve/CVE-2024-54683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56539 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56548 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56579 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56592 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56592/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56605 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56605/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56633 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56638 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56640 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56647 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56658 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56702 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56703 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56718 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56719 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56720 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56751 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56758 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56758/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56770 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56770/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57807 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57834 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57882 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57889 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57900 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57947 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57948 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57973 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57978 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57979 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57979/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57981 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57986 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57990 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57990/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57993 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57996 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57997 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57999 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58002 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58005 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58006 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58007 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58011 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58012 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58013 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58014 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58017 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58019 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58020 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58034 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58034/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58051 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58052 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58054 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58054/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58057 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58058 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58061 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58069 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58072 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58072/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58076 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58078 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58079 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58080 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58083 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58086 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21631 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21635 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21635/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21636 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21637 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21638 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21639 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21640 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21647 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21659 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21665 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21666 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21667 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21668 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21669 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21670 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21671 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21675 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21675/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21678 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21680 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21681 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21684 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21687 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21688 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21689 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21689/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21690 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21693 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21699 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21701 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21703 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21704 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21705 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21706 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21708 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21711 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21714 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21715 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21716 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21718 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21719 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21723 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21727 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21731 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21732 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21733 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21734 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21735 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21736 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21738 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21739 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21741 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21742 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21743 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21743/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21744 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21745 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21745/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21749 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21750 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21753 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21756 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21759 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21759/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21760 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21760/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21761 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21762 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21762/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21763 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21764 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21765 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21765/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21766 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21767 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21772 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21773 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21773/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21775 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21776 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21776/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21779 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21780 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21780/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21781 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21782 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21784 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21784/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21785 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21790 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21793 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21793/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21794 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21796 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21799 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21802 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21804 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21804/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21810 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21815 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21819 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21820 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21821 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21823 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21825 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21828 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21829 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21830 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21831 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21832 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21835 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21838 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21838/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21844 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21846 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21847 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21848 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21848/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21850 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21855 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21856 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21857 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21858 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21859 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21861 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21862 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21864 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21865 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21866 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21871 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21876 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21877 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21878 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21883 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21883/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21885 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21886 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21888 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21890 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21891 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21892 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21892/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-04-17T10:48:21Z",
"generator": {
"date": "2025-04-17T10:48:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20260-1",
"initial_release_date": "2025-04-17T10:48:21Z",
"revision_history": [
{
"date": "2025-04-17T10:48:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-6.4.0-28.1.aarch64",
"product": {
"name": "kernel-rt-6.4.0-28.1.aarch64",
"product_id": "kernel-rt-6.4.0-28.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-6.4.0-28.1.aarch64",
"product": {
"name": "kernel-rt-devel-6.4.0-28.1.aarch64",
"product_id": "kernel-rt-devel-6.4.0-28.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-6.4.0-28.1.noarch",
"product": {
"name": "kernel-devel-rt-6.4.0-28.1.noarch",
"product_id": "kernel-devel-rt-6.4.0-28.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-6.4.0-28.1.noarch",
"product": {
"name": "kernel-source-rt-6.4.0-28.1.noarch",
"product_id": "kernel-source-rt-6.4.0-28.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-rt-6.4.0-28.1.x86_64",
"product_id": "kernel-rt-6.4.0-28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-rt-devel-6.4.0-28.1.x86_64",
"product_id": "kernel-rt-devel-6.4.0-28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-6.4.0-28.1.x86_64",
"product_id": "kernel-rt-livepatch-6.4.0-28.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-6.4.0-28.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch"
},
"product_reference": "kernel-devel-rt-6.4.0-28.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-28.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64"
},
"product_reference": "kernel-rt-6.4.0-28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-rt-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.4.0-28.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64"
},
"product_reference": "kernel-rt-devel-6.4.0-28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-rt-devel-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-livepatch-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-rt-livepatch-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-6.4.0-28.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
},
"product_reference": "kernel-source-rt-6.4.0-28.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpu/hotplug: Don\u0027t offline the last non-isolated CPU\n\nIf a system has isolated CPUs via the \"isolcpus=\" command line parameter,\nthen an attempt to offline the last housekeeping CPU will result in a\nWARN_ON() when rebuilding the scheduler domains and a subsequent panic due\nto and unhandled empty CPU mas in partition_sched_domains_locked().\n\ncpuset_hotplug_workfn()\n rebuild_sched_domains_locked()\n ndoms = generate_sched_domains(\u0026doms, \u0026attr);\n cpumask_and(doms[0], top_cpuset.effective_cpus, housekeeping_cpumask(HK_FLAG_DOMAIN));\n\nThus results in an empty CPU mask which triggers the warning and then the\nsubsequent crash:\n\nWARNING: CPU: 4 PID: 80 at kernel/sched/topology.c:2366 build_sched_domains+0x120c/0x1408\nCall trace:\n build_sched_domains+0x120c/0x1408\n partition_sched_domains_locked+0x234/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n rebuild_sched_domains+0x30/0x58\n cpuset_hotplug_workfn+0x2a8/0x930\n\nUnable to handle kernel paging request at virtual address fffe80027ab37080\n partition_sched_domains_locked+0x318/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n\nAside of the resulting crash, it does not make any sense to offline the last\nlast housekeeping CPU.\n\nPrevent this by masking out the non-housekeeping CPUs when selecting a\ntarget CPU for initiating the CPU unplug operation via the work queue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52831",
"url": "https://www.suse.com/security/cve/CVE-2023-52831"
},
{
"category": "external",
"summary": "SUSE Bug 1225533 for CVE-2023-52831",
"url": "https://bugzilla.suse.com/1225533"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2023-52831"
},
{
"cve": "CVE-2023-52924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t skip expired elements during walk\n\nThere is an asymmetry between commit/abort and preparation phase if the\nfollowing conditions are met:\n\n1. set is a verdict map (\"1.2.3.4 : jump foo\")\n2. timeouts are enabled\n\nIn this case, following sequence is problematic:\n\n1. element E in set S refers to chain C\n2. userspace requests removal of set S\n3. kernel does a set walk to decrement chain-\u003euse count for all elements\n from preparation phase\n4. kernel does another set walk to remove elements from the commit phase\n (or another walk to do a chain-\u003euse increment for all elements from\n abort phase)\n\nIf E has already expired in 1), it will be ignored during list walk, so its use count\nwon\u0027t have been changed.\n\nThen, when set is culled, -\u003edestroy callback will zap the element via\nnf_tables_set_elem_destroy(), but this function is only safe for\nelements that have been deactivated earlier from the preparation phase:\nlack of earlier deactivate removes the element but leaks the chain use\ncount, which results in a WARN splat when the chain gets removed later,\nplus a leak of the nft_chain structure.\n\nUpdate pipapo_get() not to skip expired elements, otherwise flush\ncommand reports bogus ENOENT errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52924",
"url": "https://www.suse.com/security/cve/CVE-2023-52924"
},
{
"category": "external",
"summary": "SUSE Bug 1236821 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "external",
"summary": "SUSE Bug 1244630 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1244630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2023-52924"
},
{
"cve": "CVE-2023-52925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t fail inserts if duplicate has expired\n\nnftables selftests fail:\nrun-tests.sh testcases/sets/0044interval_overlap_0\nExpected: 0-2 . 0-3, got:\nW: [FAILED] ./testcases/sets/0044interval_overlap_0: got 1\n\nInsertion must ignore duplicate but expired entries.\n\nMoreover, there is a strange asymmetry in nft_pipapo_activate:\n\nIt refetches the current element, whereas the other -\u003eactivate callbacks\n(bitmap, hash, rhash, rbtree) use elem-\u003epriv.\nSame for .remove: other set implementations take elem-\u003epriv,\nnft_pipapo_remove fetches elem-\u003epriv, then does a relookup,\nremove this.\n\nI suspect this was the reason for the change that prompted the\nremoval of the expired check in pipapo_get() in the first place,\nbut skipping exired elements there makes no sense to me, this helper\nis used for normal get requests, insertions (duplicate check)\nand deactivate callback.\n\nIn first two cases expired elements must be skipped.\n\nFor -\u003edeactivate(), this gets called for DELSETELEM, so it\nseems to me that expired elements should be skipped as well, i.e.\ndelete request should fail with -ENOENT error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52925",
"url": "https://www.suse.com/security/cve/CVE-2023-52925"
},
{
"category": "external",
"summary": "SUSE Bug 1236822 for CVE-2023-52925",
"url": "https://bugzilla.suse.com/1236822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2023-52925"
},
{
"cve": "CVE-2023-52926",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52926"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIORING_OP_READ did not correctly consume the provided buffer list when\nread i/o returned \u003c 0 (except for -EAGAIN and -EIOCBQUEUED return).\nThis can lead to a potential use-after-free when the completion via\nio_rw_done runs at separate context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52926",
"url": "https://www.suse.com/security/cve/CVE-2023-52926"
},
{
"category": "external",
"summary": "SUSE Bug 1237565 for CVE-2023-52926",
"url": "https://bugzilla.suse.com/1237565"
},
{
"category": "external",
"summary": "SUSE Bug 1237567 for CVE-2023-52926",
"url": "https://bugzilla.suse.com/1237567"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2023-52926"
},
{
"cve": "CVE-2023-52927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: allow exp not to be removed in nf_ct_find_expectation\n\nCurrently nf_conntrack_in() calling nf_ct_find_expectation() will\nremove the exp from the hash table. However, in some scenario, we\nexpect the exp not to be removed when the created ct will not be\nconfirmed, like in OVS and TC conntrack in the following patches.\n\nThis patch allows exp not to be removed by setting IPS_CONFIRMED\nin the status of the tmpl.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52927",
"url": "https://www.suse.com/security/cve/CVE-2023-52927"
},
{
"category": "external",
"summary": "SUSE Bug 1239644 for CVE-2023-52927",
"url": "https://bugzilla.suse.com/1239644"
},
{
"category": "external",
"summary": "SUSE Bug 1246016 for CVE-2023-52927",
"url": "https://bugzilla.suse.com/1246016"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2023-52927"
},
{
"cve": "CVE-2024-26634",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26634"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix removing a namespace with conflicting altnames\n\nMark reports a BUG() when a net namespace is removed.\n\n kernel BUG at net/core/dev.c:11520!\n\nPhysical interfaces moved outside of init_net get \"refunded\"\nto init_net when that namespace disappears. The main interface\nname may get overwritten in the process if it would have\nconflicted. We need to also discard all conflicting altnames.\nRecent fixes addressed ensuring that altnames get moved\nwith the main interface, which surfaced this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26634",
"url": "https://www.suse.com/security/cve/CVE-2024-26634"
},
{
"category": "external",
"summary": "SUSE Bug 1221651 for CVE-2024-26634",
"url": "https://bugzilla.suse.com/1221651"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-26634"
},
{
"cve": "CVE-2024-26708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: really cope with fastopen race\n\nFastopen and PM-trigger subflow shutdown can race, as reported by\nsyzkaller.\n\nIn my first attempt to close such race, I missed the fact that\nthe subflow status can change again before the subflow_state_change\ncallback is invoked.\n\nAddress the issue additionally copying with all the states directly\nreachable from TCP_FIN_WAIT1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26708",
"url": "https://www.suse.com/security/cve/CVE-2024-26708"
},
{
"category": "external",
"summary": "SUSE Bug 1222672 for CVE-2024-26708",
"url": "https://bugzilla.suse.com/1222672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-26708"
},
{
"cve": "CVE-2024-26810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Lock external INTx masking ops\n\nMask operations through config space changes to DisINTx may race INTx\nconfiguration changes via ioctl. Create wrappers that add locking for\npaths outside of the core interrupt code.\n\nIn particular, irq_type is updated holding igate, therefore testing\nis_intx() requires holding igate. For example clearing DisINTx from\nconfig space can otherwise race changes of the interrupt configuration.\n\nThis aligns interfaces which may trigger the INTx eventfd into two\ncamps, one side serialized by igate and the other only enabled while\nINTx is configured. A subsequent patch introduces synchronization for\nthe latter flows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26810",
"url": "https://www.suse.com/security/cve/CVE-2024-26810"
},
{
"category": "external",
"summary": "SUSE Bug 1222803 for CVE-2024-26810",
"url": "https://bugzilla.suse.com/1222803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-26810"
},
{
"cve": "CVE-2024-26873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26873"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hisi_sas: Fix a deadlock issue related to automatic dump\n\nIf we issue a disabling PHY command, the device attached with it will go\noffline, if a 2 bit ECC error occurs at the same time, a hung task may be\nfound:\n\n[ 4613.652388] INFO: task kworker/u256:0:165233 blocked for more than 120 seconds.\n[ 4613.666297] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.674809] task:kworker/u256:0 state:D stack: 0 pid:165233 ppid: 2 flags:0x00000208\n[ 4613.683959] Workqueue: 0000:74:02.0_disco_q sas_revalidate_domain [libsas]\n[ 4613.691518] Call trace:\n[ 4613.694678] __switch_to+0xf8/0x17c\n[ 4613.698872] __schedule+0x660/0xee0\n[ 4613.703063] schedule+0xac/0x240\n[ 4613.706994] schedule_timeout+0x500/0x610\n[ 4613.711705] __down+0x128/0x36c\n[ 4613.715548] down+0x240/0x2d0\n[ 4613.719221] hisi_sas_internal_abort_timeout+0x1bc/0x260 [hisi_sas_main]\n[ 4613.726618] sas_execute_internal_abort+0x144/0x310 [libsas]\n[ 4613.732976] sas_execute_internal_abort_dev+0x44/0x60 [libsas]\n[ 4613.739504] hisi_sas_internal_task_abort_dev.isra.0+0xbc/0x1b0 [hisi_sas_main]\n[ 4613.747499] hisi_sas_dev_gone+0x174/0x250 [hisi_sas_main]\n[ 4613.753682] sas_notify_lldd_dev_gone+0xec/0x2e0 [libsas]\n[ 4613.759781] sas_unregister_common_dev+0x4c/0x7a0 [libsas]\n[ 4613.765962] sas_destruct_devices+0xb8/0x120 [libsas]\n[ 4613.771709] sas_do_revalidate_domain.constprop.0+0x1b8/0x31c [libsas]\n[ 4613.778930] sas_revalidate_domain+0x60/0xa4 [libsas]\n[ 4613.784716] process_one_work+0x248/0x950\n[ 4613.789424] worker_thread+0x318/0x934\n[ 4613.793878] kthread+0x190/0x200\n[ 4613.797810] ret_from_fork+0x10/0x18\n[ 4613.802121] INFO: task kworker/u256:4:316722 blocked for more than 120 seconds.\n[ 4613.816026] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.824538] task:kworker/u256:4 state:D stack: 0 pid:316722 ppid: 2 flags:0x00000208\n[ 4613.833670] Workqueue: 0000:74:02.0 hisi_sas_rst_work_handler [hisi_sas_main]\n[ 4613.841491] Call trace:\n[ 4613.844647] __switch_to+0xf8/0x17c\n[ 4613.848852] __schedule+0x660/0xee0\n[ 4613.853052] schedule+0xac/0x240\n[ 4613.856984] schedule_timeout+0x500/0x610\n[ 4613.861695] __down+0x128/0x36c\n[ 4613.865542] down+0x240/0x2d0\n[ 4613.869216] hisi_sas_controller_prereset+0x58/0x1fc [hisi_sas_main]\n[ 4613.876324] hisi_sas_rst_work_handler+0x40/0x8c [hisi_sas_main]\n[ 4613.883019] process_one_work+0x248/0x950\n[ 4613.887732] worker_thread+0x318/0x934\n[ 4613.892204] kthread+0x190/0x200\n[ 4613.896118] ret_from_fork+0x10/0x18\n[ 4613.900423] INFO: task kworker/u256:1:348985 blocked for more than 121 seconds.\n[ 4613.914341] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.922852] task:kworker/u256:1 state:D stack: 0 pid:348985 ppid: 2 flags:0x00000208\n[ 4613.931984] Workqueue: 0000:74:02.0_event_q sas_port_event_worker [libsas]\n[ 4613.939549] Call trace:\n[ 4613.942702] __switch_to+0xf8/0x17c\n[ 4613.946892] __schedule+0x660/0xee0\n[ 4613.951083] schedule+0xac/0x240\n[ 4613.955015] schedule_timeout+0x500/0x610\n[ 4613.959725] wait_for_common+0x200/0x610\n[ 4613.964349] wait_for_completion+0x3c/0x5c\n[ 4613.969146] flush_workqueue+0x198/0x790\n[ 4613.973776] sas_porte_broadcast_rcvd+0x1e8/0x320 [libsas]\n[ 4613.979960] sas_port_event_worker+0x54/0xa0 [libsas]\n[ 4613.985708] process_one_work+0x248/0x950\n[ 4613.990420] worker_thread+0x318/0x934\n[ 4613.994868] kthread+0x190/0x200\n[ 4613.998800] ret_from_fork+0x10/0x18\n\nThis is because when the device goes offline, we obtain the hisi_hba\nsemaphore and send the ABORT_DEV command to the device. However, the\ninternal abort timed out due to the 2 bit ECC error and triggers automatic\ndump. In addition, since the hisi_hba semaphore has been obtained, the dump\ncannot be executed and the controller cannot be reset.\n\nTherefore, the deadlocks occur on the following circular dependencies\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26873",
"url": "https://www.suse.com/security/cve/CVE-2024-26873"
},
{
"category": "external",
"summary": "SUSE Bug 1223047 for CVE-2024-26873",
"url": "https://bugzilla.suse.com/1223047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-26873"
},
{
"cve": "CVE-2024-35826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35826"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix page refcounts for unaligned buffers in __bio_release_pages()\n\nFix an incorrect number of pages being released for buffers that do not\nstart at the beginning of a page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35826",
"url": "https://www.suse.com/security/cve/CVE-2024-35826"
},
{
"category": "external",
"summary": "SUSE Bug 1224610 for CVE-2024-35826",
"url": "https://bugzilla.suse.com/1224610"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-35826"
},
{
"cve": "CVE-2024-35910",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35910"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: properly terminate timers for kernel sockets\n\nWe had various syzbot reports about tcp timers firing after\nthe corresponding netns has been dismantled.\n\nFortunately Josef Bacik could trigger the issue more often,\nand could test a patch I wrote two years ago.\n\nWhen TCP sockets are closed, we call inet_csk_clear_xmit_timers()\nto \u0027stop\u0027 the timers.\n\ninet_csk_clear_xmit_timers() can be called from any context,\nincluding when socket lock is held.\nThis is the reason it uses sk_stop_timer(), aka del_timer().\nThis means that ongoing timers might finish much later.\n\nFor user sockets, this is fine because each running timer\nholds a reference on the socket, and the user socket holds\na reference on the netns.\n\nFor kernel sockets, we risk that the netns is freed before\ntimer can complete, because kernel sockets do not hold\nreference on the netns.\n\nThis patch adds inet_csk_clear_xmit_timers_sync() function\nthat using sk_stop_timer_sync() to make sure all timers\nare terminated before the kernel socket is released.\nModules using kernel sockets close them in their netns exit()\nhandler.\n\nAlso add sock_not_owned_by_me() helper to get LOCKDEP\nsupport : inet_csk_clear_xmit_timers_sync() must not be called\nwhile socket lock is held.\n\nIt is very possible we can revert in the future commit\n3a58f13a881e (\"net: rds: acquire refcount on TCP sockets\")\nwhich attempted to solve the issue in rds only.\n(net/smc/af_smc.c and net/mptcp/subflow.c have similar code)\n\nWe probably can remove the check_net() tests from\ntcp_out_of_resources() and __tcp_close() in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35910",
"url": "https://www.suse.com/security/cve/CVE-2024-35910"
},
{
"category": "external",
"summary": "SUSE Bug 1224489 for CVE-2024-35910",
"url": "https://bugzilla.suse.com/1224489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-35910"
},
{
"cve": "CVE-2024-38606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38606"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - validate slices count returned by FW\n\nThe function adf_send_admin_tl_start() enables the telemetry (TL)\nfeature on a QAT device by sending the ICP_QAT_FW_TL_START message to\nthe firmware. This triggers the FW to start writing TL data to a DMA\nbuffer in memory and returns an array containing the number of\naccelerators of each type (slices) supported by this HW.\nThe pointer to this array is stored in the adf_tl_hw_data data\nstructure called slice_cnt.\n\nThe array slice_cnt is then used in the function tl_print_dev_data()\nto report in debugfs only statistics about the supported accelerators.\nAn incorrect value of the elements in slice_cnt might lead to an out\nof bounds memory read.\nAt the moment, there isn\u0027t an implementation of FW that returns a wrong\nvalue, but for robustness validate the slice count array returned by FW.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38606",
"url": "https://www.suse.com/security/cve/CVE-2024-38606"
},
{
"category": "external",
"summary": "SUSE Bug 1226871 for CVE-2024-38606",
"url": "https://bugzilla.suse.com/1226871"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-38606"
},
{
"cve": "CVE-2024-40980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: replace spin_lock by raw_spin_lock\n\ntrace_drop_common() is called with preemption disabled, and it acquires\na spin_lock. This is problematic for RT kernels because spin_locks are\nsleeping locks in this configuration, which causes the following splat:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47\npreempt_count: 1, expected: 0\nRCU nest depth: 2, expected: 2\n5 locks held by rcuc/47/449:\n #0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210\n #1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130\n #2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210\n #3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70\n #4: ff1100086ee07520 (\u0026data-\u003elock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290\nirq event stamp: 139909\nhardirqs last enabled at (139908): [\u003cffffffffb1df2b33\u003e] _raw_spin_unlock_irqrestore+0x63/0x80\nhardirqs last disabled at (139909): [\u003cffffffffb19bd03d\u003e] trace_drop_common.constprop.0+0x26d/0x290\nsoftirqs last enabled at (139892): [\u003cffffffffb07a1083\u003e] __local_bh_enable_ip+0x103/0x170\nsoftirqs last disabled at (139898): [\u003cffffffffb0909b33\u003e] rcu_cpu_kthread+0x93/0x1f0\nPreemption disabled at:\n[\u003cffffffffb1de786b\u003e] rt_mutex_slowunlock+0xab/0x2e0\nCPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7\nHardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x8c/0xd0\n dump_stack+0x14/0x20\n __might_resched+0x21e/0x2f0\n rt_spin_lock+0x5e/0x130\n ? trace_drop_common.constprop.0+0xb5/0x290\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_drop_common.constprop.0+0xb5/0x290\n ? preempt_count_sub+0x1c/0xd0\n ? _raw_spin_unlock_irqrestore+0x4a/0x80\n ? __pfx_trace_drop_common.constprop.0+0x10/0x10\n ? rt_mutex_slowunlock+0x26a/0x2e0\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_rt_mutex_slowunlock+0x10/0x10\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_kfree_skb_hit+0x15/0x20\n trace_kfree_skb+0xe9/0x150\n kfree_skb_reason+0x7b/0x110\n skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_skb_queue_purge_reason.part.0+0x10/0x10\n ? mark_lock.part.0+0x8a/0x520\n...\n\ntrace_drop_common() also disables interrupts, but this is a minor issue\nbecause we could easily replace it with a local_lock.\n\nReplace the spin_lock with raw_spin_lock to avoid sleeping in atomic\ncontext.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40980",
"url": "https://www.suse.com/security/cve/CVE-2024-40980"
},
{
"category": "external",
"summary": "SUSE Bug 1227937 for CVE-2024-40980",
"url": "https://bugzilla.suse.com/1227937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-40980"
},
{
"cve": "CVE-2024-41005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetpoll: Fix race condition in netpoll_owner_active\n\nKCSAN detected a race condition in netpoll:\n\n\tBUG: KCSAN: data-race in net_rx_action / netpoll_send_skb\n\twrite (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10:\n\tnet_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)\n\u003csnip\u003e\n\tread to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2:\n\tnetpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393)\n\tnetpoll_send_udp (net/core/netpoll.c:?)\n\u003csnip\u003e\n\tvalue changed: 0x0000000a -\u003e 0xffffffff\n\nThis happens because netpoll_owner_active() needs to check if the\ncurrent CPU is the owner of the lock, touching napi-\u003epoll_owner\nnon atomically. The -\u003epoll_owner field contains the current CPU holding\nthe lock.\n\nUse an atomic read to check if the poll owner is the current CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41005",
"url": "https://www.suse.com/security/cve/CVE-2024-41005"
},
{
"category": "external",
"summary": "SUSE Bug 1227858 for CVE-2024-41005",
"url": "https://bugzilla.suse.com/1227858"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-41005"
},
{
"cve": "CVE-2024-41055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: prevent derefencing NULL ptr in pfn_section_valid()\n\nCommit 5ec8e8ea8b77 (\"mm/sparsemem: fix race in accessing\nmemory_section-\u003eusage\") changed pfn_section_valid() to add a READ_ONCE()\ncall around \"ms-\u003eusage\" to fix a race with section_deactivate() where\nms-\u003eusage can be cleared. The READ_ONCE() call, by itself, is not enough\nto prevent NULL pointer dereference. We need to check its value before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41055",
"url": "https://www.suse.com/security/cve/CVE-2024-41055"
},
{
"category": "external",
"summary": "SUSE Bug 1228521 for CVE-2024-41055",
"url": "https://bugzilla.suse.com/1228521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-41055"
},
{
"cve": "CVE-2024-41077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41077"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnull_blk: fix validation of block size\n\nBlock size should be between 512 and PAGE_SIZE and be a power of 2. The current\ncheck does not validate this, so update the check.\n\nWithout this patch, null_blk would Oops due to a null pointer deref when\nloaded with bs=1536 [1].\n\n\n[axboe: remove unnecessary braces and != 0 check]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41077",
"url": "https://www.suse.com/security/cve/CVE-2024-41077"
},
{
"category": "external",
"summary": "SUSE Bug 1228653 for CVE-2024-41077",
"url": "https://bugzilla.suse.com/1228653"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-41077"
},
{
"cve": "CVE-2024-41149",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41149"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: avoid to reuse `hctx` not removed from cpuhp callback list\n\nIf the \u0027hctx\u0027 isn\u0027t removed from cpuhp callback list, we can\u0027t reuse it,\notherwise use-after-free may be triggered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41149",
"url": "https://www.suse.com/security/cve/CVE-2024-41149"
},
{
"category": "external",
"summary": "SUSE Bug 1235698 for CVE-2024-41149",
"url": "https://bugzilla.suse.com/1235698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-41149"
},
{
"cve": "CVE-2024-42307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42307"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential null pointer use in destroy_workqueue in init_cifs error path\n\nDan Carpenter reported a Smack static checker warning:\n fs/smb/client/cifsfs.c:1981 init_cifs()\n error: we previously assumed \u0027serverclose_wq\u0027 could be null (see line 1895)\n\nThe patch which introduced the serverclose workqueue used the wrong\noredering in error paths in init_cifs() for freeing it on errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42307",
"url": "https://www.suse.com/security/cve/CVE-2024-42307"
},
{
"category": "external",
"summary": "SUSE Bug 1229361 for CVE-2024-42307",
"url": "https://bugzilla.suse.com/1229361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-42307"
},
{
"cve": "CVE-2024-43820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43820"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume\n\nrm-raid devices will occasionally trigger the following warning when\nbeing resumed after a table load because DM_RECOVERY_RUNNING is set:\n\nWARNING: CPU: 7 PID: 5660 at drivers/md/dm-raid.c:4105 raid_resume+0xee/0x100 [dm_raid]\n\nThe failing check is:\nWARN_ON_ONCE(test_bit(MD_RECOVERY_RUNNING, \u0026mddev-\u003erecovery));\n\nThis check is designed to make sure that the sync thread isn\u0027t\nregistered, but md_check_recovery can set MD_RECOVERY_RUNNING without\nthe sync_thread ever getting registered. Instead of checking if\nMD_RECOVERY_RUNNING is set, check if sync_thread is non-NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43820",
"url": "https://www.suse.com/security/cve/CVE-2024-43820"
},
{
"category": "external",
"summary": "SUSE Bug 1229311 for CVE-2024-43820",
"url": "https://bugzilla.suse.com/1229311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-43820"
},
{
"cve": "CVE-2024-44974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44974",
"url": "https://www.suse.com/security/cve/CVE-2024-44974"
},
{
"category": "external",
"summary": "SUSE Bug 1230235 for CVE-2024-44974",
"url": "https://bugzilla.suse.com/1230235"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-44974"
},
{
"cve": "CVE-2024-45009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the \"remove single subflow\" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \u0027subflow\u0027 endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\u0027s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45009",
"url": "https://www.suse.com/security/cve/CVE-2024-45009"
},
{
"category": "external",
"summary": "SUSE Bug 1230438 for CVE-2024-45009",
"url": "https://bugzilla.suse.com/1230438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-45009"
},
{
"cve": "CVE-2024-45010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \u0027subflow\u0027 endp as available\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the \"remove single address\" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \u0027signal\u0027 endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\u0027subflow\u0027 endpoints, and here it is a \u0027signal\u0027 endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \u0027subflow\u0027 endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45010",
"url": "https://www.suse.com/security/cve/CVE-2024-45010"
},
{
"category": "external",
"summary": "SUSE Bug 1230439 for CVE-2024-45010",
"url": "https://bugzilla.suse.com/1230439"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-45010"
},
{
"cve": "CVE-2024-46736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46736"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double put of @cfile in smb2_rename_path()\n\nIf smb2_set_path_attr() is called with a valid @cfile and returned\n-EINVAL, we need to call cifs_get_writable_path() again as the\nreference of @cfile was already dropped by previous smb2_compound_op()\ncall.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46736",
"url": "https://www.suse.com/security/cve/CVE-2024-46736"
},
{
"category": "external",
"summary": "SUSE Bug 1230728 for CVE-2024-46736",
"url": "https://bugzilla.suse.com/1230728"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46736"
},
{
"cve": "CVE-2024-46782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: call nf_unregister_net_hooks() sooner\n\nsyzbot found an use-after-free Read in ila_nf_input [1]\n\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\nthen call nf_unregister_net_hooks().\n\nIt should be done in the reverse way, with a synchronize_rcu().\n\nThis is a good match for a pre_exit() method.\n\n[1]\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\n\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\n __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\n process_backlog+0x662/0x15b0 net/core/dev.c:6108\n __napi_poll+0xcb/0x490 net/core/dev.c:6772\n napi_poll net/core/dev.c:6841 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:6963\n handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\n run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\n smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xbfffffff(buddy)\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\n set_page_owner include/linux/page_owner.h:32 [inline]\n post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\n prep_new_page mm/page_alloc.c:1501 [inline]\n get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\n __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\n __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\n alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\n ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\n __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\n __do_kmalloc_node mm/slub.c:4146 [inline]\n __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\n __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\n bucket_table_alloc lib/rhashtable.c:186 [inline]\n rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\n ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\n ops_ini\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46782",
"url": "https://www.suse.com/security/cve/CVE-2024-46782"
},
{
"category": "external",
"summary": "SUSE Bug 1230769 for CVE-2024-46782",
"url": "https://bugzilla.suse.com/1230769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46782"
},
{
"cve": "CVE-2024-46796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46796"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double put of @cfile in smb2_set_path_size()\n\nIf smb2_compound_op() is called with a valid @cfile and returned\n-EINVAL, we need to call cifs_get_writable_path() before retrying it\nas the reference of @cfile was already dropped by previous call.\n\nThis fixes the following KASAN splat when running fstests generic/013\nagainst Windows Server 2022:\n\n CIFS: Attempting to mount //w22-fs0/scratch\n run fstests generic/013 at 2024-09-02 19:48:59\n ==================================================================\n BUG: KASAN: slab-use-after-free in detach_if_pending+0xab/0x200\n Write of size 8 at addr ffff88811f1a3730 by task kworker/3:2/176\n\n CPU: 3 UID: 0 PID: 176 Comm: kworker/3:2 Not tainted 6.11.0-rc6 #2\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40\n 04/01/2014\n Workqueue: cifsoplockd cifs_oplock_break [cifs]\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ? detach_if_pending+0xab/0x200\n print_report+0x156/0x4d9\n ? detach_if_pending+0xab/0x200\n ? __virt_addr_valid+0x145/0x300\n ? __phys_addr+0x46/0x90\n ? detach_if_pending+0xab/0x200\n kasan_report+0xda/0x110\n ? detach_if_pending+0xab/0x200\n detach_if_pending+0xab/0x200\n timer_delete+0x96/0xe0\n ? __pfx_timer_delete+0x10/0x10\n ? rcu_is_watching+0x20/0x50\n try_to_grab_pending+0x46/0x3b0\n __cancel_work+0x89/0x1b0\n ? __pfx___cancel_work+0x10/0x10\n ? kasan_save_track+0x14/0x30\n cifs_close_deferred_file+0x110/0x2c0 [cifs]\n ? __pfx_cifs_close_deferred_file+0x10/0x10 [cifs]\n ? __pfx_down_read+0x10/0x10\n cifs_oplock_break+0x4c1/0xa50 [cifs]\n ? __pfx_cifs_oplock_break+0x10/0x10 [cifs]\n ? lock_is_held_type+0x85/0xf0\n ? mark_held_locks+0x1a/0x90\n process_one_work+0x4c6/0x9f0\n ? find_held_lock+0x8a/0xa0\n ? __pfx_process_one_work+0x10/0x10\n ? lock_acquired+0x220/0x550\n ? __list_add_valid_or_report+0x37/0x100\n worker_thread+0x2e4/0x570\n ? __kthread_parkme+0xd1/0xf0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x17f/0x1c0\n ? kthread+0xda/0x1c0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\n Allocated by task 1118:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n cifs_new_fileinfo+0xc8/0x9d0 [cifs]\n cifs_atomic_open+0x467/0x770 [cifs]\n lookup_open.isra.0+0x665/0x8b0\n path_openat+0x4c3/0x1380\n do_filp_open+0x167/0x270\n do_sys_openat2+0x129/0x160\n __x64_sys_creat+0xad/0xe0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 83:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x70\n poison_slab_object+0xe9/0x160\n __kasan_slab_free+0x32/0x50\n kfree+0xf2/0x300\n process_one_work+0x4c6/0x9f0\n worker_thread+0x2e4/0x570\n kthread+0x17f/0x1c0\n ret_from_fork+0x31/0x60\n ret_from_fork_asm+0x1a/0x30\n\n Last potentially related work creation:\n kasan_save_stack+0x30/0x50\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x29/0xe0\n __queue_work+0x5ea/0x760\n queue_work_on+0x6d/0x90\n _cifsFileInfo_put+0x3f6/0x770 [cifs]\n smb2_compound_op+0x911/0x3940 [cifs]\n smb2_set_path_size+0x228/0x270 [cifs]\n cifs_set_file_size+0x197/0x460 [cifs]\n cifs_setattr+0xd9c/0x14b0 [cifs]\n notify_change+0x4e3/0x740\n do_truncate+0xfa/0x180\n vfs_truncate+0x195/0x200\n __x64_sys_truncate+0x109/0x150\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46796",
"url": "https://www.suse.com/security/cve/CVE-2024-46796"
},
{
"category": "external",
"summary": "SUSE Bug 1230832 for CVE-2024-46796",
"url": "https://bugzilla.suse.com/1230832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46796"
},
{
"cve": "CVE-2024-46858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: Fix uaf in __timer_delete_sync\n\nThere are two paths to access mptcp_pm_del_add_timer, result in a race\ncondition:\n\n CPU1\t\t\t\tCPU2\n ==== ====\n net_rx_action\n napi_poll netlink_sendmsg\n __napi_poll netlink_unicast\n process_backlog netlink_unicast_kernel\n __netif_receive_skb genl_rcv\n __netif_receive_skb_one_core netlink_rcv_skb\n NF_HOOK genl_rcv_msg\n ip_local_deliver_finish genl_family_rcv_msg\n ip_protocol_deliver_rcu genl_family_rcv_msg_doit\n tcp_v4_rcv mptcp_pm_nl_flush_addrs_doit\n tcp_v4_do_rcv mptcp_nl_remove_addrs_list\n tcp_rcv_established mptcp_pm_remove_addrs_and_subflows\n tcp_data_queue remove_anno_list_by_saddr\n mptcp_incoming_options mptcp_pm_del_add_timer\n mptcp_pm_del_add_timer kfree(entry)\n\nIn remove_anno_list_by_saddr(running on CPU2), after leaving the critical\nzone protected by \"pm.lock\", the entry will be released, which leads to the\noccurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1).\n\nKeeping a reference to add_timer inside the lock, and calling\nsk_stop_timer_sync() with this reference, instead of \"entry-\u003eadd_timer\".\n\nMove list_del(\u0026entry-\u003elist) to mptcp_pm_del_add_timer and inside the pm lock,\ndo not directly access any members of the entry outside the pm lock, which\ncan avoid similar \"entry-\u003ex\" uaf.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46858",
"url": "https://www.suse.com/security/cve/CVE-2024-46858"
},
{
"category": "external",
"summary": "SUSE Bug 1231088 for CVE-2024-46858",
"url": "https://bugzilla.suse.com/1231088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46858"
},
{
"cve": "CVE-2024-47408",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47408"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check smcd_v2_ext_offset when receiving proposal msg\n\nWhen receiving proposal msg in server, the field smcd_v2_ext_offset in\nproposal msg is from the remote client and can not be fully trusted.\nOnce the value of smcd_v2_ext_offset exceed the max value, there has\nthe chance to access wrong address, and crash may happen.\n\nThis patch checks the value of smcd_v2_ext_offset before using it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47408",
"url": "https://www.suse.com/security/cve/CVE-2024-47408"
},
{
"category": "external",
"summary": "SUSE Bug 1235711 for CVE-2024-47408",
"url": "https://bugzilla.suse.com/1235711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47408"
},
{
"cve": "CVE-2024-47701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid OOB when system.data xattr changes underneath the filesystem\n\nWhen looking up for an entry in an inlined directory, if e_value_offs is\nchanged underneath the filesystem by some change in the block device, it\nwill lead to an out-of-bounds access that KASAN detects as an UAF.\n\nEXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.\nloop0: detected capacity change from 2048 to 2047\n==================================================================\nBUG: KASAN: use-after-free in ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\nRead of size 1 at addr ffff88803e91130f by task syz-executor269/5103\n\nCPU: 0 UID: 0 PID: 5103 Comm: syz-executor269 Not tainted 6.11.0-rc4-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\n ext4_find_inline_entry+0x4be/0x5e0 fs/ext4/inline.c:1697\n __ext4_find_entry+0x2b4/0x1b30 fs/ext4/namei.c:1573\n ext4_lookup_entry fs/ext4/namei.c:1727 [inline]\n ext4_lookup+0x15f/0x750 fs/ext4/namei.c:1795\n lookup_one_qstr_excl+0x11f/0x260 fs/namei.c:1633\n filename_create+0x297/0x540 fs/namei.c:3980\n do_symlinkat+0xf9/0x3a0 fs/namei.c:4587\n __do_sys_symlinkat fs/namei.c:4610 [inline]\n __se_sys_symlinkat fs/namei.c:4607 [inline]\n __x64_sys_symlinkat+0x95/0xb0 fs/namei.c:4607\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f3e73ced469\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff4d40c258 EFLAGS: 00000246 ORIG_RAX: 000000000000010a\nRAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f3e73ced469\nRDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0\nRBP: 0000000000000000 R08: 00007fff4d40c290 R09: 00007fff4d40c290\nR10: 0023706f6f6c2f76 R11: 0000000000000246 R12: 00007fff4d40c27c\nR13: 0000000000000003 R14: 431bde82d7b634db R15: 00007fff4d40c2b0\n \u003c/TASK\u003e\n\nCalling ext4_xattr_ibody_find right after reading the inode with\next4_get_inode_loc will lead to a check of the validity of the xattrs,\navoiding this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47701",
"url": "https://www.suse.com/security/cve/CVE-2024-47701"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1231920 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1231920"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47701"
},
{
"cve": "CVE-2024-47794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Prevent tailcall infinite loop caused by freplace\n\nThere is a potential infinite loop issue that can occur when using a\ncombination of tail calls and freplace.\n\nIn an upcoming selftest, the attach target for entry_freplace of\ntailcall_freplace.c is subprog_tc of tc_bpf2bpf.c, while the tail call in\nentry_freplace leads to entry_tc. This results in an infinite loop:\n\nentry_tc -\u003e subprog_tc -\u003e entry_freplace --tailcall-\u003e entry_tc.\n\nThe problem arises because the tail_call_cnt in entry_freplace resets to\nzero each time entry_freplace is executed, causing the tail call mechanism\nto never terminate, eventually leading to a kernel panic.\n\nTo fix this issue, the solution is twofold:\n\n1. Prevent updating a program extended by an freplace program to a\n prog_array map.\n2. Prevent extending a program that is already part of a prog_array map\n with an freplace program.\n\nThis ensures that:\n\n* If a program or its subprogram has been extended by an freplace program,\n it can no longer be updated to a prog_array map.\n* If a program has been added to a prog_array map, neither it nor its\n subprograms can be extended by an freplace program.\n\nMoreover, an extension program should not be tailcalled. As such, return\n-EINVAL if the program has a type of BPF_PROG_TYPE_EXT when adding it to a\nprog_array map.\n\nAdditionally, fix a minor code style issue by replacing eight spaces with a\ntab for proper formatting.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47794",
"url": "https://www.suse.com/security/cve/CVE-2024-47794"
},
{
"category": "external",
"summary": "SUSE Bug 1235712 for CVE-2024-47794",
"url": "https://bugzilla.suse.com/1235712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47794"
},
{
"cve": "CVE-2024-49571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49571"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg\n\nWhen receiving proposal msg in server, the field iparea_offset\nand the field ipv6_prefixes_cnt in proposal msg are from the\nremote client and can not be fully trusted. Especially the\nfield iparea_offset, once exceed the max value, there has the\nchance to access wrong address, and crash may happen.\n\nThis patch checks iparea_offset and ipv6_prefixes_cnt before using them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49571",
"url": "https://www.suse.com/security/cve/CVE-2024-49571"
},
{
"category": "external",
"summary": "SUSE Bug 1235733 for CVE-2024-49571",
"url": "https://bugzilla.suse.com/1235733"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49571"
},
{
"cve": "CVE-2024-49884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix slab-use-after-free in ext4_split_extent_at()\n\nWe hit the following use-after-free:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_split_extent_at+0xba8/0xcc0\nRead of size 2 at addr ffff88810548ed08 by task kworker/u20:0/40\nCPU: 0 PID: 40 Comm: kworker/u20:0 Not tainted 6.9.0-dirty #724\nCall Trace:\n \u003cTASK\u003e\n kasan_report+0x93/0xc0\n ext4_split_extent_at+0xba8/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nAllocated by task 40:\n __kmalloc_noprof+0x1ac/0x480\n ext4_find_extent+0xf3b/0x1e70\n ext4_ext_map_blocks+0x188/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nFreed by task 40:\n kfree+0xf1/0x2b0\n ext4_find_extent+0xa71/0x1e70\n ext4_ext_insert_extent+0xa22/0x3260\n ext4_split_extent_at+0x3ef/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n==================================================================\n\nThe flow of issue triggering is as follows:\n\next4_split_extent_at\n path = *ppath\n ext4_ext_insert_extent(ppath)\n ext4_ext_create_new_leaf(ppath)\n ext4_find_extent(orig_path)\n path = *orig_path\n read_extent_tree_block\n // return -ENOMEM or -EIO\n ext4_free_ext_path(path)\n kfree(path)\n *orig_path = NULL\n a. If err is -ENOMEM:\n ext4_ext_dirty(path + path-\u003ep_depth)\n // path use-after-free !!!\n b. If err is -EIO and we have EXT_DEBUG defined:\n ext4_ext_show_leaf(path)\n eh = path[depth].p_hdr\n // path also use-after-free !!!\n\nSo when trying to zeroout or fix the extent length, call ext4_find_extent()\nto update the path.\n\nIn addition we use *ppath directly as an ext4_ext_show_leaf() input to\navoid possible use-after-free when EXT_DEBUG is defined, and to avoid\nunnecessary path updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49884",
"url": "https://www.suse.com/security/cve/CVE-2024-49884"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232198 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1232198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49884"
},
{
"cve": "CVE-2024-49924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: pxafb: Fix possible use after free in pxafb_task()\n\nIn the pxafb_probe function, it calls the pxafb_init_fbinfo function,\nafter which \u0026fbi-\u003etask is associated with pxafb_task. Moreover,\nwithin this pxafb_init_fbinfo function, the pxafb_blank function\nwithin the \u0026pxafb_ops struct is capable of scheduling work.\n\nIf we remove the module which will call pxafb_remove to make cleanup,\nit will call unregister_framebuffer function which can call\ndo_unregister_framebuffer to free fbi-\u003efb through\nput_fb_info(fb_info), while the work mentioned above will be used.\nThe sequence of operations that may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | pxafb_task\npxafb_remove |\nunregister_framebuffer(info) |\ndo_unregister_framebuffer(fb_info) |\nput_fb_info(fb_info) |\n// free fbi-\u003efb | set_ctrlr_state(fbi, state)\n | __pxafb_lcd_power(fbi, 0)\n | fbi-\u003elcd_power(on, \u0026fbi-\u003efb.var)\n | //use fbi-\u003efb\n\nFix it by ensuring that the work is canceled before proceeding\nwith the cleanup in pxafb_remove.\n\nNote that only root user can remove the driver at runtime.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49924",
"url": "https://www.suse.com/security/cve/CVE-2024-49924"
},
{
"category": "external",
"summary": "SUSE Bug 1232364 for CVE-2024-49924",
"url": "https://bugzilla.suse.com/1232364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49924"
},
{
"cve": "CVE-2024-49940",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49940"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: prevent possible tunnel refcount underflow\n\nWhen a session is created, it sets a backpointer to its tunnel. When\nthe session refcount drops to 0, l2tp_session_free drops the tunnel\nrefcount if session-\u003etunnel is non-NULL. However, session-\u003etunnel is\nset in l2tp_session_create, before the tunnel refcount is incremented\nby l2tp_session_register, which leaves a small window where\nsession-\u003etunnel is non-NULL when the tunnel refcount hasn\u0027t been\nbumped.\n\nMoving the assignment to l2tp_session_register is trivial but\nl2tp_session_create calls l2tp_session_set_header_len which uses\nsession-\u003etunnel to get the tunnel\u0027s encap. Add an encap arg to\nl2tp_session_set_header_len to avoid using session-\u003etunnel.\n\nIf l2tpv3 sessions have colliding IDs, it is possible for\nl2tp_v3_session_get to race with l2tp_session_register and fetch a\nsession which doesn\u0027t yet have session-\u003etunnel set. Add a check for\nthis case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49940",
"url": "https://www.suse.com/security/cve/CVE-2024-49940"
},
{
"category": "external",
"summary": "SUSE Bug 1232812 for CVE-2024-49940",
"url": "https://bugzilla.suse.com/1232812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49940"
},
{
"cve": "CVE-2024-49950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49950"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix uaf in l2cap_connect\n\n[Syzbot reported]\nBUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\nRead of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nWorkqueue: hci2 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\n l2cap_connect_req net/bluetooth/l2cap_core.c:4080 [inline]\n l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline]\n l2cap_recv_frame+0xf0b/0x8eb0 net/bluetooth/l2cap_core.c:6825\n l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514\n hci_acldata_packet net/bluetooth/hci_core.c:3791 [inline]\n hci_rx_work+0xaab/0x1610 net/bluetooth/hci_core.c:4028\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n...\n\nFreed by task 5245:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579\n poison_slab_object+0xf7/0x160 mm/kasan/common.c:240\n __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2256 [inline]\n slab_free mm/slub.c:4477 [inline]\n kfree+0x12a/0x3b0 mm/slub.c:4598\n l2cap_conn_free net/bluetooth/l2cap_core.c:1810 [inline]\n kref_put include/linux/kref.h:65 [inline]\n l2cap_conn_put net/bluetooth/l2cap_core.c:1822 [inline]\n l2cap_conn_del+0x59d/0x730 net/bluetooth/l2cap_core.c:1802\n l2cap_connect_cfm+0x9e6/0xf80 net/bluetooth/l2cap_core.c:7241\n hci_connect_cfm include/net/bluetooth/hci_core.h:1960 [inline]\n hci_conn_failed+0x1c3/0x370 net/bluetooth/hci_conn.c:1265\n hci_abort_conn_sync+0x75a/0xb50 net/bluetooth/hci_sync.c:5583\n abort_conn_sync+0x197/0x360 net/bluetooth/hci_conn.c:2917\n hci_cmd_sync_work+0x1a4/0x410 net/bluetooth/hci_sync.c:328\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49950",
"url": "https://www.suse.com/security/cve/CVE-2024-49950"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232159 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1232159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49950"
},
{
"cve": "CVE-2024-49994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix integer overflow in BLKSECDISCARD\n\nI independently rediscovered\n\n\tcommit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155\n\tblock: fix overflow in blk_ioctl_discard()\n\nbut for secure erase.\n\nSame problem:\n\n\tuint64_t r[2] = {512, 18446744073709551104ULL};\n\tioctl(fd, BLKSECDISCARD, r);\n\nwill enter near infinite loop inside blkdev_issue_secure_erase():\n\n\ta.out: attempt to access beyond end of device\n\tloop0: rw=5, sector=3399043073, nr_sectors = 1024 limit=2048\n\tbio_check_eod: 3286214 callbacks suppressed",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49994",
"url": "https://www.suse.com/security/cve/CVE-2024-49994"
},
{
"category": "external",
"summary": "SUSE Bug 1237757 for CVE-2024-49994",
"url": "https://bugzilla.suse.com/1237757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49994"
},
{
"cve": "CVE-2024-50029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50029"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync\n\nThis checks if the ACL connection remains valid as it could be destroyed\nwhile hci_enhanced_setup_sync is pending on cmd_sync leading to the\nfollowing trace:\n\nBUG: KASAN: slab-use-after-free in hci_enhanced_setup_sync+0x91b/0xa60\nRead of size 1 at addr ffff888002328ffd by task kworker/u5:2/37\n\nCPU: 0 UID: 0 PID: 37 Comm: kworker/u5:2 Not tainted 6.11.0-rc6-01300-g810be445d8d6 #7099\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ? hci_enhanced_setup_sync+0x91b/0xa60\n print_report+0x152/0x4c0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n ? __virt_addr_valid+0x1fa/0x420\n ? hci_enhanced_setup_sync+0x91b/0xa60\n kasan_report+0xda/0x1b0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n hci_enhanced_setup_sync+0x91b/0xa60\n ? __pfx_hci_enhanced_setup_sync+0x10/0x10\n ? __pfx___mutex_lock+0x10/0x10\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n ? __pfx_lock_acquire+0x10/0x10\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x167/0x240\n worker_thread+0x5b7/0xf60\n ? __kthread_parkme+0xac/0x1c0\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x293/0x360\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2f/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 34:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n __hci_conn_add+0x187/0x17d0\n hci_connect_sco+0x2e1/0xb90\n sco_sock_connect+0x2a2/0xb80\n __sys_connect+0x227/0x2a0\n __x64_sys_connect+0x6d/0xb0\n do_syscall_64+0x71/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 37:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x101/0x160\n kfree+0xd0/0x250\n device_release+0x9a/0x210\n kobject_put+0x151/0x280\n hci_conn_del+0x448/0xbf0\n hci_abort_conn_sync+0x46f/0x980\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n worker_thread+0x5b7/0xf60\n kthread+0x293/0x360\n ret_from_fork+0x2f/0x70\n ret_from_fork_asm+0x1a/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50029",
"url": "https://www.suse.com/security/cve/CVE-2024-50029"
},
{
"category": "external",
"summary": "SUSE Bug 1231949 for CVE-2024-50029",
"url": "https://bugzilla.suse.com/1231949"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50029"
},
{
"cve": "CVE-2024-50036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not delay dst_entries_add() in dst_release()\n\ndst_entries_add() uses per-cpu data that might be freed at netns\ndismantle from ip6_route_net_exit() calling dst_entries_destroy()\n\nBefore ip6_route_net_exit() can be called, we release all\nthe dsts associated with this netns, via calls to dst_release(),\nwhich waits an rcu grace period before calling dst_destroy()\n\ndst_entries_add() use in dst_destroy() is racy, because\ndst_entries_destroy() could have been called already.\n\nDecrementing the number of dsts must happen sooner.\n\nNotes:\n\n1) in CONFIG_XFRM case, dst_destroy() can call\n dst_release_immediate(child), this might also cause UAF\n if the child does not have DST_NOCOUNT set.\n IPSEC maintainers might take a look and see how to address this.\n\n2) There is also discussion about removing this count of dst,\n which might happen in future kernels.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50036",
"url": "https://www.suse.com/security/cve/CVE-2024-50036"
},
{
"category": "external",
"summary": "SUSE Bug 1231912 for CVE-2024-50036",
"url": "https://bugzilla.suse.com/1231912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50036"
},
{
"cve": "CVE-2024-50056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c\n\nFix potential dereferencing of ERR_PTR() in find_format_by_pix()\nand uvc_v4l2_enum_format().\n\nFix the following smatch errors:\n\ndrivers/usb/gadget/function/uvc_v4l2.c:124 find_format_by_pix()\nerror: \u0027fmtdesc\u0027 dereferencing possible ERR_PTR()\n\ndrivers/usb/gadget/function/uvc_v4l2.c:392 uvc_v4l2_enum_format()\nerror: \u0027fmtdesc\u0027 dereferencing possible ERR_PTR()\n\nAlso, fix similar issue in uvc_v4l2_try_format() for potential\ndereferencing of ERR_PTR().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50056",
"url": "https://www.suse.com/security/cve/CVE-2024-50056"
},
{
"category": "external",
"summary": "SUSE Bug 1232389 for CVE-2024-50056",
"url": "https://bugzilla.suse.com/1232389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50056"
},
{
"cve": "CVE-2024-50073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50073"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Fix use-after-free in gsm_cleanup_mux\n\nBUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0\ndrivers/tty/n_gsm.c:3160 [n_gsm]\nRead of size 8 at addr ffff88815fe99c00 by task poc/3379\nCPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56\nHardware name: VMware, Inc. VMware Virtual Platform/440BX\nDesktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n \u003cTASK\u003e\n gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]\n __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389\n update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500\n __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846\n __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107\n __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]\n ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195\n ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79\n __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338\n __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\nAllocated by task 65:\n gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]\n gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]\n gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]\n gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]\n tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391\n tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39\n flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445\n process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229\n worker_thread+0x3dc/0x950 kernel/workqueue.c:3391\n kthread+0x2a3/0x370 kernel/kthread.c:389\n ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257\n\nFreed by task 3367:\n kfree+0x126/0x420 mm/slub.c:4580\n gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\n[Analysis]\ngsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux\ncan be freed by multi threads through ioctl,which leads\nto the occurrence of uaf. Protect it by gsm tx lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50073",
"url": "https://www.suse.com/security/cve/CVE-2024-50073"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232520 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1232520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-50073"
},
{
"cve": "CVE-2024-50085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow\n\nSyzkaller reported this splat:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n Read of size 4 at addr ffff8880569ac858 by task syz.1.2799/14662\n\n CPU: 0 UID: 0 PID: 14662 Comm: syz.1.2799 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:914 [inline]\n mptcp_nl_remove_id_zero_address+0x305/0x4a0 net/mptcp/pm_netlink.c:1572\n mptcp_pm_nl_del_addr_doit+0x5c9/0x770 net/mptcp/pm_netlink.c:1603\n genl_family_rcv_msg_doit+0x202/0x2f0 net/netlink/genetlink.c:1115\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0x565/0x800 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x165/0x410 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg net/socket.c:744 [inline]\n ____sys_sendmsg+0x9ae/0xb40 net/socket.c:2607\n ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661\n __sys_sendmsg+0x117/0x1f0 net/socket.c:2690\n do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]\n __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386\n do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411\n entry_SYSENTER_compat_after_hwframe+0x84/0x8e\n RIP: 0023:0xf7fe4579\n Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 \u003c5d\u003e 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00\n RSP: 002b:00000000f574556c EFLAGS: 00000296 ORIG_RAX: 0000000000000172\n RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000020000140\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\n Allocated by task 5387:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kmalloc_noprof include/linux/slab.h:878 [inline]\n kzalloc_noprof include/linux/slab.h:1014 [inline]\n subflow_create_ctx+0x87/0x2a0 net/mptcp/subflow.c:1803\n subflow_ulp_init+0xc3/0x4d0 net/mptcp/subflow.c:1956\n __tcp_set_ulp net/ipv4/tcp_ulp.c:146 [inline]\n tcp_set_ulp+0x326/0x7f0 net/ipv4/tcp_ulp.c:167\n mptcp_subflow_create_socket+0x4ae/0x10a0 net/mptcp/subflow.c:1764\n __mptcp_subflow_connect+0x3cc/0x1490 net/mptcp/subflow.c:1592\n mptcp_pm_create_subflow_or_signal_addr+0xbda/0x23a0 net/mptcp/pm_netlink.c:642\n mptcp_pm_nl_fully_established net/mptcp/pm_netlink.c:650 [inline]\n mptcp_pm_nl_work+0x3a1/0x4f0 net/mptcp/pm_netlink.c:943\n mptcp_worker+0x15a/0x1240 net/mptcp/protocol.c:2777\n process_one_work+0x958/0x1b30 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/ke\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50085",
"url": "https://www.suse.com/security/cve/CVE-2024-50085"
},
{
"category": "external",
"summary": "SUSE Bug 1232508 for CVE-2024-50085",
"url": "https://bugzilla.suse.com/1232508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50085"
},
{
"cve": "CVE-2024-50115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory\n\nIgnore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits\n4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn\u0027t\nenforce 32-byte alignment of nCR3.\n\nIn the absolute worst case scenario, failure to ignore bits 4:0 can result\nin an out-of-bounds read, e.g. if the target page is at the end of a\nmemslot, and the VMM isn\u0027t using guard pages.\n\nPer the APM:\n\n The CR3 register points to the base address of the page-directory-pointer\n table. The page-directory-pointer table is aligned on a 32-byte boundary,\n with the low 5 address bits 4:0 assumed to be 0.\n\nAnd the SDM\u0027s much more explicit:\n\n 4:0 Ignored\n\nNote, KVM gets this right when loading PDPTRs, it\u0027s only the nSVM flow\nthat is broken.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50115",
"url": "https://www.suse.com/security/cve/CVE-2024-50115"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232919 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "external",
"summary": "SUSE Bug 1233019 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1233019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-50115"
},
{
"cve": "CVE-2024-50126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50126"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: use RCU read-side critical section in taprio_dump()\n\nFix possible use-after-free in \u0027taprio_dump()\u0027 by adding RCU\nread-side critical section there. Never seen on x86 but\nfound on a KASAN-enabled arm64 system when investigating\nhttps://syzkaller.appspot.com/bug?extid=b65e0af58423fc8a73aa:\n\n[T15862] BUG: KASAN: slab-use-after-free in taprio_dump+0xa0c/0xbb0\n[T15862] Read of size 4 at addr ffff0000d4bb88f8 by task repro/15862\n[T15862]\n[T15862] CPU: 0 UID: 0 PID: 15862 Comm: repro Not tainted 6.11.0-rc1-00293-gdefaf1a2113a-dirty #2\n[T15862] Hardware name: QEMU QEMU Virtual Machine, BIOS edk2-20240524-5.fc40 05/24/2024\n[T15862] Call trace:\n[T15862] dump_backtrace+0x20c/0x220\n[T15862] show_stack+0x2c/0x40\n[T15862] dump_stack_lvl+0xf8/0x174\n[T15862] print_report+0x170/0x4d8\n[T15862] kasan_report+0xb8/0x1d4\n[T15862] __asan_report_load4_noabort+0x20/0x2c\n[T15862] taprio_dump+0xa0c/0xbb0\n[T15862] tc_fill_qdisc+0x540/0x1020\n[T15862] qdisc_notify.isra.0+0x330/0x3a0\n[T15862] tc_modify_qdisc+0x7b8/0x1838\n[T15862] rtnetlink_rcv_msg+0x3c8/0xc20\n[T15862] netlink_rcv_skb+0x1f8/0x3d4\n[T15862] rtnetlink_rcv+0x28/0x40\n[T15862] netlink_unicast+0x51c/0x790\n[T15862] netlink_sendmsg+0x79c/0xc20\n[T15862] __sock_sendmsg+0xe0/0x1a0\n[T15862] ____sys_sendmsg+0x6c0/0x840\n[T15862] ___sys_sendmsg+0x1ac/0x1f0\n[T15862] __sys_sendmsg+0x110/0x1d0\n[T15862] __arm64_sys_sendmsg+0x74/0xb0\n[T15862] invoke_syscall+0x88/0x2e0\n[T15862] el0_svc_common.constprop.0+0xe4/0x2a0\n[T15862] do_el0_svc+0x44/0x60\n[T15862] el0_svc+0x50/0x184\n[T15862] el0t_64_sync_handler+0x120/0x12c\n[T15862] el0t_64_sync+0x190/0x194\n[T15862]\n[T15862] Allocated by task 15857:\n[T15862] kasan_save_stack+0x3c/0x70\n[T15862] kasan_save_track+0x20/0x3c\n[T15862] kasan_save_alloc_info+0x40/0x60\n[T15862] __kasan_kmalloc+0xd4/0xe0\n[T15862] __kmalloc_cache_noprof+0x194/0x334\n[T15862] taprio_change+0x45c/0x2fe0\n[T15862] tc_modify_qdisc+0x6a8/0x1838\n[T15862] rtnetlink_rcv_msg+0x3c8/0xc20\n[T15862] netlink_rcv_skb+0x1f8/0x3d4\n[T15862] rtnetlink_rcv+0x28/0x40\n[T15862] netlink_unicast+0x51c/0x790\n[T15862] netlink_sendmsg+0x79c/0xc20\n[T15862] __sock_sendmsg+0xe0/0x1a0\n[T15862] ____sys_sendmsg+0x6c0/0x840\n[T15862] ___sys_sendmsg+0x1ac/0x1f0\n[T15862] __sys_sendmsg+0x110/0x1d0\n[T15862] __arm64_sys_sendmsg+0x74/0xb0\n[T15862] invoke_syscall+0x88/0x2e0\n[T15862] el0_svc_common.constprop.0+0xe4/0x2a0\n[T15862] do_el0_svc+0x44/0x60\n[T15862] el0_svc+0x50/0x184\n[T15862] el0t_64_sync_handler+0x120/0x12c\n[T15862] el0t_64_sync+0x190/0x194\n[T15862]\n[T15862] Freed by task 6192:\n[T15862] kasan_save_stack+0x3c/0x70\n[T15862] kasan_save_track+0x20/0x3c\n[T15862] kasan_save_free_info+0x4c/0x80\n[T15862] poison_slab_object+0x110/0x160\n[T15862] __kasan_slab_free+0x3c/0x74\n[T15862] kfree+0x134/0x3c0\n[T15862] taprio_free_sched_cb+0x18c/0x220\n[T15862] rcu_core+0x920/0x1b7c\n[T15862] rcu_core_si+0x10/0x1c\n[T15862] handle_softirqs+0x2e8/0xd64\n[T15862] __do_softirq+0x14/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50126",
"url": "https://www.suse.com/security/cve/CVE-2024-50126"
},
{
"category": "external",
"summary": "SUSE Bug 1232895 for CVE-2024-50126",
"url": "https://bugzilla.suse.com/1232895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50126"
},
{
"cve": "CVE-2024-50140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/core: Disable page allocation in task_tick_mm_cid()\n\nWith KASAN and PREEMPT_RT enabled, calling task_work_add() in\ntask_tick_mm_cid() may cause the following splat.\n\n[ 63.696416] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n[ 63.696416] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 610, name: modprobe\n[ 63.696416] preempt_count: 10001, expected: 0\n[ 63.696416] RCU nest depth: 1, expected: 1\n\nThis problem is caused by the following call trace.\n\n sched_tick() [ acquire rq-\u003e__lock ]\n -\u003e task_tick_mm_cid()\n -\u003e task_work_add()\n -\u003e __kasan_record_aux_stack()\n -\u003e kasan_save_stack()\n -\u003e stack_depot_save_flags()\n -\u003e alloc_pages_mpol_noprof()\n -\u003e __alloc_pages_noprof()\n\t -\u003e get_page_from_freelist()\n\t -\u003e rmqueue()\n\t -\u003e rmqueue_pcplist()\n\t -\u003e __rmqueue_pcplist()\n\t -\u003e rmqueue_bulk()\n\t -\u003e rt_spin_lock()\n\nThe rq lock is a raw_spinlock_t. We can\u0027t sleep while holding\nit. IOW, we can\u0027t call alloc_pages() in stack_depot_save_flags().\n\nThe task_tick_mm_cid() function with its task_work_add() call was\nintroduced by commit 223baf9d17f2 (\"sched: Fix performance regression\nintroduced by mm_cid\") in v6.4 kernel.\n\nFortunately, there is a kasan_record_aux_stack_noalloc() variant that\ncalls stack_depot_save_flags() while not allowing it to allocate\nnew pages. To allow task_tick_mm_cid() to use task_work without\npage allocation, a new TWAF_NO_ALLOC flag is added to enable calling\nkasan_record_aux_stack_noalloc() instead of kasan_record_aux_stack()\nif set. The task_tick_mm_cid() function is modified to add this new flag.\n\nThe possible downside is the missing stack trace in a KASAN report due\nto new page allocation required when task_work_add_noallloc() is called\nwhich should be rare.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50140",
"url": "https://www.suse.com/security/cve/CVE-2024-50140"
},
{
"category": "external",
"summary": "SUSE Bug 1233060 for CVE-2024-50140",
"url": "https://bugzilla.suse.com/1233060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50140"
},
{
"cve": "CVE-2024-50142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset\n\nThis expands the validation introduced in commit 07bf7908950a (\"xfrm:\nValidate address prefix lengths in the xfrm selector.\")\n\nsyzbot created an SA with\n usersa.sel.family = AF_UNSPEC\n usersa.sel.prefixlen_s = 128\n usersa.family = AF_INET\n\nBecause of the AF_UNSPEC selector, verify_newsa_info doesn\u0027t put\nlimits on prefixlen_{s,d}. But then copy_from_user_state sets\nx-\u003esel.family to usersa.family (AF_INET). Do the same conversion in\nverify_newsa_info before validating prefixlen_{s,d}, since that\u0027s how\nprefixlen is going to be used later on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50142",
"url": "https://www.suse.com/security/cve/CVE-2024-50142"
},
{
"category": "external",
"summary": "SUSE Bug 1233028 for CVE-2024-50142",
"url": "https://bugzilla.suse.com/1233028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50142"
},
{
"cve": "CVE-2024-50152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50152"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix possible double free in smb2_set_ea()\n\nClang static checker(scan-build) warning:\nfs/smb/client/smb2ops.c:1304:2: Attempt to free released memory.\n 1304 | kfree(ea);\n | ^~~~~~~~~\n\nThere is a double free in such case:\n\u0027ea is initialized to NULL\u0027 -\u003e \u0027first successful memory allocation for\nea\u0027 -\u003e \u0027something failed, goto sea_exit\u0027 -\u003e \u0027first memory release for ea\u0027\n-\u003e \u0027goto replay_again\u0027 -\u003e \u0027second goto sea_exit before allocate memory\nfor ea\u0027 -\u003e \u0027second memory release for ea resulted in double free\u0027.\n\nRe-initialie \u0027ea\u0027 to NULL near to the replay_again label, it can fix this\ndouble free problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50152",
"url": "https://www.suse.com/security/cve/CVE-2024-50152"
},
{
"category": "external",
"summary": "SUSE Bug 1233033 for CVE-2024-50152",
"url": "https://bugzilla.suse.com/1233033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50152"
},
{
"cve": "CVE-2024-50185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50185"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle consistently DSS corruption\n\nBugged peer implementation can send corrupted DSS options, consistently\nhitting a few warning in the data path. Use DEBUG_NET assertions, to\navoid the splat on some builds and handle consistently the error, dumping\nrelated MIBs and performing fallback and/or reset according to the\nsubflow type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50185",
"url": "https://www.suse.com/security/cve/CVE-2024-50185"
},
{
"category": "external",
"summary": "SUSE Bug 1233109 for CVE-2024-50185",
"url": "https://bugzilla.suse.com/1233109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50185"
},
{
"cve": "CVE-2024-50251",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50251"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_payload: sanitize offset and length before calling skb_checksum()\n\nIf access to offset + length is larger than the skbuff length, then\nskb_checksum() triggers BUG_ON().\n\nskb_checksum() internally subtracts the length parameter while iterating\nover skbuff, BUG_ON(len) at the end of it checks that the expected\nlength to be included in the checksum calculation is fully consumed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50251",
"url": "https://www.suse.com/security/cve/CVE-2024-50251"
},
{
"category": "external",
"summary": "SUSE Bug 1233248 for CVE-2024-50251",
"url": "https://bugzilla.suse.com/1233248"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50251"
},
{
"cve": "CVE-2024-50258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix crash when config small gso_max_size/gso_ipv4_max_size\n\nConfig a small gso_max_size/gso_ipv4_max_size will lead to an underflow\nin sk_dst_gso_max_size(), which may trigger a BUG_ON crash,\nbecause sk-\u003esk_gso_max_size would be much bigger than device limits.\nCall Trace:\ntcp_write_xmit\n tso_segs = tcp_init_tso_segs(skb, mss_now);\n tcp_set_skb_tso_segs\n tcp_skb_pcount_set\n // skb-\u003elen = 524288, mss_now = 8\n // u16 tso_segs = 524288/8 = 65535 -\u003e 0\n tso_segs = DIV_ROUND_UP(skb-\u003elen, mss_now)\n BUG_ON(!tso_segs)\nAdd check for the minimum value of gso_max_size and gso_ipv4_max_size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50258",
"url": "https://www.suse.com/security/cve/CVE-2024-50258"
},
{
"category": "external",
"summary": "SUSE Bug 1233221 for CVE-2024-50258",
"url": "https://bugzilla.suse.com/1233221"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50258"
},
{
"cve": "CVE-2024-50290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50290"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx24116: prevent overflows on SNR calculus\n\nas reported by Coverity, if reading SNR registers fail, a negative\nnumber will be returned, causing an underflow when reading SNR\nregisters.\n\nPrevent that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50290",
"url": "https://www.suse.com/security/cve/CVE-2024-50290"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233479 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "external",
"summary": "SUSE Bug 1233681 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-50290"
},
{
"cve": "CVE-2024-50294",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50294"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix missing locking causing hanging calls\n\nIf a call gets aborted (e.g. because kafs saw a signal) between it being\nqueued for connection and the I/O thread picking up the call, the abort\nwill be prioritised over the connection and it will be removed from\nlocal-\u003enew_client_calls by rxrpc_disconnect_client_call() without a lock\nbeing held. This may cause other calls on the list to disappear if a race\noccurs.\n\nFix this by taking the client_call_lock when removing a call from whatever\nlist its -\u003ewait_link happens to be on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50294",
"url": "https://www.suse.com/security/cve/CVE-2024-50294"
},
{
"category": "external",
"summary": "SUSE Bug 1233483 for CVE-2024-50294",
"url": "https://bugzilla.suse.com/1233483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50294"
},
{
"cve": "CVE-2024-50304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()\n\nThe per-netns IP tunnel hash table is protected by the RTNL mutex and\nip_tunnel_find() is only called from the control path where the mutex is\ntaken.\n\nAdd a lockdep expression to hlist_for_each_entry_rcu() in\nip_tunnel_find() in order to validate that the mutex is held and to\nsilence the suspicious RCU usage warning [1].\n\n[1]\nWARNING: suspicious RCU usage\n6.12.0-rc3-custom-gd95d9a31aceb #139 Not tainted\n-----------------------------\nnet/ipv4/ip_tunnel.c:221 RCU-list traversed in non-reader section!!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n1 lock held by ip/362:\n #0: ffffffff86fc7cb0 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x377/0xf60\n\nstack backtrace:\nCPU: 12 UID: 0 PID: 362 Comm: ip Not tainted 6.12.0-rc3-custom-gd95d9a31aceb #139\nHardware name: Bochs Bochs, BIOS Bochs 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xba/0x110\n lockdep_rcu_suspicious.cold+0x4f/0xd6\n ip_tunnel_find+0x435/0x4d0\n ip_tunnel_newlink+0x517/0x7a0\n ipgre_newlink+0x14c/0x170\n __rtnl_newlink+0x1173/0x19c0\n rtnl_newlink+0x6c/0xa0\n rtnetlink_rcv_msg+0x3cc/0xf60\n netlink_rcv_skb+0x171/0x450\n netlink_unicast+0x539/0x7f0\n netlink_sendmsg+0x8c1/0xd80\n ____sys_sendmsg+0x8f9/0xc20\n ___sys_sendmsg+0x197/0x1e0\n __sys_sendmsg+0x122/0x1f0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50304",
"url": "https://www.suse.com/security/cve/CVE-2024-50304"
},
{
"category": "external",
"summary": "SUSE Bug 1233522 for CVE-2024-50304",
"url": "https://bugzilla.suse.com/1233522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50304"
},
{
"cve": "CVE-2024-52559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-52559"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()\n\nThe \"submit-\u003ecmd[i].size\" and \"submit-\u003ecmd[i].offset\" variables are u32\nvalues that come from the user via the submit_lookup_cmds() function.\nThis addition could lead to an integer wrapping bug so use size_add()\nto prevent that.\n\nPatchwork: https://patchwork.freedesktop.org/patch/624696/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-52559",
"url": "https://www.suse.com/security/cve/CVE-2024-52559"
},
{
"category": "external",
"summary": "SUSE Bug 1238507 for CVE-2024-52559",
"url": "https://bugzilla.suse.com/1238507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-52559"
},
{
"cve": "CVE-2024-53057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT\n\nIn qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed\nto be either root or ingress. This assumption is bogus since it\u0027s valid\nto create egress qdiscs with major handle ffff:\nBudimir Markovic found that for qdiscs like DRR that maintain an active\nclass list, it will cause a UAF with a dangling class pointer.\n\nIn 066a3b5b2346, the concern was to avoid iterating over the ingress\nqdisc since its parent is itself. The proper fix is to stop when parent\nTC_H_ROOT is reached because the only way to retrieve ingress is when a\nhierarchy which does not contain a ffff: major handle call into\nqdisc_lookup with TC_H_MAJ(TC_H_ROOT).\n\nIn the scenario where major ffff: is an egress qdisc in any of the tree\nlevels, the updates will also propagate to TC_H_ROOT, which then the\niteration must stop.\n\n\n net/sched/sch_api.c | 2 +-\n 1 file changed, 1 insertion(+), 1 deletion(-)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53057",
"url": "https://www.suse.com/security/cve/CVE-2024-53057"
},
{
"category": "external",
"summary": "SUSE Bug 1233551 for CVE-2024-53057",
"url": "https://bugzilla.suse.com/1233551"
},
{
"category": "external",
"summary": "SUSE Bug 1245816 for CVE-2024-53057",
"url": "https://bugzilla.suse.com/1245816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-53057"
},
{
"cve": "CVE-2024-53063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvbdev: prevent the risk of out of memory access\n\nThe dvbdev contains a static variable used to store dvb minors.\n\nThe behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set\nor not. When not set, dvb_register_device() won\u0027t check for\nboundaries, as it will rely that a previous call to\ndvb_register_adapter() would already be enforcing it.\n\nOn a similar way, dvb_device_open() uses the assumption\nthat the register functions already did the needed checks.\n\nThis can be fragile if some device ends using different\ncalls. This also generate warnings on static check analysers\nlike Coverity.\n\nSo, add explicit guards to prevent potential risk of OOM issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53063",
"url": "https://www.suse.com/security/cve/CVE-2024-53063"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233557 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "external",
"summary": "SUSE Bug 1233619 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233619"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-53063"
},
{
"cve": "CVE-2024-53123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: error out earlier on disconnect\n\nEric reported a division by zero splat in the MPTCP protocol:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainted\n6.12.0-rc5-syzkaller-00291-g05b92660cdfe #0\nHardware name: Google Google Compute Engine/Google Compute Engine,\nBIOS Google 09/13/2024\nRIP: 0010:__tcp_select_window+0x5b4/0x1310 net/ipv4/tcp_output.c:3163\nCode: f6 44 01 e3 89 df e8 9b 75 09 f8 44 39 f3 0f 8d 11 ff ff ff e8\n0d 74 09 f8 45 89 f4 e9 04 ff ff ff e8 00 74 09 f8 44 89 f0 99 \u003cf7\u003e 7c\n24 14 41 29 d6 45 89 f4 e9 ec fe ff ff e8 e8 73 09 f8 48 89\nRSP: 0018:ffffc900041f7930 EFLAGS: 00010293\nRAX: 0000000000017e67 RBX: 0000000000017e67 RCX: ffffffff8983314b\nRDX: 0000000000000000 RSI: ffffffff898331b0 RDI: 0000000000000004\nRBP: 00000000005d6000 R08: 0000000000000004 R09: 0000000000017e67\nR10: 0000000000003e80 R11: 0000000000000000 R12: 0000000000003e80\nR13: ffff888031d9b440 R14: 0000000000017e67 R15: 00000000002eb000\nFS: 00007feb5d7f16c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007feb5d8adbb8 CR3: 0000000074e4c000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n__tcp_cleanup_rbuf+0x3e7/0x4b0 net/ipv4/tcp.c:1493\nmptcp_rcv_space_adjust net/mptcp/protocol.c:2085 [inline]\nmptcp_recvmsg+0x2156/0x2600 net/mptcp/protocol.c:2289\ninet_recvmsg+0x469/0x6a0 net/ipv4/af_inet.c:885\nsock_recvmsg_nosec net/socket.c:1051 [inline]\nsock_recvmsg+0x1b2/0x250 net/socket.c:1073\n__sys_recvfrom+0x1a5/0x2e0 net/socket.c:2265\n__do_sys_recvfrom net/socket.c:2283 [inline]\n__se_sys_recvfrom net/socket.c:2279 [inline]\n__x64_sys_recvfrom+0xe0/0x1c0 net/socket.c:2279\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7feb5d857559\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d\n01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007feb5d7f1208 EFLAGS: 00000246 ORIG_RAX: 000000000000002d\nRAX: ffffffffffffffda RBX: 00007feb5d8e1318 RCX: 00007feb5d857559\nRDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 00007feb5d8e1310 R08: 0000000000000000 R09: ffffffff81000000\nR10: 0000000000000100 R11: 0000000000000246 R12: 00007feb5d8e131c\nR13: 00007feb5d8ae074 R14: 000000800000000e R15: 00000000fffffdef\n\nand provided a nice reproducer.\n\nThe root cause is the current bad handling of racing disconnect.\nAfter the blamed commit below, sk_wait_data() can return (with\nerror) with the underlying socket disconnected and a zero rcv_mss.\n\nCatch the error and return without performing any additional\noperations on the current socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53123",
"url": "https://www.suse.com/security/cve/CVE-2024-53123"
},
{
"category": "external",
"summary": "SUSE Bug 1234070 for CVE-2024-53123",
"url": "https://bugzilla.suse.com/1234070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53123"
},
{
"cve": "CVE-2024-53140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: terminate outstanding dump on socket close\n\nNetlink supports iterative dumping of data. It provides the families\nthe following ops:\n - start - (optional) kicks off the dumping process\n - dump - actual dump helper, keeps getting called until it returns 0\n - done - (optional) pairs with .start, can be used for cleanup\nThe whole process is asynchronous and the repeated calls to .dump\ndon\u0027t actually happen in a tight loop, but rather are triggered\nin response to recvmsg() on the socket.\n\nThis gives the user full control over the dump, but also means that\nthe user can close the socket without getting to the end of the dump.\nTo make sure .start is always paired with .done we check if there\nis an ongoing dump before freeing the socket, and if so call .done.\n\nThe complication is that sockets can get freed from BH and .done\nis allowed to sleep. So we use a workqueue to defer the call, when\nneeded.\n\nUnfortunately this does not work correctly. What we defer is not\nthe cleanup but rather releasing a reference on the socket.\nWe have no guarantee that we own the last reference, if someone\nelse holds the socket they may release it in BH and we\u0027re back\nto square one.\n\nThe whole dance, however, appears to be unnecessary. Only the user\ncan interact with dumps, so we can clean up when socket is closed.\nAnd close always happens in process context. Some async code may\nstill access the socket after close, queue notification skbs to it etc.\nbut no dumps can start, end or otherwise make progress.\n\nDelete the workqueue and flush the dump state directly from the release\nhandler. Note that further cleanup is possible in -next, for instance\nwe now always call .done before releasing the main module reference,\nso dump doesn\u0027t have to take a reference of its own.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53140",
"url": "https://www.suse.com/security/cve/CVE-2024-53140"
},
{
"category": "external",
"summary": "SUSE Bug 1234222 for CVE-2024-53140",
"url": "https://bugzilla.suse.com/1234222"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53140"
},
{
"cve": "CVE-2024-53147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix out-of-bounds access of directory entries\n\nIn the case of the directory size is greater than or equal to\nthe cluster size, if start_clu becomes an EOF cluster(an invalid\ncluster) due to file system corruption, then the directory entry\nwhere ei-\u003ehint_femp.eidx hint is outside the directory, resulting\nin an out-of-bounds access, which may cause further file system\ncorruption.\n\nThis commit adds a check for start_clu, if it is an invalid cluster,\nthe file or directory will be treated as empty.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53147",
"url": "https://www.suse.com/security/cve/CVE-2024-53147"
},
{
"category": "external",
"summary": "SUSE Bug 1234857 for CVE-2024-53147",
"url": "https://bugzilla.suse.com/1234857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53147"
},
{
"cve": "CVE-2024-53163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53163"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat/qat_420xx - fix off by one in uof_get_name()\n\nThis is called from uof_get_name_420xx() where \"num_objs\" is the\nARRAY_SIZE() of fw_objs[]. The \u003e needs to be \u003e= to prevent an out of\nbounds access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53163",
"url": "https://www.suse.com/security/cve/CVE-2024-53163"
},
{
"category": "external",
"summary": "SUSE Bug 1234828 for CVE-2024-53163",
"url": "https://bugzilla.suse.com/1234828"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53163"
},
{
"cve": "CVE-2024-53173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.0: Fix a use-after-free problem in the asynchronous open()\n\nYang Erkun reports that when two threads are opening files at the same\ntime, and are forced to abort before a reply is seen, then the call to\nnfs_release_seqid() in nfs4_opendata_free() can result in a\nuse-after-free of the pointer to the defunct rpc task of the other\nthread.\nThe fix is to ensure that if the RPC call is aborted before the call to\nnfs_wait_on_sequence() is complete, then we must call nfs_release_seqid()\nin nfs4_open_release() before the rpc_task is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53173",
"url": "https://www.suse.com/security/cve/CVE-2024-53173"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234891 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "external",
"summary": "SUSE Bug 1234892 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-53173"
},
{
"cve": "CVE-2024-53176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53176"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: During unmount, ensure all cached dir instances drop their dentry\n\nThe unmount process (cifs_kill_sb() calling close_all_cached_dirs()) can\nrace with various cached directory operations, which ultimately results\nin dentries not being dropped and these kernel BUGs:\n\nBUG: Dentry ffff88814f37e358{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nVFS: Busy inodes after unmount of cifs (cifs)\n------------[ cut here ]------------\nkernel BUG at fs/super.c:661!\n\nThis happens when a cfid is in the process of being cleaned up when, and\nhas been removed from the cfids-\u003eentries list, including:\n\n- Receiving a lease break from the server\n- Server reconnection triggers invalidate_all_cached_dirs(), which\n removes all the cfids from the list\n- The laundromat thread decides to expire an old cfid.\n\nTo solve these problems, dropping the dentry is done in queued work done\nin a newly-added cfid_put_wq workqueue, and close_all_cached_dirs()\nflushes that workqueue after it drops all the dentries of which it\u0027s\naware. This is a global workqueue (rather than scoped to a mount), but\nthe queued work is minimal.\n\nThe final cleanup work for cleaning up a cfid is performed via work\nqueued in the serverclose_wq workqueue; this is done separate from\ndropping the dentries so that close_all_cached_dirs() doesn\u0027t block on\nany server operations.\n\nBoth of these queued works expect to invoked with a cfid reference and\na tcon reference to avoid those objects from being freed while the work\nis ongoing.\n\nWhile we\u0027re here, add proper locking to close_all_cached_dirs(), and\nlocking around the freeing of cfid-\u003edentry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53176",
"url": "https://www.suse.com/security/cve/CVE-2024-53176"
},
{
"category": "external",
"summary": "SUSE Bug 1234894 for CVE-2024-53176",
"url": "https://bugzilla.suse.com/1234894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53176"
},
{
"cve": "CVE-2024-53177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: prevent use-after-free due to open_cached_dir error paths\n\nIf open_cached_dir() encounters an error parsing the lease from the\nserver, the error handling may race with receiving a lease break,\nresulting in open_cached_dir() freeing the cfid while the queued work is\npending.\n\nUpdate open_cached_dir() to drop refs rather than directly freeing the\ncfid.\n\nHave cached_dir_lease_break(), cfids_laundromat_worker(), and\ninvalidate_all_cached_dirs() clear has_lease immediately while still\nholding cfids-\u003ecfid_list_lock, and then use this to also simplify the\nreference counting in cfids_laundromat_worker() and\ninvalidate_all_cached_dirs().\n\nFixes this KASAN splat (which manually injects an error and lease break\nin open_cached_dir()):\n\n==================================================================\nBUG: KASAN: slab-use-after-free in smb2_cached_lease_break+0x27/0xb0\nRead of size 8 at addr ffff88811cc24c10 by task kworker/3:1/65\n\nCPU: 3 UID: 0 PID: 65 Comm: kworker/3:1 Not tainted 6.12.0-rc6-g255cf264e6e5-dirty #87\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nWorkqueue: cifsiod smb2_cached_lease_break\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x77/0xb0\n print_report+0xce/0x660\n kasan_report+0xd3/0x110\n smb2_cached_lease_break+0x27/0xb0\n process_one_work+0x50a/0xc50\n worker_thread+0x2ba/0x530\n kthread+0x17c/0x1c0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n open_cached_dir+0xa7d/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x51/0x70\n kfree+0x174/0x520\n open_cached_dir+0x97f/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nLast potentially related work creation:\n kasan_save_stack+0x33/0x60\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x32/0x100\n __queue_work+0x5c9/0x870\n queue_work_on+0x82/0x90\n open_cached_dir+0x1369/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe buggy address belongs to the object at ffff88811cc24c00\n which belongs to the cache kmalloc-1k of size 1024\nThe buggy address is located 16 bytes inside of\n freed 1024-byte region [ffff88811cc24c00, ffff88811cc25000)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53177",
"url": "https://www.suse.com/security/cve/CVE-2024-53177"
},
{
"category": "external",
"summary": "SUSE Bug 1234896 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "external",
"summary": "SUSE Bug 1235103 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1235103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-53177"
},
{
"cve": "CVE-2024-53178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53178"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: Don\u0027t leak cfid when reconnect races with open_cached_dir\n\nopen_cached_dir() may either race with the tcon reconnection even before\ncompound_send_recv() or directly trigger a reconnection via\nSMB2_open_init() or SMB_query_info_init().\n\nThe reconnection process invokes invalidate_all_cached_dirs() via\ncifs_mark_open_files_invalid(), which removes all cfids from the\ncfids-\u003eentries list but doesn\u0027t drop a ref if has_lease isn\u0027t true. This\nresults in the currently-being-constructed cfid not being on the list,\nbut still having a refcount of 2. It leaks if returned from\nopen_cached_dir().\n\nFix this by setting cfid-\u003ehas_lease when the ref is actually taken; the\ncfid will not be used by other threads until it has a valid time.\n\nAddresses these kmemleaks:\n\nunreferenced object 0xffff8881090c4000 (size 1024):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 32 bytes):\n 00 01 00 00 00 00 ad de 22 01 00 00 00 00 ad de ........\".......\n 00 ca 45 22 81 88 ff ff f8 dc 4f 04 81 88 ff ff ..E\"......O.....\n backtrace (crc 6f58c20f):\n [\u003cffffffff8b895a1e\u003e] __kmalloc_cache_noprof+0x2be/0x350\n [\u003cffffffff8bda06e3\u003e] open_cached_dir+0x993/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\nunreferenced object 0xffff8881044fdcf8 (size 8):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 8 bytes):\n 00 cc cc cc cc cc cc cc ........\n backtrace (crc 10c106a9):\n [\u003cffffffff8b89a3d3\u003e] __kmalloc_node_track_caller_noprof+0x363/0x480\n [\u003cffffffff8b7d7256\u003e] kstrdup+0x36/0x60\n [\u003cffffffff8bda0700\u003e] open_cached_dir+0x9b0/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAnd addresses these BUG splats when unmounting the SMB filesystem:\n\nBUG: Dentry ffff888140590ba0{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nWARNING: CPU: 3 PID: 3433 at fs/dcache.c:1536 umount_check+0xd0/0x100\nModules linked in:\nCPU: 3 UID: 0 PID: 3433 Comm: bash Not tainted 6.12.0-rc4-g850925a8133c-dirty #49\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nRIP: 0010:umount_check+0xd0/0x100\nCode: 8d 7c 24 40 e8 31 5a f4 ff 49 8b 54 24 40 41 56 49 89 e9 45 89 e8 48 89 d9 41 57 48 89 de 48 c7 c7 80 e7 db ac e8 f0 72 9a ff \u003c0f\u003e 0b 58 31 c0 5a 5b 5d 41 5c 41 5d 41 5e 41 5f e9 2b e5 5d 01 41\nRSP: 0018:ffff88811cc27978 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888140590ba0 RCX: ffffffffaaf20bae\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881f6fb6f40\nRBP: ffff8881462ec000 R08: 0000000000000001 R09: ffffed1023984ee3\nR10: ffff88811cc2771f R11: 00000000016cfcc0 R12: ffff888134383e08\nR13: 0000000000000002 R14: ffff8881462ec668 R15: ffffffffaceab4c0\nFS: 00007f23bfa98740(0000) GS:ffff8881f6f80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556de4a6f808 CR3: 0000000123c80000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n d_walk+0x6a/0x530\n shrink_dcache_for_umount+0x6a/0x200\n generic_shutdown_super+0x52/0x2a0\n kill_anon_super+0x22/0x40\n cifs_kill_sb+0x159/0x1e0\n deactivate_locked_super+0x66/0xe0\n cleanup_mnt+0x140/0x210\n task_work_run+0xfb/0x170\n syscall_exit_to_user_mode+0x29f/0x2b0\n do_syscall_64+0xa1/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f23bfb93ae7\nCode: ff ff ff ff c3 66 0f 1f 44 00 00 48 8b 0d 11 93 0d 00 f7 d8 64 89 01 b8 ff ff ff ff eb bf 0f 1f 44 00 00 b8 50 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d e9 92 0d 00 f7 d8 64 89 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53178",
"url": "https://www.suse.com/security/cve/CVE-2024-53178"
},
{
"category": "external",
"summary": "SUSE Bug 1234895 for CVE-2024-53178",
"url": "https://bugzilla.suse.com/1234895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53178"
},
{
"cve": "CVE-2024-53226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53226"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()\n\nib_map_mr_sg() allows ULPs to specify NULL as the sg_offset argument.\nThe driver needs to check whether it is a NULL pointer before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53226",
"url": "https://www.suse.com/security/cve/CVE-2024-53226"
},
{
"category": "external",
"summary": "SUSE Bug 1236576 for CVE-2024-53226",
"url": "https://bugzilla.suse.com/1236576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53226"
},
{
"cve": "CVE-2024-53239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: 6fire: Release resources at card release\n\nThe current 6fire code tries to release the resources right after the\ncall of usb6fire_chip_abort(). But at this moment, the card object\nmight be still in use (as we\u0027re calling snd_card_free_when_closed()).\n\nFor avoid potential UAFs, move the release of resources to the card\u0027s\nprivate_free instead of the manual call of usb6fire_chip_destroy() at\nthe USB disconnect callback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53239",
"url": "https://www.suse.com/security/cve/CVE-2024-53239"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235054 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "external",
"summary": "SUSE Bug 1235055 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-53239"
},
{
"cve": "CVE-2024-53680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()\n\nUnder certain kernel configurations when building with Clang/LLVM, the\ncompiler does not generate a return or jump as the terminator\ninstruction for ip_vs_protocol_init(), triggering the following objtool\nwarning during build time:\n\n vmlinux.o: warning: objtool: ip_vs_protocol_init() falls through to next function __initstub__kmod_ip_vs_rr__935_123_ip_vs_rr_init6()\n\nAt runtime, this either causes an oops when trying to load the ipvs\nmodule or a boot-time panic if ipvs is built-in. This same issue has\nbeen reported by the Intel kernel test robot previously.\n\nDigging deeper into both LLVM and the kernel code reveals this to be a\nundefined behavior problem. ip_vs_protocol_init() uses a on-stack buffer\nof 64 chars to store the registered protocol names and leaves it\nuninitialized after definition. The function calls strnlen() when\nconcatenating protocol names into the buffer. With CONFIG_FORTIFY_SOURCE\nstrnlen() performs an extra step to check whether the last byte of the\ninput char buffer is a null character (commit 3009f891bb9f (\"fortify:\nAllow strlen() and strnlen() to pass compile-time known lengths\")).\nThis, together with possibly other configurations, cause the following\nIR to be generated:\n\n define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #5 section \".init.text\" align 16 !kcfi_type !29 {\n %1 = alloca [64 x i8], align 16\n ...\n\n 14: ; preds = %11\n %15 = getelementptr inbounds i8, ptr %1, i64 63\n %16 = load i8, ptr %15, align 1\n %17 = tail call i1 @llvm.is.constant.i8(i8 %16)\n %18 = icmp eq i8 %16, 0\n %19 = select i1 %17, i1 %18, i1 false\n br i1 %19, label %20, label %23\n\n 20: ; preds = %14\n %21 = call i64 @strlen(ptr noundef nonnull dereferenceable(1) %1) #23\n ...\n\n 23: ; preds = %14, %11, %20\n %24 = call i64 @strnlen(ptr noundef nonnull dereferenceable(1) %1, i64 noundef 64) #24\n ...\n }\n\nThe above code calculates the address of the last char in the buffer\n(value %15) and then loads from it (value %16). Because the buffer is\nnever initialized, the LLVM GVN pass marks value %16 as undefined:\n\n %13 = getelementptr inbounds i8, ptr %1, i64 63\n br i1 undef, label %14, label %17\n\nThis gives later passes (SCCP, in particular) more DCE opportunities by\npropagating the undef value further, and eventually removes everything\nafter the load on the uninitialized stack location:\n\n define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #0 section \".init.text\" align 16 !kcfi_type !11 {\n %1 = alloca [64 x i8], align 16\n ...\n\n 12: ; preds = %11\n %13 = getelementptr inbounds i8, ptr %1, i64 63\n unreachable\n }\n\nIn this way, the generated native code will just fall through to the\nnext function, as LLVM does not generate any code for the unreachable IR\ninstruction and leaves the function without a terminator.\n\nZero the on-stack buffer to avoid this possible UB.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53680",
"url": "https://www.suse.com/security/cve/CVE-2024-53680"
},
{
"category": "external",
"summary": "SUSE Bug 1235715 for CVE-2024-53680",
"url": "https://bugzilla.suse.com/1235715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53680"
},
{
"cve": "CVE-2024-54683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-54683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: IDLETIMER: Fix for possible ABBA deadlock\n\nDeletion of the last rule referencing a given idletimer may happen at\nthe same time as a read of its file in sysfs:\n\n| ======================================================\n| WARNING: possible circular locking dependency detected\n| 6.12.0-rc7-01692-g5e9a28f41134-dirty #594 Not tainted\n| ------------------------------------------------------\n| iptables/3303 is trying to acquire lock:\n| ffff8881057e04b8 (kn-\u003eactive#48){++++}-{0:0}, at: __kernfs_remove+0x20\n|\n| but task is already holding lock:\n| ffffffffa0249068 (list_mutex){+.+.}-{3:3}, at: idletimer_tg_destroy_v]\n|\n| which lock already depends on the new lock.\n\nA simple reproducer is:\n\n| #!/bin/bash\n|\n| while true; do\n| iptables -A INPUT -i foo -j IDLETIMER --timeout 10 --label \"testme\"\n| iptables -D INPUT -i foo -j IDLETIMER --timeout 10 --label \"testme\"\n| done \u0026\n| while true; do\n| cat /sys/class/xt_idletimer/timers/testme \u003e/dev/null\n| done\n\nAvoid this by freeing list_mutex right after deleting the element from\nthe list, then continuing with the teardown.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-54683",
"url": "https://www.suse.com/security/cve/CVE-2024-54683"
},
{
"category": "external",
"summary": "SUSE Bug 1235729 for CVE-2024-54683",
"url": "https://bugzilla.suse.com/1235729"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-54683"
},
{
"cve": "CVE-2024-56539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()\n\nReplace one-element array with a flexible-array member in `struct\nmwifiex_ie_types_wildcard_ssid_params` to fix the following warning\non a MT8173 Chromebook (mt8173-elm-hana):\n\n[ 356.775250] ------------[ cut here ]------------\n[ 356.784543] memcpy: detected field-spanning write (size 6) of single field \"wildcard_ssid_tlv-\u003essid\" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1)\n[ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex]\n\nThe \"(size 6)\" above is exactly the length of the SSID of the network\nthis device was connected to. The source of the warning looks like:\n\n ssid_len = user_scan_in-\u003essid_list[i].ssid_len;\n [...]\n memcpy(wildcard_ssid_tlv-\u003essid,\n user_scan_in-\u003essid_list[i].ssid, ssid_len);\n\nThere is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this\nstruct, but it already didn\u0027t account for the size of the one-element\narray, so it doesn\u0027t need to be changed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56539",
"url": "https://www.suse.com/security/cve/CVE-2024-56539"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234963 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "external",
"summary": "SUSE Bug 1234964 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-56539"
},
{
"cve": "CVE-2024-56548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: don\u0027t query the device logical block size multiple times\n\nDevices block sizes may change. One of these cases is a loop device by\nusing ioctl LOOP_SET_BLOCK_SIZE.\n\nWhile this may cause other issues like IO being rejected, in the case of\nhfsplus, it will allocate a block by using that size and potentially write\nout-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the\nlatter function reads a different io_size.\n\nUsing a new min_io_size initally set to sb_min_blocksize works for the\npurposes of the original fix, since it will be set to the max between\nHFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the\nmax between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not\ninitialized.\n\nTested by mounting an hfsplus filesystem with loop block sizes 512, 1024\nand 4096.\n\nThe produced KASAN report before the fix looks like this:\n\n[ 419.944641] ==================================================================\n[ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a\n[ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678\n[ 419.947612]\n[ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84\n[ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 419.950035] Call Trace:\n[ 419.950384] \u003cTASK\u003e\n[ 419.950676] dump_stack_lvl+0x57/0x78\n[ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.951830] print_report+0x14c/0x49e\n[ 419.952361] ? __virt_addr_valid+0x267/0x278\n[ 419.952979] ? kmem_cache_debug_flags+0xc/0x1d\n[ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.954231] kasan_report+0x89/0xb0\n[ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955367] hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10\n[ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9\n[ 419.957214] ? _raw_spin_unlock+0x1a/0x2e\n[ 419.957772] hfsplus_fill_super+0x348/0x1590\n[ 419.958355] ? hlock_class+0x4c/0x109\n[ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.959499] ? __pfx_string+0x10/0x10\n[ 419.960006] ? lock_acquire+0x3e2/0x454\n[ 419.960532] ? bdev_name.constprop.0+0xce/0x243\n[ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10\n[ 419.961799] ? pointer+0x3f0/0x62f\n[ 419.962277] ? __pfx_pointer+0x10/0x10\n[ 419.962761] ? vsnprintf+0x6c4/0xfba\n[ 419.963178] ? __pfx_vsnprintf+0x10/0x10\n[ 419.963621] ? setup_bdev_super+0x376/0x3b3\n[ 419.964029] ? snprintf+0x9d/0xd2\n[ 419.964344] ? __pfx_snprintf+0x10/0x10\n[ 419.964675] ? lock_acquired+0x45c/0x5e9\n[ 419.965016] ? set_blocksize+0x139/0x1c1\n[ 419.965381] ? sb_set_blocksize+0x6d/0xae\n[ 419.965742] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.966179] mount_bdev+0x12f/0x1bf\n[ 419.966512] ? __pfx_mount_bdev+0x10/0x10\n[ 419.966886] ? vfs_parse_fs_string+0xce/0x111\n[ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10\n[ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10\n[ 419.968073] legacy_get_tree+0x104/0x178\n[ 419.968414] vfs_get_tree+0x86/0x296\n[ 419.968751] path_mount+0xba3/0xd0b\n[ 419.969157] ? __pfx_path_mount+0x10/0x10\n[ 419.969594] ? kmem_cache_free+0x1e2/0x260\n[ 419.970311] do_mount+0x99/0xe0\n[ 419.970630] ? __pfx_do_mount+0x10/0x10\n[ 419.971008] __do_sys_mount+0x199/0x1c9\n[ 419.971397] do_syscall_64+0xd0/0x135\n[ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 419.972233] RIP: 0033:0x7c3cb812972e\n[ 419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48\n[ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5\n[ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e\n[ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI:\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56548",
"url": "https://www.suse.com/security/cve/CVE-2024-56548"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235073 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "external",
"summary": "SUSE Bug 1235074 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-56548"
},
{
"cve": "CVE-2024-56579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56579"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: amphion: Set video drvdata before register video device\n\nThe video drvdata should be set before the video device is registered,\notherwise video_drvdata() may return NULL in the open() file ops, and led\nto oops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56579",
"url": "https://www.suse.com/security/cve/CVE-2024-56579"
},
{
"category": "external",
"summary": "SUSE Bug 1236575 for CVE-2024-56579",
"url": "https://bugzilla.suse.com/1236575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56579"
},
{
"cve": "CVE-2024-56592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56592"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Call free_htab_elem() after htab_unlock_bucket()\n\nFor htab of maps, when the map is removed from the htab, it may hold the\nlast reference of the map. bpf_map_fd_put_ptr() will invoke\nbpf_map_free_id() to free the id of the removed map element. However,\nbpf_map_fd_put_ptr() is invoked while holding a bucket lock\n(raw_spin_lock_t), and bpf_map_free_id() attempts to acquire map_idr_lock\n(spinlock_t), triggering the following lockdep warning:\n\n =============================\n [ BUG: Invalid wait context ]\n 6.11.0-rc4+ #49 Not tainted\n -----------------------------\n test_maps/4881 is trying to lock:\n ffffffff84884578 (map_idr_lock){+...}-{3:3}, at: bpf_map_free_id.part.0+0x21/0x70\n other info that might help us debug this:\n context-{5:5}\n 2 locks held by test_maps/4881:\n #0: ffffffff846caf60 (rcu_read_lock){....}-{1:3}, at: bpf_fd_htab_map_update_elem+0xf9/0x270\n #1: ffff888149ced148 (\u0026htab-\u003elockdep_key#2){....}-{2:2}, at: htab_map_update_elem+0x178/0xa80\n stack backtrace:\n CPU: 0 UID: 0 PID: 4881 Comm: test_maps Not tainted 6.11.0-rc4+ #49\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), ...\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6e/0xb0\n dump_stack+0x10/0x20\n __lock_acquire+0x73e/0x36c0\n lock_acquire+0x182/0x450\n _raw_spin_lock_irqsave+0x43/0x70\n bpf_map_free_id.part.0+0x21/0x70\n bpf_map_put+0xcf/0x110\n bpf_map_fd_put_ptr+0x9a/0xb0\n free_htab_elem+0x69/0xe0\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n bpf_map_update_value+0x266/0x380\n __sys_bpf+0x21bb/0x36b0\n __x64_sys_bpf+0x45/0x60\n x64_sys_call+0x1b2a/0x20d0\n do_syscall_64+0x5d/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nOne way to fix the lockdep warning is using raw_spinlock_t for\nmap_idr_lock as well. However, bpf_map_alloc_id() invokes\nidr_alloc_cyclic() after acquiring map_idr_lock, it will trigger a\nsimilar lockdep warning because the slab\u0027s lock (s-\u003ecpu_slab-\u003elock) is\nstill a spinlock.\n\nInstead of changing map_idr_lock\u0027s type, fix the issue by invoking\nhtab_put_fd_value() after htab_unlock_bucket(). However, only deferring\nthe invocation of htab_put_fd_value() is not enough, because the old map\npointers in htab of maps can not be saved during batched deletion.\nTherefore, also defer the invocation of free_htab_elem(), so these\nto-be-freed elements could be linked together similar to lru map.\n\nThere are four callers for -\u003emap_fd_put_ptr:\n\n(1) alloc_htab_elem() (through htab_put_fd_value())\nIt invokes -\u003emap_fd_put_ptr() under a raw_spinlock_t. The invocation of\nhtab_put_fd_value() can not simply move after htab_unlock_bucket(),\nbecause the old element has already been stashed in htab-\u003eextra_elems.\nIt may be reused immediately after htab_unlock_bucket() and the\ninvocation of htab_put_fd_value() after htab_unlock_bucket() may release\nthe newly-added element incorrectly. Therefore, saving the map pointer\nof the old element for htab of maps before unlocking the bucket and\nreleasing the map_ptr after unlock. Beside the map pointer in the old\nelement, should do the same thing for the special fields in the old\nelement as well.\n\n(2) free_htab_elem() (through htab_put_fd_value())\nIts caller includes __htab_map_lookup_and_delete_elem(),\nhtab_map_delete_elem() and __htab_map_lookup_and_delete_batch().\n\nFor htab_map_delete_elem(), simply invoke free_htab_elem() after\nhtab_unlock_bucket(). For __htab_map_lookup_and_delete_batch(), just\nlike lru map, linking the to-be-freed element into node_to_free list\nand invoking free_htab_elem() for these element after unlock. It is safe\nto reuse batch_flink as the link for node_to_free, because these\nelements have been removed from the hash llist.\n\nBecause htab of maps doesn\u0027t support lookup_and_delete operation,\n__htab_map_lookup_and_delete_elem() doesn\u0027t have the problem, so kept\nit as\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56592",
"url": "https://www.suse.com/security/cve/CVE-2024-56592"
},
{
"category": "external",
"summary": "SUSE Bug 1235244 for CVE-2024-56592",
"url": "https://bugzilla.suse.com/1235244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56592"
},
{
"cve": "CVE-2024-56605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56605"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()\n\nbt_sock_alloc() allocates the sk object and attaches it to the provided\nsock object. On error l2cap_sock_alloc() frees the sk object, but the\ndangling pointer is still attached to the sock object, which may create\nuse-after-free in other code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56605",
"url": "https://www.suse.com/security/cve/CVE-2024-56605"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235061 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "external",
"summary": "SUSE Bug 1235062 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-56605"
},
{
"cve": "CVE-2024-56633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg\n\nThe current sk memory accounting logic in __SK_REDIRECT is pre-uncharging\ntosend bytes, which is either msg-\u003esg.size or a smaller value apply_bytes.\n\nPotential problems with this strategy are as follows:\n\n- If the actual sent bytes are smaller than tosend, we need to charge some\n bytes back, as in line 487, which is okay but seems not clean.\n\n- When tosend is set to apply_bytes, as in line 417, and (ret \u003c 0), we may\n miss uncharging (msg-\u003esg.size - apply_bytes) bytes.\n\n[...]\n415 tosend = msg-\u003esg.size;\n416 if (psock-\u003eapply_bytes \u0026\u0026 psock-\u003eapply_bytes \u003c tosend)\n417 tosend = psock-\u003eapply_bytes;\n[...]\n443 sk_msg_return(sk, msg, tosend);\n444 release_sock(sk);\n446 origsize = msg-\u003esg.size;\n447 ret = tcp_bpf_sendmsg_redir(sk_redir, redir_ingress,\n448 msg, tosend, flags);\n449 sent = origsize - msg-\u003esg.size;\n[...]\n454 lock_sock(sk);\n455 if (unlikely(ret \u003c 0)) {\n456 int free = sk_msg_free_nocharge(sk, msg);\n458 if (!cork)\n459 *copied -= free;\n460 }\n[...]\n487 if (eval == __SK_REDIRECT)\n488 sk_mem_charge(sk, tosend - sent);\n[...]\n\nWhen running the selftest test_txmsg_redir_wait_sndmem with txmsg_apply,\nthe following warning will be reported:\n\n------------[ cut here ]------------\nWARNING: CPU: 6 PID: 57 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x190/0x1a0\nModules linked in:\nCPU: 6 UID: 0 PID: 57 Comm: kworker/6:0 Not tainted 6.12.0-rc1.bm.1-amd64+ #43\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nWorkqueue: events sk_psock_destroy\nRIP: 0010:inet_sock_destruct+0x190/0x1a0\nRSP: 0018:ffffad0a8021fe08 EFLAGS: 00010206\nRAX: 0000000000000011 RBX: ffff9aab4475b900 RCX: ffff9aab481a0800\nRDX: 0000000000000303 RSI: 0000000000000011 RDI: ffff9aab4475b900\nRBP: ffff9aab4475b990 R08: 0000000000000000 R09: ffff9aab40050ec0\nR10: 0000000000000000 R11: ffff9aae6fdb1d01 R12: ffff9aab49c60400\nR13: ffff9aab49c60598 R14: ffff9aab49c60598 R15: dead000000000100\nFS: 0000000000000000(0000) GS:ffff9aae6fd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffec7e47bd8 CR3: 00000001a1a1c004 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x89/0x130\n? inet_sock_destruct+0x190/0x1a0\n? report_bug+0xfc/0x1e0\n? handle_bug+0x5c/0xa0\n? exc_invalid_op+0x17/0x70\n? asm_exc_invalid_op+0x1a/0x20\n? inet_sock_destruct+0x190/0x1a0\n__sk_destruct+0x25/0x220\nsk_psock_destroy+0x2b2/0x310\nprocess_scheduled_works+0xa3/0x3e0\nworker_thread+0x117/0x240\n? __pfx_worker_thread+0x10/0x10\nkthread+0xcf/0x100\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x31/0x40\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\n\nIn __SK_REDIRECT, a more concise way is delaying the uncharging after sent\nbytes are finalized, and uncharge this value. When (ret \u003c 0), we shall\ninvoke sk_msg_free.\n\nSame thing happens in case __SK_DROP, when tosend is set to apply_bytes,\nwe may miss uncharging (msg-\u003esg.size - apply_bytes) bytes. The same\nwarning will be reported in selftest.\n\n[...]\n468 case __SK_DROP:\n469 default:\n470 sk_msg_free_partial(sk, msg, tosend);\n471 sk_msg_apply_bytes(psock, tosend);\n472 *copied -= (tosend + delta);\n473 return -EACCES;\n[...]\n\nSo instead of sk_msg_free_partial we can do sk_msg_free here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56633",
"url": "https://www.suse.com/security/cve/CVE-2024-56633"
},
{
"category": "external",
"summary": "SUSE Bug 1235485 for CVE-2024-56633",
"url": "https://bugzilla.suse.com/1235485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56633"
},
{
"cve": "CVE-2024-56638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_inner: incorrect percpu area handling under softirq\n\nSoftirq can interrupt ongoing packet from process context that is\nwalking over the percpu area that contains inner header offsets.\n\nDisable bh and perform three checks before restoring the percpu inner\nheader offsets to validate that the percpu area is valid for this\nskbuff:\n\n1) If the NFT_PKTINFO_INNER_FULL flag is set on, then this skbuff\n has already been parsed before for inner header fetching to\n register.\n\n2) Validate that the percpu area refers to this skbuff using the\n skbuff pointer as a cookie. If there is a cookie mismatch, then\n this skbuff needs to be parsed again.\n\n3) Finally, validate if the percpu area refers to this tunnel type.\n\nOnly after these three checks the percpu area is restored to a on-stack\ncopy and bh is enabled again.\n\nAfter inner header fetching, the on-stack copy is stored back to the\npercpu area.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56638",
"url": "https://www.suse.com/security/cve/CVE-2024-56638"
},
{
"category": "external",
"summary": "SUSE Bug 1235524 for CVE-2024-56638",
"url": "https://bugzilla.suse.com/1235524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56638"
},
{
"cve": "CVE-2024-56640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix LGR and link use-after-free issue\n\nWe encountered a LGR/link use-after-free issue, which manifested as\nthe LGR/link refcnt reaching 0 early and entering the clear process,\nmaking resource access unsafe.\n\n refcount_t: addition on 0; use-after-free.\n WARNING: CPU: 14 PID: 107447 at lib/refcount.c:25 refcount_warn_saturate+0x9c/0x140\n Workqueue: events smc_lgr_terminate_work [smc]\n Call trace:\n refcount_warn_saturate+0x9c/0x140\n __smc_lgr_terminate.part.45+0x2a8/0x370 [smc]\n smc_lgr_terminate_work+0x28/0x30 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nor\n\n refcount_t: underflow; use-after-free.\n WARNING: CPU: 6 PID: 93140 at lib/refcount.c:28 refcount_warn_saturate+0xf0/0x140\n Workqueue: smc_hs_wq smc_listen_work [smc]\n Call trace:\n refcount_warn_saturate+0xf0/0x140\n smcr_link_put+0x1cc/0x1d8 [smc]\n smc_conn_free+0x110/0x1b0 [smc]\n smc_conn_abort+0x50/0x60 [smc]\n smc_listen_find_device+0x75c/0x790 [smc]\n smc_listen_work+0x368/0x8a0 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nIt is caused by repeated release of LGR/link refcnt. One suspect is that\nsmc_conn_free() is called repeatedly because some smc_conn_free() from\nserver listening path are not protected by sock lock.\n\ne.g.\n\nCalls under socklock | smc_listen_work\n-------------------------------------------------------\nlock_sock(sk) | smc_conn_abort\nsmc_conn_free | \\- smc_conn_free\n\\- smcr_link_put | \\- smcr_link_put (duplicated)\nrelease_sock(sk)\n\nSo here add sock lock protection in smc_listen_work() path, making it\nexclusive with other connection operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56640",
"url": "https://www.suse.com/security/cve/CVE-2024-56640"
},
{
"category": "external",
"summary": "SUSE Bug 1235436 for CVE-2024-56640",
"url": "https://bugzilla.suse.com/1235436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56640"
},
{
"cve": "CVE-2024-56647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix icmp host relookup triggering ip_rt_bug\n\narp link failure may trigger ip_rt_bug while xfrm enabled, call trace is:\n\nWARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20\nModules linked in:\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:ip_rt_bug+0x14/0x20\nCall Trace:\n \u003cIRQ\u003e\n ip_send_skb+0x14/0x40\n __icmp_send+0x42d/0x6a0\n ipv4_link_failure+0xe2/0x1d0\n arp_error_report+0x3c/0x50\n neigh_invalidate+0x8d/0x100\n neigh_timer_handler+0x2e1/0x330\n call_timer_fn+0x21/0x120\n __run_timer_base.part.0+0x1c9/0x270\n run_timer_softirq+0x4c/0x80\n handle_softirqs+0xac/0x280\n irq_exit_rcu+0x62/0x80\n sysvec_apic_timer_interrupt+0x77/0x90\n\nThe script below reproduces this scenario:\nip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \\\n\tdir out priority 0 ptype main flag localok icmp\nip l a veth1 type veth\nip a a 192.168.141.111/24 dev veth0\nip l s veth0 up\nping 192.168.141.155 -c 1\n\nicmp_route_lookup() create input routes for locally generated packets\nwhile xfrm relookup ICMP traffic.Then it will set input route\n(dst-\u003eout = ip_rt_bug) to skb for DESTUNREACH.\n\nFor ICMP err triggered by locally generated packets, dst-\u003edev of output\nroute is loopback. Generally, xfrm relookup verification is not required\non loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1).\n\nSkip icmp relookup for locally generated packets to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56647",
"url": "https://www.suse.com/security/cve/CVE-2024-56647"
},
{
"category": "external",
"summary": "SUSE Bug 1235435 for CVE-2024-56647",
"url": "https://bugzilla.suse.com/1235435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56647"
},
{
"cve": "CVE-2024-56658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: defer final \u0027struct net\u0027 free in netns dismantle\n\nIlya reported a slab-use-after-free in dst_destroy [1]\n\nIssue is in xfrm6_net_init() and xfrm4_net_init() :\n\nThey copy xfrm[46]_dst_ops_template into net-\u003exfrm.xfrm[46]_dst_ops.\n\nBut net structure might be freed before all the dst callbacks are\ncalled. So when dst_destroy() calls later :\n\nif (dst-\u003eops-\u003edestroy)\n dst-\u003eops-\u003edestroy(dst);\n\ndst-\u003eops points to the old net-\u003exfrm.xfrm[46]_dst_ops, which has been freed.\n\nSee a relevant issue fixed in :\n\nac888d58869b (\"net: do not delay dst_entries_add() in dst_release()\")\n\nA fix is to queue the \u0027struct net\u0027 to be freed after one\nanother cleanup_net() round (and existing rcu_barrier())\n\n[1]\n\nBUG: KASAN: slab-use-after-free in dst_destroy (net/core/dst.c:112)\nRead of size 8 at addr ffff8882137ccab0 by task swapper/37/0\nDec 03 05:46:18 kernel:\nCPU: 37 UID: 0 PID: 0 Comm: swapper/37 Kdump: loaded Not tainted 6.12.0 #67\nHardware name: Red Hat KVM/RHEL, BIOS 1.16.1-1.el9 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\ndump_stack_lvl (lib/dump_stack.c:124)\nprint_address_description.constprop.0 (mm/kasan/report.c:378)\n? dst_destroy (net/core/dst.c:112)\nprint_report (mm/kasan/report.c:489)\n? dst_destroy (net/core/dst.c:112)\n? kasan_addr_to_slab (mm/kasan/common.c:37)\nkasan_report (mm/kasan/report.c:603)\n? dst_destroy (net/core/dst.c:112)\n? rcu_do_batch (kernel/rcu/tree.c:2567)\ndst_destroy (net/core/dst.c:112)\nrcu_do_batch (kernel/rcu/tree.c:2567)\n? __pfx_rcu_do_batch (kernel/rcu/tree.c:2491)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4339 kernel/locking/lockdep.c:4406)\nrcu_core (kernel/rcu/tree.c:2825)\nhandle_softirqs (kernel/softirq.c:554)\n__irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637)\nirq_exit_rcu (kernel/softirq.c:651)\nsysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1049 arch/x86/kernel/apic/apic.c:1049)\n \u003c/IRQ\u003e\n \u003cTASK\u003e\nasm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702)\nRIP: 0010:default_idle (./arch/x86/include/asm/irqflags.h:37 ./arch/x86/include/asm/irqflags.h:92 arch/x86/kernel/process.c:743)\nCode: 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 6e ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 0f 00 2d c7 c9 27 00 fb f4 \u003cfa\u003e c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90\nRSP: 0018:ffff888100d2fe00 EFLAGS: 00000246\nRAX: 00000000001870ed RBX: 1ffff110201a5fc2 RCX: ffffffffb61a3e46\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffb3d4d123\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed11c7e1835d\nR10: ffff888e3f0c1aeb R11: 0000000000000000 R12: 0000000000000000\nR13: ffff888100d20000 R14: dffffc0000000000 R15: 0000000000000000\n? ct_kernel_exit.constprop.0 (kernel/context_tracking.c:148)\n? cpuidle_idle_call (kernel/sched/idle.c:186)\ndefault_idle_call (./include/linux/cpuidle.h:143 kernel/sched/idle.c:118)\ncpuidle_idle_call (kernel/sched/idle.c:186)\n? __pfx_cpuidle_idle_call (kernel/sched/idle.c:168)\n? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406)\n? tsc_verify_tsc_adjust (arch/x86/kernel/tsc_sync.c:59)\ndo_idle (kernel/sched/idle.c:326)\ncpu_startup_entry (kernel/sched/idle.c:423 (discriminator 1))\nstart_secondary (arch/x86/kernel/smpboot.c:202 arch/x86/kernel/smpboot.c:282)\n? __pfx_start_secondary (arch/x86/kernel/smpboot.c:232)\n? soft_restart_cpu (arch/x86/kernel/head_64.S:452)\ncommon_startup_64 (arch/x86/kernel/head_64.S:414)\n \u003c/TASK\u003e\nDec 03 05:46:18 kernel:\nAllocated by task 12184:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69)\n__kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\nkmem_cache_alloc_noprof (mm/slub.c:4085 mm/slub.c:4134 mm/slub.c:4141)\ncopy_net_ns (net/core/net_namespace.c:421 net/core/net_namespace.c:480)\ncreate_new_namespaces\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56658",
"url": "https://www.suse.com/security/cve/CVE-2024-56658"
},
{
"category": "external",
"summary": "SUSE Bug 1235441 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "external",
"summary": "SUSE Bug 1235442 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-56658"
},
{
"cve": "CVE-2024-56702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Mark raw_tp arguments with PTR_MAYBE_NULL\n\nArguments to a raw tracepoint are tagged as trusted, which carries the\nsemantics that the pointer will be non-NULL. However, in certain cases,\na raw tracepoint argument may end up being NULL. More context about this\nissue is available in [0].\n\nThus, there is a discrepancy between the reality, that raw_tp arguments\ncan actually be NULL, and the verifier\u0027s knowledge, that they are never\nNULL, causing explicit NULL checks to be deleted, and accesses to such\npointers potentially crashing the kernel.\n\nTo fix this, mark raw_tp arguments as PTR_MAYBE_NULL, and then special\ncase the dereference and pointer arithmetic to permit it, and allow\npassing them into helpers/kfuncs; these exceptions are made for raw_tp\nprograms only. Ensure that we don\u0027t do this when ref_obj_id \u003e 0, as in\nthat case this is an acquired object and doesn\u0027t need such adjustment.\n\nThe reason we do mask_raw_tp_trusted_reg logic is because other will\nrecheck in places whether the register is a trusted_reg, and then\nconsider our register as untrusted when detecting the presence of the\nPTR_MAYBE_NULL flag.\n\nTo allow safe dereference, we enable PROBE_MEM marking when we see loads\ninto trusted pointers with PTR_MAYBE_NULL.\n\nWhile trusted raw_tp arguments can also be passed into helpers or kfuncs\nwhere such broken assumption may cause issues, a future patch set will\ntackle their case separately, as PTR_TO_BTF_ID (without PTR_TRUSTED) can\nalready be passed into helpers and causes similar problems. Thus, they\nare left alone for now.\n\nIt is possible that these checks also permit passing non-raw_tp args\nthat are trusted PTR_TO_BTF_ID with null marking. In such a case,\nallowing dereference when pointer is NULL expands allowed behavior, so\nwon\u0027t regress existing programs, and the case of passing these into\nhelpers is the same as above and will be dealt with later.\n\nAlso update the failure case in tp_btf_nullable selftest to capture the\nnew behavior, as the verifier will no longer cause an error when\ndirectly dereference a raw tracepoint argument marked as __nullable.\n\n [0]: https://lore.kernel.org/bpf/ZrCZS6nisraEqehw@jlelli-thinkpadt14gen4.remote.csb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56702",
"url": "https://www.suse.com/security/cve/CVE-2024-56702"
},
{
"category": "external",
"summary": "SUSE Bug 1235501 for CVE-2024-56702",
"url": "https://bugzilla.suse.com/1235501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56702"
},
{
"cve": "CVE-2024-56703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix soft lockups in fib6_select_path under high next hop churn\n\nSoft lockups have been observed on a cluster of Linux-based edge routers\nlocated in a highly dynamic environment. Using the `bird` service, these\nrouters continuously update BGP-advertised routes due to frequently\nchanging nexthop destinations, while also managing significant IPv6\ntraffic. The lockups occur during the traversal of the multipath\ncircular linked-list in the `fib6_select_path` function, particularly\nwhile iterating through the siblings in the list. The issue typically\narises when the nodes of the linked list are unexpectedly deleted\nconcurrently on a different core\u2014indicated by their \u0027next\u0027 and\n\u0027previous\u0027 elements pointing back to the node itself and their reference\ncount dropping to zero. This results in an infinite loop, leading to a\nsoft lockup that triggers a system panic via the watchdog timer.\n\nApply RCU primitives in the problematic code sections to resolve the\nissue. Where necessary, update the references to fib6_siblings to\nannotate or use the RCU APIs.\n\nInclude a test script that reproduces the issue. The script\nperiodically updates the routing table while generating a heavy load\nof outgoing IPv6 traffic through multiple iperf3 clients. It\nconsistently induces infinite soft lockups within a couple of minutes.\n\nKernel log:\n\n 0 [ffffbd13003e8d30] machine_kexec at ffffffff8ceaf3eb\n 1 [ffffbd13003e8d90] __crash_kexec at ffffffff8d0120e3\n 2 [ffffbd13003e8e58] panic at ffffffff8cef65d4\n 3 [ffffbd13003e8ed8] watchdog_timer_fn at ffffffff8d05cb03\n 4 [ffffbd13003e8f08] __hrtimer_run_queues at ffffffff8cfec62f\n 5 [ffffbd13003e8f70] hrtimer_interrupt at ffffffff8cfed756\n 6 [ffffbd13003e8fd0] __sysvec_apic_timer_interrupt at ffffffff8cea01af\n 7 [ffffbd13003e8ff0] sysvec_apic_timer_interrupt at ffffffff8df1b83d\n-- \u003cIRQ stack\u003e --\n 8 [ffffbd13003d3708] asm_sysvec_apic_timer_interrupt at ffffffff8e000ecb\n [exception RIP: fib6_select_path+299]\n RIP: ffffffff8ddafe7b RSP: ffffbd13003d37b8 RFLAGS: 00000287\n RAX: ffff975850b43600 RBX: ffff975850b40200 RCX: 0000000000000000\n RDX: 000000003fffffff RSI: 0000000051d383e4 RDI: ffff975850b43618\n RBP: ffffbd13003d3800 R8: 0000000000000000 R9: ffff975850b40200\n R10: 0000000000000000 R11: 0000000000000000 R12: ffffbd13003d3830\n R13: ffff975850b436a8 R14: ffff975850b43600 R15: 0000000000000007\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n 9 [ffffbd13003d3808] ip6_pol_route at ffffffff8ddb030c\n10 [ffffbd13003d3888] ip6_pol_route_input at ffffffff8ddb068c\n11 [ffffbd13003d3898] fib6_rule_lookup at ffffffff8ddf02b5\n12 [ffffbd13003d3928] ip6_route_input at ffffffff8ddb0f47\n13 [ffffbd13003d3a18] ip6_rcv_finish_core.constprop.0 at ffffffff8dd950d0\n14 [ffffbd13003d3a30] ip6_list_rcv_finish.constprop.0 at ffffffff8dd96274\n15 [ffffbd13003d3a98] ip6_sublist_rcv at ffffffff8dd96474\n16 [ffffbd13003d3af8] ipv6_list_rcv at ffffffff8dd96615\n17 [ffffbd13003d3b60] __netif_receive_skb_list_core at ffffffff8dc16fec\n18 [ffffbd13003d3be0] netif_receive_skb_list_internal at ffffffff8dc176b3\n19 [ffffbd13003d3c50] napi_gro_receive at ffffffff8dc565b9\n20 [ffffbd13003d3c80] ice_receive_skb at ffffffffc087e4f5 [ice]\n21 [ffffbd13003d3c90] ice_clean_rx_irq at ffffffffc0881b80 [ice]\n22 [ffffbd13003d3d20] ice_napi_poll at ffffffffc088232f [ice]\n23 [ffffbd13003d3d80] __napi_poll at ffffffff8dc18000\n24 [ffffbd13003d3db8] net_rx_action at ffffffff8dc18581\n25 [ffffbd13003d3e40] __do_softirq at ffffffff8df352e9\n26 [ffffbd13003d3eb0] run_ksoftirqd at ffffffff8ceffe47\n27 [ffffbd13003d3ec0] smpboot_thread_fn at ffffffff8cf36a30\n28 [ffffbd13003d3ee8] kthread at ffffffff8cf2b39f\n29 [ffffbd13003d3f28] ret_from_fork at ffffffff8ce5fa64\n30 [ffffbd13003d3f50] ret_from_fork_asm at ffffffff8ce03cbb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56703",
"url": "https://www.suse.com/security/cve/CVE-2024-56703"
},
{
"category": "external",
"summary": "SUSE Bug 1235455 for CVE-2024-56703",
"url": "https://bugzilla.suse.com/1235455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56703"
},
{
"cve": "CVE-2024-56718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: protect link down work from execute after lgr freed\n\nlink down work may be scheduled before lgr freed but execute\nafter lgr freed, which may result in crash. So it is need to\nhold a reference before shedule link down work, and put the\nreference after work executed or canceled.\n\nThe relevant crash call stack as follows:\n list_del corruption. prev-\u003enext should be ffffb638c9c0fe20,\n but was 0000000000000000\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:51!\n invalid opcode: 0000 [#1] SMP NOPTI\n CPU: 6 PID: 978112 Comm: kworker/6:119 Kdump: loaded Tainted: G #1\n Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 2221b89 04/01/2014\n Workqueue: events smc_link_down_work [smc]\n RIP: 0010:__list_del_entry_valid.cold+0x31/0x47\n RSP: 0018:ffffb638c9c0fdd8 EFLAGS: 00010086\n RAX: 0000000000000054 RBX: ffff942fb75e5128 RCX: 0000000000000000\n RDX: ffff943520930aa0 RSI: ffff94352091fc80 RDI: ffff94352091fc80\n RBP: 0000000000000000 R08: 0000000000000000 R09: ffffb638c9c0fc38\n R10: ffffb638c9c0fc30 R11: ffffffffa015eb28 R12: 0000000000000002\n R13: ffffb638c9c0fe20 R14: 0000000000000001 R15: ffff942f9cd051c0\n FS: 0000000000000000(0000) GS:ffff943520900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f4f25214000 CR3: 000000025fbae004 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n rwsem_down_write_slowpath+0x17e/0x470\n smc_link_down_work+0x3c/0x60 [smc]\n process_one_work+0x1ac/0x350\n worker_thread+0x49/0x2f0\n ? rescuer_thread+0x360/0x360\n kthread+0x118/0x140\n ? __kthread_bind_mask+0x60/0x60\n ret_from_fork+0x1f/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56718",
"url": "https://www.suse.com/security/cve/CVE-2024-56718"
},
{
"category": "external",
"summary": "SUSE Bug 1235589 for CVE-2024-56718",
"url": "https://bugzilla.suse.com/1235589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56718"
},
{
"cve": "CVE-2024-56719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: fix TSO DMA API usage causing oops\n\nCommit 66600fac7a98 (\"net: stmmac: TSO: Fix unbalanced DMA map/unmap\nfor non-paged SKB data\") moved the assignment of tx_skbuff_dma[]\u0027s\nmembers to be later in stmmac_tso_xmit().\n\nThe buf (dma cookie) and len stored in this structure are passed to\ndma_unmap_single() by stmmac_tx_clean(). The DMA API requires that\nthe dma cookie passed to dma_unmap_single() is the same as the value\nreturned from dma_map_single(). However, by moving the assignment\nlater, this is not the case when priv-\u003edma_cap.addr64 \u003e 32 as \"des\"\nis offset by proto_hdr_len.\n\nThis causes problems such as:\n\n dwc-eth-dwmac 2490000.ethernet eth0: Tx DMA map failed\n\nand with DMA_API_DEBUG enabled:\n\n DMA-API: dwc-eth-dwmac 2490000.ethernet: device driver tries to +free DMA memory it has not allocated [device address=0x000000ffffcf65c0] [size=66 bytes]\n\nFix this by maintaining \"des\" as the original DMA cookie, and use\ntso_des to pass the offset DMA cookie to stmmac_tso_allocator().\n\nFull details of the crashes can be found at:\nhttps://lore.kernel.org/all/d8112193-0386-4e14-b516-37c2d838171a@nvidia.com/\nhttps://lore.kernel.org/all/klkzp5yn5kq5efgtrow6wbvnc46bcqfxs65nz3qy77ujr5turc@bwwhelz2l4dw/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56719",
"url": "https://www.suse.com/security/cve/CVE-2024-56719"
},
{
"category": "external",
"summary": "SUSE Bug 1235591 for CVE-2024-56719",
"url": "https://bugzilla.suse.com/1235591"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56719"
},
{
"cve": "CVE-2024-56720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56720"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Several fixes to bpf_msg_pop_data\n\nSeveral fixes to bpf_msg_pop_data,\n1. In sk_msg_shift_left, we should put_page\n2. if (len == 0), return early is better\n3. pop the entire sk_msg (last == msg-\u003esg.size) should be supported\n4. Fix for the value of variable \"a\"\n5. In sk_msg_shift_left, after shifting, i has already pointed to the next\nelement. Addtional sk_msg_iter_var_next may result in BUG.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56720",
"url": "https://www.suse.com/security/cve/CVE-2024-56720"
},
{
"category": "external",
"summary": "SUSE Bug 1235592 for CVE-2024-56720",
"url": "https://bugzilla.suse.com/1235592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56720"
},
{
"cve": "CVE-2024-56751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56751"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: release nexthop on device removal\n\nThe CI is hitting some aperiodic hangup at device removal time in the\npmtu.sh self-test:\n\nunregister_netdevice: waiting for veth_A-R1 to become free. Usage count = 6\nref_tracker: veth_A-R1@ffff888013df15d8 has 1/5 users at\n\tdst_init+0x84/0x4a0\n\tdst_alloc+0x97/0x150\n\tip6_dst_alloc+0x23/0x90\n\tip6_rt_pcpu_alloc+0x1e6/0x520\n\tip6_pol_route+0x56f/0x840\n\tfib6_rule_lookup+0x334/0x630\n\tip6_route_output_flags+0x259/0x480\n\tip6_dst_lookup_tail.constprop.0+0x5c2/0x940\n\tip6_dst_lookup_flow+0x88/0x190\n\tudp_tunnel6_dst_lookup+0x2a7/0x4c0\n\tvxlan_xmit_one+0xbde/0x4a50 [vxlan]\n\tvxlan_xmit+0x9ad/0xf20 [vxlan]\n\tdev_hard_start_xmit+0x10e/0x360\n\t__dev_queue_xmit+0xf95/0x18c0\n\tarp_solicit+0x4a2/0xe00\n\tneigh_probe+0xaa/0xf0\n\nWhile the first suspect is the dst_cache, explicitly tracking the dst\nowing the last device reference via probes proved such dst is held by\nthe nexthop in the originating fib6_info.\n\nSimilar to commit f5b51fe804ec (\"ipv6: route: purge exception on\nremoval\"), we need to explicitly release the originating fib info when\ndisconnecting a to-be-removed device from a live ipv6 dst: move the\nfib6_info cleanup into ip6_dst_ifdown().\n\nTested running:\n\n./pmtu.sh cleanup_ipv6_exception\n\nin a tight loop for more than 400 iterations with no spat, running an\nunpatched kernel I observed a splat every ~10 iterations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56751",
"url": "https://www.suse.com/security/cve/CVE-2024-56751"
},
{
"category": "external",
"summary": "SUSE Bug 1234936 for CVE-2024-56751",
"url": "https://bugzilla.suse.com/1234936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56751"
},
{
"cve": "CVE-2024-56758",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56758"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: check folio mapping after unlock in relocate_one_folio()\n\nWhen we call btrfs_read_folio() to bring a folio uptodate, we unlock the\nfolio. The result of that is that a different thread can modify the\nmapping (like remove it with invalidate) before we call folio_lock().\nThis results in an invalid page and we need to try again.\n\nIn particular, if we are relocating concurrently with aborting a\ntransaction, this can result in a crash like the following:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP\n CPU: 76 PID: 1411631 Comm: kworker/u322:5\n Workqueue: events_unbound btrfs_reclaim_bgs_work\n RIP: 0010:set_page_extent_mapped+0x20/0xb0\n RSP: 0018:ffffc900516a7be8 EFLAGS: 00010246\n RAX: ffffea009e851d08 RBX: ffffea009e0b1880 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffffc900516a7b90 RDI: ffffea009e0b1880\n RBP: 0000000003573000 R08: 0000000000000001 R09: ffff88c07fd2f3f0\n R10: 0000000000000000 R11: 0000194754b575be R12: 0000000003572000\n R13: 0000000003572fff R14: 0000000000100cca R15: 0000000005582fff\n FS: 0000000000000000(0000) GS:ffff88c07fd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 000000407d00f002 CR4: 00000000007706f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x78/0xc0\n ? page_fault_oops+0x2a8/0x3a0\n ? __switch_to+0x133/0x530\n ? wq_worker_running+0xa/0x40\n ? exc_page_fault+0x63/0x130\n ? asm_exc_page_fault+0x22/0x30\n ? set_page_extent_mapped+0x20/0xb0\n relocate_file_extent_cluster+0x1a7/0x940\n relocate_data_extent+0xaf/0x120\n relocate_block_group+0x20f/0x480\n btrfs_relocate_block_group+0x152/0x320\n btrfs_relocate_chunk+0x3d/0x120\n btrfs_reclaim_bgs_work+0x2ae/0x4e0\n process_scheduled_works+0x184/0x370\n worker_thread+0xc6/0x3e0\n ? blk_add_timer+0xb0/0xb0\n kthread+0xae/0xe0\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork+0x2f/0x40\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n\nThis occurs because cleanup_one_transaction() calls\ndestroy_delalloc_inodes() which calls invalidate_inode_pages2() which\ntakes the folio_lock before setting mapping to NULL. We fail to check\nthis, and subsequently call set_extent_mapping(), which assumes that\nmapping != NULL (in fact it asserts that in debug mode)\n\nNote that the \"fixes\" patch here is not the one that introduced the\nrace (the very first iteration of this code from 2009) but a more recent\nchange that made this particular crash happen in practice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56758",
"url": "https://www.suse.com/security/cve/CVE-2024-56758"
},
{
"category": "external",
"summary": "SUSE Bug 1235621 for CVE-2024-56758",
"url": "https://bugzilla.suse.com/1235621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56758"
},
{
"cve": "CVE-2024-56770",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56770"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: netem: account for backlog updates from child qdisc\n\nIn general, \u0027qlen\u0027 of any classful qdisc should keep track of the\nnumber of packets that the qdisc itself and all of its children holds.\nIn case of netem, \u0027qlen\u0027 only accounts for the packets in its internal\ntfifo. When netem is used with a child qdisc, the child qdisc can use\n\u0027qdisc_tree_reduce_backlog\u0027 to inform its parent, netem, about created\nor dropped SKBs. This function updates \u0027qlen\u0027 and the backlog statistics\nof netem, but netem does not account for changes made by a child qdisc.\n\u0027qlen\u0027 then indicates the wrong number of packets in the tfifo.\nIf a child qdisc creates new SKBs during enqueue and informs its parent\nabout this, netem\u0027s \u0027qlen\u0027 value is increased. When netem dequeues the\nnewly created SKBs from the child, the \u0027qlen\u0027 in netem is not updated.\nIf \u0027qlen\u0027 reaches the configured sch-\u003elimit, the enqueue function stops\nworking, even though the tfifo is not full.\n\nReproduce the bug:\nEnsure that the sender machine has GSO enabled. Configure netem as root\nqdisc and tbf as its child on the outgoing interface of the machine\nas follows:\n$ tc qdisc add dev \u003coif\u003e root handle 1: netem delay 100ms limit 100\n$ tc qdisc add dev \u003coif\u003e parent 1:0 tbf rate 50Mbit burst 1542 latency 50ms\n\nSend bulk TCP traffic out via this interface, e.g., by running an iPerf3\nclient on the machine. Check the qdisc statistics:\n$ tc -s qdisc show dev \u003coif\u003e\n\nStatistics after 10s of iPerf3 TCP test before the fix (note that\nnetem\u0027s backlog \u003e limit, netem stopped accepting packets):\nqdisc netem 1: root refcnt 2 limit 1000 delay 100ms\n Sent 2767766 bytes 1848 pkt (dropped 652, overlimits 0 requeues 0)\n backlog 4294528236b 1155p requeues 0\nqdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms\n Sent 2767766 bytes 1848 pkt (dropped 327, overlimits 7601 requeues 0)\n backlog 0b 0p requeues 0\n\nStatistics after the fix:\nqdisc netem 1: root refcnt 2 limit 1000 delay 100ms\n Sent 37766372 bytes 24974 pkt (dropped 9, overlimits 0 requeues 0)\n backlog 0b 0p requeues 0\nqdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms\n Sent 37766372 bytes 24974 pkt (dropped 327, overlimits 96017 requeues 0)\n backlog 0b 0p requeues 0\n\ntbf segments the GSO SKBs (tbf_segment) and updates the netem\u0027s \u0027qlen\u0027.\nThe interface fully stops transferring packets and \"locks\". In this case,\nthe child qdisc and tfifo are empty, but \u0027qlen\u0027 indicates the tfifo is at\nits limit and no more packets are accepted.\n\nThis patch adds a counter for the entries in the tfifo. Netem\u0027s \u0027qlen\u0027 is\nonly decreased when a packet is returned by its dequeue function, and not\nduring enqueuing into the child qdisc. External updates to \u0027qlen\u0027 are thus\naccounted for and only the behavior of the backlog statistics changes. As\nin other qdiscs, \u0027qlen\u0027 then keeps track of how many packets are held in\nnetem and all of its children. As before, sch-\u003elimit remains as the\nmaximum number of packets in the tfifo. The same applies to netem\u0027s\nbacklog statistics.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56770",
"url": "https://www.suse.com/security/cve/CVE-2024-56770"
},
{
"category": "external",
"summary": "SUSE Bug 1235637 for CVE-2024-56770",
"url": "https://bugzilla.suse.com/1235637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56770"
},
{
"cve": "CVE-2024-57807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57807"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: megaraid_sas: Fix for a potential deadlock\n\nThis fixes a \u0027possible circular locking dependency detected\u0027 warning\n CPU0 CPU1\n ---- ----\n lock(\u0026instance-\u003ereset_mutex);\n lock(\u0026shost-\u003escan_mutex);\n lock(\u0026instance-\u003ereset_mutex);\n lock(\u0026shost-\u003escan_mutex);\n\nFix this by temporarily releasing the reset_mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57807",
"url": "https://www.suse.com/security/cve/CVE-2024-57807"
},
{
"category": "external",
"summary": "SUSE Bug 1235761 for CVE-2024-57807",
"url": "https://bugzilla.suse.com/1235761"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57807"
},
{
"cve": "CVE-2024-57834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57834"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread\n\nsyzbot report a null-ptr-deref in vidtv_mux_stop_thread. [1]\n\nIf dvb-\u003emux is not initialized successfully by vidtv_mux_init() in the\nvidtv_start_streaming(), it will trigger null pointer dereference about mux\nin vidtv_mux_stop_thread().\n\nAdjust the timing of streaming initialization and check it before\nstopping it.\n\n[1]\nKASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f]\nCPU: 0 UID: 0 PID: 5842 Comm: syz-executor248 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:vidtv_mux_stop_thread+0x26/0x80 drivers/media/test-drivers/vidtv/vidtv_mux.c:471\nCode: 90 90 90 90 66 0f 1f 00 55 53 48 89 fb e8 82 2e c8 f9 48 8d bb 28 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c0f\u003e b6 04 02 84 c0 74 02 7e 3b 0f b6 ab 28 01 00 00 31 ff 89 ee e8\nRSP: 0018:ffffc90003f2faa8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff87cfb125\nRDX: 0000000000000025 RSI: ffffffff87d120ce RDI: 0000000000000128\nRBP: ffff888029b8d220 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000003 R12: ffff888029b8d188\nR13: ffffffff8f590aa0 R14: ffffc9000581c5c8 R15: ffff888029a17710\nFS: 00007f7eef5156c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f7eef5e635c CR3: 0000000076ca6000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vidtv_stop_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:209 [inline]\n vidtv_stop_feed+0x151/0x250 drivers/media/test-drivers/vidtv/vidtv_bridge.c:252\n dmx_section_feed_stop_filtering+0x90/0x160 drivers/media/dvb-core/dvb_demux.c:1000\n dvb_dmxdev_feed_stop.isra.0+0x1ee/0x270 drivers/media/dvb-core/dmxdev.c:486\n dvb_dmxdev_filter_stop+0x22a/0x3a0 drivers/media/dvb-core/dmxdev.c:559\n dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline]\n dvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246\n __fput+0x3f8/0xb60 fs/file_table.c:450\n task_work_run+0x14e/0x250 kernel/task_work.c:239\n get_signal+0x1d3/0x2610 kernel/signal.c:2790\n arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337\n exit_to_user_mode_loop kernel/entry/common.c:111 [inline]\n exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218\n do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57834",
"url": "https://www.suse.com/security/cve/CVE-2024-57834"
},
{
"category": "external",
"summary": "SUSE Bug 1238993 for CVE-2024-57834",
"url": "https://bugzilla.suse.com/1238993"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57834"
},
{
"cve": "CVE-2024-57882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57882"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix TCP options overflow.\n\nSyzbot reported the following splat:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 UID: 0 PID: 5836 Comm: sshd Not tainted 6.13.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\nRIP: 0010:_compound_head include/linux/page-flags.h:242 [inline]\nRIP: 0010:put_page+0x23/0x260 include/linux/mm.h:1552\nCode: 90 90 90 90 90 90 90 55 41 57 41 56 53 49 89 fe 48 bd 00 00 00 00 00 fc ff df e8 f8 5e 12 f8 49 8d 5e 08 48 89 d8 48 c1 e8 03 \u003c80\u003e 3c 28 00 74 08 48 89 df e8 8f c7 78 f8 48 8b 1b 48 89 de 48 83\nRSP: 0000:ffffc90003916c90 EFLAGS: 00010202\nRAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888030458000\nRDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: dffffc0000000000 R08: ffffffff898ca81d R09: 1ffff110054414ac\nR10: dffffc0000000000 R11: ffffed10054414ad R12: 0000000000000007\nR13: ffff88802a20a542 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f34f496e800(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f9d6ec9ec28 CR3: 000000004d260000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n skb_page_unref include/linux/skbuff_ref.h:43 [inline]\n __skb_frag_unref include/linux/skbuff_ref.h:56 [inline]\n skb_release_data+0x483/0x8a0 net/core/skbuff.c:1119\n skb_release_all net/core/skbuff.c:1190 [inline]\n __kfree_skb+0x55/0x70 net/core/skbuff.c:1204\n tcp_clean_rtx_queue net/ipv4/tcp_input.c:3436 [inline]\n tcp_ack+0x2442/0x6bc0 net/ipv4/tcp_input.c:4032\n tcp_rcv_state_process+0x8eb/0x44e0 net/ipv4/tcp_input.c:6805\n tcp_v4_do_rcv+0x77d/0xc70 net/ipv4/tcp_ipv4.c:1939\n tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2351\n ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n __netif_receive_skb_one_core net/core/dev.c:5672 [inline]\n __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5785\n process_backlog+0x662/0x15b0 net/core/dev.c:6117\n __napi_poll+0xcb/0x490 net/core/dev.c:6883\n napi_poll net/core/dev.c:6952 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:7074\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0x57/0xc0 arch/x86/kernel/apic/apic.c:1049\n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702\nRIP: 0033:0x7f34f4519ad5\nCode: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83\nRSP: 002b:00007ffec5b32ce0 EFLAGS: 00000246\nRAX: 0000000000000001 RBX: 00000000000668a0 RCX: 00007f34f4519ad5\nRDX: 00007ffec5b32d00 RSI: 0000000000000004 RDI: 0000564f4bc6cae0\nRBP: 0000564f4bc6b5a0 R08: 0000000000000008 R09: 0000000000000000\nR10: 00007ffec5b32de8 R11: 0000000000000246 R12: 0000564f48ea8aa4\nR13: 0000000000000001 R14: 0000564f48ea93e8 R15: 00007ffec5b32d68\n \u003c/TASK\u003e\n\nEric noted a probable shinfo-\u003enr_frags corruption, which indeed\noccurs.\n\nThe root cause is a buggy MPTCP option len computation in some\ncircumstances: the ADD_ADDR option should be mutually exclusive\nwith DSS since the blamed commit.\n\nStill, mptcp_established_options_add_addr() tries to set the\nrelevant info in mptcp_out_options, if \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57882",
"url": "https://www.suse.com/security/cve/CVE-2024-57882"
},
{
"category": "external",
"summary": "SUSE Bug 1235914 for CVE-2024-57882",
"url": "https://bugzilla.suse.com/1235914"
},
{
"category": "external",
"summary": "SUSE Bug 1235916 for CVE-2024-57882",
"url": "https://bugzilla.suse.com/1235916"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-57882"
},
{
"cve": "CVE-2024-57889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking\n\nIf a device uses MCP23xxx IO expander to receive IRQs, the following\nbug can happen:\n\n BUG: sleeping function called from invalid context\n at kernel/locking/mutex.c:283\n in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ...\n preempt_count: 1, expected: 0\n ...\n Call Trace:\n ...\n __might_resched+0x104/0x10e\n __might_sleep+0x3e/0x62\n mutex_lock+0x20/0x4c\n regmap_lock_mutex+0x10/0x18\n regmap_update_bits_base+0x2c/0x66\n mcp23s08_irq_set_type+0x1ae/0x1d6\n __irq_set_trigger+0x56/0x172\n __setup_irq+0x1e6/0x646\n request_threaded_irq+0xb6/0x160\n ...\n\nWe observed the problem while experimenting with a touchscreen driver which\nused MCP23017 IO expander (I2C).\n\nThe regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from\nconcurrent accesses, which is the default for regmaps without .fast_io,\n.disable_locking, etc.\n\nmcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter\nlocks the mutex.\n\nHowever, __setup_irq() locks desc-\u003elock spinlock before calling these\nfunctions. As a result, the system tries to lock the mutex whole holding\nthe spinlock.\n\nIt seems, the internal regmap locks are not needed in this driver at all.\nmcp-\u003elock seems to protect the regmap from concurrent accesses already,\nexcept, probably, in mcp_pinconf_get/set.\n\nmcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under\nchip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes\nmcp-\u003elock and enables regmap caching, so that the potentially slow I2C\naccesses are deferred until chip_bus_unlock().\n\nThe accesses to the regmap from mcp23s08_probe_one() do not need additional\nlocking.\n\nIn all remaining places where the regmap is accessed, except\nmcp_pinconf_get/set(), the driver already takes mcp-\u003elock.\n\nThis patch adds locking in mcp_pinconf_get/set() and disables internal\nlocking in the regmap config. Among other things, it fixes the sleeping\nin atomic context described above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57889",
"url": "https://www.suse.com/security/cve/CVE-2024-57889"
},
{
"category": "external",
"summary": "SUSE Bug 1236573 for CVE-2024-57889",
"url": "https://bugzilla.suse.com/1236573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57889"
},
{
"cve": "CVE-2024-57900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57900"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: serialize calls to nf_register_net_hooks()\n\nsyzbot found a race in ila_add_mapping() [1]\n\ncommit 031ae72825ce (\"ila: call nf_unregister_net_hooks() sooner\")\nattempted to fix a similar issue.\n\nLooking at the syzbot repro, we have concurrent ILA_CMD_ADD commands.\n\nAdd a mutex to make sure at most one thread is calling nf_register_net_hooks().\n\n[1]\n BUG: KASAN: slab-use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: slab-use-after-free in __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604\nRead of size 4 at addr ffff888028f40008 by task dhcpcd/5501\n\nCPU: 1 UID: 0 PID: 5501 Comm: dhcpcd Not tainted 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:489\n kasan_report+0xd9/0x110 mm/kasan/report.c:602\n rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:127 [inline]\n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n ila_nf_input+0x1ee/0x620 net/ipv6/ila/ila_xlat.c:185\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xbb/0x200 net/netfilter/core.c:626\n nf_hook.constprop.0+0x42e/0x750 include/linux/netfilter.h:269\n NF_HOOK include/linux/netfilter.h:312 [inline]\n ipv6_rcv+0xa4/0x680 net/ipv6/ip6_input.c:309\n __netif_receive_skb_one_core+0x12e/0x1e0 net/core/dev.c:5672\n __netif_receive_skb+0x1d/0x160 net/core/dev.c:5785\n process_backlog+0x443/0x15f0 net/core/dev.c:6117\n __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:6883\n napi_poll net/core/dev.c:6952 [inline]\n net_rx_action+0xa94/0x1010 net/core/dev.c:7074\n handle_softirqs+0x213/0x8f0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0x109/0x170 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57900",
"url": "https://www.suse.com/security/cve/CVE-2024-57900"
},
{
"category": "external",
"summary": "SUSE Bug 1235973 for CVE-2024-57900",
"url": "https://bugzilla.suse.com/1235973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57900"
},
{
"cve": "CVE-2024-57947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_set_pipapo: fix initial map fill\n\nThe initial buffer has to be inited to all-ones, but it must restrict\nit to the size of the first field, not the total field size.\n\nAfter each round in the map search step, the result and the fill map\nare swapped, so if we have a set where f-\u003ebsize of the first element\nis smaller than m-\u003ebsize_max, those one-bits are leaked into future\nrounds result map.\n\nThis makes pipapo find an incorrect matching results for sets where\nfirst field size is not the largest.\n\nFollowup patch adds a test case to nft_concat_range.sh selftest script.\n\nThanks to Stefano Brivio for pointing out that we need to zero out\nthe remainder explicitly, only correcting memset() argument isn\u0027t enough.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57947",
"url": "https://www.suse.com/security/cve/CVE-2024-57947"
},
{
"category": "external",
"summary": "SUSE Bug 1236333 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "external",
"summary": "SUSE Bug 1245799 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1245799"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-57947"
},
{
"cve": "CVE-2024-57948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: check local interfaces before deleting sdata list\n\nsyzkaller reported a corrupted list in ieee802154_if_remove. [1]\n\nRemove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4\nhardware device from the system.\n\nCPU0\t\t\t\t\tCPU1\n====\t\t\t\t\t====\ngenl_family_rcv_msg_doit\t\tieee802154_unregister_hw\nieee802154_del_iface\t\t\tieee802154_remove_interfaces\nrdev_del_virtual_intf_deprecated\tlist_del(\u0026sdata-\u003elist)\nieee802154_if_remove\nlist_del_rcu\n\nThe net device has been unregistered, since the rcu grace period,\nunregistration must be run before ieee802154_if_remove.\n\nTo avoid this issue, add a check for local-\u003einterfaces before deleting\nsdata list.\n\n[1]\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 UID: 0 PID: 6277 Comm: syz-executor157 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:__list_del_entry_valid_or_report+0xf4/0x140 lib/list_debug.c:56\nCode: e8 a1 7e 00 07 90 0f 0b 48 c7 c7 e0 37 60 8c 4c 89 fe e8 8f 7e 00 07 90 0f 0b 48 c7 c7 40 38 60 8c 4c 89 fe e8 7d 7e 00 07 90 \u003c0f\u003e 0b 48 c7 c7 a0 38 60 8c 4c 89 fe e8 6b 7e 00 07 90 0f 0b 48 c7\nRSP: 0018:ffffc9000490f3d0 EFLAGS: 00010246\nRAX: 000000000000004e RBX: dead000000000122 RCX: d211eee56bb28d00\nRDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\nRBP: ffff88805b278dd8 R08: ffffffff8174a12c R09: 1ffffffff2852f0d\nR10: dffffc0000000000 R11: fffffbfff2852f0e R12: dffffc0000000000\nR13: dffffc0000000000 R14: dead000000000100 R15: ffff88805b278cc0\nFS: 0000555572f94380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000056262e4a3000 CR3: 0000000078496000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __list_del_entry_valid include/linux/list.h:124 [inline]\n __list_del_entry include/linux/list.h:215 [inline]\n list_del_rcu include/linux/rculist.h:157 [inline]\n ieee802154_if_remove+0x86/0x1e0 net/mac802154/iface.c:687\n rdev_del_virtual_intf_deprecated net/ieee802154/rdev-ops.h:24 [inline]\n ieee802154_del_iface+0x2c0/0x5c0 net/ieee802154/nl-phy.c:323\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:744\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2607\n ___sys_sendmsg net/socket.c:2661 [inline]\n __sys_sendmsg+0x292/0x380 net/socket.c:2690\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57948",
"url": "https://www.suse.com/security/cve/CVE-2024-57948"
},
{
"category": "external",
"summary": "SUSE Bug 1236677 for CVE-2024-57948",
"url": "https://bugzilla.suse.com/1236677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57948"
},
{
"cve": "CVE-2024-57973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57973"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrdma/cxgb4: Prevent potential integer overflow on 32bit\n\nThe \"gl-\u003etot_len\" variable is controlled by the user. It comes from\nprocess_responses(). On 32bit systems, the \"gl-\u003etot_len + sizeof(struct\ncpl_pass_accept_req) + sizeof(struct rss_header)\" addition could have an\ninteger wrapping bug. Use size_add() to prevent this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57973",
"url": "https://www.suse.com/security/cve/CVE-2024-57973"
},
{
"category": "external",
"summary": "SUSE Bug 1238531 for CVE-2024-57973",
"url": "https://bugzilla.suse.com/1238531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57973"
},
{
"cve": "CVE-2024-57974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudp: Deal with race between UDP socket address change and rehash\n\nIf a UDP socket changes its local address while it\u0027s receiving\ndatagrams, as a result of connect(), there is a period during which\na lookup operation might fail to find it, after the address is changed\nbut before the secondary hash (port and address) and the four-tuple\nhash (local and remote ports and addresses) are updated.\n\nSecondary hash chains were introduced by commit 30fff9231fad (\"udp:\nbind() optimisation\") and, as a result, a rehash operation became\nneeded to make a bound socket reachable again after a connect().\n\nThis operation was introduced by commit 719f835853a9 (\"udp: add\nrehash on connect()\") which isn\u0027t however a complete fix: the\nsocket will be found once the rehashing completes, but not while\nit\u0027s pending.\n\nThis is noticeable with a socat(1) server in UDP4-LISTEN mode, and a\nclient sending datagrams to it. After the server receives the first\ndatagram (cf. _xioopen_ipdgram_listen()), it issues a connect() to\nthe address of the sender, in order to set up a directed flow.\n\nNow, if the client, running on a different CPU thread, happens to\nsend a (subsequent) datagram while the server\u0027s socket changes its\naddress, but is not rehashed yet, this will result in a failed\nlookup and a port unreachable error delivered to the client, as\napparent from the following reproducer:\n\n LEN=$(($(cat /proc/sys/net/core/wmem_default) / 4))\n dd if=/dev/urandom bs=1 count=${LEN} of=tmp.in\n\n while :; do\n \ttaskset -c 1 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,trunc \u0026\n \tsleep 0.1 || sleep 1\n \ttaskset -c 2 socat OPEN:tmp.in UDP4:localhost:1337,shut-null\n \twait\n done\n\nwhere the client will eventually get ECONNREFUSED on a write()\n(typically the second or third one of a given iteration):\n\n 2024/11/13 21:28:23 socat[46901] E write(6, 0x556db2e3c000, 8192): Connection refused\n\nThis issue was first observed as a seldom failure in Podman\u0027s tests\nchecking UDP functionality while using pasta(1) to connect the\ncontainer\u0027s network namespace, which leads us to a reproducer with\nthe lookup error resulting in an ICMP packet on a tap device:\n\n LOCAL_ADDR=\"$(ip -j -4 addr show|jq -rM \u0027.[] | .addr_info[0] | select(.scope == \"global\").local\u0027)\"\n\n while :; do\n \t./pasta --config-net -p pasta.pcap -u 1337 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,trunc \u0026\n \tsleep 0.2 || sleep 1\n \tsocat OPEN:tmp.in UDP4:${LOCAL_ADDR}:1337,shut-null\n \twait\n \tcmp tmp.in tmp.out\n done\n\nOnce this fails:\n\n tmp.in tmp.out differ: char 8193, line 29\n\nwe can finally have a look at what\u0027s going on:\n\n $ tshark -r pasta.pcap\n 1 0.000000 :: ? ff02::16 ICMPv6 110 Multicast Listener Report Message v2\n 2 0.168690 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 3 0.168767 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 4 0.168806 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 5 0.168827 c6:47:05:8d:dc:04 ? Broadcast ARP 42 Who has 88.198.0.161? Tell 88.198.0.164\n 6 0.168851 9a:55:9a:55:9a:55 ? c6:47:05:8d:dc:04 ARP 42 88.198.0.161 is at 9a:55:9a:55:9a:55\n 7 0.168875 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 8 0.168896 88.198.0.164 ? 88.198.0.161 ICMP 590 Destination unreachable (Port unreachable)\n 9 0.168926 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 10 0.168959 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 11 0.168989 88.198.0.161 ? 88.198.0.164 UDP 4138 60260 ? 1337 Len=4096\n 12 0.169010 88.198.0.161 ? 88.198.0.164 UDP 42 60260 ? 1337 Len=0\n\nOn the third datagram received, the network namespace of the container\ninitiates an ARP lookup to deliver the ICMP message.\n\nIn another variant of this reproducer, starting the client with:\n\n strace -f pasta --config-net -u 1337 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,tru\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57974",
"url": "https://www.suse.com/security/cve/CVE-2024-57974"
},
{
"category": "external",
"summary": "SUSE Bug 1238532 for CVE-2024-57974",
"url": "https://bugzilla.suse.com/1238532"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57974"
},
{
"cve": "CVE-2024-57978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Fix potential error pointer dereference in detach_pm()\n\nThe proble is on the first line:\n\n\tif (jpeg-\u003epd_dev[i] \u0026\u0026 !pm_runtime_suspended(jpeg-\u003epd_dev[i]))\n\nIf jpeg-\u003epd_dev[i] is an error pointer, then passing it to\npm_runtime_suspended() will lead to an Oops. The other conditions\ncheck for both error pointers and NULL, but it would be more clear to\nuse the IS_ERR_OR_NULL() check for that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57978",
"url": "https://www.suse.com/security/cve/CVE-2024-57978"
},
{
"category": "external",
"summary": "SUSE Bug 1238523 for CVE-2024-57978",
"url": "https://bugzilla.suse.com/1238523"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57978"
},
{
"cve": "CVE-2024-57979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57979"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npps: Fix a use-after-free\n\nOn a board running ntpd and gpsd, I\u0027m seeing a consistent use-after-free\nin sys_exit() from gpsd when rebooting:\n\n pps pps1: removed\n ------------[ cut here ]------------\n kobject: \u0027(null)\u0027 (00000000db4bec24): is not initialized, yet kobject_put() is being called.\n WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150\n CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1\n Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : kobject_put+0x120/0x150\n lr : kobject_put+0x120/0x150\n sp : ffffffc0803d3ae0\n x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001\n x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440\n x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600\n x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20\n x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000\n x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n kobject_put+0x120/0x150\n cdev_put+0x20/0x3c\n __fput+0x2c4/0x2d8\n ____fput+0x1c/0x38\n task_work_run+0x70/0xfc\n do_exit+0x2a0/0x924\n do_group_exit+0x34/0x90\n get_signal+0x7fc/0x8c0\n do_signal+0x128/0x13b4\n do_notify_resume+0xdc/0x160\n el0_svc+0xd4/0xf8\n el0t_64_sync_handler+0x140/0x14c\n el0t_64_sync+0x190/0x194\n ---[ end trace 0000000000000000 ]---\n\n...followed by more symptoms of corruption, with similar stacks:\n\n refcount_t: underflow; use-after-free.\n kernel BUG at lib/list_debug.c:62!\n Kernel panic - not syncing: Oops - BUG: Fatal exception\n\nThis happens because pps_device_destruct() frees the pps_device with the\nembedded cdev immediately after calling cdev_del(), but, as the comment\nabove cdev_del() notes, fops for previously opened cdevs are still\ncallable even after cdev_del() returns. I think this bug has always\nbeen there: I can\u0027t explain why it suddenly started happening every time\nI reboot this particular board.\n\nIn commit d953e0e837e6 (\"pps: Fix a use-after free bug when\nunregistering a source.\"), George Spelvin suggested removing the\nembedded cdev. That seems like the simplest way to fix this, so I\u0027ve\nimplemented his suggestion, using __register_chrdev() with pps_idr\nbecoming the source of truth for which minor corresponds to which\ndevice.\n\nBut now that pps_idr defines userspace visibility instead of cdev_add(),\nwe need to be sure the pps-\u003edev refcount can\u0027t reach zero while\nuserspace can still find it again. So, the idr_remove() call moves to\npps_unregister_cdev(), and pps_idr now holds a reference to pps-\u003edev.\n\n pps_core: source serial1 got cdev (251:1)\n \u003c...\u003e\n pps pps1: removed\n pps_core: unregistering pps1\n pps_core: deallocating pps1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57979",
"url": "https://www.suse.com/security/cve/CVE-2024-57979"
},
{
"category": "external",
"summary": "SUSE Bug 1238521 for CVE-2024-57979",
"url": "https://bugzilla.suse.com/1238521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57979"
},
{
"cve": "CVE-2024-57980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix double free in error path\n\nIf the uvc_status_init() function fails to allocate the int_urb, it will\nfree the dev-\u003estatus pointer but doesn\u0027t reset the pointer to NULL. This\nresults in the kfree() call in uvc_status_cleanup() trying to\ndouble-free the memory. Fix it by resetting the dev-\u003estatus pointer to\nNULL after freeing it.\n\nReviewed by: Ricardo Ribalda \u003cribalda@chromium.org\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57980",
"url": "https://www.suse.com/security/cve/CVE-2024-57980"
},
{
"category": "external",
"summary": "SUSE Bug 1237911 for CVE-2024-57980",
"url": "https://bugzilla.suse.com/1237911"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57980"
},
{
"cve": "CVE-2024-57981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Fix NULL pointer dereference on certain command aborts\n\nIf a command is queued to the final usable TRB of a ring segment, the\nenqueue pointer is advanced to the subsequent link TRB and no further.\nIf the command is later aborted, when the abort completion is handled\nthe dequeue pointer is advanced to the first TRB of the next segment.\n\nIf no further commands are queued, xhci_handle_stopped_cmd_ring() sees\nthe ring pointers unequal and assumes that there is a pending command,\nso it calls xhci_mod_cmd_timer() which crashes if cur_cmd was NULL.\n\nDon\u0027t attempt timer setup if cur_cmd is NULL. The subsequent doorbell\nring likely is unnecessary too, but it\u0027s harmless. Leave it alone.\n\nThis is probably Bug 219532, but no confirmation has been received.\n\nThe issue has been independently reproduced and confirmed fixed using\na USB MCU programmed to NAK the Status stage of SET_ADDRESS forever.\nEverything continued working normally after several prevented crashes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57981",
"url": "https://www.suse.com/security/cve/CVE-2024-57981"
},
{
"category": "external",
"summary": "SUSE Bug 1237912 for CVE-2024-57981",
"url": "https://bugzilla.suse.com/1237912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57981"
},
{
"cve": "CVE-2024-57986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57986"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: Fix assumption that Resolution Multipliers must be in Logical Collections\n\nA report in 2019 by the syzbot fuzzer was found to be connected to two\nerrors in the HID core associated with Resolution Multipliers. One of\nthe errors was fixed by commit ea427a222d8b (\"HID: core: Fix deadloop\nin hid_apply_multiplier.\"), but the other has not been fixed.\n\nThis error arises because hid_apply_multipler() assumes that every\nResolution Multiplier control is contained in a Logical Collection,\ni.e., there\u0027s no way the routine can ever set multiplier_collection to\nNULL. This is in spite of the fact that the function starts with a\nbig comment saying:\n\n\t * \"The Resolution Multiplier control must be contained in the same\n\t * Logical Collection as the control(s) to which it is to be applied.\n\t ...\n\t * If no Logical Collection is\n\t * defined, the Resolution Multiplier is associated with all\n\t * controls in the report.\"\n\t * HID Usage Table, v1.12, Section 4.3.1, p30\n\t *\n\t * Thus, search from the current collection upwards until we find a\n\t * logical collection...\n\nThe comment and the code overlook the possibility that none of the\ncollections found may be a Logical Collection.\n\nThe fix is to set the multiplier_collection pointer to NULL if the\ncollection found isn\u0027t a Logical Collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57986",
"url": "https://www.suse.com/security/cve/CVE-2024-57986"
},
{
"category": "external",
"summary": "SUSE Bug 1237907 for CVE-2024-57986",
"url": "https://bugzilla.suse.com/1237907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57986"
},
{
"cve": "CVE-2024-57990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57990"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925: fix off by one in mt7925_load_clc()\n\nThis comparison should be \u003e= instead of \u003e to prevent an out of bounds\nread and write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57990",
"url": "https://www.suse.com/security/cve/CVE-2024-57990"
},
{
"category": "external",
"summary": "SUSE Bug 1237900 for CVE-2024-57990",
"url": "https://bugzilla.suse.com/1237900"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57990"
},
{
"cve": "CVE-2024-57993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check\n\nsyzbot has found a type mismatch between a USB pipe and the transfer\nendpoint, which is triggered by the hid-thrustmaster driver[1].\nThere is a number of similar, already fixed issues [2].\nIn this case as in others, implementing check for endpoint type fixes the issue.\n\n[1] https://syzkaller.appspot.com/bug?extid=040e8b3db6a96908d470\n[2] https://syzkaller.appspot.com/bug?extid=348331f63b034f89b622",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57993",
"url": "https://www.suse.com/security/cve/CVE-2024-57993"
},
{
"category": "external",
"summary": "SUSE Bug 1237894 for CVE-2024-57993",
"url": "https://bugzilla.suse.com/1237894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57993"
},
{
"cve": "CVE-2024-57994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()\n\nJakub added a lockdep_assert_no_hardirq() check in __page_pool_put_page()\nto increase test coverage.\n\nsyzbot found a splat caused by hard irq blocking in\nptr_ring_resize_multiple() [1]\n\nAs current users of ptr_ring_resize_multiple() do not require\nhard irqs being masked, replace it to only block BH.\n\nRename helpers to better reflect they are safe against BH only.\n\n- ptr_ring_resize_multiple() to ptr_ring_resize_multiple_bh()\n- skb_array_resize_multiple() to skb_array_resize_multiple_bh()\n\n[1]\n\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 __page_pool_put_page net/core/page_pool.c:709 [inline]\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nModules linked in:\nCPU: 1 UID: 0 PID: 9150 Comm: syz.1.1052 Not tainted 6.11.0-rc3-syzkaller-00202-gf8669d7b5f5d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:__page_pool_put_page net/core/page_pool.c:709 [inline]\nRIP: 0010:page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nCode: 74 0e e8 7c aa fb f7 eb 43 e8 75 aa fb f7 eb 3c 65 8b 1d 38 a8 6a 76 31 ff 89 de e8 a3 ae fb f7 85 db 74 0b e8 5a aa fb f7 90 \u003c0f\u003e 0b 90 eb 1d 65 8b 1d 15 a8 6a 76 31 ff 89 de e8 84 ae fb f7 85\nRSP: 0018:ffffc9000bda6b58 EFLAGS: 00010083\nRAX: ffffffff8997e523 RBX: 0000000000000000 RCX: 0000000000040000\nRDX: ffffc9000fbd0000 RSI: 0000000000001842 RDI: 0000000000001843\nRBP: 0000000000000000 R08: ffffffff8997df2c R09: 1ffffd40003a000d\nR10: dffffc0000000000 R11: fffff940003a000e R12: ffffea0001d00040\nR13: ffff88802e8a4000 R14: dffffc0000000000 R15: 00000000ffffffff\nFS: 00007fb7aaf716c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fa15a0d4b72 CR3: 00000000561b0000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n tun_ptr_free drivers/net/tun.c:617 [inline]\n __ptr_ring_swap_queue include/linux/ptr_ring.h:571 [inline]\n ptr_ring_resize_multiple_noprof include/linux/ptr_ring.h:643 [inline]\n tun_queue_resize drivers/net/tun.c:3694 [inline]\n tun_device_event+0xaaf/0x1080 drivers/net/tun.c:3714\n notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93\n call_netdevice_notifiers_extack net/core/dev.c:2032 [inline]\n call_netdevice_notifiers net/core/dev.c:2046 [inline]\n dev_change_tx_queue_len+0x158/0x2a0 net/core/dev.c:9024\n do_setlink+0xff6/0x41f0 net/core/rtnetlink.c:2923\n rtnl_setlink+0x40d/0x5a0 net/core/rtnetlink.c:3201\n rtnetlink_rcv_msg+0x73f/0xcf0 net/core/rtnetlink.c:6647\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2550",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57994",
"url": "https://www.suse.com/security/cve/CVE-2024-57994"
},
{
"category": "external",
"summary": "SUSE Bug 1237901 for CVE-2024-57994",
"url": "https://bugzilla.suse.com/1237901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57994"
},
{
"cve": "CVE-2024-57996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: don\u0027t allow 1 packet limit\n\nThe current implementation does not work correctly with a limit of\n1. iproute2 actually checks for this and this patch adds the check in\nkernel as well.\n\nThis fixes the following syzkaller reported crash:\n\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:210:6\nindex 65535 is out of range for type \u0027struct sfq_head[128]\u0027\nCPU: 0 PID: 2569 Comm: syz-executor101 Not tainted 5.10.0-smp-DEV #1\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n __dump_stack lib/dump_stack.c:79 [inline]\n dump_stack+0x125/0x19f lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:148 [inline]\n __ubsan_handle_out_of_bounds+0xed/0x120 lib/ubsan.c:347\n sfq_link net/sched/sch_sfq.c:210 [inline]\n sfq_dec+0x528/0x600 net/sched/sch_sfq.c:238\n sfq_dequeue+0x39b/0x9d0 net/sched/sch_sfq.c:500\n sfq_reset+0x13/0x50 net/sched/sch_sfq.c:525\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n tbf_reset+0x3d/0x100 net/sched/sch_tbf.c:319\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n dev_reset_queue+0x8c/0x140 net/sched/sch_generic.c:1296\n netdev_for_each_tx_queue include/linux/netdevice.h:2350 [inline]\n dev_deactivate_many+0x6dc/0xc20 net/sched/sch_generic.c:1362\n __dev_close_many+0x214/0x350 net/core/dev.c:1468\n dev_close_many+0x207/0x510 net/core/dev.c:1506\n unregister_netdevice_many+0x40f/0x16b0 net/core/dev.c:10738\n unregister_netdevice_queue+0x2be/0x310 net/core/dev.c:10695\n unregister_netdevice include/linux/netdevice.h:2893 [inline]\n __tun_detach+0x6b6/0x1600 drivers/net/tun.c:689\n tun_detach drivers/net/tun.c:705 [inline]\n tun_chr_close+0x104/0x1b0 drivers/net/tun.c:3640\n __fput+0x203/0x840 fs/file_table.c:280\n task_work_run+0x129/0x1b0 kernel/task_work.c:185\n exit_task_work include/linux/task_work.h:33 [inline]\n do_exit+0x5ce/0x2200 kernel/exit.c:931\n do_group_exit+0x144/0x310 kernel/exit.c:1046\n __do_sys_exit_group kernel/exit.c:1057 [inline]\n __se_sys_exit_group kernel/exit.c:1055 [inline]\n __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1055\n do_syscall_64+0x6c/0xd0\n entry_SYSCALL_64_after_hwframe+0x61/0xcb\nRIP: 0033:0x7fe5e7b52479\nCode: Unable to access opcode bytes at RIP 0x7fe5e7b5244f.\nRSP: 002b:00007ffd3c800398 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe5e7b52479\nRDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000\nRBP: 00007fe5e7bcd2d0 R08: ffffffffffffffb8 R09: 0000000000000014\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5e7bcd2d0\nR13: 0000000000000000 R14: 00007fe5e7bcdd20 R15: 00007fe5e7b24270\n\nThe crash can be also be reproduced with the following (with a tc\nrecompiled to allow for sfq limits of 1):\n\ntc qdisc add dev dummy0 handle 1: root tbf rate 1Kbit burst 100b lat 1s\n../iproute2-6.9.0/tc/tc qdisc add dev dummy0 handle 2: parent 1:10 sfq limit 1\nifconfig dummy0 up\nping -I dummy0 -f -c2 -W0.1 8.8.8.8\nsleep 1\n\nScenario that triggers the crash:\n\n* the first packet is sent and queued in TBF and SFQ; qdisc qlen is 1\n\n* TBF dequeues: it peeks from SFQ which moves the packet to the\n gso_skb list and keeps qdisc qlen set to 1. TBF is out of tokens so\n it schedules itself for later.\n\n* the second packet is sent and TBF tries to queues it to SFQ. qdisc\n qlen is now 2 and because the SFQ limit is 1 the packet is dropped\n by SFQ. At this point qlen is 1, and all of the SFQ slots are empty,\n however q-\u003etail is not NULL.\n\nAt this point, assuming no more packets are queued, when sch_dequeue\nruns again it will decrement the qlen for the current empty slot\ncausing an underflow and the subsequent out of bounds access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57996",
"url": "https://www.suse.com/security/cve/CVE-2024-57996"
},
{
"category": "external",
"summary": "SUSE Bug 1239076 for CVE-2024-57996",
"url": "https://bugzilla.suse.com/1239076"
},
{
"category": "external",
"summary": "SUSE Bug 1239077 for CVE-2024-57996",
"url": "https://bugzilla.suse.com/1239077"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-57996"
},
{
"cve": "CVE-2024-57997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57997"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wcn36xx: fix channel survey memory allocation size\n\nKASAN reported a memory allocation issue in wcn-\u003echan_survey\ndue to incorrect size calculation.\nThis commit uses kcalloc to allocate memory for wcn-\u003echan_survey,\nensuring proper initialization and preventing the use of uninitialized\nvalues when there are no frames on the channel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57997",
"url": "https://www.suse.com/security/cve/CVE-2024-57997"
},
{
"category": "external",
"summary": "SUSE Bug 1238529 for CVE-2024-57997",
"url": "https://bugzilla.suse.com/1238529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57997"
},
{
"cve": "CVE-2024-57999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57999"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW\n\nPower Hypervisor can possibily allocate MMIO window intersecting with\nDynamic DMA Window (DDW) range, which is over 32-bit addressing.\n\nThese MMIO pages needs to be marked as reserved so that IOMMU doesn\u0027t map\nDMA buffers in this range.\n\nThe current code is not marking these pages correctly which is resulting\nin LPAR to OOPS while booting. The stack is at below\n\nBUG: Unable to handle kernel data access on read at 0xc00800005cd40000\nFaulting instruction address: 0xc00000000005cdac\nOops: Kernel access of bad area, sig: 11 [#1]\nLE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries\nModules linked in: af_packet rfkill ibmveth(X) lpfc(+) nvmet_fc nvmet nvme_keyring crct10dif_vpmsum nvme_fc nvme_fabrics nvme_core be2net(+) nvme_auth rtc_generic nfsd auth_rpcgss nfs_acl lockd grace sunrpc fuse configfs ip_tables x_tables xfs libcrc32c dm_service_time ibmvfc(X) scsi_transport_fc vmx_crypto gf128mul crc32c_vpmsum dm_mirror dm_region_hash dm_log dm_multipath dm_mod sd_mod scsi_dh_emc scsi_dh_rdac scsi_dh_alua t10_pi crc64_rocksoft_generic crc64_rocksoft sg crc64 scsi_mod\nSupported: Yes, External\nCPU: 8 PID: 241 Comm: kworker/8:1 Kdump: loaded Not tainted 6.4.0-150600.23.14-default #1 SLE15-SP6 b44ee71c81261b9e4bab5e0cde1f2ed891d5359b\nHardware name: IBM,9080-M9S POWER9 (raw) 0x4e2103 0xf000005 of:IBM,FW950.B0 (VH950_149) hv:phyp pSeries\nWorkqueue: events work_for_cpu_fn\nNIP: c00000000005cdac LR: c00000000005e830 CTR: 0000000000000000\nREGS: c00001400c9ff770 TRAP: 0300 Not tainted (6.4.0-150600.23.14-default)\nMSR: 800000000280b033 \u003cSF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE\u003e CR: 24228448 XER: 00000001\nCFAR: c00000000005cdd4 DAR: c00800005cd40000 DSISR: 40000000 IRQMASK: 0\nGPR00: c00000000005e830 c00001400c9ffa10 c000000001987d00 c00001400c4fe800\nGPR04: 0000080000000000 0000000000000001 0000000004000000 0000000000800000\nGPR08: 0000000004000000 0000000000000001 c00800005cd40000 ffffffffffffffff\nGPR12: 0000000084228882 c00000000a4c4f00 0000000000000010 0000080000000000\nGPR16: c00001400c4fe800 0000000004000000 0800000000000000 c00000006088b800\nGPR20: c00001401a7be980 c00001400eff3800 c000000002a2da68 000000000000002b\nGPR24: c0000000026793a8 c000000002679368 000000000000002a c0000000026793c8\nGPR28: 000008007effffff 0000080000000000 0000000000800000 c00001400c4fe800\nNIP [c00000000005cdac] iommu_table_reserve_pages+0xac/0x100\nLR [c00000000005e830] iommu_init_table+0x80/0x1e0\nCall Trace:\n[c00001400c9ffa10] [c00000000005e810] iommu_init_table+0x60/0x1e0 (unreliable)\n[c00001400c9ffa90] [c00000000010356c] iommu_bypass_supported_pSeriesLP+0x9cc/0xe40\n[c00001400c9ffc30] [c00000000005c300] dma_iommu_dma_supported+0xf0/0x230\n[c00001400c9ffcb0] [c00000000024b0c4] dma_supported+0x44/0x90\n[c00001400c9ffcd0] [c00000000024b14c] dma_set_mask+0x3c/0x80\n[c00001400c9ffd00] [c0080000555b715c] be_probe+0xc4/0xb90 [be2net]\n[c00001400c9ffdc0] [c000000000986f3c] local_pci_probe+0x6c/0x110\n[c00001400c9ffe40] [c000000000188f28] work_for_cpu_fn+0x38/0x60\n[c00001400c9ffe70] [c00000000018e454] process_one_work+0x314/0x620\n[c00001400c9fff10] [c00000000018f280] worker_thread+0x2b0/0x620\n[c00001400c9fff90] [c00000000019bb18] kthread+0x148/0x150\n[c00001400c9fffe0] [c00000000000ded8] start_kernel_thread+0x14/0x18\n\nThere are 2 issues in the code\n\n1. The index is \"int\" while the address is \"unsigned long\". This results in\n negative value when setting the bitmap.\n\n2. The DMA offset is page shifted but the MMIO range is used as-is (64-bit\n address). MMIO address needs to be page shifted as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57999",
"url": "https://www.suse.com/security/cve/CVE-2024-57999"
},
{
"category": "external",
"summary": "SUSE Bug 1238526 for CVE-2024-57999",
"url": "https://bugzilla.suse.com/1238526"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57999"
},
{
"cve": "CVE-2024-58002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58002"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Remove dangling pointers\n\nWhen an async control is written, we copy a pointer to the file handle\nthat started the operation. That pointer will be used when the device is\ndone. Which could be anytime in the future.\n\nIf the user closes that file descriptor, its structure will be freed,\nand there will be one dangling pointer per pending async control, that\nthe driver will try to use.\n\nClean all the dangling pointers during release().\n\nTo avoid adding a performance penalty in the most common case (no async\noperation), a counter has been introduced with some logic to make sure\nthat it is properly handled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58002",
"url": "https://www.suse.com/security/cve/CVE-2024-58002"
},
{
"category": "external",
"summary": "SUSE Bug 1238503 for CVE-2024-58002",
"url": "https://bugzilla.suse.com/1238503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58002"
},
{
"cve": "CVE-2024-58005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Change to kvalloc() in eventlog/acpi.c\n\nThe following failure was reported on HPE ProLiant D320:\n\n[ 10.693310][ T1] tpm_tis STM0925:00: 2.0 TPM (device-id 0x3, rev-id 0)\n[ 10.848132][ T1] ------------[ cut here ]------------\n[ 10.853559][ T1] WARNING: CPU: 59 PID: 1 at mm/page_alloc.c:4727 __alloc_pages_noprof+0x2ca/0x330\n[ 10.862827][ T1] Modules linked in:\n[ 10.866671][ T1] CPU: 59 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-lp155.2.g52785e2-default #1 openSUSE Tumbleweed (unreleased) 588cd98293a7c9eba9013378d807364c088c9375\n[ 10.882741][ T1] Hardware name: HPE ProLiant DL320 Gen12/ProLiant DL320 Gen12, BIOS 1.20 10/28/2024\n[ 10.892170][ T1] RIP: 0010:__alloc_pages_noprof+0x2ca/0x330\n[ 10.898103][ T1] Code: 24 08 e9 4a fe ff ff e8 34 36 fa ff e9 88 fe ff ff 83 fe 0a 0f 86 b3 fd ff ff 80 3d 01 e7 ce 01 00 75 09 c6 05 f8 e6 ce 01 01 \u003c0f\u003e 0b 45 31 ff e9 e5 fe ff ff f7 c2 00 00 08 00 75 42 89 d9 80 e1\n[ 10.917750][ T1] RSP: 0000:ffffb7cf40077980 EFLAGS: 00010246\n[ 10.923777][ T1] RAX: 0000000000000000 RBX: 0000000000040cc0 RCX: 0000000000000000\n[ 10.931727][ T1] RDX: 0000000000000000 RSI: 000000000000000c RDI: 0000000000040cc0\n\nThe above transcript shows that ACPI pointed a 16 MiB buffer for the log\nevents because RSI maps to the \u0027order\u0027 parameter of __alloc_pages_noprof().\nAddress the bug by moving from devm_kmalloc() to devm_add_action() and\nkvmalloc() and devm_add_action().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58005",
"url": "https://www.suse.com/security/cve/CVE-2024-58005"
},
{
"category": "external",
"summary": "SUSE Bug 1237873 for CVE-2024-58005",
"url": "https://bugzilla.suse.com/1237873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58005"
},
{
"cve": "CVE-2024-58006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58006"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()\n\nIn commit 4284c88fff0e (\"PCI: designware-ep: Allow pci_epc_set_bar() update\ninbound map address\") set_bar() was modified to support dynamically\nchanging the backing physical address of a BAR that was already configured.\n\nThis means that set_bar() can be called twice, without ever calling\nclear_bar() (as calling clear_bar() would clear the BAR\u0027s PCI address\nassigned by the host).\n\nThis can only be done if the new BAR size/flags does not differ from the\nexisting BAR configuration. Add these missing checks.\n\nIf we allow set_bar() to set e.g. a new BAR size that differs from the\nexisting BAR size, the new address translation range will be smaller than\nthe BAR size already determined by the host, which would mean that a read\npast the new BAR size would pass the iATU untranslated, which could allow\nthe host to read memory not belonging to the new struct pci_epf_bar.\n\nWhile at it, add comments which clarifies the support for dynamically\nchanging the physical address of a BAR. (Which was also missing.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58006",
"url": "https://www.suse.com/security/cve/CVE-2024-58006"
},
{
"category": "external",
"summary": "SUSE Bug 1238772 for CVE-2024-58006",
"url": "https://bugzilla.suse.com/1238772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58006"
},
{
"cve": "CVE-2024-58007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58007"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: socinfo: Avoid out of bounds read of serial number\n\nOn MSM8916 devices, the serial number exposed in sysfs is constant and does\nnot change across individual devices. It\u0027s always:\n\n db410c:/sys/devices/soc0$ cat serial_number\n 2644893864\n\nThe firmware used on MSM8916 exposes SOCINFO_VERSION(0, 8), which does not\nhave support for the serial_num field in the socinfo struct. There is an\nexisting check to avoid exposing the serial number in that case, but it\u0027s\nnot correct: When checking the item_size returned by SMEM, we need to make\nsure the *end* of the serial_num is within bounds, instead of comparing\nwith the *start* offset. The serial_number currently exposed on MSM8916\ndevices is just an out of bounds read of whatever comes after the socinfo\nstruct in SMEM.\n\nFix this by changing offsetof() to offsetofend(), so that the size of the\nfield is also taken into account.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58007",
"url": "https://www.suse.com/security/cve/CVE-2024-58007"
},
{
"category": "external",
"summary": "SUSE Bug 1238511 for CVE-2024-58007",
"url": "https://bugzilla.suse.com/1238511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58007"
},
{
"cve": "CVE-2024-58009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc\n\nA NULL sock pointer is passed into l2cap_sock_alloc() when it is called\nfrom l2cap_sock_new_connection_cb() and the error handling paths should\nalso be aware of it.\n\nSeemingly a more elegant solution would be to swap bt_sock_alloc() and\nl2cap_chan_create() calls since they are not interdependent to that moment\nbut then l2cap_chan_create() adds the soon to be deallocated and still\ndummy-initialized channel to the global list accessible by many L2CAP\npaths. The channel would be removed from the list in short period of time\nbut be a bit more straight-forward here and just check for NULL instead of\nchanging the order of function calls.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58009",
"url": "https://www.suse.com/security/cve/CVE-2024-58009"
},
{
"category": "external",
"summary": "SUSE Bug 1238760 for CVE-2024-58009",
"url": "https://bugzilla.suse.com/1238760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58009"
},
{
"cve": "CVE-2024-58011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58011"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: int3472: Check for adev == NULL\n\nNot all devices have an ACPI companion fwnode, so adev might be NULL. This\ncan e.g. (theoretically) happen when a user manually binds one of\nthe int3472 drivers to another i2c/platform device through sysfs.\n\nAdd a check for adev not being set and return -ENODEV in that case to\navoid a possible NULL pointer deref in skl_int3472_get_acpi_buffer().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58011",
"url": "https://www.suse.com/security/cve/CVE-2024-58011"
},
{
"category": "external",
"summary": "SUSE Bug 1239080 for CVE-2024-58011",
"url": "https://bugzilla.suse.com/1239080"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58011"
},
{
"cve": "CVE-2024-58012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58012"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params\n\nEach cpu DAI should associate with a widget. However, the topology might\nnot create the right number of DAI widgets for aggregated amps. And it\nwill cause NULL pointer deference.\nCheck that the DAI widget associated with the CPU DAI is valid to prevent\nNULL pointer deference due to missing DAI widgets in topologies with\naggregated amps.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58012",
"url": "https://www.suse.com/security/cve/CVE-2024-58012"
},
{
"category": "external",
"summary": "SUSE Bug 1239104 for CVE-2024-58012",
"url": "https://bugzilla.suse.com/1239104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58012"
},
{
"cve": "CVE-2024-58013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync\n\nThis fixes the following crash:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543\nRead of size 8 at addr ffff88814128f898 by task kworker/u9:4/5961\n\nCPU: 1 UID: 0 PID: 5961 Comm: kworker/u9:4 Not tainted 6.12.0-syzkaller-10684-gf1cd565ce577 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543\n hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nAllocated by task 16026:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4314\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n mgmt_pending_new+0x65/0x250 net/bluetooth/mgmt_util.c:269\n mgmt_pending_add+0x36/0x120 net/bluetooth/mgmt_util.c:296\n remove_adv_monitor+0x102/0x1b0 net/bluetooth/mgmt.c:5568\n hci_mgmt_cmd+0xc47/0x11d0 net/bluetooth/hci_sock.c:1712\n hci_sock_sendmsg+0x7b8/0x11c0 net/bluetooth/hci_sock.c:1832\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:726\n sock_write_iter+0x2d7/0x3f0 net/socket.c:1147\n new_sync_write fs/read_write.c:586 [inline]\n vfs_write+0xaeb/0xd30 fs/read_write.c:679\n ksys_write+0x18f/0x2b0 fs/read_write.c:731\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 16022:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2338 [inline]\n slab_free mm/slub.c:4598 [inline]\n kfree+0x196/0x420 mm/slub.c:4746\n mgmt_pending_foreach+0xd1/0x130 net/bluetooth/mgmt_util.c:259\n __mgmt_power_off+0x183/0x430 net/bluetooth/mgmt.c:9550\n hci_dev_close_sync+0x6c4/0x11c0 net/bluetooth/hci_sync.c:5208\n hci_dev_do_close net/bluetooth/hci_core.c:483 [inline]\n hci_dev_close+0x112/0x210 net/bluetooth/hci_core.c:508\n sock_do_ioctl+0x158/0x460 net/socket.c:1209\n sock_ioctl+0x626/0x8e0 net/socket.c:1328\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58013",
"url": "https://www.suse.com/security/cve/CVE-2024-58013"
},
{
"category": "external",
"summary": "SUSE Bug 1239095 for CVE-2024-58013",
"url": "https://bugzilla.suse.com/1239095"
},
{
"category": "external",
"summary": "SUSE Bug 1239096 for CVE-2024-58013",
"url": "https://bugzilla.suse.com/1239096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-58013"
},
{
"cve": "CVE-2024-58014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58014"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()\n\nIn \u0027wlc_phy_iqcal_gainparams_nphy()\u0027, add gain range check to WARN()\ninstead of possible out-of-bounds \u0027tbl_iqcal_gainparams_nphy\u0027 access.\nCompile tested only.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58014",
"url": "https://www.suse.com/security/cve/CVE-2024-58014"
},
{
"category": "external",
"summary": "SUSE Bug 1239109 for CVE-2024-58014",
"url": "https://bugzilla.suse.com/1239109"
},
{
"category": "external",
"summary": "SUSE Bug 1239110 for CVE-2024-58014",
"url": "https://bugzilla.suse.com/1239110"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-58014"
},
{
"cve": "CVE-2024-58017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58017"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nprintk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX\n\nShifting 1 \u003c\u003c 31 on a 32-bit int causes signed integer overflow, which\nleads to undefined behavior. To prevent this, cast 1 to u32 before\nperforming the shift, ensuring well-defined behavior.\n\nThis change explicitly avoids any potential overflow by ensuring that\nthe shift occurs on an unsigned 32-bit integer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58017",
"url": "https://www.suse.com/security/cve/CVE-2024-58017"
},
{
"category": "external",
"summary": "SUSE Bug 1239112 for CVE-2024-58017",
"url": "https://bugzilla.suse.com/1239112"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58017"
},
{
"cve": "CVE-2024-58019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvkm/gsp: correctly advance the read pointer of GSP message queue\n\nA GSP event message consists three parts: message header, RPC header,\nmessage body. GSP calculates the number of pages to write from the\ntotal size of a GSP message. This behavior can be observed from the\nmovement of the write pointer.\n\nHowever, nvkm takes only the size of RPC header and message body as\nthe message size when advancing the read pointer. When handling a\ntwo-page GSP message in the non rollback case, It wrongly takes the\nmessage body of the previous message as the message header of the next\nmessage. As the \"message length\" tends to be zero, in the calculation of\nsize needs to be copied (0 - size of (message header)), the size needs to\nbe copied will be \"0xffffffxx\". It also triggers a kernel panic due to a\nNULL pointer error.\n\n[ 547.614102] msg: 00000f90: ff ff ff ff ff ff ff ff 40 d7 18 fb 8b 00 00 00 ........@.......\n[ 547.622533] msg: 00000fa0: 00 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 ................\n[ 547.630965] msg: 00000fb0: ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ................\n[ 547.639397] msg: 00000fc0: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................\n[ 547.647832] nvkm 0000:c1:00.0: gsp: peek msg rpc fn:0 len:0x0/0xffffffffffffffe0\n[ 547.655225] nvkm 0000:c1:00.0: gsp: get msg rpc fn:0 len:0x0/0xffffffffffffffe0\n[ 547.662532] BUG: kernel NULL pointer dereference, address: 0000000000000020\n[ 547.669485] #PF: supervisor read access in kernel mode\n[ 547.674624] #PF: error_code(0x0000) - not-present page\n[ 547.679755] PGD 0 P4D 0\n[ 547.682294] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 547.686643] CPU: 22 PID: 322 Comm: kworker/22:1 Tainted: G E 6.9.0-rc6+ #1\n[ 547.694893] Hardware name: ASRockRack 1U1G-MILAN/N/ROMED8-NL, BIOS L3.12E 09/06/2022\n[ 547.702626] Workqueue: events r535_gsp_msgq_work [nvkm]\n[ 547.707921] RIP: 0010:r535_gsp_msg_recv+0x87/0x230 [nvkm]\n[ 547.713375] Code: 00 8b 70 08 48 89 e1 31 d2 4c 89 f7 e8 12 f5 ff ff 48 89 c5 48 85 c0 0f 84 cf 00 00 00 48 81 fd 00 f0 ff ff 0f 87 c4 00 00 00 \u003c8b\u003e 55 10 41 8b 46 30 85 d2 0f 85 f6 00 00 00 83 f8 04 76 10 ba 05\n[ 547.732119] RSP: 0018:ffffabe440f87e10 EFLAGS: 00010203\n[ 547.737335] RAX: 0000000000000010 RBX: 0000000000000008 RCX: 000000000000003f\n[ 547.744461] RDX: 0000000000000000 RSI: ffffabe4480a8030 RDI: 0000000000000010\n[ 547.751585] RBP: 0000000000000010 R08: 0000000000000000 R09: ffffabe440f87bb0\n[ 547.758707] R10: ffffabe440f87dc8 R11: 0000000000000010 R12: 0000000000000000\n[ 547.765834] R13: 0000000000000000 R14: ffff9351df1e5000 R15: 0000000000000000\n[ 547.772958] FS: 0000000000000000(0000) GS:ffff93708eb00000(0000) knlGS:0000000000000000\n[ 547.781035] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 547.786771] CR2: 0000000000000020 CR3: 00000003cc220002 CR4: 0000000000770ef0\n[ 547.793896] PKRU: 55555554\n[ 547.796600] Call Trace:\n[ 547.799046] \u003cTASK\u003e\n[ 547.801152] ? __die+0x20/0x70\n[ 547.804211] ? page_fault_oops+0x75/0x170\n[ 547.808221] ? print_hex_dump+0x100/0x160\n[ 547.812226] ? exc_page_fault+0x64/0x150\n[ 547.816152] ? asm_exc_page_fault+0x22/0x30\n[ 547.820341] ? r535_gsp_msg_recv+0x87/0x230 [nvkm]\n[ 547.825184] r535_gsp_msgq_work+0x42/0x50 [nvkm]\n[ 547.829845] process_one_work+0x196/0x3d0\n[ 547.833861] worker_thread+0x2fc/0x410\n[ 547.837613] ? __pfx_worker_thread+0x10/0x10\n[ 547.841885] kthread+0xdf/0x110\n[ 547.845031] ? __pfx_kthread+0x10/0x10\n[ 547.848775] ret_from_fork+0x30/0x50\n[ 547.852354] ? __pfx_kthread+0x10/0x10\n[ 547.856097] ret_from_fork_asm+0x1a/0x30\n[ 547.860019] \u003c/TASK\u003e\n[ 547.862208] Modules linked in: nvkm(E) gsp_log(E) snd_seq_dummy(E) snd_hrtimer(E) snd_seq(E) snd_timer(E) snd_seq_device(E) snd(E) soundcore(E) rfkill(E) qrtr(E) vfat(E) fat(E) ipmi_ssif(E) amd_atl(E) intel_rapl_msr(E) intel_rapl_common(E) amd64_edac(E) mlx5_ib(E) edac_mce_amd(E) kvm_amd\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58019",
"url": "https://www.suse.com/security/cve/CVE-2024-58019"
},
{
"category": "external",
"summary": "SUSE Bug 1238997 for CVE-2024-58019",
"url": "https://bugzilla.suse.com/1238997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58019"
},
{
"cve": "CVE-2024-58020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: multitouch: Add NULL check in mt_input_configured\n\ndevm_kasprintf() can return a NULL pointer on failure,but this\nreturned value in mt_input_configured() is not checked.\nAdd NULL check in mt_input_configured(), to handle kernel NULL\npointer dereference error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58020",
"url": "https://www.suse.com/security/cve/CVE-2024-58020"
},
{
"category": "external",
"summary": "SUSE Bug 1239346 for CVE-2024-58020",
"url": "https://bugzilla.suse.com/1239346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58020"
},
{
"cve": "CVE-2024-58034",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58034"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()\n\nAs of_find_node_by_name() release the reference of the argument device\nnode, tegra_emc_find_node_by_ram_code() releases some device nodes while\nstill in use, resulting in possible UAFs. According to the bindings and\nthe in-tree DTS files, the \"emc-tables\" node is always device\u0027s child\nnode with the property \"nvidia,use-ram-code\", and the \"lpddr2\" node is a\nchild of the \"emc-tables\" node. Thus utilize the\nfor_each_child_of_node() macro and of_get_child_by_name() instead of\nof_find_node_by_name() to simplify the code.\n\nThis bug was found by an experimental verification tool that I am\ndeveloping.\n\n[krzysztof: applied v1, adjust the commit msg to incorporate v2 parts]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58034",
"url": "https://www.suse.com/security/cve/CVE-2024-58034"
},
{
"category": "external",
"summary": "SUSE Bug 1238773 for CVE-2024-58034",
"url": "https://bugzilla.suse.com/1238773"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58034"
},
{
"cve": "CVE-2024-58051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi: ipmb: Add check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this\nreturned value is not checked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58051",
"url": "https://www.suse.com/security/cve/CVE-2024-58051"
},
{
"category": "external",
"summary": "SUSE Bug 1238963 for CVE-2024-58051",
"url": "https://bugzilla.suse.com/1238963"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58051"
},
{
"cve": "CVE-2024-58052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table\n\nThe function atomctrl_get_smc_sclk_range_table() does not check the return\nvalue of smu_atom_get_data_table(). If smu_atom_get_data_table() fails to\nretrieve SMU_Info table, it returns NULL which is later dereferenced.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\nIn practice this should never happen as this code only gets called\non polaris chips and the vbios data table will always be present on\nthose chips.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58052",
"url": "https://www.suse.com/security/cve/CVE-2024-58052"
},
{
"category": "external",
"summary": "SUSE Bug 1238986 for CVE-2024-58052",
"url": "https://bugzilla.suse.com/1238986"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58052"
},
{
"cve": "CVE-2024-58054",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58054"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: media: max96712: fix kernel oops when removing module\n\nThe following kernel oops is thrown when trying to remove the max96712\nmodule:\n\nUnable to handle kernel paging request at virtual address 00007375746174db\nMem abort info:\n ESR = 0x0000000096000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=000000010af89000\n[00007375746174db] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 0000000096000004 [#1] PREEMPT SMP\nModules linked in: crct10dif_ce polyval_ce mxc_jpeg_encdec flexcan\n snd_soc_fsl_sai snd_soc_fsl_asoc_card snd_soc_fsl_micfil dwc_mipi_csi2\n imx_csi_formatter polyval_generic v4l2_jpeg imx_pcm_dma can_dev\n snd_soc_imx_audmux snd_soc_wm8962 snd_soc_imx_card snd_soc_fsl_utils\n max96712(C-) rpmsg_ctrl rpmsg_char pwm_fan fuse\n [last unloaded: imx8_isi]\nCPU: 0 UID: 0 PID: 754 Comm: rmmod\n\t Tainted: G C 6.12.0-rc6-06364-g327fec852c31 #17\nTainted: [C]=CRAP\nHardware name: NXP i.MX95 19X19 board (DT)\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : led_put+0x1c/0x40\nlr : v4l2_subdev_put_privacy_led+0x48/0x58\nsp : ffff80008699bbb0\nx29: ffff80008699bbb0 x28: ffff00008ac233c0 x27: 0000000000000000\nx26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\nx23: ffff000080cf1170 x22: ffff00008b53bd00 x21: ffff8000822ad1c8\nx20: ffff000080ff5c00 x19: ffff00008b53be40 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000004 x13: ffff0000800f8010 x12: 0000000000000000\nx11: ffff000082acf5c0 x10: ffff000082acf478 x9 : ffff0000800f8010\nx8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff6364626d\nx5 : 8080808000000000 x4 : 0000000000000020 x3 : 00000000553a3dc1\nx2 : ffff00008ac233c0 x1 : ffff00008ac233c0 x0 : ff00737574617473\nCall trace:\n led_put+0x1c/0x40\n v4l2_subdev_put_privacy_led+0x48/0x58\n v4l2_async_unregister_subdev+0x2c/0x1a4\n max96712_remove+0x1c/0x38 [max96712]\n i2c_device_remove+0x2c/0x9c\n device_remove+0x4c/0x80\n device_release_driver_internal+0x1cc/0x228\n driver_detach+0x4c/0x98\n bus_remove_driver+0x6c/0xbc\n driver_unregister+0x30/0x60\n i2c_del_driver+0x54/0x64\n max96712_i2c_driver_exit+0x18/0x1d0 [max96712]\n __arm64_sys_delete_module+0x1a4/0x290\n invoke_syscall+0x48/0x10c\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0xd8\n el0t_64_sync_handler+0x120/0x12c\n el0t_64_sync+0x190/0x194\nCode: f9000bf3 aa0003f3 f9402800 f9402000 (f9403400)\n---[ end trace 0000000000000000 ]---\n\nThis happens because in v4l2_i2c_subdev_init(), the i2c_set_cliendata()\nis called again and the data is overwritten to point to sd, instead of\npriv. So, in remove(), the wrong pointer is passed to\nv4l2_async_unregister_subdev(), leading to a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58054",
"url": "https://www.suse.com/security/cve/CVE-2024-58054"
},
{
"category": "external",
"summary": "SUSE Bug 1238975 for CVE-2024-58054",
"url": "https://bugzilla.suse.com/1238975"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58054"
},
{
"cve": "CVE-2024-58055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_tcm: Don\u0027t free command immediately\n\nDon\u0027t prematurely free the command. Wait for the status completion of\nthe sense status. It can be freed then. Otherwise we will double-free\nthe command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58055",
"url": "https://www.suse.com/security/cve/CVE-2024-58055"
},
{
"category": "external",
"summary": "SUSE Bug 1238959 for CVE-2024-58055",
"url": "https://bugzilla.suse.com/1238959"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58055"
},
{
"cve": "CVE-2024-58056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: core: Fix ida_free call while not allocated\n\nIn the rproc_alloc() function, on error, put_device(\u0026rproc-\u003edev) is\ncalled, leading to the call of the rproc_type_release() function.\nAn error can occurs before ida_alloc is called.\n\nIn such case in rproc_type_release(), the condition (rproc-\u003eindex \u003e= 0) is\ntrue as rproc-\u003eindex has been initialized to 0.\nida_free() is called reporting a warning:\n[ 4.181906] WARNING: CPU: 1 PID: 24 at lib/idr.c:525 ida_free+0x100/0x164\n[ 4.186378] stm32-display-dsi 5a000000.dsi: Fixed dependency cycle(s) with /soc/dsi@5a000000/panel@0\n[ 4.188854] ida_free called for id=0 which is not allocated.\n[ 4.198256] mipi-dsi 5a000000.dsi.0: Fixed dependency cycle(s) with /soc/dsi@5a000000\n[ 4.203556] Modules linked in: panel_orisetech_otm8009a dw_mipi_dsi_stm(+) gpu_sched dw_mipi_dsi stm32_rproc stm32_crc32 stm32_ipcc(+) optee(+)\n[ 4.224307] CPU: 1 UID: 0 PID: 24 Comm: kworker/u10:0 Not tainted 6.12.0 #442\n[ 4.231481] Hardware name: STM32 (Device Tree Support)\n[ 4.236627] Workqueue: events_unbound deferred_probe_work_func\n[ 4.242504] Call trace:\n[ 4.242522] unwind_backtrace from show_stack+0x10/0x14\n[ 4.250218] show_stack from dump_stack_lvl+0x50/0x64\n[ 4.255274] dump_stack_lvl from __warn+0x80/0x12c\n[ 4.260134] __warn from warn_slowpath_fmt+0x114/0x188\n[ 4.265199] warn_slowpath_fmt from ida_free+0x100/0x164\n[ 4.270565] ida_free from rproc_type_release+0x38/0x60\n[ 4.275832] rproc_type_release from device_release+0x30/0xa0\n[ 4.281601] device_release from kobject_put+0xc4/0x294\n[ 4.286762] kobject_put from rproc_alloc.part.0+0x208/0x28c\n[ 4.292430] rproc_alloc.part.0 from devm_rproc_alloc+0x80/0xc4\n[ 4.298393] devm_rproc_alloc from stm32_rproc_probe+0xd0/0x844 [stm32_rproc]\n[ 4.305575] stm32_rproc_probe [stm32_rproc] from platform_probe+0x5c/0xbc\n\nCalling ida_alloc earlier in rproc_alloc ensures that the rproc-\u003eindex is\nproperly set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58056",
"url": "https://www.suse.com/security/cve/CVE-2024-58056"
},
{
"category": "external",
"summary": "SUSE Bug 1238981 for CVE-2024-58056",
"url": "https://bugzilla.suse.com/1238981"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58056"
},
{
"cve": "CVE-2024-58057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: convert workqueues to unbound\n\nWhen a workqueue is created with `WQ_UNBOUND`, its work items are\nserved by special worker-pools, whose host workers are not bound to\nany specific CPU. In the default configuration (i.e. when\n`queue_delayed_work` and friends do not specify which CPU to run the\nwork item on), `WQ_UNBOUND` allows the work item to be executed on any\nCPU in the same node of the CPU it was enqueued on. While this\nsolution potentially sacrifices locality, it avoids contention with\nother processes that might dominate the CPU time of the processor the\nwork item was scheduled on.\n\nThis is not just a theoretical problem: in a particular scenario\nmisconfigured process was hogging most of the time from CPU0, leaving\nless than 0.5% of its CPU time to the kworker. The IDPF workqueues\nthat were using the kworker on CPU0 suffered large completion delays\nas a result, causing performance degradation, timeouts and eventual\nsystem crash.\n\n\n* I have also run a manual test to gauge the performance\n improvement. The test consists of an antagonist process\n (`./stress --cpu 2`) consuming as much of CPU 0 as possible. This\n process is run under `taskset 01` to bind it to CPU0, and its\n priority is changed with `chrt -pQ 9900 10000 ${pid}` and\n `renice -n -20 ${pid}` after start.\n\n Then, the IDPF driver is forced to prefer CPU0 by editing all calls\n to `queue_delayed_work`, `mod_delayed_work`, etc... to use CPU 0.\n\n Finally, `ktraces` for the workqueue events are collected.\n\n Without the current patch, the antagonist process can force\n arbitrary delays between `workqueue_queue_work` and\n `workqueue_execute_start`, that in my tests were as high as\n `30ms`. With the current patch applied, the workqueue can be\n migrated to another unloaded CPU in the same node, and, keeping\n everything else equal, the maximum delay I could see was `6us`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58057",
"url": "https://www.suse.com/security/cve/CVE-2024-58057"
},
{
"category": "external",
"summary": "SUSE Bug 1238969 for CVE-2024-58057",
"url": "https://bugzilla.suse.com/1238969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58057"
},
{
"cve": "CVE-2024-58058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: skip dumping tnc tree when zroot is null\n\nClearing slab cache will free all znode in memory and make\nc-\u003ezroot.znode = NULL, then dumping tnc tree will access\nc-\u003ezroot.znode which cause null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58058",
"url": "https://www.suse.com/security/cve/CVE-2024-58058"
},
{
"category": "external",
"summary": "SUSE Bug 1238979 for CVE-2024-58058",
"url": "https://bugzilla.suse.com/1238979"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58058"
},
{
"cve": "CVE-2024-58061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: prohibit deactivating all links\n\nIn the internal API this calls this is a WARN_ON, but that\nshould remain since internally we want to know about bugs\nthat may cause this. Prevent deactivating all links in the\ndebugfs write directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58061",
"url": "https://www.suse.com/security/cve/CVE-2024-58061"
},
{
"category": "external",
"summary": "SUSE Bug 1238973 for CVE-2024-58061",
"url": "https://bugzilla.suse.com/1238973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58061"
},
{
"cve": "CVE-2024-58063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: fix memory leaks and invalid access at probe error path\n\nDeinitialize at reverse order when probe fails.\n\nWhen init_sw_vars fails, rtl_deinit_core should not be called, specially\nnow that it destroys the rtl_wq workqueue.\n\nAnd call rtl_pci_deinit and deinit_sw_vars, otherwise, memory will be\nleaked.\n\nRemove pci_set_drvdata call as it will already be cleaned up by the core\ndriver code and could lead to memory leaks too. cf. commit 8d450935ae7f\n(\"wireless: rtlwifi: remove unnecessary pci_set_drvdata()\") and\ncommit 3d86b93064c7 (\"rtlwifi: Fix PCI probe error path orphaned memory\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58063",
"url": "https://www.suse.com/security/cve/CVE-2024-58063"
},
{
"category": "external",
"summary": "SUSE Bug 1238984 for CVE-2024-58063",
"url": "https://bugzilla.suse.com/1238984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58063"
},
{
"cve": "CVE-2024-58069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58069"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read\n\nThe nvmem interface supports variable buffer sizes, while the regmap\ninterface operates with fixed-size storage. If an nvmem client uses a\nbuffer size less than 4 bytes, regmap_read will write out of bounds\nas it expects the buffer to point at an unsigned int.\n\nFix this by using an intermediary unsigned int to hold the value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58069",
"url": "https://www.suse.com/security/cve/CVE-2024-58069"
},
{
"category": "external",
"summary": "SUSE Bug 1238978 for CVE-2024-58069",
"url": "https://bugzilla.suse.com/1238978"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58069"
},
{
"cve": "CVE-2024-58072",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58072"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: remove unused check_buddy_priv\n\nCommit 2461c7d60f9f (\"rtlwifi: Update header file\") introduced a global\nlist of private data structures.\n\nLater on, commit 26634c4b1868 (\"rtlwifi Modify existing bits to match\nvendor version 2013.02.07\") started adding the private data to that list at\nprobe time and added a hook, check_buddy_priv to find the private data from\na similar device.\n\nHowever, that function was never used.\n\nBesides, though there is a lock for that list, it is never used. And when\nthe probe fails, the private data is never removed from the list. This\nwould cause a second probe to access freed memory.\n\nRemove the unused hook, structures and members, which will prevent the\npotential race condition on the list and its corruption during a second\nprobe when probe fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58072",
"url": "https://www.suse.com/security/cve/CVE-2024-58072"
},
{
"category": "external",
"summary": "SUSE Bug 1238964 for CVE-2024-58072",
"url": "https://bugzilla.suse.com/1238964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58072"
},
{
"cve": "CVE-2024-58076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: gcc-sm6350: Add missing parent_map for two clocks\n\nIf a clk_rcg2 has a parent, it should also have parent_map defined,\notherwise we\u0027ll get a NULL pointer dereference when calling clk_set_rate\nlike the following:\n\n [ 3.388105] Call trace:\n [ 3.390664] qcom_find_src_index+0x3c/0x70 (P)\n [ 3.395301] qcom_find_src_index+0x1c/0x70 (L)\n [ 3.399934] _freq_tbl_determine_rate+0x48/0x100\n [ 3.404753] clk_rcg2_determine_rate+0x1c/0x28\n [ 3.409387] clk_core_determine_round_nolock+0x58/0xe4\n [ 3.421414] clk_core_round_rate_nolock+0x48/0xfc\n [ 3.432974] clk_core_round_rate_nolock+0xd0/0xfc\n [ 3.444483] clk_core_set_rate_nolock+0x8c/0x300\n [ 3.455886] clk_set_rate+0x38/0x14c\n\nAdd the parent_map property for two clocks where it\u0027s missing and also\nun-inline the parent_data as well to keep the matching parent_map and\nparent_data together.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58076",
"url": "https://www.suse.com/security/cve/CVE-2024-58076"
},
{
"category": "external",
"summary": "SUSE Bug 1239037 for CVE-2024-58076",
"url": "https://bugzilla.suse.com/1239037"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58076"
},
{
"cve": "CVE-2024-58078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors\n\nmisc_minor_alloc was allocating id using ida for minor only in case of\nMISC_DYNAMIC_MINOR but misc_minor_free was always freeing ids\nusing ida_free causing a mismatch and following warn:\n\u003e \u003e WARNING: CPU: 0 PID: 159 at lib/idr.c:525 ida_free+0x3e0/0x41f\n\u003e \u003e ida_free called for id=127 which is not allocated.\n\u003e \u003e \u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\n...\n\u003e \u003e [\u003c60941eb4\u003e] ida_free+0x3e0/0x41f\n\u003e \u003e [\u003c605ac993\u003e] misc_minor_free+0x3e/0xbc\n\u003e \u003e [\u003c605acb82\u003e] misc_deregister+0x171/0x1b3\n\nmisc_minor_alloc is changed to allocate id from ida for all minors\nfalling in the range of dynamic/ misc dynamic minors",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58078",
"url": "https://www.suse.com/security/cve/CVE-2024-58078"
},
{
"category": "external",
"summary": "SUSE Bug 1239034 for CVE-2024-58078",
"url": "https://bugzilla.suse.com/1239034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58078"
},
{
"cve": "CVE-2024-58079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix crash during unbind if gpio unit is in use\n\nWe used the wrong device for the device managed functions. We used the\nusb device, when we should be using the interface device.\n\nIf we unbind the driver from the usb interface, the cleanup functions\nare never called. In our case, the IRQ is never disabled.\n\nIf an IRQ is triggered, it will try to access memory sections that are\nalready free, causing an OOPS.\n\nWe cannot use the function devm_request_threaded_irq here. The devm_*\nclean functions may be called after the main structure is released by\nuvc_delete.\n\nLuckily this bug has small impact, as it is only affected by devices\nwith gpio units and the user has to unbind the device, a disconnect will\nnot trigger this error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58079",
"url": "https://www.suse.com/security/cve/CVE-2024-58079"
},
{
"category": "external",
"summary": "SUSE Bug 1239029 for CVE-2024-58079",
"url": "https://bugzilla.suse.com/1239029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58079"
},
{
"cve": "CVE-2024-58080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: dispcc-sm6350: Add missing parent_map for a clock\n\nIf a clk_rcg2 has a parent, it should also have parent_map defined,\notherwise we\u0027ll get a NULL pointer dereference when calling clk_set_rate\nlike the following:\n\n [ 3.388105] Call trace:\n [ 3.390664] qcom_find_src_index+0x3c/0x70 (P)\n [ 3.395301] qcom_find_src_index+0x1c/0x70 (L)\n [ 3.399934] _freq_tbl_determine_rate+0x48/0x100\n [ 3.404753] clk_rcg2_determine_rate+0x1c/0x28\n [ 3.409387] clk_core_determine_round_nolock+0x58/0xe4\n [ 3.421414] clk_core_round_rate_nolock+0x48/0xfc\n [ 3.432974] clk_core_round_rate_nolock+0xd0/0xfc\n [ 3.444483] clk_core_set_rate_nolock+0x8c/0x300\n [ 3.455886] clk_set_rate+0x38/0x14c\n\nAdd the parent_map property for the clock where it\u0027s missing and also\nun-inline the parent_data as well to keep the matching parent_map and\nparent_data together.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58080",
"url": "https://www.suse.com/security/cve/CVE-2024-58080"
},
{
"category": "external",
"summary": "SUSE Bug 1239027 for CVE-2024-58080",
"url": "https://bugzilla.suse.com/1239027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58080"
},
{
"cve": "CVE-2024-58083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58083"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Explicitly verify target vCPU is online in kvm_get_vcpu()\n\nExplicitly verify the target vCPU is fully online _prior_ to clamping the\nindex in kvm_get_vcpu(). If the index is \"bad\", the nospec clamping will\ngenerate \u00270\u0027, i.e. KVM will return vCPU0 instead of NULL.\n\nIn practice, the bug is unlikely to cause problems, as it will only come\ninto play if userspace or the guest is buggy or misbehaving, e.g. KVM may\nsend interrupts to vCPU0 instead of dropping them on the floor.\n\nHowever, returning vCPU0 when it shouldn\u0027t exist per online_vcpus is\nproblematic now that KVM uses an xarray for the vCPUs array, as KVM needs\nto insert into the xarray before publishing the vCPU to userspace (see\ncommit c5b077549136 (\"KVM: Convert the kvm-\u003evcpus array to a xarray\")),\ni.e. before vCPU creation is guaranteed to succeed.\n\nAs a result, incorrectly providing access to vCPU0 will trigger a\nuse-after-free if vCPU0 is dereferenced and kvm_vm_ioctl_create_vcpu()\nbails out of vCPU creation due to an error and frees vCPU0. Commit\nafb2acb2e3a3 (\"KVM: Fix vcpu_array[0] races\") papered over that issue, but\nin doing so introduced an unsolvable teardown conundrum. Preventing\naccesses to vCPU0 before it\u0027s fully online will allow reverting commit\nafb2acb2e3a3, without re-introducing the vcpu_array[0] UAF race.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58083",
"url": "https://www.suse.com/security/cve/CVE-2024-58083"
},
{
"category": "external",
"summary": "SUSE Bug 1239036 for CVE-2024-58083",
"url": "https://bugzilla.suse.com/1239036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58083"
},
{
"cve": "CVE-2024-58085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntomoyo: don\u0027t emit warning in tomoyo_write_control()\n\nsyzbot is reporting too large allocation warning at tomoyo_write_control(),\nfor one can write a very very long line without new line character. To fix\nthis warning, I use __GFP_NOWARN rather than checking for KMALLOC_MAX_SIZE,\nfor practically a valid line should be always shorter than 32KB where the\n\"too small to fail\" memory-allocation rule applies.\n\nOne might try to write a valid line that is longer than 32KB, but such\nrequest will likely fail with -ENOMEM. Therefore, I feel that separately\nreturning -EINVAL when a line is longer than KMALLOC_MAX_SIZE is redundant.\nThere is no need to distinguish over-32KB and over-KMALLOC_MAX_SIZE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58085",
"url": "https://www.suse.com/security/cve/CVE-2024-58085"
},
{
"category": "external",
"summary": "SUSE Bug 1239085 for CVE-2024-58085",
"url": "https://bugzilla.suse.com/1239085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58085"
},
{
"cve": "CVE-2024-58086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58086"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Stop active perfmon if it is being destroyed\n\nIf the active performance monitor (`v3d-\u003eactive_perfmon`) is being\ndestroyed, stop it first. Currently, the active perfmon is not\nstopped during destruction, leaving the `v3d-\u003eactive_perfmon` pointer\nstale. This can lead to undefined behavior and instability.\n\nThis patch ensures that the active perfmon is stopped before being\ndestroyed, aligning with the behavior introduced in commit\n7d1fd3638ee3 (\"drm/v3d: Stop the active perfmon before being destroyed\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58086",
"url": "https://www.suse.com/security/cve/CVE-2024-58086"
},
{
"category": "external",
"summary": "SUSE Bug 1239038 for CVE-2024-58086",
"url": "https://bugzilla.suse.com/1239038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58086"
},
{
"cve": "CVE-2025-21631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21631"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: fix waker_bfqq UAF after bfq_split_bfqq()\n\nOur syzkaller report a following UAF for v6.6:\n\nBUG: KASAN: slab-use-after-free in bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958\nRead of size 8 at addr ffff8881b57147d8 by task fsstress/232726\n\nCPU: 2 PID: 232726 Comm: fsstress Not tainted 6.6.0-g3629d1885222 #39\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106\n print_address_description.constprop.0+0x66/0x300 mm/kasan/report.c:364\n print_report+0x3e/0x70 mm/kasan/report.c:475\n kasan_report+0xb8/0xf0 mm/kasan/report.c:588\n hlist_add_head include/linux/list.h:1023 [inline]\n bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958\n bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271\n bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323\n blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660\n blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143\n __submit_bio+0xa0/0x6b0 block/blk-core.c:639\n __submit_bio_noacct_mq block/blk-core.c:718 [inline]\n submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747\n submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847\n __ext4_read_bh fs/ext4/super.c:205 [inline]\n ext4_read_bh+0x15e/0x2e0 fs/ext4/super.c:230\n __read_extent_tree_block+0x304/0x6f0 fs/ext4/extents.c:567\n ext4_find_extent+0x479/0xd20 fs/ext4/extents.c:947\n ext4_ext_map_blocks+0x1a3/0x2680 fs/ext4/extents.c:4182\n ext4_map_blocks+0x929/0x15a0 fs/ext4/inode.c:660\n ext4_iomap_begin_report+0x298/0x480 fs/ext4/inode.c:3569\n iomap_iter+0x3dd/0x1010 fs/iomap/iter.c:91\n iomap_fiemap+0x1f4/0x360 fs/iomap/fiemap.c:80\n ext4_fiemap+0x181/0x210 fs/ext4/extents.c:5051\n ioctl_fiemap.isra.0+0x1b4/0x290 fs/ioctl.c:220\n do_vfs_ioctl+0x31c/0x11a0 fs/ioctl.c:811\n __do_sys_ioctl fs/ioctl.c:869 [inline]\n __se_sys_ioctl+0xae/0x190 fs/ioctl.c:857\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x70/0x120 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\nAllocated by task 232719:\n kasan_save_stack+0x22/0x50 mm/kasan/common.c:45\n kasan_set_track+0x25/0x30 mm/kasan/common.c:52\n __kasan_slab_alloc+0x87/0x90 mm/kasan/common.c:328\n kasan_slab_alloc include/linux/kasan.h:188 [inline]\n slab_post_alloc_hook mm/slab.h:768 [inline]\n slab_alloc_node mm/slub.c:3492 [inline]\n kmem_cache_alloc_node+0x1b8/0x6f0 mm/slub.c:3537\n bfq_get_queue+0x215/0x1f00 block/bfq-iosched.c:5869\n bfq_get_bfqq_handle_split+0x167/0x5f0 block/bfq-iosched.c:6776\n bfq_init_rq+0x13a4/0x17a0 block/bfq-iosched.c:6938\n bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271\n bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323\n blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660\n blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143\n __submit_bio+0xa0/0x6b0 block/blk-core.c:639\n __submit_bio_noacct_mq block/blk-core.c:718 [inline]\n submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747\n submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847\n __ext4_read_bh fs/ext4/super.c:205 [inline]\n ext4_read_bh_nowait+0x15a/0x240 fs/ext4/super.c:217\n ext4_read_bh_lock+0xac/0xd0 fs/ext4/super.c:242\n ext4_bread_batch+0x268/0x500 fs/ext4/inode.c:958\n __ext4_find_entry+0x448/0x10f0 fs/ext4/namei.c:1671\n ext4_lookup_entry fs/ext4/namei.c:1774 [inline]\n ext4_lookup.part.0+0x359/0x6f0 fs/ext4/namei.c:1842\n ext4_lookup+0x72/0x90 fs/ext4/namei.c:1839\n __lookup_slow+0x257/0x480 fs/namei.c:1696\n lookup_slow fs/namei.c:1713 [inline]\n walk_component+0x454/0x5c0 fs/namei.c:2004\n link_path_walk.part.0+0x773/0xda0 fs/namei.c:2331\n link_path_walk fs/namei.c:3826 [inline]\n path_openat+0x1b9/0x520 fs/namei.c:3826\n do_filp_open+0x1b7/0x400 fs/namei.c:3857\n do_sys_openat2+0x5dc/0x6e0 fs/open.c:1428\n do_sys_open fs/open.c:1443 [inline]\n __do_sys_openat fs/open.c:1459 [inline]\n __se_sys_openat fs/open.c:1454 [inline]\n __x64_sys_openat+0x148/0x200 fs/open.c:1454\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_6\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21631",
"url": "https://www.suse.com/security/cve/CVE-2025-21631"
},
{
"category": "external",
"summary": "SUSE Bug 1236099 for CVE-2025-21631",
"url": "https://bugzilla.suse.com/1236099"
},
{
"category": "external",
"summary": "SUSE Bug 1236100 for CVE-2025-21631",
"url": "https://bugzilla.suse.com/1236100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21631"
},
{
"cve": "CVE-2025-21635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21635"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe per-netns structure can be obtained from the table-\u003edata using\ncontainer_of(), then the \u0027net\u0027 one can be retrieved from the listen\nsocket (if available).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21635",
"url": "https://www.suse.com/security/cve/CVE-2025-21635"
},
{
"category": "external",
"summary": "SUSE Bug 1236111 for CVE-2025-21635",
"url": "https://bugzilla.suse.com/1236111"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21635"
},
{
"cve": "CVE-2025-21636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21636"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.probe_interval\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21636",
"url": "https://www.suse.com/security/cve/CVE-2025-21636"
},
{
"category": "external",
"summary": "SUSE Bug 1236113 for CVE-2025-21636",
"url": "https://bugzilla.suse.com/1236113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21636"
},
{
"cve": "CVE-2025-21637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21637"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: udp_port: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21637",
"url": "https://www.suse.com/security/cve/CVE-2025-21637"
},
{
"category": "external",
"summary": "SUSE Bug 1236114 for CVE-2025-21637",
"url": "https://bugzilla.suse.com/1236114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21637"
},
{
"cve": "CVE-2025-21638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: auth_enable: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21638",
"url": "https://www.suse.com/security/cve/CVE-2025-21638"
},
{
"category": "external",
"summary": "SUSE Bug 1236115 for CVE-2025-21638",
"url": "https://bugzilla.suse.com/1236115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21638"
},
{
"cve": "CVE-2025-21639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21639"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: rto_min/max: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.rto_min/max\u0027 is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21639",
"url": "https://www.suse.com/security/cve/CVE-2025-21639"
},
{
"category": "external",
"summary": "SUSE Bug 1236122 for CVE-2025-21639",
"url": "https://bugzilla.suse.com/1236122"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21639"
},
{
"cve": "CVE-2025-21640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.sctp_hmac_alg\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21640",
"url": "https://www.suse.com/security/cve/CVE-2025-21640"
},
{
"category": "external",
"summary": "SUSE Bug 1236123 for CVE-2025-21640",
"url": "https://bugzilla.suse.com/1236123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21640"
},
{
"cve": "CVE-2025-21647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: add bounds checks to host bulk flow fairness counts\n\nEven though we fixed a logic error in the commit cited below, syzbot\nstill managed to trigger an underflow of the per-host bulk flow\ncounters, leading to an out of bounds memory access.\n\nTo avoid any such logic errors causing out of bounds memory accesses,\nthis commit factors out all accesses to the per-host bulk flow counters\nto a series of helpers that perform bounds-checking before any\nincrements and decrements. This also has the benefit of improving\nreadability by moving the conditional checks for the flow mode into\nthese helpers, instead of having them spread out throughout the\ncode (which was the cause of the original logic error).\n\nAs part of this change, the flow quantum calculation is consolidated\ninto a helper function, which means that the dithering applied to the\nost load scaling is now applied both in the DRR rotation and when a\nsparse flow\u0027s quantum is first initiated. The only user-visible effect\nof this is that the maximum packet size that can be sent while a flow\nstays sparse will now vary with +/- one byte in some cases. This should\nnot make a noticeable difference in practice, and thus it\u0027s not worth\ncomplicating the code to preserve the old behaviour.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21647",
"url": "https://www.suse.com/security/cve/CVE-2025-21647"
},
{
"category": "external",
"summary": "SUSE Bug 1236133 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "external",
"summary": "SUSE Bug 1236134 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21647"
},
{
"cve": "CVE-2025-21659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21659"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdev: prevent accessing NAPI instances from another namespace\n\nThe NAPI IDs were not fully exposed to user space prior to the netlink\nAPI, so they were never namespaced. The netlink API must ensure that\nat the very least NAPI instance belongs to the same netns as the owner\nof the genl sock.\n\nnapi_by_id() can become static now, but it needs to move because of\ndev_get_by_napi_id().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21659",
"url": "https://www.suse.com/security/cve/CVE-2025-21659"
},
{
"category": "external",
"summary": "SUSE Bug 1236206 for CVE-2025-21659",
"url": "https://bugzilla.suse.com/1236206"
},
{
"category": "external",
"summary": "SUSE Bug 1236207 for CVE-2025-21659",
"url": "https://bugzilla.suse.com/1236207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21659"
},
{
"cve": "CVE-2025-21665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilemap: avoid truncating 64-bit offset to 32 bits\n\nOn 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a\n64-bit value to 32 bits, leading to a possible infinite loop when writing\nto an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21665",
"url": "https://www.suse.com/security/cve/CVE-2025-21665"
},
{
"category": "external",
"summary": "SUSE Bug 1236684 for CVE-2025-21665",
"url": "https://bugzilla.suse.com/1236684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21665"
},
{
"cve": "CVE-2025-21666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21666"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: prevent null-ptr-deref in vsock_*[has_data|has_space]\n\nRecent reports have shown how we sometimes call vsock_*_has_data()\nwhen a vsock socket has been de-assigned from a transport (see attached\nlinks), but we shouldn\u0027t.\n\nPrevious commits should have solved the real problems, but we may have\nmore in the future, so to avoid null-ptr-deref, we can return 0\n(no space, no data available) but with a warning.\n\nThis way the code should continue to run in a nearly consistent state\nand have a warning that allows us to debug future problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21666",
"url": "https://www.suse.com/security/cve/CVE-2025-21666"
},
{
"category": "external",
"summary": "SUSE Bug 1236680 for CVE-2025-21666",
"url": "https://bugzilla.suse.com/1236680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21666"
},
{
"cve": "CVE-2025-21667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21667"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: avoid avoid truncating 64-bit offset to 32 bits\n\non 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a\n32-bit position due to folio_next_index() returning an unsigned long.\nThis could lead to an infinite loop when writing to an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21667",
"url": "https://www.suse.com/security/cve/CVE-2025-21667"
},
{
"category": "external",
"summary": "SUSE Bug 1236681 for CVE-2025-21667",
"url": "https://bugzilla.suse.com/1236681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21667"
},
{
"cve": "CVE-2025-21668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8mp-blk-ctrl: add missing loop break condition\n\nCurrently imx8mp_blk_ctrl_remove() will continue the for loop\nuntil an out-of-bounds exception occurs.\n\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : dev_pm_domain_detach+0x8/0x48\nlr : imx8mp_blk_ctrl_shutdown+0x58/0x90\nsp : ffffffc084f8bbf0\nx29: ffffffc084f8bbf0 x28: ffffff80daf32ac0 x27: 0000000000000000\nx26: ffffffc081658d78 x25: 0000000000000001 x24: ffffffc08201b028\nx23: ffffff80d0db9490 x22: ffffffc082340a78 x21: 00000000000005b0\nx20: ffffff80d19bc180 x19: 000000000000000a x18: ffffffffffffffff\nx17: ffffffc080a39e08 x16: ffffffc080a39c98 x15: 4f435f464f006c72\nx14: 0000000000000004 x13: ffffff80d0172110 x12: 0000000000000000\nx11: ffffff80d0537740 x10: ffffff80d05376c0 x9 : ffffffc0808ed2d8\nx8 : ffffffc084f8bab0 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : ffffff80d19b9420 x4 : fffffffe03466e60 x3 : 0000000080800077\nx2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000000\nCall trace:\n dev_pm_domain_detach+0x8/0x48\n platform_shutdown+0x2c/0x48\n device_shutdown+0x158/0x268\n kernel_restart_prepare+0x40/0x58\n kernel_kexec+0x58/0xe8\n __do_sys_reboot+0x198/0x258\n __arm64_sys_reboot+0x2c/0x40\n invoke_syscall+0x5c/0x138\n el0_svc_common.constprop.0+0x48/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x38/0xc8\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x190/0x198\nCode: 8128c2d0 ffffffc0 aa1e03e9 d503201f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21668",
"url": "https://www.suse.com/security/cve/CVE-2025-21668"
},
{
"category": "external",
"summary": "SUSE Bug 1236682 for CVE-2025-21668",
"url": "https://bugzilla.suse.com/1236682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21668"
},
{
"cve": "CVE-2025-21669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21669"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: discard packets if the transport changes\n\nIf the socket has been de-assigned or assigned to another transport,\nwe must discard any packets received because they are not expected\nand would cause issues when we access vsk-\u003etransport.\n\nA possible scenario is described by Hyunwoo Kim in the attached link,\nwhere after a first connect() interrupted by a signal, and a second\nconnect() failed, we can find `vsk-\u003etransport` at NULL, leading to a\nNULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21669",
"url": "https://www.suse.com/security/cve/CVE-2025-21669"
},
{
"category": "external",
"summary": "SUSE Bug 1236683 for CVE-2025-21669",
"url": "https://bugzilla.suse.com/1236683"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21669"
},
{
"cve": "CVE-2025-21670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21670"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/bpf: return early if transport is not assigned\n\nSome of the core functions can only be called if the transport\nhas been assigned.\n\nAs Michal reported, a socket might have the transport at NULL,\nfor example after a failed connect(), causing the following trace:\n\n BUG: kernel NULL pointer dereference, address: 00000000000000a0\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+\n RIP: 0010:vsock_connectible_has_data+0x1f/0x40\n Call Trace:\n vsock_bpf_recvmsg+0xca/0x5e0\n sock_recvmsg+0xb9/0xc0\n __sys_recvfrom+0xb3/0x130\n __x64_sys_recvfrom+0x20/0x30\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nSo we need to check the `vsk-\u003etransport` in vsock_bpf_recvmsg(),\nespecially for connected sockets (stream/seqpacket) as we already\ndo in __vsock_connectible_recvmsg().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21670",
"url": "https://www.suse.com/security/cve/CVE-2025-21670"
},
{
"category": "external",
"summary": "SUSE Bug 1236685 for CVE-2025-21670",
"url": "https://bugzilla.suse.com/1236685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21670"
},
{
"cve": "CVE-2025-21671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21671"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nzram: fix potential UAF of zram table\n\nIf zram_meta_alloc failed early, it frees allocated zram-\u003etable without\nsetting it NULL. Which will potentially cause zram_meta_free to access\nthe table if user reset an failed and uninitialized device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21671",
"url": "https://www.suse.com/security/cve/CVE-2025-21671"
},
{
"category": "external",
"summary": "SUSE Bug 1236692 for CVE-2025-21671",
"url": "https://bugzilla.suse.com/1236692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21671"
},
{
"cve": "CVE-2025-21673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double free of TCP_Server_Info::hostname\n\nWhen shutting down the server in cifs_put_tcp_session(), cifsd thread\nmight be reconnecting to multiple DFS targets before it realizes it\nshould exit the loop, so @server-\u003ehostname can\u0027t be freed as long as\ncifsd thread isn\u0027t done. Otherwise the following can happen:\n\n RIP: 0010:__slab_free+0x223/0x3c0\n Code: 5e 41 5f c3 cc cc cc cc 4c 89 de 4c 89 cf 44 89 44 24 08 4c 89\n 1c 24 e8 fb cf 8e 00 44 8b 44 24 08 4c 8b 1c 24 e9 5f fe ff ff \u003c0f\u003e\n 0b 41 f7 45 08 00 0d 21 00 0f 85 2d ff ff ff e9 1f ff ff ff 80\n RSP: 0018:ffffb26180dbfd08 EFLAGS: 00010246\n RAX: ffff8ea34728e510 RBX: ffff8ea34728e500 RCX: 0000000000800068\n RDX: 0000000000800068 RSI: 0000000000000000 RDI: ffff8ea340042400\n RBP: ffffe112041ca380 R08: 0000000000000001 R09: 0000000000000000\n R10: 6170732e31303000 R11: 70726f632e786563 R12: ffff8ea34728e500\n R13: ffff8ea340042400 R14: ffff8ea34728e500 R15: 0000000000800068\n FS: 0000000000000000(0000) GS:ffff8ea66fd80000(0000)\n 000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ffc25376080 CR3: 000000012a2ba001 CR4:\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? show_trace_log_lvl+0x1c4/0x2df\n ? show_trace_log_lvl+0x1c4/0x2df\n ? __reconnect_target_unlocked+0x3e/0x160 [cifs]\n ? __die_body.cold+0x8/0xd\n ? die+0x2b/0x50\n ? do_trap+0xce/0x120\n ? __slab_free+0x223/0x3c0\n ? do_error_trap+0x65/0x80\n ? __slab_free+0x223/0x3c0\n ? exc_invalid_op+0x4e/0x70\n ? __slab_free+0x223/0x3c0\n ? asm_exc_invalid_op+0x16/0x20\n ? __slab_free+0x223/0x3c0\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? __kmalloc+0x4b/0x140\n __reconnect_target_unlocked+0x3e/0x160 [cifs]\n reconnect_dfs_server+0x145/0x430 [cifs]\n cifs_handle_standard+0x1ad/0x1d0 [cifs]\n cifs_demultiplex_thread+0x592/0x730 [cifs]\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n kthread+0xdd/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x50\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21673",
"url": "https://www.suse.com/security/cve/CVE-2025-21673"
},
{
"category": "external",
"summary": "SUSE Bug 1236689 for CVE-2025-21673",
"url": "https://bugzilla.suse.com/1236689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21673"
},
{
"cve": "CVE-2025-21675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21675"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Clear port select structure when fail to create\n\nClear the port select structure on error so no stale values left after\ndefiners are destroyed. That\u0027s because the mlx5_lag_destroy_definers()\nalways try to destroy all lag definers in the tt_map, so in the flow\nbelow lag definers get double-destroyed and cause kernel crash:\n\n mlx5_lag_port_sel_create()\n mlx5_lag_create_definers()\n mlx5_lag_create_definer() \u003c- Failed on tt 1\n mlx5_lag_destroy_definers() \u003c- definers[tt=0] gets destroyed\n mlx5_lag_port_sel_create()\n mlx5_lag_create_definers()\n mlx5_lag_create_definer() \u003c- Failed on tt 0\n mlx5_lag_destroy_definers() \u003c- definers[tt=0] gets double-destroyed\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008\n Mem abort info:\n ESR = 0x0000000096000005\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x05: level 1 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n user pgtable: 64k pages, 48-bit VAs, pgdp=0000000112ce2e00\n [0000000000000008] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n Modules linked in: iptable_raw bonding ip_gre ip6_gre gre ip6_tunnel tunnel6 geneve ip6_udp_tunnel udp_tunnel ipip tunnel4 ip_tunnel rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) mlx5_fwctl(OE) fwctl(OE) mlx5_core(OE) mlxdevm(OE) ib_core(OE) mlxfw(OE) memtrack(OE) mlx_compat(OE) openvswitch nsh nf_conncount psample xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo xt_addrtype iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter bridge stp llc netconsole overlay efi_pstore sch_fq_codel zram ip_tables crct10dif_ce qemu_fw_cfg fuse ipv6 crc_ccitt [last unloaded: mlx_compat(OE)]\n CPU: 3 UID: 0 PID: 217 Comm: kworker/u53:2 Tainted: G OE 6.11.0+ #2\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\n Workqueue: mlx5_lag mlx5_do_bond_work [mlx5_core]\n pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mlx5_del_flow_rules+0x24/0x2c0 [mlx5_core]\n lr : mlx5_lag_destroy_definer+0x54/0x100 [mlx5_core]\n sp : ffff800085fafb00\n x29: ffff800085fafb00 x28: ffff0000da0c8000 x27: 0000000000000000\n x26: ffff0000da0c8000 x25: ffff0000da0c8000 x24: ffff0000da0c8000\n x23: ffff0000c31f81a0 x22: 0400000000000000 x21: ffff0000da0c8000\n x20: 0000000000000000 x19: 0000000000000001 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff8b0c9350\n x14: 0000000000000000 x13: ffff800081390d18 x12: ffff800081dc3cc0\n x11: 0000000000000001 x10: 0000000000000b10 x9 : ffff80007ab7304c\n x8 : ffff0000d00711f0 x7 : 0000000000000004 x6 : 0000000000000190\n x5 : ffff00027edb3010 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : ffff0000d39b8000 x1 : ffff0000d39b8000 x0 : 0400000000000000\n Call trace:\n mlx5_del_flow_rules+0x24/0x2c0 [mlx5_core]\n mlx5_lag_destroy_definer+0x54/0x100 [mlx5_core]\n mlx5_lag_destroy_definers+0xa0/0x108 [mlx5_core]\n mlx5_lag_port_sel_create+0x2d4/0x6f8 [mlx5_core]\n mlx5_activate_lag+0x60c/0x6f8 [mlx5_core]\n mlx5_do_bond_work+0x284/0x5c8 [mlx5_core]\n process_one_work+0x170/0x3e0\n worker_thread+0x2d8/0x3e0\n kthread+0x11c/0x128\n ret_from_fork+0x10/0x20\n Code: a9025bf5 aa0003f6 a90363f7 f90023f9 (f9400400)\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21675",
"url": "https://www.suse.com/security/cve/CVE-2025-21675"
},
{
"category": "external",
"summary": "SUSE Bug 1236694 for CVE-2025-21675",
"url": "https://bugzilla.suse.com/1236694"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21675"
},
{
"cve": "CVE-2025-21678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: Destroy device along with udp socket\u0027s netns dismantle.\n\ngtp_newlink() links the device to a list in dev_net(dev) instead of\nsrc_net, where a udp tunnel socket is created.\n\nEven when src_net is removed, the device stays alive on dev_net(dev).\nThen, removing src_net triggers the splat below. [0]\n\nIn this example, gtp0 is created in ns2, and the udp socket is created\nin ns1.\n\n ip netns add ns1\n ip netns add ns2\n ip -n ns1 link add netns ns2 name gtp0 type gtp role sgsn\n ip netns del ns1\n\nLet\u0027s link the device to the socket\u0027s netns instead.\n\nNow, gtp_net_exit_batch_rtnl() needs another netdev iteration to remove\nall gtp devices in the netns.\n\n[0]:\nref_tracker: net notrefcnt@000000003d6e7d05 has 1/2 users at\n sk_alloc (./include/net/net_namespace.h:345 net/core/sock.c:2236)\n inet_create (net/ipv4/af_inet.c:326 net/ipv4/af_inet.c:252)\n __sock_create (net/socket.c:1558)\n udp_sock_create4 (net/ipv4/udp_tunnel_core.c:18)\n gtp_create_sock (./include/net/udp_tunnel.h:59 drivers/net/gtp.c:1423)\n gtp_create_sockets (drivers/net/gtp.c:1447)\n gtp_newlink (drivers/net/gtp.c:1507)\n rtnl_newlink (net/core/rtnetlink.c:3786 net/core/rtnetlink.c:3897 net/core/rtnetlink.c:4012)\n rtnetlink_rcv_msg (net/core/rtnetlink.c:6922)\n netlink_rcv_skb (net/netlink/af_netlink.c:2542)\n netlink_unicast (net/netlink/af_netlink.c:1321 net/netlink/af_netlink.c:1347)\n netlink_sendmsg (net/netlink/af_netlink.c:1891)\n ____sys_sendmsg (net/socket.c:711 net/socket.c:726 net/socket.c:2583)\n ___sys_sendmsg (net/socket.c:2639)\n __sys_sendmsg (net/socket.c:2669)\n do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\n\nWARNING: CPU: 1 PID: 60 at lib/ref_tracker.c:179 ref_tracker_dir_exit (lib/ref_tracker.c:179)\nModules linked in:\nCPU: 1 UID: 0 PID: 60 Comm: kworker/u16:2 Not tainted 6.13.0-rc5-00147-g4c1224501e9d #5\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nWorkqueue: netns cleanup_net\nRIP: 0010:ref_tracker_dir_exit (lib/ref_tracker.c:179)\nCode: 00 00 00 fc ff df 4d 8b 26 49 bd 00 01 00 00 00 00 ad de 4c 39 f5 0f 85 df 00 00 00 48 8b 74 24 08 48 89 df e8 a5 cc 12 02 90 \u003c0f\u003e 0b 90 48 8d 6b 44 be 04 00 00 00 48 89 ef e8 80 de 67 ff 48 89\nRSP: 0018:ff11000009a07b60 EFLAGS: 00010286\nRAX: 0000000000002bd3 RBX: ff1100000f4e1aa0 RCX: 1ffffffff0e40ac6\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8423ee3c\nRBP: ff1100000f4e1af0 R08: 0000000000000001 R09: fffffbfff0e395ae\nR10: 0000000000000001 R11: 0000000000036001 R12: ff1100000f4e1af0\nR13: dead000000000100 R14: ff1100000f4e1af0 R15: dffffc0000000000\nFS: 0000000000000000(0000) GS:ff1100006ce80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f9b2464bd98 CR3: 0000000005286005 CR4: 0000000000771ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __warn (kernel/panic.c:748)\n ? ref_tracker_dir_exit (lib/ref_tracker.c:179)\n ? report_bug (lib/bug.c:201 lib/bug.c:219)\n ? handle_bug (arch/x86/kernel/traps.c:285)\n ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1))\n ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621)\n ? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:97 ./arch/x86/include/asm/irqflags.h:155 ./include/linux/spinlock_api_smp.h:151 kernel/locking/spinlock.c:194)\n ? ref_tracker_dir_exit (lib/ref_tracker.c:179)\n ? __pfx_ref_tracker_dir_exit (lib/ref_tracker.c:158)\n ? kfree (mm/slub.c:4613 mm/slub.c:4761)\n net_free (net/core/net_namespace.c:476 net/core/net_namespace.c:467)\n cleanup_net (net/core/net_namespace.c:664 (discriminator 3))\n process_one_work (kernel/workqueue.c:3229)\n worker_thread (kernel/workqueue.c:3304 kernel/workqueue.c:3391\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21678",
"url": "https://www.suse.com/security/cve/CVE-2025-21678"
},
{
"category": "external",
"summary": "SUSE Bug 1236698 for CVE-2025-21678",
"url": "https://bugzilla.suse.com/1236698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21678"
},
{
"cve": "CVE-2025-21680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: Avoid out-of-bounds access in get_imix_entries\n\nPassing a sufficient amount of imix entries leads to invalid access to the\npkt_dev-\u003eimix_entries array because of the incorrect boundary check.\n\nUBSAN: array-index-out-of-bounds in net/core/pktgen.c:874:24\nindex 20 is out of range for type \u0027imix_pkt [20]\u0027\nCPU: 2 PID: 1210 Comm: bash Not tainted 6.10.0-rc1 #121\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl lib/dump_stack.c:117\n__ubsan_handle_out_of_bounds lib/ubsan.c:429\nget_imix_entries net/core/pktgen.c:874\npktgen_if_write net/core/pktgen.c:1063\npde_write fs/proc/inode.c:334\nproc_reg_write fs/proc/inode.c:346\nvfs_write fs/read_write.c:593\nksys_write fs/read_write.c:644\ndo_syscall_64 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe arch/x86/entry/entry_64.S:130\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[ fp: allow to fill the array completely; minor changelog cleanup ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21680",
"url": "https://www.suse.com/security/cve/CVE-2025-21680"
},
{
"category": "external",
"summary": "SUSE Bug 1236700 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "external",
"summary": "SUSE Bug 1236701 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21680"
},
{
"cve": "CVE-2025-21681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: fix lockup on tx to unregistering netdev with carrier\n\nCommit in a fixes tag attempted to fix the issue in the following\nsequence of calls:\n\n do_output\n -\u003e ovs_vport_send\n -\u003e dev_queue_xmit\n -\u003e __dev_queue_xmit\n -\u003e netdev_core_pick_tx\n -\u003e skb_tx_hash\n\nWhen device is unregistering, the \u0027dev-\u003ereal_num_tx_queues\u0027 goes to\nzero and the \u0027while (unlikely(hash \u003e= qcount))\u0027 loop inside the\n\u0027skb_tx_hash\u0027 becomes infinite, locking up the core forever.\n\nBut unfortunately, checking just the carrier status is not enough to\nfix the issue, because some devices may still be in unregistering\nstate while reporting carrier status OK.\n\nOne example of such device is a net/dummy. It sets carrier ON\non start, but it doesn\u0027t implement .ndo_stop to set the carrier off.\nAnd it makes sense, because dummy doesn\u0027t really have a carrier.\nTherefore, while this device is unregistering, it\u0027s still easy to hit\nthe infinite loop in the skb_tx_hash() from the OVS datapath. There\nmight be other drivers that do the same, but dummy by itself is\nimportant for the OVS ecosystem, because it is frequently used as a\npacket sink for tcpdump while debugging OVS deployments. And when the\nissue is hit, the only way to recover is to reboot.\n\nFix that by also checking if the device is running. The running\nstate is handled by the net core during unregistering, so it covers\nunregistering case better, and we don\u0027t really need to send packets\nto devices that are not running anyway.\n\nWhile only checking the running state might be enough, the carrier\ncheck is preserved. The running and the carrier states seem disjoined\nthroughout the code and different drivers. And other core functions\nlike __dev_direct_xmit() check both before attempting to transmit\na packet. So, it seems safer to check both flags in OVS as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21681",
"url": "https://www.suse.com/security/cve/CVE-2025-21681"
},
{
"category": "external",
"summary": "SUSE Bug 1236702 for CVE-2025-21681",
"url": "https://bugzilla.suse.com/1236702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21681"
},
{
"cve": "CVE-2025-21684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21684"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: xilinx: Convert gpio_lock to raw spinlock\n\nirq_chip functions may be called in raw spinlock context. Therefore, we\nmust also use a raw spinlock for our own internal locking.\n\nThis fixes the following lockdep splat:\n\n[ 5.349336] =============================\n[ 5.353349] [ BUG: Invalid wait context ]\n[ 5.357361] 6.13.0-rc5+ #69 Tainted: G W\n[ 5.363031] -----------------------------\n[ 5.367045] kworker/u17:1/44 is trying to lock:\n[ 5.371587] ffffff88018b02c0 (\u0026chip-\u003egpio_lock){....}-{3:3}, at: xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.380079] other info that might help us debug this:\n[ 5.385138] context-{5:5}\n[ 5.387762] 5 locks held by kworker/u17:1/44:\n[ 5.392123] #0: ffffff8800014958 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3204)\n[ 5.402260] #1: ffffffc082fcbdd8 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3205)\n[ 5.411528] #2: ffffff880172c900 (\u0026dev-\u003emutex){....}-{4:4}, at: __device_attach (drivers/base/dd.c:1006)\n[ 5.419929] #3: ffffff88039c8268 (request_class#2){+.+.}-{4:4}, at: __setup_irq (kernel/irq/internals.h:156 kernel/irq/manage.c:1596)\n[ 5.428331] #4: ffffff88039c80c8 (lock_class#2){....}-{2:2}, at: __setup_irq (kernel/irq/manage.c:1614)\n[ 5.436472] stack backtrace:\n[ 5.439359] CPU: 2 UID: 0 PID: 44 Comm: kworker/u17:1 Tainted: G W 6.13.0-rc5+ #69\n[ 5.448690] Tainted: [W]=WARN\n[ 5.451656] Hardware name: xlnx,zynqmp (DT)\n[ 5.455845] Workqueue: events_unbound deferred_probe_work_func\n[ 5.461699] Call trace:\n[ 5.464147] show_stack+0x18/0x24 C\n[ 5.467821] dump_stack_lvl (lib/dump_stack.c:123)\n[ 5.471501] dump_stack (lib/dump_stack.c:130)\n[ 5.474824] __lock_acquire (kernel/locking/lockdep.c:4828 kernel/locking/lockdep.c:4898 kernel/locking/lockdep.c:5176)\n[ 5.478758] lock_acquire (arch/arm64/include/asm/percpu.h:40 kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851 kernel/locking/lockdep.c:5814)\n[ 5.482429] _raw_spin_lock_irqsave (include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\n[ 5.486797] xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.490737] irq_enable (kernel/irq/internals.h:236 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345)\n[ 5.494060] __irq_startup (kernel/irq/internals.h:241 kernel/irq/chip.c:180 kernel/irq/chip.c:250)\n[ 5.497645] irq_startup (kernel/irq/chip.c:270)\n[ 5.501143] __setup_irq (kernel/irq/manage.c:1807)\n[ 5.504728] request_threaded_irq (kernel/irq/manage.c:2208)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21684",
"url": "https://www.suse.com/security/cve/CVE-2025-21684"
},
{
"category": "external",
"summary": "SUSE Bug 1236952 for CVE-2025-21684",
"url": "https://bugzilla.suse.com/1236952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21684"
},
{
"cve": "CVE-2025-21687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/platform: check the bounds of read/write syscalls\n\ncount and offset are passed from user space and not checked, only\noffset is capped to 40 bits, which can be used to read/write out of\nbounds of the device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21687",
"url": "https://www.suse.com/security/cve/CVE-2025-21687"
},
{
"category": "external",
"summary": "SUSE Bug 1237045 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "external",
"summary": "SUSE Bug 1237046 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21687"
},
{
"cve": "CVE-2025-21688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21688"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Assign job pointer to NULL before signaling the fence\n\nIn commit e4b5ccd392b9 (\"drm/v3d: Ensure job pointer is set to NULL\nafter job completion\"), we introduced a change to assign the job pointer\nto NULL after completing a job, indicating job completion.\n\nHowever, this approach created a race condition between the DRM\nscheduler workqueue and the IRQ execution thread. As soon as the fence is\nsignaled in the IRQ execution thread, a new job starts to be executed.\nThis results in a race condition where the IRQ execution thread sets the\njob pointer to NULL simultaneously as the `run_job()` function assigns\na new job to the pointer.\n\nThis race condition can lead to a NULL pointer dereference if the IRQ\nexecution thread sets the job pointer to NULL after `run_job()` assigns\nit to the new job. When the new job completes and the GPU emits an\ninterrupt, `v3d_irq()` is triggered, potentially causing a crash.\n\n[ 466.310099] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0\n[ 466.318928] Mem abort info:\n[ 466.321723] ESR = 0x0000000096000005\n[ 466.325479] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 466.330807] SET = 0, FnV = 0\n[ 466.333864] EA = 0, S1PTW = 0\n[ 466.337010] FSC = 0x05: level 1 translation fault\n[ 466.341900] Data abort info:\n[ 466.344783] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 466.350285] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 466.355350] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 466.360677] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000089772000\n[ 466.367140] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 466.375875] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[ 466.382163] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device algif_hash algif_skcipher af_alg bnep binfmt_misc vc4 snd_soc_hdmi_codec drm_display_helper cec brcmfmac_wcc spidev rpivid_hevc(C) drm_client_lib brcmfmac hci_uart drm_dma_helper pisp_be btbcm brcmutil snd_soc_core aes_ce_blk v4l2_mem2mem bluetooth aes_ce_cipher snd_compress videobuf2_dma_contig ghash_ce cfg80211 gf128mul snd_pcm_dmaengine videobuf2_memops ecdh_generic sha2_ce ecc videobuf2_v4l2 snd_pcm v3d sha256_arm64 rfkill videodev snd_timer sha1_ce libaes gpu_sched snd videobuf2_common sha1_generic drm_shmem_helper mc rp1_pio drm_kms_helper raspberrypi_hwmon spi_bcm2835 gpio_keys i2c_brcmstb rp1 raspberrypi_gpiomem rp1_mailbox rp1_adc nvmem_rmem uio_pdrv_genirq uio i2c_dev drm ledtrig_pattern drm_panel_orientation_quirks backlight fuse dm_mod ip_tables x_tables ipv6\n[ 466.458429] CPU: 0 UID: 1000 PID: 2008 Comm: chromium Tainted: G C 6.13.0-v8+ #18\n[ 466.467336] Tainted: [C]=CRAP\n[ 466.470306] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\n[ 466.476157] pstate: 404000c9 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 466.483143] pc : v3d_irq+0x118/0x2e0 [v3d]\n[ 466.487258] lr : __handle_irq_event_percpu+0x60/0x228\n[ 466.492327] sp : ffffffc080003ea0\n[ 466.495646] x29: ffffffc080003ea0 x28: ffffff80c0c94200 x27: 0000000000000000\n[ 466.502807] x26: ffffffd08dd81d7b x25: ffffff80c0c94200 x24: ffffff8003bdc200\n[ 466.509969] x23: 0000000000000001 x22: 00000000000000a7 x21: 0000000000000000\n[ 466.517130] x20: ffffff8041bb0000 x19: 0000000000000001 x18: 0000000000000000\n[ 466.524291] x17: ffffffafadfb0000 x16: ffffffc080000000 x15: 0000000000000000\n[ 466.531452] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 466.538613] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffffd08c527eb0\n[ 466.545777] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n[ 466.552941] x5 : ffffffd08c4100d0 x4 : ffffffafadfb0000 x3 : ffffffc080003f70\n[ 466.560102] x2 : ffffffc0829e8058 x1 : 0000000000000001 x0 : 0000000000000000\n[ 466.567263] Call trace:\n[ 466.569711] v3d_irq+0x118/0x2e0 [v3d] (P)\n[ 466.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21688",
"url": "https://www.suse.com/security/cve/CVE-2025-21688"
},
{
"category": "external",
"summary": "SUSE Bug 1237007 for CVE-2025-21688",
"url": "https://bugzilla.suse.com/1237007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21688"
},
{
"cve": "CVE-2025-21689",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21689"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()\n\nThis patch addresses a null-ptr-deref in qt2_process_read_urb() due to\nan incorrect bounds check in the following:\n\n if (newport \u003e serial-\u003enum_ports) {\n dev_err(\u0026port-\u003edev,\n \"%s - port change to invalid port: %i\\n\",\n __func__, newport);\n break;\n }\n\nThe condition doesn\u0027t account for the valid range of the serial-\u003eport\nbuffer, which is from 0 to serial-\u003enum_ports - 1. When newport is equal\nto serial-\u003enum_ports, the assignment of \"port\" in the\nfollowing code is out-of-bounds and NULL:\n\n serial_priv-\u003ecurrent_port = newport;\n port = serial-\u003eport[serial_priv-\u003ecurrent_port];\n\nThe fix checks if newport is greater than or equal to serial-\u003enum_ports\nindicating it is out-of-bounds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21689",
"url": "https://www.suse.com/security/cve/CVE-2025-21689"
},
{
"category": "external",
"summary": "SUSE Bug 1237017 for CVE-2025-21689",
"url": "https://bugzilla.suse.com/1237017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21689"
},
{
"cve": "CVE-2025-21690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21690"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Ratelimit warning logs to prevent VM denial of service\n\nIf there\u0027s a persistent error in the hypervisor, the SCSI warning for\nfailed I/O can flood the kernel log and max out CPU utilization,\npreventing troubleshooting from the VM side. Ratelimit the warning so\nit doesn\u0027t DoS the VM.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21690",
"url": "https://www.suse.com/security/cve/CVE-2025-21690"
},
{
"category": "external",
"summary": "SUSE Bug 1237025 for CVE-2025-21690",
"url": "https://bugzilla.suse.com/1237025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21690"
},
{
"cve": "CVE-2025-21692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan \u003cg1042620637@gmail.com\u003e found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [ 18.852298] ------------[ cut here ]------------\n [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [ 18.853743] index 18446744073709551615 is out of range for type \u0027ets_class [16]\u0027\n [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [ 18.856532] Call Trace:\n [ 18.857441] \u003cTASK\u003e\n [ 18.858227] dump_stack_lvl+0xc2/0xf0\n [ 18.859607] dump_stack+0x10/0x20\n [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0\n [ 18.864022] ets_class_change+0x3d6/0x3f0\n [ 18.864322] tc_ctl_tclass+0x251/0x910\n [ 18.864587] ? lock_acquire+0x5e/0x140\n [ 18.865113] ? __mutex_lock+0x9c/0xe70\n [ 18.866009] ? __mutex_lock+0xa34/0xe70\n [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0\n [ 18.866806] ? __lock_acquire+0x578/0xc10\n [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [ 18.867503] netlink_rcv_skb+0x59/0x110\n [ 18.867776] rtnetlink_rcv+0x15/0x30\n [ 18.868159] netlink_unicast+0x1c3/0x2b0\n [ 18.868440] netlink_sendmsg+0x239/0x4b0\n [ 18.868721] ____sys_sendmsg+0x3e2/0x410\n [ 18.869012] ___sys_sendmsg+0x88/0xe0\n [ 18.869276] ? rseq_ip_fixup+0x198/0x260\n [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190\n [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0\n [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220\n [ 18.870547] ? do_syscall_64+0x93/0x150\n [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290\n [ 18.871157] __sys_sendmsg+0x69/0xd0\n [ 18.871416] __x64_sys_sendmsg+0x1d/0x30\n [ 18.871699] x64_sys_call+0x9e2/0x2670\n [ 18.871979] do_syscall_64+0x87/0x150\n [ 18.873280] ? do_syscall_64+0x93/0x150\n [ 18.874742] ? lock_release+0x7b/0x160\n [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0\n [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210\n [ 18.879608] ? irqentry_exit+0x77/0xb0\n [ 18.879808] ? clear_bhb_loop+0x15/0x70\n [ 18.880023] ? clear_bhb_loop+0x15/0x70\n [ 18.880223] ? clear_bhb_loop+0x15/0x70\n [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [ 18.880683] RIP: 0033:0x44a957\n [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [ 18.888395] \u003c/TASK\u003e\n [ 18.888610] ---[ end trace ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21692",
"url": "https://www.suse.com/security/cve/CVE-2025-21692"
},
{
"category": "external",
"summary": "SUSE Bug 1237028 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "external",
"summary": "SUSE Bug 1237048 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: zswap: properly synchronize freeing resources during CPU hotunplug\n\nIn zswap_compress() and zswap_decompress(), the per-CPU acomp_ctx of the\ncurrent CPU at the beginning of the operation is retrieved and used\nthroughout. However, since neither preemption nor migration are disabled,\nit is possible that the operation continues on a different CPU.\n\nIf the original CPU is hotunplugged while the acomp_ctx is still in use,\nwe run into a UAF bug as some of the resources attached to the acomp_ctx\nare freed during hotunplug in zswap_cpu_comp_dead() (i.e. \nacomp_ctx.buffer, acomp_ctx.req, or acomp_ctx.acomp).\n\nThe problem was introduced in commit 1ec3b5fe6eec (\"mm/zswap: move to use\ncrypto_acomp API for hardware acceleration\") when the switch to the\ncrypto_acomp API was made. Prior to that, the per-CPU crypto_comp was\nretrieved using get_cpu_ptr() which disables preemption and makes sure the\nCPU cannot go away from under us. Preemption cannot be disabled with the\ncrypto_acomp API as a sleepable context is needed.\n\nUse the acomp_ctx.mutex to synchronize CPU hotplug callbacks allocating\nand freeing resources with compression/decompression paths. Make sure\nthat acomp_ctx.req is NULL when the resources are freed. In the\ncompression/decompression paths, check if acomp_ctx.req is NULL after\nacquiring the mutex (meaning the CPU was offlined) and retry on the new\nCPU.\n\nThe initialization of acomp_ctx.mutex is moved from the CPU hotplug\ncallback to the pool initialization where it belongs (where the mutex is\nallocated). In addition to adding clarity, this makes sure that CPU\nhotplug cannot reinitialize a mutex that is already locked by\ncompression/decompression.\n\nPreviously a fix was attempted by holding cpus_read_lock() [1]. This\nwould have caused a potential deadlock as it is possible for code already\nholding the lock to fall into reclaim and enter zswap (causing a\ndeadlock). A fix was also attempted using SRCU for synchronization, but\nJohannes pointed out that synchronize_srcu() cannot be used in CPU hotplug\nnotifiers [2].\n\nAlternative fixes that were considered/attempted and could have worked:\n- Refcounting the per-CPU acomp_ctx. This involves complexity in\n handling the race between the refcount dropping to zero in\n zswap_[de]compress() and the refcount being re-initialized when the\n CPU is onlined.\n- Disabling migration before getting the per-CPU acomp_ctx [3], but\n that\u0027s discouraged and is a much bigger hammer than needed, and could\n result in subtle performance issues.\n\n[1]https://lkml.kernel.org/20241219212437.2714151-1-yosryahmed@google.com/\n[2]https://lkml.kernel.org/20250107074724.1756696-2-yosryahmed@google.com/\n[3]https://lkml.kernel.org/20250107222236.2715883-2-yosryahmed@google.com/\n\n[yosryahmed@google.com: remove comment]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21693",
"url": "https://www.suse.com/security/cve/CVE-2025-21693"
},
{
"category": "external",
"summary": "SUSE Bug 1237029 for CVE-2025-21693",
"url": "https://bugzilla.suse.com/1237029"
},
{
"category": "external",
"summary": "SUSE Bug 1237047 for CVE-2025-21693",
"url": "https://bugzilla.suse.com/1237047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21693"
},
{
"cve": "CVE-2025-21697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Ensure job pointer is set to NULL after job completion\n\nAfter a job completes, the corresponding pointer in the device must\nbe set to NULL. Failing to do so triggers a warning when unloading\nthe driver, as it appears the job is still active. To prevent this,\nassign the job pointer to NULL after completing the job, indicating\nthe job has finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21697",
"url": "https://www.suse.com/security/cve/CVE-2025-21697"
},
{
"category": "external",
"summary": "SUSE Bug 1237132 for CVE-2025-21697",
"url": "https://bugzilla.suse.com/1237132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "low"
}
],
"title": "CVE-2025-21697"
},
{
"cve": "CVE-2025-21699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Truncate address space when flipping GFS2_DIF_JDATA flag\n\nTruncate an inode\u0027s address space when flipping the GFS2_DIF_JDATA flag:\ndepending on that flag, the pages in the address space will either use\nbuffer heads or iomap_folio_state structs, and we cannot mix the two.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21699",
"url": "https://www.suse.com/security/cve/CVE-2025-21699"
},
{
"category": "external",
"summary": "SUSE Bug 1237139 for CVE-2025-21699",
"url": "https://bugzilla.suse.com/1237139"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21699"
},
{
"cve": "CVE-2025-21700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: Disallow replacing of child qdisc from one parent to another\n\nLion Ackermann was able to create a UAF which can be abused for privilege\nescalation with the following script\n\nStep 1. create root qdisc\ntc qdisc add dev lo root handle 1:0 drr\n\nstep2. a class for packet aggregation do demonstrate uaf\ntc class add dev lo classid 1:1 drr\n\nstep3. a class for nesting\ntc class add dev lo classid 1:2 drr\n\nstep4. a class to graft qdisc to\ntc class add dev lo classid 1:3 drr\n\nstep5.\ntc qdisc add dev lo parent 1:1 handle 2:0 plug limit 1024\n\nstep6.\ntc qdisc add dev lo parent 1:2 handle 3:0 drr\n\nstep7.\ntc class add dev lo classid 3:1 drr\n\nstep 8.\ntc qdisc add dev lo parent 3:1 handle 4:0 pfifo\n\nstep 9. Display the class/qdisc layout\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nstep10. trigger the bug \u003c=== prevented by this patch\ntc qdisc replace dev lo parent 1:3 handle 4:0\n\nstep 11. Redisplay again the qdiscs/classes\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 1:3 root leaf 4: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 refcnt 2 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nObserve that a) parent for 4:0 does not change despite the replace request.\nThere can only be one parent. b) refcount has gone up by two for 4:0 and\nc) both class 1:3 and 3:1 are pointing to it.\n\nStep 12. send one packet to plug\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10001))\nstep13. send one packet to the grafted fifo\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10003))\n\nstep14. lets trigger the uaf\ntc class delete dev lo classid 1:3\ntc class delete dev lo classid 1:1\n\nThe semantics of \"replace\" is for a del/add _on the same node_ and not\na delete from one node(3:1) and add to another node (1:3) as in step10.\nWhile we could \"fix\" with a more complex approach there could be\nconsequences to expectations so the patch takes the preventive approach of\n\"disallow such config\".\n\nJoint work with Lion Ackermann \u003cnnamrec@gmail.com\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21700",
"url": "https://www.suse.com/security/cve/CVE-2025-21700"
},
{
"category": "external",
"summary": "SUSE Bug 1237159 for CVE-2025-21700",
"url": "https://bugzilla.suse.com/1237159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21700"
},
{
"cve": "CVE-2025-21701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: avoid race between device unregistration and ethnl ops\n\nThe following trace can be seen if a device is being unregistered while\nits number of channels are being modified.\n\n DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120\n CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771\n RIP: 0010:__mutex_lock+0xc8a/0x1120\n Call Trace:\n \u003cTASK\u003e\n ethtool_check_max_channel+0x1ea/0x880\n ethnl_set_channels+0x3c3/0xb10\n ethnl_default_set_doit+0x306/0x650\n genl_family_rcv_msg_doit+0x1e3/0x2c0\n genl_rcv_msg+0x432/0x6f0\n netlink_rcv_skb+0x13d/0x3b0\n genl_rcv+0x28/0x40\n netlink_unicast+0x42e/0x720\n netlink_sendmsg+0x765/0xc20\n __sys_sendto+0x3ac/0x420\n __x64_sys_sendto+0xe0/0x1c0\n do_syscall_64+0x95/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThis is because unregister_netdevice_many_notify might run before the\nrtnl lock section of ethnl operations, eg. set_channels in the above\nexample. In this example the rss lock would be destroyed by the device\nunregistration path before being used again, but in general running\nethnl operations while dismantle has started is not a good idea.\n\nFix this by denying any operation on devices being unregistered. A check\nwas already there in ethnl_ops_begin, but not wide enough.\n\nNote that the same issue cannot be seen on the ioctl version\n(__dev_ethtool) because the device reference is retrieved from within\nthe rtnl lock section there. Once dismantle started, the net device is\nunlisted and no reference will be found.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21701",
"url": "https://www.suse.com/security/cve/CVE-2025-21701"
},
{
"category": "external",
"summary": "SUSE Bug 1237164 for CVE-2025-21701",
"url": "https://bugzilla.suse.com/1237164"
},
{
"category": "external",
"summary": "SUSE Bug 1245805 for CVE-2025-21701",
"url": "https://bugzilla.suse.com/1245805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21701"
},
{
"cve": "CVE-2025-21703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: Update sch-\u003eq.qlen before qdisc_tree_reduce_backlog()\n\nqdisc_tree_reduce_backlog() notifies parent qdisc only if child\nqdisc becomes empty, therefore we need to reduce the backlog of the\nchild qdisc before calling it. Otherwise it would miss the opportunity\nto call cops-\u003eqlen_notify(), in the case of DRR, it resulted in UAF\nsince DRR uses -\u003eqlen_notify() to maintain its active list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21703",
"url": "https://www.suse.com/security/cve/CVE-2025-21703"
},
{
"category": "external",
"summary": "SUSE Bug 1237313 for CVE-2025-21703",
"url": "https://bugzilla.suse.com/1237313"
},
{
"category": "external",
"summary": "SUSE Bug 1245796 for CVE-2025-21703",
"url": "https://bugzilla.suse.com/1245796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21703"
},
{
"cve": "CVE-2025-21704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21704"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdc-acm: Check control transfer buffer size before access\n\nIf the first fragment is shorter than struct usb_cdc_notification, we can\u0027t\ncalculate an expected_size. Log an error and discard the notification\ninstead of reading lengths from memory outside the received data, which can\nlead to memory corruption when the expected_size decreases between\nfragments, causing `expected_size - acm-\u003enb_index` to wrap.\n\nThis issue has been present since the beginning of git history; however,\nit only leads to memory corruption since commit ea2583529cd1\n(\"cdc-acm: reassemble fragmented notifications\").\n\nA mitigating factor is that acm_ctrl_irq() can only execute after userspace\nhas opened /dev/ttyACM*; but if ModemManager is running, ModemManager will\ndo that automatically depending on the USB device\u0027s vendor/product IDs and\nits other interfaces.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21704",
"url": "https://www.suse.com/security/cve/CVE-2025-21704"
},
{
"category": "external",
"summary": "SUSE Bug 1237571 for CVE-2025-21704",
"url": "https://bugzilla.suse.com/1237571"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21704"
},
{
"cve": "CVE-2025-21705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21705"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle fastopen disconnect correctly\n\nSyzbot was able to trigger a data stream corruption:\n\n WARNING: CPU: 0 PID: 9846 at net/mptcp/protocol.c:1024 __mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Modules linked in:\n CPU: 0 UID: 0 PID: 9846 Comm: syz-executor351 Not tainted 6.13.0-rc2-syzkaller-00059-g00a5acdbf398 #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\n RIP: 0010:__mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Code: fa ff ff 48 8b 4c 24 18 80 e1 07 fe c1 38 c1 0f 8c 8e fa ff ff 48 8b 7c 24 18 e8 e0 db 54 f6 e9 7f fa ff ff e8 e6 80 ee f5 90 \u003c0f\u003e 0b 90 4c 8b 6c 24 40 4d 89 f4 e9 04 f5 ff ff 44 89 f1 80 e1 07\n RSP: 0018:ffffc9000c0cf400 EFLAGS: 00010293\n RAX: ffffffff8bb0dd5a RBX: ffff888033f5d230 RCX: ffff888059ce8000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000c0cf518 R08: ffffffff8bb0d1dd R09: 1ffff110170c8928\n R10: dffffc0000000000 R11: ffffed10170c8929 R12: 0000000000000000\n R13: ffff888033f5d220 R14: dffffc0000000000 R15: ffff8880592b8000\n FS: 00007f6e866496c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f6e86f491a0 CR3: 00000000310e6000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n __mptcp_clean_una_wakeup+0x7f/0x2d0 net/mptcp/protocol.c:1074\n mptcp_release_cb+0x7cb/0xb30 net/mptcp/protocol.c:3493\n release_sock+0x1aa/0x1f0 net/core/sock.c:3640\n inet_wait_for_connect net/ipv4/af_inet.c:609 [inline]\n __inet_stream_connect+0x8bd/0xf30 net/ipv4/af_inet.c:703\n mptcp_sendmsg_fastopen+0x2a2/0x530 net/mptcp/protocol.c:1755\n mptcp_sendmsg+0x1884/0x1b10 net/mptcp/protocol.c:1830\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f6e86ebfe69\n Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007f6e86649168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f6e86f491b8 RCX: 00007f6e86ebfe69\n RDX: 0000000030004001 RSI: 0000000020000080 RDI: 0000000000000003\n RBP: 00007f6e86f491b0 R08: 00007f6e866496c0 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6e86f491bc\n R13: 000000000000006e R14: 00007ffe445d9420 R15: 00007ffe445d9508\n \u003c/TASK\u003e\n\nThe root cause is the bad handling of disconnect() generated internally\nby the MPTCP protocol in case of connect FASTOPEN errors.\n\nAddress the issue increasing the socket disconnect counter even on such\na case, to allow other threads waiting on the same socket lock to\nproperly error out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21705",
"url": "https://www.suse.com/security/cve/CVE-2025-21705"
},
{
"category": "external",
"summary": "SUSE Bug 1238525 for CVE-2025-21705",
"url": "https://bugzilla.suse.com/1238525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21705"
},
{
"cve": "CVE-2025-21706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21706"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only set fullmesh for subflow endp\n\nWith the in-kernel path-manager, it is possible to change the \u0027fullmesh\u0027\nflag. The code in mptcp_pm_nl_fullmesh() expects to change it only on\n\u0027subflow\u0027 endpoints, to recreate more or less subflows using the linked\naddress.\n\nUnfortunately, the set_flags() hook was a bit more permissive, and\nallowed \u0027implicit\u0027 endpoints to get the \u0027fullmesh\u0027 flag while it is not\nallowed before.\n\nThat\u0027s what syzbot found, triggering the following warning:\n\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 __mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064\n Modules linked in:\n CPU: 0 UID: 0 PID: 6499 Comm: syz.1.413 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n RIP: 0010:__mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]\n RIP: 0010:mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]\n RIP: 0010:mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]\n RIP: 0010:mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064\n Code: 01 00 00 49 89 c5 e8 fb 45 e8 f5 e9 b8 fc ff ff e8 f1 45 e8 f5 4c 89 f7 be 03 00 00 00 e8 44 1d 0b f9 eb a0 e8 dd 45 e8 f5 90 \u003c0f\u003e 0b 90 e9 17 ff ff ff 89 d9 80 e1 07 38 c1 0f 8c c9 fc ff ff 48\n RSP: 0018:ffffc9000d307240 EFLAGS: 00010293\n RAX: ffffffff8bb72e03 RBX: 0000000000000000 RCX: ffff88807da88000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000d307430 R08: ffffffff8bb72cf0 R09: 1ffff1100b842a5e\n R10: dffffc0000000000 R11: ffffed100b842a5f R12: ffff88801e2e5ac0\n R13: ffff88805c214800 R14: ffff88805c2152e8 R15: 1ffff1100b842a5d\n FS: 00005555619f6500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000020002840 CR3: 00000000247e6000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2542\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f5fe8785d29\n Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007fff571f5558 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f5fe8975fa0 RCX: 00007f5fe8785d29\n RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000007\n RBP: 00007f5fe8801b08 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 00007f5fe8975fa0 R14: 00007f5fe8975fa0 R15: 000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21706",
"url": "https://www.suse.com/security/cve/CVE-2025-21706"
},
{
"category": "external",
"summary": "SUSE Bug 1238528 for CVE-2025-21706",
"url": "https://bugzilla.suse.com/1238528"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21706"
},
{
"cve": "CVE-2025-21708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: rtl8150: enable basic endpoint checking\n\nSyzkaller reports [1] encountering a common issue of utilizing a wrong\nusb endpoint type during URB submitting stage. This, in turn, triggers\na warning shown below.\n\nFor now, enable simple endpoint checking (specifically, bulk and\ninterrupt eps, testing control one is not essential) to mitigate\nthe issue with a view to do other related cosmetic changes later,\nif they are necessary.\n\n[1] Syzkaller report:\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 1 PID: 2586 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 driv\u003e\nModules linked in:\nCPU: 1 UID: 0 PID: 2586 Comm: dhcpcd Not tainted 6.11.0-rc4-syzkaller-00069-gfc88bb11617\u003e\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\nCode: 84 3c 02 00 00 e8 05 e4 fc fc 4c 89 ef e8 fd 25 d7 fe 45 89 e0 89 e9 4c 89 f2 48 8\u003e\nRSP: 0018:ffffc9000441f740 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff888112487a00 RCX: ffffffff811a99a9\nRDX: ffff88810df6ba80 RSI: ffffffff811a99b6 RDI: 0000000000000001\nRBP: 0000000000000003 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001\nR13: ffff8881023bf0a8 R14: ffff888112452a20 R15: ffff888112487a7c\nFS: 00007fc04eea5740(0000) GS:ffff8881f6300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f0a1de9f870 CR3: 000000010dbd0000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n rtl8150_open+0x300/0xe30 drivers/net/usb/rtl8150.c:733\n __dev_open+0x2d4/0x4e0 net/core/dev.c:1474\n __dev_change_flags+0x561/0x720 net/core/dev.c:8838\n dev_change_flags+0x8f/0x160 net/core/dev.c:8910\n devinet_ioctl+0x127a/0x1f10 net/ipv4/devinet.c:1177\n inet_ioctl+0x3aa/0x3f0 net/ipv4/af_inet.c:1003\n sock_do_ioctl+0x116/0x280 net/socket.c:1222\n sock_ioctl+0x22e/0x6c0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x193/0x220 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fc04ef73d49\n...\n\nThis change has not been tested on real hardware.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21708",
"url": "https://www.suse.com/security/cve/CVE-2025-21708"
},
{
"category": "external",
"summary": "SUSE Bug 1239087 for CVE-2025-21708",
"url": "https://bugzilla.suse.com/1239087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21708"
},
{
"cve": "CVE-2025-21711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21711"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rose: prevent integer overflows in rose_setsockopt()\n\nIn case of possible unpredictably large arguments passed to\nrose_setsockopt() and multiplied by extra values on top of that,\ninteger overflows may occur.\n\nDo the safest minimum and fix these issues by checking the\ncontents of \u0027opt\u0027 and returning -EINVAL if they are too large. Also,\nswitch to unsigned int and remove useless check for negative \u0027opt\u0027\nin ROSE_IDLE case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21711",
"url": "https://www.suse.com/security/cve/CVE-2025-21711"
},
{
"category": "external",
"summary": "SUSE Bug 1239114 for CVE-2025-21711",
"url": "https://bugzilla.suse.com/1239114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21711"
},
{
"cve": "CVE-2025-21714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21714"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix implicit ODP use after free\n\nPrevent double queueing of implicit ODP mr destroy work by using\n__xa_cmpxchg() to make sure this is the only time we are destroying this\nspecific mr.\n\nWithout this change, we could try to invalidate this mr twice, which in\nturn could result in queuing a MR work destroy twice, and eventually the\nsecond work could execute after the MR was freed due to the first work,\ncausing a user after free and trace below.\n\n refcount_t: underflow; use-after-free.\n WARNING: CPU: 2 PID: 12178 at lib/refcount.c:28 refcount_warn_saturate+0x12b/0x130\n Modules linked in: bonding ib_ipoib vfio_pci ip_gre geneve nf_tables ip6_gre gre ip6_tunnel tunnel6 ipip tunnel4 ib_umad rdma_ucm mlx5_vfio_pci vfio_pci_core vfio_iommu_type1 mlx5_ib vfio ib_uverbs mlx5_core iptable_raw openvswitch nsh rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm ib_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay zram zsmalloc fuse [last unloaded: ib_uverbs]\n CPU: 2 PID: 12178 Comm: kworker/u20:5 Not tainted 6.5.0-rc1_net_next_mlx5_58c644e #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: events_unbound free_implicit_child_mr_work [mlx5_ib]\n RIP: 0010:refcount_warn_saturate+0x12b/0x130\n Code: 48 c7 c7 38 95 2a 82 c6 05 bc c6 fe 00 01 e8 0c 66 aa ff 0f 0b 5b c3 48 c7 c7 e0 94 2a 82 c6 05 a7 c6 fe 00 01 e8 f5 65 aa ff \u003c0f\u003e 0b 5b c3 90 8b 07 3d 00 00 00 c0 74 12 83 f8 01 74 13 8d 50 ff\n RSP: 0018:ffff8881008e3e40 EFLAGS: 00010286\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000027\n RDX: ffff88852c91b5c8 RSI: 0000000000000001 RDI: ffff88852c91b5c0\n RBP: ffff8881dacd4e00 R08: 00000000ffffffff R09: 0000000000000019\n R10: 000000000000072e R11: 0000000063666572 R12: ffff88812bfd9e00\n R13: ffff8881c792d200 R14: ffff88810011c005 R15: ffff8881002099c0\n FS: 0000000000000000(0000) GS:ffff88852c900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f5694b5e000 CR3: 00000001153f6003 CR4: 0000000000370ea0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0x12b/0x130\n free_implicit_child_mr_work+0x180/0x1b0 [mlx5_ib]\n process_one_work+0x1cc/0x3c0\n worker_thread+0x218/0x3c0\n kthread+0xc6/0xf0\n ret_from_fork+0x1f/0x30\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21714",
"url": "https://www.suse.com/security/cve/CVE-2025-21714"
},
{
"category": "external",
"summary": "SUSE Bug 1237890 for CVE-2025-21714",
"url": "https://bugzilla.suse.com/1237890"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21714"
},
{
"cve": "CVE-2025-21715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21715"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: davicom: fix UAF in dm9000_drv_remove\n\ndm is netdev private data and it cannot be\nused after free_netdev() call. Using dm after free_netdev()\ncan cause UAF bug. Fix it by moving free_netdev() at the end of the\nfunction.\n\nThis is similar to the issue fixed in commit\nad297cd2db89 (\"net: qcom/emac: fix UAF in emac_remove\").\n\nThis bug is detected by our static analysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21715",
"url": "https://www.suse.com/security/cve/CVE-2025-21715"
},
{
"category": "external",
"summary": "SUSE Bug 1237889 for CVE-2025-21715",
"url": "https://bugzilla.suse.com/1237889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21715"
},
{
"cve": "CVE-2025-21716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21716"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix uninit-value in vxlan_vnifilter_dump()\n\nKMSAN reported an uninit-value access in vxlan_vnifilter_dump() [1].\n\nIf the length of the netlink message payload is less than\nsizeof(struct tunnel_msg), vxlan_vnifilter_dump() accesses bytes\nbeyond the message. This can lead to uninit-value access. Fix this by\nreturning an error in such situations.\n\n[1]\nBUG: KMSAN: uninit-value in vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6786\n netlink_dump+0x93e/0x15f0 net/netlink/af_netlink.c:2317\n __netlink_dump_start+0x716/0xd60 net/netlink/af_netlink.c:2432\n netlink_dump_start include/linux/netlink.h:340 [inline]\n rtnetlink_dump_start net/core/rtnetlink.c:6815 [inline]\n rtnetlink_rcv_msg+0x1256/0x14a0 net/core/rtnetlink.c:6882\n netlink_rcv_skb+0x467/0x660 net/netlink/af_netlink.c:2542\n rtnetlink_rcv+0x35/0x40 net/core/rtnetlink.c:6944\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0xed6/0x1290 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x1092/0x1230 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4110 [inline]\n slab_alloc_node mm/slub.c:4153 [inline]\n kmem_cache_alloc_node_noprof+0x800/0xe80 mm/slub.c:4205\n kmalloc_reserve+0x13b/0x4b0 net/core/skbuff.c:587\n __alloc_skb+0x347/0x7d0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1323 [inline]\n netlink_alloc_large_skb+0xa5/0x280 net/netlink/af_netlink.c:1196\n netlink_sendmsg+0xac9/0x1230 net/netlink/af_netlink.c:1866\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 30991 Comm: syz.4.10630 Not tainted 6.12.0-10694-gc44daa7e3c73 #29\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21716",
"url": "https://www.suse.com/security/cve/CVE-2025-21716"
},
{
"category": "external",
"summary": "SUSE Bug 1237891 for CVE-2025-21716",
"url": "https://bugzilla.suse.com/1237891"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21716"
},
{
"cve": "CVE-2025-21718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: fix timer races against user threads\n\nRose timers only acquire the socket spinlock, without\nchecking if the socket is owned by one user thread.\n\nAdd a check and rearm the timers if needed.\n\nBUG: KASAN: slab-use-after-free in rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174\nRead of size 2 at addr ffff88802f09b82a by task swapper/0/0\n\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174\n call_timer_fn+0x187/0x650 kernel/time/timer.c:1793\n expire_timers kernel/time/timer.c:1844 [inline]\n __run_timers kernel/time/timer.c:2418 [inline]\n __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2430\n run_timer_base kernel/time/timer.c:2439 [inline]\n run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2449\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21718",
"url": "https://www.suse.com/security/cve/CVE-2025-21718"
},
{
"category": "external",
"summary": "SUSE Bug 1239073 for CVE-2025-21718",
"url": "https://bugzilla.suse.com/1239073"
},
{
"category": "external",
"summary": "SUSE Bug 1239074 for CVE-2025-21718",
"url": "https://bugzilla.suse.com/1239074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21718"
},
{
"cve": "CVE-2025-21719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmr: do not call mr_mfc_uses_dev() for unres entries\n\nsyzbot found that calling mr_mfc_uses_dev() for unres entries\nwould crash [1], because c-\u003emfc_un.res.minvif / c-\u003emfc_un.res.maxvif\nalias to \"struct sk_buff_head unresolved\", which contain two pointers.\n\nThis code never worked, lets remove it.\n\n[1]\nUnable to handle kernel paging request at virtual address ffff5fff2d536613\nKASAN: maybe wild-memory-access in range [0xfffefff96a9b3098-0xfffefff96a9b309f]\nModules linked in:\nCPU: 1 UID: 0 PID: 7321 Comm: syz.0.16 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline]\n pc : mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334\n lr : mr_mfc_uses_dev net/ipv4/ipmr_base.c:289 [inline]\n lr : mr_table_dump+0x694/0x8b0 net/ipv4/ipmr_base.c:334\nCall trace:\n mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline] (P)\n mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334 (P)\n mr_rtm_dumproute+0x254/0x454 net/ipv4/ipmr_base.c:382\n ipmr_rtm_dumproute+0x248/0x4b4 net/ipv4/ipmr.c:2648\n rtnl_dump_all+0x2e4/0x4e8 net/core/rtnetlink.c:4327\n rtnl_dumpit+0x98/0x1d0 net/core/rtnetlink.c:6791\n netlink_dump+0x4f0/0xbc0 net/netlink/af_netlink.c:2317\n netlink_recvmsg+0x56c/0xe64 net/netlink/af_netlink.c:1973\n sock_recvmsg_nosec net/socket.c:1033 [inline]\n sock_recvmsg net/socket.c:1055 [inline]\n sock_read_iter+0x2d8/0x40c net/socket.c:1125\n new_sync_read fs/read_write.c:484 [inline]\n vfs_read+0x740/0x970 fs/read_write.c:565\n ksys_read+0x15c/0x26c fs/read_write.c:708",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21719",
"url": "https://www.suse.com/security/cve/CVE-2025-21719"
},
{
"category": "external",
"summary": "SUSE Bug 1238860 for CVE-2025-21719",
"url": "https://bugzilla.suse.com/1238860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21719"
},
{
"cve": "CVE-2025-21723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21723"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix possible crash when setting up bsg fails\n\nIf bsg_setup_queue() fails, the bsg_queue is assigned a non-NULL value.\nConsequently, in mpi3mr_bsg_exit(), the condition \"if(!mrioc-\u003ebsg_queue)\"\nwill not be satisfied, preventing execution from entering\nbsg_remove_queue(), which could lead to the following crash:\n\nBUG: kernel NULL pointer dereference, address: 000000000000041c\nCall Trace:\n \u003cTASK\u003e\n mpi3mr_bsg_exit+0x1f/0x50 [mpi3mr]\n mpi3mr_remove+0x6f/0x340 [mpi3mr]\n pci_device_remove+0x3f/0xb0\n device_release_driver_internal+0x19d/0x220\n unbind_store+0xa4/0xb0\n kernfs_fop_write_iter+0x11f/0x200\n vfs_write+0x1fc/0x3e0\n ksys_write+0x67/0xe0\n do_syscall_64+0x38/0x80\n entry_SYSCALL_64_after_hwframe+0x78/0xe2",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21723",
"url": "https://www.suse.com/security/cve/CVE-2025-21723"
},
{
"category": "external",
"summary": "SUSE Bug 1238864 for CVE-2025-21723",
"url": "https://bugzilla.suse.com/1238864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21723"
},
{
"cve": "CVE-2025-21724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()\n\nResolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index()\nwhere shifting the constant \"1\" (of type int) by bitmap-\u003emapped.pgshift\n(an unsigned long value) could result in undefined behavior.\n\nThe constant \"1\" defaults to a 32-bit \"int\", and when \"pgshift\" exceeds\n31 (e.g., pgshift = 63) the shift operation overflows, as the result\ncannot be represented in a 32-bit type.\n\nTo resolve this, the constant is updated to \"1UL\", promoting it to an\nunsigned long type to match the operand\u0027s type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21724",
"url": "https://www.suse.com/security/cve/CVE-2025-21724"
},
{
"category": "external",
"summary": "SUSE Bug 1238863 for CVE-2025-21724",
"url": "https://bugzilla.suse.com/1238863"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21724"
},
{
"cve": "CVE-2025-21725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix oops due to unset link speed\n\nIt isn\u0027t guaranteed that NETWORK_INTERFACE_INFO::LinkSpeed will always\nbe set by the server, so the client must handle any values and then\nprevent oopses like below from happening:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 1323 Comm: cat Not tainted 6.13.0-rc7 #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41\n04/01/2014\nRIP: 0010:cifs_debug_data_proc_show+0xa45/0x1460 [cifs] Code: 00 00 48\n89 df e8 3b cd 1b c1 41 f6 44 24 2c 04 0f 84 50 01 00 00 48 89 ef e8\ne7 d0 1b c1 49 8b 44 24 18 31 d2 49 8d 7c 24 28 \u003c48\u003e f7 74 24 18 48 89\nc3 e8 6e cf 1b c1 41 8b 6c 24 28 49 8d 7c 24\nRSP: 0018:ffffc90001817be0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88811230022c RCX: ffffffffc041bd99\nRDX: 0000000000000000 RSI: 0000000000000567 RDI: ffff888112300228\nRBP: ffff888112300218 R08: fffff52000302f5f R09: ffffed1022fa58ac\nR10: ffff888117d2c566 R11: 00000000fffffffe R12: ffff888112300200\nR13: 000000012a15343f R14: 0000000000000001 R15: ffff888113f2db58\nFS: 00007fe27119e740(0000) GS:ffff888148600000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fe2633c5000 CR3: 0000000124da0000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? die+0x2e/0x50\n ? do_trap+0x159/0x1b0\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? do_error_trap+0x90/0x130\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? exc_divide_error+0x39/0x50\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? asm_exc_divide_error+0x1a/0x20\n ? cifs_debug_data_proc_show+0xa39/0x1460 [cifs]\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? seq_read_iter+0x42e/0x790\n seq_read_iter+0x19a/0x790\n proc_reg_read_iter+0xbe/0x110\n ? __pfx_proc_reg_read_iter+0x10/0x10\n vfs_read+0x469/0x570\n ? do_user_addr_fault+0x398/0x760\n ? __pfx_vfs_read+0x10/0x10\n ? find_held_lock+0x8a/0xa0\n ? __pfx_lock_release+0x10/0x10\n ksys_read+0xd3/0x170\n ? __pfx_ksys_read+0x10/0x10\n ? __rcu_read_unlock+0x50/0x270\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe271288911\nCode: 00 48 8b 15 01 25 10 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8\n20 ad 01 00 f3 0f 1e fa 80 3d b5 a7 10 00 00 74 13 31 c0 0f 05 \u003c48\u003e 3d\n00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec\nRSP: 002b:00007ffe87c079d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\nRAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007fe271288911\nRDX: 0000000000040000 RSI: 00007fe2633c6000 RDI: 0000000000000003\nRBP: 00007ffe87c07a00 R08: 0000000000000000 R09: 00007fe2713e6380\nR10: 0000000000000022 R11: 0000000000000246 R12: 0000000000040000\nR13: 00007fe2633c6000 R14: 0000000000000003 R15: 0000000000000000\n \u003c/TASK\u003e\n\nFix this by setting cifs_server_iface::speed to a sane value (1Gbps)\nby default when link speed is unset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21725",
"url": "https://www.suse.com/security/cve/CVE-2025-21725"
},
{
"category": "external",
"summary": "SUSE Bug 1238877 for CVE-2025-21725",
"url": "https://bugzilla.suse.com/1238877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21725"
},
{
"cve": "CVE-2025-21726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21726"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: avoid UAF for reorder_work\n\nAlthough the previous patch can avoid ps and ps UAF for _do_serial, it\ncan not avoid potential UAF issue for reorder_work. This issue can\nhappen just as below:\n\ncrypto_request\t\t\tcrypto_request\t\tcrypto_del_alg\npadata_do_serial\n ...\n padata_reorder\n // processes all remaining\n // requests then breaks\n while (1) {\n if (!padata)\n break;\n ...\n }\n\n\t\t\t\tpadata_do_serial\n\t\t\t\t // new request added\n\t\t\t\t list_add\n // sees the new request\n queue_work(reorder_work)\n\t\t\t\t padata_reorder\n\t\t\t\t queue_work_on(squeue-\u003ework)\n...\n\n\t\t\t\t\u003ckworker context\u003e\n\t\t\t\tpadata_serial_worker\n\t\t\t\t// completes new request,\n\t\t\t\t// no more outstanding\n\t\t\t\t// requests\n\n\t\t\t\t\t\t\tcrypto_del_alg\n\t\t\t\t\t\t\t // free pd\n\n\u003ckworker context\u003e\ninvoke_padata_reorder\n // UAF of pd\n\nTo avoid UAF for \u0027reorder_work\u0027, get \u0027pd\u0027 ref before put \u0027reorder_work\u0027\ninto the \u0027serial_wq\u0027 and put \u0027pd\u0027 ref until the \u0027serial_wq\u0027 finish.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21726",
"url": "https://www.suse.com/security/cve/CVE-2025-21726"
},
{
"category": "external",
"summary": "SUSE Bug 1238865 for CVE-2025-21726",
"url": "https://bugzilla.suse.com/1238865"
},
{
"category": "external",
"summary": "SUSE Bug 1240837 for CVE-2025-21726",
"url": "https://bugzilla.suse.com/1240837"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21726"
},
{
"cve": "CVE-2025-21727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: fix UAF in padata_reorder\n\nA bug was found when run ltp test:\n\nBUG: KASAN: slab-use-after-free in padata_find_next+0x29/0x1a0\nRead of size 4 at addr ffff88bbfe003524 by task kworker/u113:2/3039206\n\nCPU: 0 PID: 3039206 Comm: kworker/u113:2 Kdump: loaded Not tainted 6.6.0+\nWorkqueue: pdecrypt_parallel padata_parallel_worker\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl+0x32/0x50\nprint_address_description.constprop.0+0x6b/0x3d0\nprint_report+0xdd/0x2c0\nkasan_report+0xa5/0xd0\npadata_find_next+0x29/0x1a0\npadata_reorder+0x131/0x220\npadata_parallel_worker+0x3d/0xc0\nprocess_one_work+0x2ec/0x5a0\n\nIf \u0027mdelay(10)\u0027 is added before calling \u0027padata_find_next\u0027 in the\n\u0027padata_reorder\u0027 function, this issue could be reproduced easily with\nltp test (pcrypt_aead01).\n\nThis can be explained as bellow:\n\npcrypt_aead_encrypt\n...\npadata_do_parallel\nrefcount_inc(\u0026pd-\u003erefcnt); // add refcnt\n...\npadata_do_serial\npadata_reorder // pd\nwhile (1) {\npadata_find_next(pd, true); // using pd\nqueue_work_on\n...\npadata_serial_worker\t\t\t\tcrypto_del_alg\npadata_put_pd_cnt // sub refcnt\n\t\t\t\t\t\tpadata_free_shell\n\t\t\t\t\t\tpadata_put_pd(ps-\u003epd);\n\t\t\t\t\t\t// pd is freed\n// loop again, but pd is freed\n// call padata_find_next, UAF\n}\n\nIn the padata_reorder function, when it loops in \u0027while\u0027, if the alg is\ndeleted, the refcnt may be decreased to 0 before entering\n\u0027padata_find_next\u0027, which leads to UAF.\n\nAs mentioned in [1], do_serial is supposed to be called with BHs disabled\nand always happen under RCU protection, to address this issue, add\nsynchronize_rcu() in \u0027padata_free_shell\u0027 wait for all _do_serial calls\nto finish.\n\n[1] https://lore.kernel.org/all/20221028160401.cccypv4euxikusiq@parnassus.localdomain/\n[2] https://lore.kernel.org/linux-kernel/jfjz5d7zwbytztackem7ibzalm5lnxldi2eofeiczqmqs2m7o6@fq426cwnjtkm/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21727",
"url": "https://www.suse.com/security/cve/CVE-2025-21727"
},
{
"category": "external",
"summary": "SUSE Bug 1237876 for CVE-2025-21727",
"url": "https://bugzilla.suse.com/1237876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21727"
},
{
"cve": "CVE-2025-21728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Send signals asynchronously if !preemptible\n\nBPF programs can execute in all kinds of contexts and when a program\nrunning in a non-preemptible context uses the bpf_send_signal() kfunc,\nit will cause issues because this kfunc can sleep.\nChange `irqs_disabled()` to `!preemptible()`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21728",
"url": "https://www.suse.com/security/cve/CVE-2025-21728"
},
{
"category": "external",
"summary": "SUSE Bug 1237879 for CVE-2025-21728",
"url": "https://bugzilla.suse.com/1237879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21728"
},
{
"cve": "CVE-2025-21731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21731"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: don\u0027t allow reconnect after disconnect\n\nFollowing process can cause nbd_config UAF:\n\n1) grab nbd_config temporarily;\n\n2) nbd_genl_disconnect() flush all recv_work() and release the\ninitial reference:\n\n nbd_genl_disconnect\n nbd_disconnect_and_put\n nbd_disconnect\n flush_workqueue(nbd-\u003erecv_workq)\n if (test_and_clear_bit(NBD_RT_HAS_CONFIG_REF, ...))\n nbd_config_put\n -\u003e due to step 1), reference is still not zero\n\n3) nbd_genl_reconfigure() queue recv_work() again;\n\n nbd_genl_reconfigure\n config = nbd_get_config_unlocked(nbd)\n if (!config)\n -\u003e succeed\n if (!test_bit(NBD_RT_BOUND, ...))\n -\u003e succeed\n nbd_reconnect_socket\n queue_work(nbd-\u003erecv_workq, \u0026args-\u003ework)\n\n4) step 1) release the reference;\n\n5) Finially, recv_work() will trigger UAF:\n\n recv_work\n nbd_config_put(nbd)\n -\u003e nbd_config is freed\n atomic_dec(\u0026config-\u003erecv_threads)\n -\u003e UAF\n\nFix the problem by clearing NBD_RT_BOUND in nbd_genl_disconnect(), so\nthat nbd_genl_reconfigure() will fail.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21731",
"url": "https://www.suse.com/security/cve/CVE-2025-21731"
},
{
"category": "external",
"summary": "SUSE Bug 1237881 for CVE-2025-21731",
"url": "https://bugzilla.suse.com/1237881"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21731"
},
{
"cve": "CVE-2025-21732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21732"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error\n\nThis patch addresses a race condition for an ODP MR that can result in a\nCQE with an error on the UMR QP.\n\nDuring the __mlx5_ib_dereg_mr() flow, the following sequence of calls\noccurs:\n\nmlx5_revoke_mr()\n mlx5r_umr_revoke_mr()\n mlx5r_umr_post_send_wait()\n\nAt this point, the lkey is freed from the hardware\u0027s perspective.\n\nHowever, concurrently, mlx5_ib_invalidate_range() might be triggered by\nanother task attempting to invalidate a range for the same freed lkey.\n\nThis task will:\n - Acquire the umem_odp-\u003eumem_mutex lock.\n - Call mlx5r_umr_update_xlt() on the UMR QP.\n - Since the lkey has already been freed, this can lead to a CQE error,\n causing the UMR QP to enter an error state [1].\n\nTo resolve this race condition, the umem_odp-\u003eumem_mutex lock is now also\nacquired as part of the mlx5_revoke_mr() scope. Upon successful revoke,\nwe set umem_odp-\u003eprivate which points to that MR to NULL, preventing any\nfurther invalidation attempts on its lkey.\n\n[1] From dmesg:\n\n infiniband rocep8s0f0: dump_cqe:277:(pid 0): WC error: 6, Message: memory bind operation error\n cqe_dump: 00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000030: 00 00 00 00 08 00 78 06 25 00 11 b9 00 0e dd d2\n\n WARNING: CPU: 15 PID: 1506 at drivers/infiniband/hw/mlx5/umr.c:394 mlx5r_umr_post_send_wait+0x15a/0x2b0 [mlx5_ib]\n Modules linked in: ip6table_mangle ip6table_natip6table_filter ip6_tables iptable_mangle xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_umad ib_ipoib ib_cm mlx5_ib ib_uverbs ib_core fuse mlx5_core\n CPU: 15 UID: 0 PID: 1506 Comm: ibv_rc_pingpong Not tainted 6.12.0-rc7+ #1626\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:mlx5r_umr_post_send_wait+0x15a/0x2b0 [mlx5_ib]\n [..]\n Call Trace:\n \u003cTASK\u003e\n mlx5r_umr_update_xlt+0x23c/0x3e0 [mlx5_ib]\n mlx5_ib_invalidate_range+0x2e1/0x330 [mlx5_ib]\n __mmu_notifier_invalidate_range_start+0x1e1/0x240\n zap_page_range_single+0xf1/0x1a0\n madvise_vma_behavior+0x677/0x6e0\n do_madvise+0x1a2/0x4b0\n __x64_sys_madvise+0x25/0x30\n do_syscall_64+0x6b/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21732",
"url": "https://www.suse.com/security/cve/CVE-2025-21732"
},
{
"category": "external",
"summary": "SUSE Bug 1237877 for CVE-2025-21732",
"url": "https://bugzilla.suse.com/1237877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21732"
},
{
"cve": "CVE-2025-21733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Fix resetting of tracepoints\n\nIf a timerlat tracer is started with the osnoise option OSNOISE_WORKLOAD\ndisabled, but then that option is enabled and timerlat is removed, the\ntracepoints that were enabled on timerlat registration do not get\ndisabled. If the option is disabled again and timelat is started, then it\ntriggers a warning in the tracepoint code due to registering the\ntracepoint again without ever disabling it.\n\nDo not use the same user space defined options to know to disable the\ntracepoints when timerlat is removed. Instead, set a global flag when it\nis enabled and use that flag to know to disable the events.\n\n ~# echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo timerlat \u003e /sys/kernel/tracing/current_tracer\n ~# echo OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo nop \u003e /sys/kernel/tracing/current_tracer\n ~# echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo timerlat \u003e /sys/kernel/tracing/current_tracer\n\nTriggers:\n\n ------------[ cut here ]------------\n WARNING: CPU: 6 PID: 1337 at kernel/tracepoint.c:294 tracepoint_add_func+0x3b6/0x3f0\n Modules linked in:\n CPU: 6 UID: 0 PID: 1337 Comm: rtla Not tainted 6.13.0-rc4-test-00018-ga867c441128e-dirty #73\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:tracepoint_add_func+0x3b6/0x3f0\n Code: 48 8b 53 28 48 8b 73 20 4c 89 04 24 e8 23 59 11 00 4c 8b 04 24 e9 36 fe ff ff 0f 0b b8 ea ff ff ff 45 84 e4 0f 84 68 fe ff ff \u003c0f\u003e 0b e9 61 fe ff ff 48 8b 7b 18 48 85 ff 0f 84 4f ff ff ff 49 8b\n RSP: 0018:ffffb9b003a87ca0 EFLAGS: 00010202\n RAX: 00000000ffffffef RBX: ffffffff92f30860 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffff9bf59e91ccd0 RDI: ffffffff913b6410\n RBP: 000000000000000a R08: 00000000000005c7 R09: 0000000000000002\n R10: ffffb9b003a87ce0 R11: 0000000000000002 R12: 0000000000000001\n R13: ffffb9b003a87ce0 R14: ffffffffffffffef R15: 0000000000000008\n FS: 00007fce81209240(0000) GS:ffff9bf6fdd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055e99b728000 CR3: 00000001277c0002 CR4: 0000000000172ef0\n Call Trace:\n \u003cTASK\u003e\n ? __warn.cold+0xb7/0x14d\n ? tracepoint_add_func+0x3b6/0x3f0\n ? report_bug+0xea/0x170\n ? handle_bug+0x58/0x90\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n ? tracepoint_add_func+0x3b6/0x3f0\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n tracepoint_probe_register+0x78/0xb0\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n osnoise_workload_start+0x2b5/0x370\n timerlat_tracer_init+0x76/0x1b0\n tracing_set_tracer+0x244/0x400\n tracing_set_trace_write+0xa0/0xe0\n vfs_write+0xfc/0x570\n ? do_sys_openat2+0x9c/0xe0\n ksys_write+0x72/0xf0\n do_syscall_64+0x79/0x1c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21733",
"url": "https://www.suse.com/security/cve/CVE-2025-21733"
},
{
"category": "external",
"summary": "SUSE Bug 1238494 for CVE-2025-21733",
"url": "https://bugzilla.suse.com/1238494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21733"
},
{
"cve": "CVE-2025-21734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21734"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix copy buffer page size\n\nFor non-registered buffer, fastrpc driver copies the buffer and\npass it to the remote subsystem. There is a problem with current\nimplementation of page size calculation which is not considering\nthe offset in the calculation. This might lead to passing of\nimproper and out-of-bounds page size which could result in\nmemory issue. Calculate page start and page end using the offset\nadjusted address instead of absolute address.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21734",
"url": "https://www.suse.com/security/cve/CVE-2025-21734"
},
{
"category": "external",
"summary": "SUSE Bug 1238734 for CVE-2025-21734",
"url": "https://bugzilla.suse.com/1238734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21734"
},
{
"cve": "CVE-2025-21735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21735"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: Add bounds checking in nci_hci_create_pipe()\n\nThe \"pipe\" variable is a u8 which comes from the network. If it\u0027s more\nthan 127, then it results in memory corruption in the caller,\nnci_hci_connect_gate().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21735",
"url": "https://www.suse.com/security/cve/CVE-2025-21735"
},
{
"category": "external",
"summary": "SUSE Bug 1238497 for CVE-2025-21735",
"url": "https://bugzilla.suse.com/1238497"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21735"
},
{
"cve": "CVE-2025-21736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21736"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix possible int overflows in nilfs_fiemap()\n\nSince nilfs_bmap_lookup_contig() in nilfs_fiemap() calculates its result\nby being prepared to go through potentially maxblocks == INT_MAX blocks,\nthe value in n may experience an overflow caused by left shift of blkbits.\n\nWhile it is extremely unlikely to occur, play it safe and cast right hand\nexpression to wider type to mitigate the issue.\n\nFound by Linux Verification Center (linuxtesting.org) with static analysis\ntool SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21736",
"url": "https://www.suse.com/security/cve/CVE-2025-21736"
},
{
"category": "external",
"summary": "SUSE Bug 1238715 for CVE-2025-21736",
"url": "https://bugzilla.suse.com/1238715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21736"
},
{
"cve": "CVE-2025-21738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21738"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-sff: Ensure that we cannot write outside the allocated buffer\n\nreveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND ioctl with out_len\nset to 0xd42, SCSI command set to ATA_16 PASS-THROUGH, ATA command set to\nATA_NOP, and protocol set to ATA_PROT_PIO, can cause ata_pio_sector() to\nwrite outside the allocated buffer, overwriting random memory.\n\nWhile a ATA device is supposed to abort a ATA_NOP command, there does seem\nto be a bug either in libata-sff or QEMU, where either this status is not\nset, or the status is cleared before read by ata_sff_hsm_move().\nAnyway, that is most likely a separate bug.\n\nLooking at __atapi_pio_bytes(), it already has a safety check to ensure\nthat __atapi_pio_bytes() cannot write outside the allocated buffer.\n\nAdd a similar check to ata_pio_sector(), such that also ata_pio_sector()\ncannot write outside the allocated buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21738",
"url": "https://www.suse.com/security/cve/CVE-2025-21738"
},
{
"category": "external",
"summary": "SUSE Bug 1238917 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1238917"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21738"
},
{
"cve": "CVE-2025-21739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21739"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix use-after free in init error and remove paths\n\ndevm_blk_crypto_profile_init() registers a cleanup handler to run when\nthe associated (platform-) device is being released. For UFS, the\ncrypto private data and pointers are stored as part of the ufs_hba\u0027s\ndata structure \u0027struct ufs_hba::crypto_profile\u0027. This structure is\nallocated as part of the underlying ufshcd and therefore Scsi_host\nallocation.\n\nDuring driver release or during error handling in ufshcd_pltfrm_init(),\nthis structure is released as part of ufshcd_dealloc_host() before the\n(platform-) device associated with the crypto call above is released.\nOnce this device is released, the crypto cleanup code will run, using\nthe just-released \u0027struct ufs_hba::crypto_profile\u0027. This causes a\nuse-after-free situation:\n\n Call trace:\n kfree+0x60/0x2d8 (P)\n kvfree+0x44/0x60\n blk_crypto_profile_destroy_callback+0x28/0x70\n devm_action_release+0x1c/0x30\n release_nodes+0x6c/0x108\n devres_release_all+0x98/0x100\n device_unbind_cleanup+0x20/0x70\n really_probe+0x218/0x2d0\n\nIn other words, the initialisation code flow is:\n\n platform-device probe\n ufshcd_pltfrm_init()\n ufshcd_alloc_host()\n scsi_host_alloc()\n allocation of struct ufs_hba\n creation of scsi-host devices\n devm_blk_crypto_profile_init()\n devm registration of cleanup handler using platform-device\n\nand during error handling of ufshcd_pltfrm_init() or during driver\nremoval:\n\n ufshcd_dealloc_host()\n scsi_host_put()\n put_device(scsi-host)\n release of struct ufs_hba\n put_device(platform-device)\n crypto cleanup handler\n\nTo fix this use-after free, change ufshcd_alloc_host() to register a\ndevres action to automatically cleanup the underlying SCSI device on\nufshcd destruction, without requiring explicit calls to\nufshcd_dealloc_host(). This way:\n\n * the crypto profile and all other ufs_hba-owned resources are\n destroyed before SCSI (as they\u0027ve been registered after)\n * a memleak is plugged in tc-dwc-g210-pci.c remove() as a\n side-effect\n * EXPORT_SYMBOL_GPL(ufshcd_dealloc_host) can be removed fully as\n it\u0027s not needed anymore\n * no future drivers using ufshcd_alloc_host() could ever forget\n adding the cleanup",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21739",
"url": "https://www.suse.com/security/cve/CVE-2025-21739"
},
{
"category": "external",
"summary": "SUSE Bug 1238506 for CVE-2025-21739",
"url": "https://bugzilla.suse.com/1238506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21739"
},
{
"cve": "CVE-2025-21741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21741"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: fix DPE OoB read\n\nFix an out-of-bounds DPE read, limit the number of processed DPEs to\nthe amount that fits into the fixed-size NDP16 header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21741",
"url": "https://www.suse.com/security/cve/CVE-2025-21741"
},
{
"category": "external",
"summary": "SUSE Bug 1238767 for CVE-2025-21741",
"url": "https://bugzilla.suse.com/1238767"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21741"
},
{
"cve": "CVE-2025-21742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21742"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: use static NDP16 location in URB\n\nOriginal code allowed for the start of NDP16 to be anywhere within the\nURB based on the `wNdpIndex` value in NTH16. Only the start position of\nNDP16 was checked, so it was possible for even the fixed-length part\nof NDP16 to extend past the end of URB, leading to an out-of-bounds\nread.\n\nOn iOS devices, the NDP16 header always directly follows NTH16. Rely on\nand check for this specific format.\n\nThis, along with NCM-specific minimal URB length check that already\nexists, will ensure that the fixed-length part of NDP16 plus a set\namount of DPEs fit within the URB.\n\nNote that this commit alone does not fully address the OoB read.\nThe limit on the amount of DPEs needs to be enforced separately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21742",
"url": "https://www.suse.com/security/cve/CVE-2025-21742"
},
{
"category": "external",
"summary": "SUSE Bug 1238771 for CVE-2025-21742",
"url": "https://bugzilla.suse.com/1238771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21742"
},
{
"cve": "CVE-2025-21743",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21743"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: fix possible overflow in DPE length check\n\nOriginally, it was possible for the DPE length check to overflow if\nwDatagramIndex + wDatagramLength \u003e U16_MAX. This could lead to an OoB\nread.\n\nMove the wDatagramIndex term to the other side of the inequality.\n\nAn existing condition ensures that wDatagramIndex \u003c urb-\u003eactual_length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21743",
"url": "https://www.suse.com/security/cve/CVE-2025-21743"
},
{
"category": "external",
"summary": "SUSE Bug 1238781 for CVE-2025-21743",
"url": "https://bugzilla.suse.com/1238781"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21743"
},
{
"cve": "CVE-2025-21744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21744"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()\n\nOn removal of the device or unloading of the kernel module a potential NULL\npointer dereference occurs.\n\nThe following sequence deletes the interface:\n\n brcmf_detach()\n brcmf_remove_interface()\n brcmf_del_if()\n\nInside the brcmf_del_if() function the drvr-\u003eif2bss[ifidx] is updated to\nBRCMF_BSSIDX_INVALID (-1) if the bsscfgidx matches.\n\nAfter brcmf_remove_interface() call the brcmf_proto_detach() function is\ncalled providing the following sequence:\n\n brcmf_detach()\n brcmf_proto_detach()\n brcmf_proto_msgbuf_detach()\n brcmf_flowring_detach()\n brcmf_msgbuf_delete_flowring()\n brcmf_msgbuf_remove_flowring()\n brcmf_flowring_delete()\n brcmf_get_ifp()\n brcmf_txfinalize()\n\nSince brcmf_get_ip() can and actually will return NULL in this case the\ncall to brcmf_txfinalize() will result in a NULL pointer dereference inside\nbrcmf_txfinalize() when trying to update ifp-\u003endev-\u003estats.tx_errors.\n\nThis will only happen if a flowring still has an skb.\n\nAlthough the NULL pointer dereference has only been seen when trying to\nupdate the tx statistic, all other uses of the ifp pointer have been\nguarded as well with an early return if ifp is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21744",
"url": "https://www.suse.com/security/cve/CVE-2025-21744"
},
{
"category": "external",
"summary": "SUSE Bug 1238903 for CVE-2025-21744",
"url": "https://bugzilla.suse.com/1238903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21744"
},
{
"cve": "CVE-2025-21745",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21745"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage\n\nblkcg_fill_root_iostats() iterates over @block_class\u0027s devices by\nclass_dev_iter_(init|next)(), but does not end iterating with\nclass_dev_iter_exit(), so causes the class\u0027s subsystem refcount leakage.\n\nFix by ending the iterating with class_dev_iter_exit().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21745",
"url": "https://www.suse.com/security/cve/CVE-2025-21745"
},
{
"category": "external",
"summary": "SUSE Bug 1238785 for CVE-2025-21745",
"url": "https://bugzilla.suse.com/1238785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21745"
},
{
"cve": "CVE-2025-21749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21749"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: lock the socket in rose_bind()\n\nsyzbot reported a soft lockup in rose_loopback_timer(),\nwith a repro calling bind() from multiple threads.\n\nrose_bind() must lock the socket to avoid this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21749",
"url": "https://www.suse.com/security/cve/CVE-2025-21749"
},
{
"category": "external",
"summary": "SUSE Bug 1238904 for CVE-2025-21749",
"url": "https://bugzilla.suse.com/1238904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "low"
}
],
"title": "CVE-2025-21749"
},
{
"cve": "CVE-2025-21750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21750"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: Check the return value of of_property_read_string_index()\n\nSomewhen between 6.10 and 6.11 the driver started to crash on my\nMacBookPro14,3. The property doesn\u0027t exist and \u0027tmp\u0027 remains\nuninitialized, so we pass a random pointer to devm_kstrdup().\n\nThe crash I am getting looks like this:\n\nBUG: unable to handle page fault for address: 00007f033c669379\nPF: supervisor read access in kernel mode\nPF: error_code(0x0001) - permissions violation\nPGD 8000000101341067 P4D 8000000101341067 PUD 101340067 PMD 1013bb067 PTE 800000010aee9025\nOops: Oops: 0001 [#1] SMP PTI\nCPU: 4 UID: 0 PID: 827 Comm: (udev-worker) Not tainted 6.11.8-gentoo #1\nHardware name: Apple Inc. MacBookPro14,3/Mac-551B86E5744E2388, BIOS 529.140.2.0.0 06/23/2024\nRIP: 0010:strlen+0x4/0x30\nCode: f7 75 ec 31 c0 c3 cc cc cc cc 48 89 f8 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa \u003c80\u003e 3f 00 74 14 48 89 f8 48 83 c0 01 80 38 00 75 f7 48 29 f8 c3 cc\nRSP: 0018:ffffb4aac0683ad8 EFLAGS: 00010202\nRAX: 00000000ffffffea RBX: 00007f033c669379 RCX: 0000000000000001\nRDX: 0000000000000cc0 RSI: 00007f033c669379 RDI: 00007f033c669379\nRBP: 00000000ffffffea R08: 0000000000000000 R09: 00000000c0ba916a\nR10: ffffffffffffffff R11: ffffffffb61ea260 R12: ffff91f7815b50c8\nR13: 0000000000000cc0 R14: ffff91fafefffe30 R15: ffffb4aac0683b30\nFS: 00007f033ccbe8c0(0000) GS:ffff91faeed00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f033c669379 CR3: 0000000107b1e004 CR4: 00000000003706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x149/0x4c0\n ? raw_spin_rq_lock_nested+0xe/0x20\n ? sched_balance_newidle+0x22b/0x3c0\n ? update_load_avg+0x78/0x770\n ? exc_page_fault+0x6f/0x150\n ? asm_exc_page_fault+0x26/0x30\n ? __pfx_pci_conf1_write+0x10/0x10\n ? strlen+0x4/0x30\n devm_kstrdup+0x25/0x70\n brcmf_of_probe+0x273/0x350 [brcmfmac]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21750",
"url": "https://www.suse.com/security/cve/CVE-2025-21750"
},
{
"category": "external",
"summary": "SUSE Bug 1238905 for CVE-2025-21750",
"url": "https://bugzilla.suse.com/1238905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21750"
},
{
"cve": "CVE-2025-21753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21753"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free when attempting to join an aborted transaction\n\nWhen we are trying to join the current transaction and if it\u0027s aborted,\nwe read its \u0027aborted\u0027 field after unlocking fs_info-\u003etrans_lock and\nwithout holding any extra reference count on it. This means that a\nconcurrent task that is aborting the transaction may free the transaction\nbefore we read its \u0027aborted\u0027 field, leading to a use-after-free.\n\nFix this by reading the \u0027aborted\u0027 field while holding fs_info-\u003etrans_lock\nsince any freeing task must first acquire that lock and set\nfs_info-\u003erunning_transaction to NULL before freeing the transaction.\n\nThis was reported by syzbot and Dmitry with the following stack traces\nfrom KASAN:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n Read of size 4 at addr ffff888011839024 by task kworker/u4:9/1128\n\n CPU: 0 UID: 0 PID: 1128 Comm: kworker/u4:9 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Workqueue: events_unbound btrfs_async_reclaim_data_space\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n flush_space+0x448/0xcf0 fs/btrfs/space-info.c:803\n btrfs_async_reclaim_data_space+0x159/0x510 fs/btrfs/space-info.c:1321\n process_one_work kernel/workqueue.c:3236 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317\n worker_thread+0x870/0xd30 kernel/workqueue.c:3398\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\n Allocated by task 5315:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329\n kmalloc_noprof include/linux/slab.h:901 [inline]\n join_transaction+0x144/0xda0 fs/btrfs/transaction.c:308\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n btrfs_create_common+0x1b2/0x2e0 fs/btrfs/inode.c:6572\n lookup_open fs/namei.c:3649 [inline]\n open_last_lookups fs/namei.c:3748 [inline]\n path_openat+0x1c03/0x3590 fs/namei.c:3984\n do_filp_open+0x27f/0x4e0 fs/namei.c:4014\n do_sys_openat2+0x13e/0x1d0 fs/open.c:1402\n do_sys_open fs/open.c:1417 [inline]\n __do_sys_creat fs/open.c:1495 [inline]\n __se_sys_creat fs/open.c:1489 [inline]\n __x64_sys_creat+0x123/0x170 fs/open.c:1489\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 5336:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2353 [inline]\n slab_free mm/slub.c:4613 [inline]\n kfree+0x196/0x430 mm/slub.c:4761\n cleanup_transaction fs/btrfs/transaction.c:2063 [inline]\n btrfs_commit_transaction+0x2c97/0x3720 fs/btrfs/transaction.c:2598\n insert_balance_item+0x1284/0x20b0 fs/btrfs/volumes.c:3757\n btrfs_balance+0x992/\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21753",
"url": "https://www.suse.com/security/cve/CVE-2025-21753"
},
{
"category": "external",
"summary": "SUSE Bug 1237875 for CVE-2025-21753",
"url": "https://bugzilla.suse.com/1237875"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21753"
},
{
"cve": "CVE-2025-21754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21754"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix assertion failure when splitting ordered extent after transaction abort\n\nIf while we are doing a direct IO write a transaction abort happens, we\nmark all existing ordered extents with the BTRFS_ORDERED_IOERR flag (done\nat btrfs_destroy_ordered_extents()), and then after that if we enter\nbtrfs_split_ordered_extent() and the ordered extent has bytes left\n(meaning we have a bio that doesn\u0027t cover the whole ordered extent, see\ndetails at btrfs_extract_ordered_extent()), we will fail on the following\nassertion at btrfs_split_ordered_extent():\n\n ASSERT(!(flags \u0026 ~BTRFS_ORDERED_TYPE_FLAGS));\n\nbecause the BTRFS_ORDERED_IOERR flag is set and the definition of\nBTRFS_ORDERED_TYPE_FLAGS is just the union of all flags that identify the\ntype of write (regular, nocow, prealloc, compressed, direct IO, encoded).\n\nFix this by returning an error from btrfs_extract_ordered_extent() if we\nfind the BTRFS_ORDERED_IOERR flag in the ordered extent. The error will\nbe the error that resulted in the transaction abort or -EIO if no\ntransaction abort happened.\n\nThis was recently reported by syzbot with the following trace:\n\n FAULT_INJECTION: forcing a failure.\n name failslab, interval 1, probability 0, space 0, times 1\n CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.13.0-rc5-syzkaller #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n fail_dump lib/fault-inject.c:53 [inline]\n should_fail_ex+0x3b0/0x4e0 lib/fault-inject.c:154\n should_failslab+0xac/0x100 mm/failslab.c:46\n slab_pre_alloc_hook mm/slub.c:4072 [inline]\n slab_alloc_node mm/slub.c:4148 [inline]\n __do_kmalloc_node mm/slub.c:4297 [inline]\n __kmalloc_noprof+0xdd/0x4c0 mm/slub.c:4310\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n btrfs_chunk_alloc_add_chunk_item+0x244/0x1100 fs/btrfs/volumes.c:5742\n reserve_chunk_space+0x1ca/0x2c0 fs/btrfs/block-group.c:4292\n check_system_chunk fs/btrfs/block-group.c:4319 [inline]\n do_chunk_alloc fs/btrfs/block-group.c:3891 [inline]\n btrfs_chunk_alloc+0x77b/0xf80 fs/btrfs/block-group.c:4187\n find_free_extent_update_loop fs/btrfs/extent-tree.c:4166 [inline]\n find_free_extent+0x42d1/0x5810 fs/btrfs/extent-tree.c:4579\n btrfs_reserve_extent+0x422/0x810 fs/btrfs/extent-tree.c:4672\n btrfs_new_extent_direct fs/btrfs/direct-io.c:186 [inline]\n btrfs_get_blocks_direct_write+0x706/0xfa0 fs/btrfs/direct-io.c:321\n btrfs_dio_iomap_begin+0xbb7/0x1180 fs/btrfs/direct-io.c:525\n iomap_iter+0x697/0xf60 fs/iomap/iter.c:90\n __iomap_dio_rw+0xeb9/0x25b0 fs/iomap/direct-io.c:702\n btrfs_dio_write fs/btrfs/direct-io.c:775 [inline]\n btrfs_direct_write+0x610/0xa30 fs/btrfs/direct-io.c:880\n btrfs_do_write_iter+0x2a0/0x760 fs/btrfs/file.c:1397\n do_iter_readv_writev+0x600/0x880\n vfs_writev+0x376/0xba0 fs/read_write.c:1050\n do_pwritev fs/read_write.c:1146 [inline]\n __do_sys_pwritev2 fs/read_write.c:1204 [inline]\n __se_sys_pwritev2+0x196/0x2b0 fs/read_write.c:1195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f1281f85d29\n RSP: 002b:00007f12819fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148\n RAX: ffffffffffffffda RBX: 00007f1282176080 RCX: 00007f1281f85d29\n RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000005\n RBP: 00007f12819fe090 R08: 0000000000000000 R09: 0000000000000003\n R10: 0000000000007000 R11: 0000000000000246 R12: 0000000000000002\n R13: 0000000000000000 R14: 00007f1282176080 R15: 00007ffcb9e23328\n \u003c/TASK\u003e\n BTRFS error (device loop0 state A): Transaction aborted (error -12)\n BTRFS: error (device loop0 state A\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21754",
"url": "https://www.suse.com/security/cve/CVE-2025-21754"
},
{
"category": "external",
"summary": "SUSE Bug 1238496 for CVE-2025-21754",
"url": "https://bugzilla.suse.com/1238496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21754"
},
{
"cve": "CVE-2025-21756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Keep the binding until socket destruction\n\nPreserve sockets bindings; this includes both resulting from an explicit\nbind() and those implicitly bound through autobind during connect().\n\nPrevents socket unbinding during a transport reassignment, which fixes a\nuse-after-free:\n\n 1. vsock_create() (refcnt=1) calls vsock_insert_unbound() (refcnt=2)\n 2. transport-\u003erelease() calls vsock_remove_bound() without checking if\n sk was bound and moved to bound list (refcnt=1)\n 3. vsock_bind() assumes sk is in unbound list and before\n __vsock_insert_bound(vsock_bound_sockets()) calls\n __vsock_remove_bound() which does:\n list_del_init(\u0026vsk-\u003ebound_table); // nop\n sock_put(\u0026vsk-\u003esk); // refcnt=0\n\nBUG: KASAN: slab-use-after-free in __vsock_bind+0x62e/0x730\nRead of size 4 at addr ffff88816b46a74c by task a.out/2057\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n __vsock_bind+0x62e/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAllocated by task 2057:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n __vsock_create.constprop.0+0x2e/0xb60\n vsock_create+0xe4/0x420\n __sock_create+0x241/0x650\n __sys_socket+0xf2/0x1a0\n __x64_sys_socket+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2057:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n __vsock_bind+0x5e1/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 7 PID: 2057 at lib/refcount.c:25 refcount_warn_saturate+0xce/0x150\nRIP: 0010:refcount_warn_saturate+0xce/0x150\n __vsock_bind+0x66d/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 7 PID: 2057 at lib/refcount.c:28 refcount_warn_saturate+0xee/0x150\nRIP: 0010:refcount_warn_saturate+0xee/0x150\n vsock_remove_bound+0x187/0x1e0\n __vsock_release+0x383/0x4a0\n vsock_release+0x90/0x120\n __sock_release+0xa3/0x250\n sock_close+0x14/0x20\n __fput+0x359/0xa80\n task_work_run+0x107/0x1d0\n do_exit+0x847/0x2560\n do_group_exit+0xb8/0x250\n __x64_sys_exit_group+0x3a/0x50\n x64_sys_call+0xfec/0x14f0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21756",
"url": "https://www.suse.com/security/cve/CVE-2025-21756"
},
{
"category": "external",
"summary": "SUSE Bug 1238876 for CVE-2025-21756",
"url": "https://bugzilla.suse.com/1238876"
},
{
"category": "external",
"summary": "SUSE Bug 1245795 for CVE-2025-21756",
"url": "https://bugzilla.suse.com/1245795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21756"
},
{
"cve": "CVE-2025-21759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21759"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: extend RCU protection in igmp6_send()\n\nigmp6_send() can be called without RTNL or RCU being held.\n\nExtend RCU protection so that we can safely fetch the net pointer\nand avoid a potential UAF.\n\nNote that we no longer can use sock_alloc_send_skb() because\nipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.\n\nInstead use alloc_skb() and charge the net-\u003eipv6.igmp_sk\nsocket under RCU protection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21759",
"url": "https://www.suse.com/security/cve/CVE-2025-21759"
},
{
"category": "external",
"summary": "SUSE Bug 1238738 for CVE-2025-21759",
"url": "https://bugzilla.suse.com/1238738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21759"
},
{
"cve": "CVE-2025-21760",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21760"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: extend RCU protection in ndisc_send_skb()\n\nndisc_send_skb() can be called without RTNL or RCU held.\n\nAcquire rcu_read_lock() earlier, so that we can use dev_net_rcu()\nand avoid a potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21760",
"url": "https://www.suse.com/security/cve/CVE-2025-21760"
},
{
"category": "external",
"summary": "SUSE Bug 1238763 for CVE-2025-21760",
"url": "https://bugzilla.suse.com/1238763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21760"
},
{
"cve": "CVE-2025-21761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21761"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: use RCU protection in ovs_vport_cmd_fill_info()\n\novs_vport_cmd_fill_info() can be called without RTNL or RCU.\n\nUse RCU protection and dev_net_rcu() to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21761",
"url": "https://www.suse.com/security/cve/CVE-2025-21761"
},
{
"category": "external",
"summary": "SUSE Bug 1238775 for CVE-2025-21761",
"url": "https://bugzilla.suse.com/1238775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21761"
},
{
"cve": "CVE-2025-21762",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21762"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narp: use RCU protection in arp_xmit()\n\narp_xmit() can be called without RTNL or RCU protection.\n\nUse RCU protection to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21762",
"url": "https://www.suse.com/security/cve/CVE-2025-21762"
},
{
"category": "external",
"summary": "SUSE Bug 1238780 for CVE-2025-21762",
"url": "https://bugzilla.suse.com/1238780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21762"
},
{
"cve": "CVE-2025-21763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21763"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nneighbour: use RCU protection in __neigh_notify()\n\n__neigh_notify() can be called without RTNL or RCU protection.\n\nUse RCU protection to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21763",
"url": "https://www.suse.com/security/cve/CVE-2025-21763"
},
{
"category": "external",
"summary": "SUSE Bug 1237897 for CVE-2025-21763",
"url": "https://bugzilla.suse.com/1237897"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21763"
},
{
"cve": "CVE-2025-21764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21764"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: use RCU protection in ndisc_alloc_skb()\n\nndisc_alloc_skb() can be called without RTNL or RCU being held.\n\nAdd RCU protection to avoid possible UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21764",
"url": "https://www.suse.com/security/cve/CVE-2025-21764"
},
{
"category": "external",
"summary": "SUSE Bug 1237885 for CVE-2025-21764",
"url": "https://bugzilla.suse.com/1237885"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21764"
},
{
"cve": "CVE-2025-21765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21765"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: use RCU protection in ip6_default_advmss()\n\nip6_default_advmss() needs rcu protection to make\nsure the net structure it reads does not disappear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21765",
"url": "https://www.suse.com/security/cve/CVE-2025-21765"
},
{
"category": "external",
"summary": "SUSE Bug 1237906 for CVE-2025-21765",
"url": "https://bugzilla.suse.com/1237906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21765"
},
{
"cve": "CVE-2025-21766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21766"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: use RCU protection in __ip_rt_update_pmtu()\n\n__ip_rt_update_pmtu() must use RCU protection to make\nsure the net structure it reads does not disappear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21766",
"url": "https://www.suse.com/security/cve/CVE-2025-21766"
},
{
"category": "external",
"summary": "SUSE Bug 1238754 for CVE-2025-21766",
"url": "https://bugzilla.suse.com/1238754"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21766"
},
{
"cve": "CVE-2025-21767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21767"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context\n\nThe following bug report happened with a PREEMPT_RT kernel:\n\n BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog\n preempt_count: 1, expected: 0\n RCU nest depth: 0, expected: 0\n get_random_u32+0x4f/0x110\n clocksource_verify_choose_cpus+0xab/0x1a0\n clocksource_verify_percpu.part.0+0x6b/0x330\n clocksource_watchdog_kthread+0x193/0x1a0\n\nIt is due to the fact that clocksource_verify_choose_cpus() is invoked with\npreemption disabled. This function invokes get_random_u32() to obtain\nrandom numbers for choosing CPUs. The batched_entropy_32 local lock and/or\nthe base_crng.lock spinlock in driver/char/random.c will be acquired during\nthe call. In PREEMPT_RT kernel, they are both sleeping locks and so cannot\nbe acquired in atomic context.\n\nFix this problem by using migrate_disable() to allow smp_processor_id() to\nbe reliably used without introducing atomic context. preempt_disable() is\nthen called after clocksource_verify_choose_cpus() but before the\nclocksource measurement is being run to avoid introducing unexpected\nlatency.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21767",
"url": "https://www.suse.com/security/cve/CVE-2025-21767"
},
{
"category": "external",
"summary": "SUSE Bug 1238509 for CVE-2025-21767",
"url": "https://bugzilla.suse.com/1238509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21767"
},
{
"cve": "CVE-2025-21772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21772"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npartitions: mac: fix handling of bogus partition table\n\nFix several issues in partition probing:\n\n - The bailout for a bad partoffset must use put_dev_sector(), since the\n preceding read_part_sector() succeeded.\n - If the partition table claims a silly sector size like 0xfff bytes\n (which results in partition table entries straddling sector boundaries),\n bail out instead of accessing out-of-bounds memory.\n - We must not assume that the partition table contains proper NUL\n termination - use strnlen() and strncmp() instead of strlen() and\n strcmp().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21772",
"url": "https://www.suse.com/security/cve/CVE-2025-21772"
},
{
"category": "external",
"summary": "SUSE Bug 1238911 for CVE-2025-21772",
"url": "https://bugzilla.suse.com/1238911"
},
{
"category": "external",
"summary": "SUSE Bug 1238912 for CVE-2025-21772",
"url": "https://bugzilla.suse.com/1238912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21772"
},
{
"cve": "CVE-2025-21773",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21773"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: etas_es58x: fix potential NULL pointer dereference on udev-\u003eserial\n\nThe driver assumed that es58x_dev-\u003eudev-\u003eserial could never be NULL.\nWhile this is true on commercially available devices, an attacker\ncould spoof the device identity providing a NULL USB serial number.\nThat would trigger a NULL pointer dereference.\n\nAdd a check on es58x_dev-\u003eudev-\u003eserial before accessing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21773",
"url": "https://www.suse.com/security/cve/CVE-2025-21773"
},
{
"category": "external",
"summary": "SUSE Bug 1238762 for CVE-2025-21773",
"url": "https://bugzilla.suse.com/1238762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21773"
},
{
"cve": "CVE-2025-21775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21775"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: ctucanfd: handle skb allocation failure\n\nIf skb allocation fails, the pointer to struct can_frame is NULL. This\nis actually handled everywhere inside ctucan_err_interrupt() except for\nthe only place.\n\nAdd the missed NULL check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21775",
"url": "https://www.suse.com/security/cve/CVE-2025-21775"
},
{
"category": "external",
"summary": "SUSE Bug 1238501 for CVE-2025-21775",
"url": "https://bugzilla.suse.com/1238501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21775"
},
{
"cve": "CVE-2025-21776",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21776"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: hub: Ignore non-compliant devices with too many configs or interfaces\n\nRobert Morris created a test program which can cause\nusb_hub_to_struct_hub() to dereference a NULL or inappropriate\npointer:\n\nOops: general protection fault, probably for non-canonical address\n0xcccccccccccccccc: 0000 [#1] SMP DEBUG_PAGEALLOC PTI\nCPU: 7 UID: 0 PID: 117 Comm: kworker/7:1 Not tainted 6.13.0-rc3-00017-gf44d154d6e3d #14\nHardware name: FreeBSD BHYVE/BHYVE, BIOS 14.0 10/17/2021\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_hub_adjust_deviceremovable+0x78/0x110\n...\nCall Trace:\n \u003cTASK\u003e\n ? die_addr+0x31/0x80\n ? exc_general_protection+0x1b4/0x3c0\n ? asm_exc_general_protection+0x26/0x30\n ? usb_hub_adjust_deviceremovable+0x78/0x110\n hub_probe+0x7c7/0xab0\n usb_probe_interface+0x14b/0x350\n really_probe+0xd0/0x2d0\n ? __pfx___device_attach_driver+0x10/0x10\n __driver_probe_device+0x6e/0x110\n driver_probe_device+0x1a/0x90\n __device_attach_driver+0x7e/0xc0\n bus_for_each_drv+0x7f/0xd0\n __device_attach+0xaa/0x1a0\n bus_probe_device+0x8b/0xa0\n device_add+0x62e/0x810\n usb_set_configuration+0x65d/0x990\n usb_generic_driver_probe+0x4b/0x70\n usb_probe_device+0x36/0xd0\n\nThe cause of this error is that the device has two interfaces, and the\nhub driver binds to interface 1 instead of interface 0, which is where\nusb_hub_to_struct_hub() looks.\n\nWe can prevent the problem from occurring by refusing to accept hub\ndevices that violate the USB spec by having more than one\nconfiguration or interface.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21776",
"url": "https://www.suse.com/security/cve/CVE-2025-21776"
},
{
"category": "external",
"summary": "SUSE Bug 1238909 for CVE-2025-21776",
"url": "https://bugzilla.suse.com/1238909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21776"
},
{
"cve": "CVE-2025-21779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21779"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Reject Hyper-V\u0027s SEND_IPI hypercalls if local APIC isn\u0027t in-kernel\n\nAdvertise support for Hyper-V\u0027s SEND_IPI and SEND_IPI_EX hypercalls if and\nonly if the local API is emulated/virtualized by KVM, and explicitly reject\nsaid hypercalls if the local APIC is emulated in userspace, i.e. don\u0027t rely\non userspace to opt-in to KVM_CAP_HYPERV_ENFORCE_CPUID.\n\nRejecting SEND_IPI and SEND_IPI_EX fixes a NULL-pointer dereference if\nHyper-V enlightenments are exposed to the guest without an in-kernel local\nAPIC:\n\n dump_stack+0xbe/0xfd\n __kasan_report.cold+0x34/0x84\n kasan_report+0x3a/0x50\n __apic_accept_irq+0x3a/0x5c0\n kvm_hv_send_ipi.isra.0+0x34e/0x820\n kvm_hv_hypercall+0x8d9/0x9d0\n kvm_emulate_hypercall+0x506/0x7e0\n __vmx_handle_exit+0x283/0xb60\n vmx_handle_exit+0x1d/0xd0\n vcpu_enter_guest+0x16b0/0x24c0\n vcpu_run+0xc0/0x550\n kvm_arch_vcpu_ioctl_run+0x170/0x6d0\n kvm_vcpu_ioctl+0x413/0xb20\n __se_sys_ioctl+0x111/0x160\n do_syscal1_64+0x30/0x40\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nNote, checking the sending vCPU is sufficient, as the per-VM irqchip_mode\ncan\u0027t be modified after vCPUs are created, i.e. if one vCPU has an\nin-kernel local APIC, then all vCPUs have an in-kernel local APIC.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21779",
"url": "https://www.suse.com/security/cve/CVE-2025-21779"
},
{
"category": "external",
"summary": "SUSE Bug 1238768 for CVE-2025-21779",
"url": "https://bugzilla.suse.com/1238768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21779"
},
{
"cve": "CVE-2025-21780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21780"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()\n\nIt malicious user provides a small pptable through sysfs and then\na bigger pptable, it may cause buffer overflow attack in function\nsmu_sys_set_pp_table().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21780",
"url": "https://www.suse.com/security/cve/CVE-2025-21780"
},
{
"category": "external",
"summary": "SUSE Bug 1239115 for CVE-2025-21780",
"url": "https://bugzilla.suse.com/1239115"
},
{
"category": "external",
"summary": "SUSE Bug 1239116 for CVE-2025-21780",
"url": "https://bugzilla.suse.com/1239116"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21780"
},
{
"cve": "CVE-2025-21781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21781"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: fix panic during interface removal\n\nReference counting is used to ensure that\nbatadv_hardif_neigh_node and batadv_hard_iface\nare not freed before/during\nbatadv_v_elp_throughput_metric_update work is\nfinished.\n\nBut there isn\u0027t a guarantee that the hard if will\nremain associated with a soft interface up until\nthe work is finished.\n\nThis fixes a crash triggered by reboot that looks\nlike this:\n\nCall trace:\n batadv_v_mesh_free+0xd0/0x4dc [batman_adv]\n batadv_v_elp_throughput_metric_update+0x1c/0xa4\n process_one_work+0x178/0x398\n worker_thread+0x2e8/0x4d0\n kthread+0xd8/0xdc\n ret_from_fork+0x10/0x20\n\n(the batadv_v_mesh_free call is misleading,\nand does not actually happen)\n\nI was able to make the issue happen more reliably\nby changing hardif_neigh-\u003ebat_v.metric_work work\nto be delayed work. This allowed me to track down\nand confirm the fix.\n\n[sven@narfation.org: prevent entering batadv_v_elp_get_throughput without\n soft_iface]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21781",
"url": "https://www.suse.com/security/cve/CVE-2025-21781"
},
{
"category": "external",
"summary": "SUSE Bug 1238735 for CVE-2025-21781",
"url": "https://bugzilla.suse.com/1238735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21781"
},
{
"cve": "CVE-2025-21782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\norangefs: fix a oob in orangefs_debug_write\n\nI got a syzbot report: slab-out-of-bounds Read in\norangefs_debug_write... several people suggested fixes,\nI tested Al Viro\u0027s suggestion and made this patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21782",
"url": "https://www.suse.com/security/cve/CVE-2025-21782"
},
{
"category": "external",
"summary": "SUSE Bug 1239117 for CVE-2025-21782",
"url": "https://bugzilla.suse.com/1239117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21782"
},
{
"cve": "CVE-2025-21784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21784"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode()\n\nIn function psp_init_cap_microcode(), it should bail out when failed to\nload firmware, otherwise it may cause invalid memory access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21784",
"url": "https://www.suse.com/security/cve/CVE-2025-21784"
},
{
"category": "external",
"summary": "SUSE Bug 1238510 for CVE-2025-21784",
"url": "https://bugzilla.suse.com/1238510"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21784"
},
{
"cve": "CVE-2025-21785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21785"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array\n\nThe loop that detects/populates cache information already has a bounds\ncheck on the array size but does not account for cache levels with\nseparate data/instructions cache. Fix this by incrementing the index\nfor any populated leaf (instead of any populated level).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21785",
"url": "https://www.suse.com/security/cve/CVE-2025-21785"
},
{
"category": "external",
"summary": "SUSE Bug 1238747 for CVE-2025-21785",
"url": "https://bugzilla.suse.com/1238747"
},
{
"category": "external",
"summary": "SUSE Bug 1240745 for CVE-2025-21785",
"url": "https://bugzilla.suse.com/1240745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21785"
},
{
"cve": "CVE-2025-21790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21790"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: check vxlan_vnigroup_init() return value\n\nvxlan_init() must check vxlan_vnigroup_init() success\notherwise a crash happens later, spotted by syzbot.\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000002c: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000160-0x0000000000000167]\nCPU: 0 UID: 0 PID: 7313 Comm: syz-executor147 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:vxlan_vnigroup_uninit+0x89/0x500 drivers/net/vxlan/vxlan_vnifilter.c:912\nCode: 00 48 8b 44 24 08 4c 8b b0 98 41 00 00 49 8d 86 60 01 00 00 48 89 c2 48 89 44 24 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 4d 04 00 00 49 8b 86 60 01 00 00 48 ba 00 00 00\nRSP: 0018:ffffc9000cc1eea8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8672effb\nRDX: 000000000000002c RSI: ffffffff8672ecb9 RDI: ffff8880461b4f18\nRBP: ffff8880461b4ef4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000020000\nR13: ffff8880461b0d80 R14: 0000000000000000 R15: dffffc0000000000\nFS: 00007fecfa95d6c0(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fecfa95cfb8 CR3: 000000004472c000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vxlan_uninit+0x1ab/0x200 drivers/net/vxlan/vxlan_core.c:2942\n unregister_netdevice_many_notify+0x12d6/0x1f30 net/core/dev.c:11824\n unregister_netdevice_many net/core/dev.c:11866 [inline]\n unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11736\n register_netdevice+0x1829/0x1eb0 net/core/dev.c:10901\n __vxlan_dev_create+0x7c6/0xa30 drivers/net/vxlan/vxlan_core.c:3981\n vxlan_newlink+0xd1/0x130 drivers/net/vxlan/vxlan_core.c:4407\n rtnl_newlink_create net/core/rtnetlink.c:3795 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21790",
"url": "https://www.suse.com/security/cve/CVE-2025-21790"
},
{
"category": "external",
"summary": "SUSE Bug 1238753 for CVE-2025-21790",
"url": "https://bugzilla.suse.com/1238753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21790"
},
{
"cve": "CVE-2025-21791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: use RCU protection in l3mdev_l3_out()\n\nl3mdev_l3_out() can be called without RCU being held:\n\nraw_sendmsg()\n ip_push_pending_frames()\n ip_send_skb()\n ip_local_out()\n __ip_local_out()\n l3mdev_ip_out()\n\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\na potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21791",
"url": "https://www.suse.com/security/cve/CVE-2025-21791"
},
{
"category": "external",
"summary": "SUSE Bug 1238512 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "external",
"summary": "SUSE Bug 1240744 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1240744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21791"
},
{
"cve": "CVE-2025-21793",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21793"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: sn-f-ospi: Fix division by zero\n\nWhen there is no dummy cycle in the spi-nor commands, both dummy bus cycle\nbytes and width are zero. Because of the cpu\u0027s warning when divided by\nzero, the warning should be avoided. Return just zero to avoid such\ncalculations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21793",
"url": "https://www.suse.com/security/cve/CVE-2025-21793"
},
{
"category": "external",
"summary": "SUSE Bug 1238500 for CVE-2025-21793",
"url": "https://bugzilla.suse.com/1238500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21793"
},
{
"cve": "CVE-2025-21794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()\n\nSyzbot[1] has detected a stack-out-of-bounds read of the ep_addr array from\nhid-thrustmaster driver. This array is passed to usb_check_int_endpoints\nfunction from usb.c core driver, which executes a for loop that iterates\nover the elements of the passed array. Not finding a null element at the end of\nthe array, it tries to read the next, non-existent element, crashing the kernel.\n\nTo fix this, a 0 element was added at the end of the array to break the for\nloop.\n\n[1] https://syzkaller.appspot.com/bug?extid=9c9179ac46169c56c1ad",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21794",
"url": "https://www.suse.com/security/cve/CVE-2025-21794"
},
{
"category": "external",
"summary": "SUSE Bug 1238502 for CVE-2025-21794",
"url": "https://bugzilla.suse.com/1238502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21794"
},
{
"cve": "CVE-2025-21795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21795"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: fix hang in nfsd4_shutdown_callback\n\nIf nfs4_client is in courtesy state then there is no point to send\nthe callback. This causes nfsd4_shutdown_callback to hang since\ncl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP\nnotifies NFSD that the connection was dropped.\n\nThis patch modifies nfsd4_run_cb_work to skip the RPC call if\nnfs4_client is in courtesy state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21795",
"url": "https://www.suse.com/security/cve/CVE-2025-21795"
},
{
"category": "external",
"summary": "SUSE Bug 1238759 for CVE-2025-21795",
"url": "https://bugzilla.suse.com/1238759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21795"
},
{
"cve": "CVE-2025-21796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21796"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: clear acl_access/acl_default after releasing them\n\nIf getting acl_default fails, acl_access and acl_default will be released\nsimultaneously. However, acl_access will still retain a pointer pointing\nto the released posix_acl, which will trigger a WARNING in\nnfs3svc_release_getacl like this:\n\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 26 PID: 3199 at lib/refcount.c:28\nrefcount_warn_saturate+0xb5/0x170\nModules linked in:\nCPU: 26 UID: 0 PID: 3199 Comm: nfsd Not tainted\n6.12.0-rc6-00079-g04ae226af01f-dirty #8\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xb5/0x170\nCode: cc cc 0f b6 1d b3 20 a5 03 80 fb 01 0f 87 65 48 d8 00 83 e3 01 75\ne4 48 c7 c7 c0 3b 9b 85 c6 05 97 20 a5 03 01 e8 fb 3e 30 ff \u003c0f\u003e 0b eb\ncd 0f b6 1d 8a3\nRSP: 0018:ffffc90008637cd8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff83904fde\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88871ed36380\nRBP: ffff888158beeb40 R08: 0000000000000001 R09: fffff520010c6f56\nR10: ffffc90008637ab7 R11: 0000000000000001 R12: 0000000000000001\nR13: ffff888140e77400 R14: ffff888140e77408 R15: ffffffff858b42c0\nFS: 0000000000000000(0000) GS:ffff88871ed00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000562384d32158 CR3: 000000055cc6a000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0xb5/0x170\n ? __warn+0xa5/0x140\n ? refcount_warn_saturate+0xb5/0x170\n ? report_bug+0x1b1/0x1e0\n ? handle_bug+0x53/0xa0\n ? exc_invalid_op+0x17/0x40\n ? asm_exc_invalid_op+0x1a/0x20\n ? tick_nohz_tick_stopped+0x1e/0x40\n ? refcount_warn_saturate+0xb5/0x170\n ? refcount_warn_saturate+0xb5/0x170\n nfs3svc_release_getacl+0xc9/0xe0\n svc_process_common+0x5db/0xb60\n ? __pfx_svc_process_common+0x10/0x10\n ? __rcu_read_unlock+0x69/0xa0\n ? __pfx_nfsd_dispatch+0x10/0x10\n ? svc_xprt_received+0xa1/0x120\n ? xdr_init_decode+0x11d/0x190\n svc_process+0x2a7/0x330\n svc_handle_xprt+0x69d/0x940\n svc_recv+0x180/0x2d0\n nfsd+0x168/0x200\n ? __pfx_nfsd+0x10/0x10\n kthread+0x1a2/0x1e0\n ? kthread+0xf4/0x1e0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\nKernel panic - not syncing: kernel: panic_on_warn set ...\n\nClear acl_access/acl_default after posix_acl_release is called to prevent\nUAF from being triggered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21796",
"url": "https://www.suse.com/security/cve/CVE-2025-21796"
},
{
"category": "external",
"summary": "SUSE Bug 1238716 for CVE-2025-21796",
"url": "https://bugzilla.suse.com/1238716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21796"
},
{
"cve": "CVE-2025-21799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21799"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()\n\nWhen getting the IRQ we use k3_udma_glue_tx_get_irq() which returns\nnegative error value on error. So not NULL check is not sufficient\nto deteremine if IRQ is valid. Check that IRQ is greater then zero\nto ensure it is valid.\n\nThere is no issue at probe time but at runtime user can invoke\n.set_channels which results in the following call chain.\nam65_cpsw_set_channels()\n am65_cpsw_nuss_update_tx_rx_chns()\n am65_cpsw_nuss_remove_tx_chns()\n am65_cpsw_nuss_init_tx_chns()\n\nAt this point if am65_cpsw_nuss_init_tx_chns() fails due to\nk3_udma_glue_tx_get_irq() then tx_chn-\u003eirq will be set to a\nnegative value.\n\nThen, at subsequent .set_channels with higher channel count we\nwill attempt to free an invalid IRQ in am65_cpsw_nuss_remove_tx_chns()\nleading to a kernel warning.\n\nThe issue is present in the original commit that introduced this driver,\nalthough there, am65_cpsw_nuss_update_tx_rx_chns() existed as\nam65_cpsw_nuss_update_tx_chns().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21799",
"url": "https://www.suse.com/security/cve/CVE-2025-21799"
},
{
"category": "external",
"summary": "SUSE Bug 1238739 for CVE-2025-21799",
"url": "https://bugzilla.suse.com/1238739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21799"
},
{
"cve": "CVE-2025-21802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21802"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix oops when unload drivers paralleling\n\nWhen unload hclge driver, it tries to disable sriov first for each\nae_dev node from hnae3_ae_dev_list. If user unloads hns3 driver at\nthe time, because it removes all the ae_dev nodes, and it may cause\noops.\n\nBut we can\u0027t simply use hnae3_common_lock for this. Because in the\nprocess flow of pci_disable_sriov(), it will trigger the remove flow\nof VF, which will also take hnae3_common_lock.\n\nTo fixes it, introduce a new mutex to protect the unload process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21802",
"url": "https://www.suse.com/security/cve/CVE-2025-21802"
},
{
"category": "external",
"summary": "SUSE Bug 1238751 for CVE-2025-21802",
"url": "https://bugzilla.suse.com/1238751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21802"
},
{
"cve": "CVE-2025-21804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21804"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()\n\nThe rcar_pcie_parse_outbound_ranges() uses the devm_request_mem_region()\nmacro to request a needed resource. A string variable that lives on the\nstack is then used to store a dynamically computed resource name, which\nis then passed on as one of the macro arguments. This can lead to\nundefined behavior.\n\nDepending on the current contents of the memory, the manifestations of\nerrors may vary. One possible output may be as follows:\n\n $ cat /proc/iomem\n 30000000-37ffffff :\n 38000000-3fffffff :\n\nSometimes, garbage may appear after the colon.\n\nIn very rare cases, if no NULL-terminator is found in memory, the system\nmight crash because the string iterator will overrun which can lead to\naccess of unmapped memory above the stack.\n\nThus, fix this by replacing outbound_name with the name of the previously\nrequested resource. With the changes applied, the output will be as\nfollows:\n\n $ cat /proc/iomem\n 30000000-37ffffff : memory2\n 38000000-3fffffff : memory3\n\n[kwilczynski: commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21804",
"url": "https://www.suse.com/security/cve/CVE-2025-21804"
},
{
"category": "external",
"summary": "SUSE Bug 1238736 for CVE-2025-21804",
"url": "https://bugzilla.suse.com/1238736"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21804"
},
{
"cve": "CVE-2025-21810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: class: Fix wild pointer dereferences in API class_dev_iter_next()\n\nThere are a potential wild pointer dereferences issue regarding APIs\nclass_dev_iter_(init|next|exit)(), as explained by below typical usage:\n\n// All members of @iter are wild pointers.\nstruct class_dev_iter iter;\n\n// class_dev_iter_init(@iter, @class, ...) checks parameter @class for\n// potential class_to_subsys() error, and it returns void type and does\n// not initialize its output parameter @iter, so caller can not detect\n// the error and continues to invoke class_dev_iter_next(@iter) even if\n// @iter still contains wild pointers.\nclass_dev_iter_init(\u0026iter, ...);\n\n// Dereference these wild pointers in @iter here once suffer the error.\nwhile (dev = class_dev_iter_next(\u0026iter)) { ... };\n\n// Also dereference these wild pointers here.\nclass_dev_iter_exit(\u0026iter);\n\nActually, all callers of these APIs have such usage pattern in kernel tree.\nFix by:\n- Initialize output parameter @iter by memset() in class_dev_iter_init()\n and give callers prompt by pr_crit() for the error.\n- Check if @iter is valid in class_dev_iter_next().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21810",
"url": "https://www.suse.com/security/cve/CVE-2025-21810"
},
{
"category": "external",
"summary": "SUSE Bug 1238757 for CVE-2025-21810",
"url": "https://bugzilla.suse.com/1238757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21810"
},
{
"cve": "CVE-2025-21815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21815"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/compaction: fix UBSAN shift-out-of-bounds warning\n\nsyzkaller reported a UBSAN shift-out-of-bounds warning of (1UL \u003c\u003c order)\nin isolate_freepages_block(). The bogus compound_order can be any value\nbecause it is union with flags. Add back the MAX_PAGE_ORDER check to fix\nthe warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21815",
"url": "https://www.suse.com/security/cve/CVE-2025-21815"
},
{
"category": "external",
"summary": "SUSE Bug 1238474 for CVE-2025-21815",
"url": "https://bugzilla.suse.com/1238474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21815"
},
{
"cve": "CVE-2025-21819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21819"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/amd/display: Use HW lock mgr for PSR1\"\n\nThis reverts commit\na2b5a9956269 (\"drm/amd/display: Use HW lock mgr for PSR1\")\n\nBecause it may cause system hang while connect with two edp panel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21819",
"url": "https://www.suse.com/security/cve/CVE-2025-21819"
},
{
"category": "external",
"summary": "SUSE Bug 1238994 for CVE-2025-21819",
"url": "https://bugzilla.suse.com/1238994"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21819"
},
{
"cve": "CVE-2025-21820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21820"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: xilinx_uartps: split sysrq handling\n\nlockdep detects the following circular locking dependency:\n\nCPU 0 CPU 1\n========================== ============================\ncdns_uart_isr() printk()\n uart_port_lock(port) console_lock()\n\t\t\t cdns_uart_console_write()\n if (!port-\u003esysrq)\n uart_port_lock(port)\n uart_handle_break()\n port-\u003esysrq = ...\n uart_handle_sysrq_char()\n printk()\n console_lock()\n\nThe fixed commit attempts to avoid this situation by only taking the\nport lock in cdns_uart_console_write if port-\u003esysrq unset. However, if\n(as shown above) cdns_uart_console_write runs before port-\u003esysrq is set,\nthen it will try to take the port lock anyway. This may result in a\ndeadlock.\n\nFix this by splitting sysrq handling into two parts. We use the prepare\nhelper under the port lock and defer handling until we release the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21820",
"url": "https://www.suse.com/security/cve/CVE-2025-21820"
},
{
"category": "external",
"summary": "SUSE Bug 1238479 for CVE-2025-21820",
"url": "https://bugzilla.suse.com/1238479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21820"
},
{
"cve": "CVE-2025-21821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21821"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omap: use threaded IRQ for LCD DMA\n\nWhen using touchscreen and framebuffer, Nokia 770 crashes easily with:\n\n BUG: scheduling while atomic: irq/144-ads7846/82/0x00010000\n Modules linked in: usb_f_ecm g_ether usb_f_rndis u_ether libcomposite configfs omap_udc ohci_omap ohci_hcd\n CPU: 0 UID: 0 PID: 82 Comm: irq/144-ads7846 Not tainted 6.12.7-770 #2\n Hardware name: Nokia 770\n Call trace:\n unwind_backtrace from show_stack+0x10/0x14\n show_stack from dump_stack_lvl+0x54/0x5c\n dump_stack_lvl from __schedule_bug+0x50/0x70\n __schedule_bug from __schedule+0x4d4/0x5bc\n __schedule from schedule+0x34/0xa0\n schedule from schedule_preempt_disabled+0xc/0x10\n schedule_preempt_disabled from __mutex_lock.constprop.0+0x218/0x3b4\n __mutex_lock.constprop.0 from clk_prepare_lock+0x38/0xe4\n clk_prepare_lock from clk_set_rate+0x18/0x154\n clk_set_rate from sossi_read_data+0x4c/0x168\n sossi_read_data from hwa742_read_reg+0x5c/0x8c\n hwa742_read_reg from send_frame_handler+0xfc/0x300\n send_frame_handler from process_pending_requests+0x74/0xd0\n process_pending_requests from lcd_dma_irq_handler+0x50/0x74\n lcd_dma_irq_handler from __handle_irq_event_percpu+0x44/0x130\n __handle_irq_event_percpu from handle_irq_event+0x28/0x68\n handle_irq_event from handle_level_irq+0x9c/0x170\n handle_level_irq from generic_handle_domain_irq+0x2c/0x3c\n generic_handle_domain_irq from omap1_handle_irq+0x40/0x8c\n omap1_handle_irq from generic_handle_arch_irq+0x28/0x3c\n generic_handle_arch_irq from call_with_stack+0x1c/0x24\n call_with_stack from __irq_svc+0x94/0xa8\n Exception stack(0xc5255da0 to 0xc5255de8)\n 5da0: 00000001 c22fc620 00000000 00000000 c08384a8 c106fc00 00000000 c240c248\n 5dc0: c113a600 c3f6ec30 00000001 00000000 c22fc620 c5255df0 c22fc620 c0279a94\n 5de0: 60000013 ffffffff\n __irq_svc from clk_prepare_lock+0x4c/0xe4\n clk_prepare_lock from clk_get_rate+0x10/0x74\n clk_get_rate from uwire_setup_transfer+0x40/0x180\n uwire_setup_transfer from spi_bitbang_transfer_one+0x2c/0x9c\n spi_bitbang_transfer_one from spi_transfer_one_message+0x2d0/0x664\n spi_transfer_one_message from __spi_pump_transfer_message+0x29c/0x498\n __spi_pump_transfer_message from __spi_sync+0x1f8/0x2e8\n __spi_sync from spi_sync+0x24/0x40\n spi_sync from ads7846_halfd_read_state+0x5c/0x1c0\n ads7846_halfd_read_state from ads7846_irq+0x58/0x348\n ads7846_irq from irq_thread_fn+0x1c/0x78\n irq_thread_fn from irq_thread+0x120/0x228\n irq_thread from kthread+0xc8/0xe8\n kthread from ret_from_fork+0x14/0x28\n\nAs a quick fix, switch to a threaded IRQ which provides a stable system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21821",
"url": "https://www.suse.com/security/cve/CVE-2025-21821"
},
{
"category": "external",
"summary": "SUSE Bug 1239174 for CVE-2025-21821",
"url": "https://bugzilla.suse.com/1239174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21821"
},
{
"cve": "CVE-2025-21823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21823"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: Drop unmanaged ELP metric worker\n\nThe ELP worker needs to calculate new metric values for all neighbors\n\"reachable\" over an interface. Some of the used metric sources require\nlocks which might need to sleep. This sleep is incompatible with the RCU\nlist iterator used for the recorded neighbors. The initial approach to work\naround of this problem was to queue another work item per neighbor and then\nrun this in a new context.\n\nEven when this solved the RCU vs might_sleep() conflict, it has a major\nproblems: Nothing was stopping the work item in case it is not needed\nanymore - for example because one of the related interfaces was removed or\nthe batman-adv module was unloaded - resulting in potential invalid memory\naccesses.\n\nDirectly canceling the metric worker also has various problems:\n\n* cancel_work_sync for a to-be-deactivated interface is called with\n rtnl_lock held. But the code in the ELP metric worker also tries to use\n rtnl_lock() - which will never return in this case. This also means that\n cancel_work_sync would never return because it is waiting for the worker\n to finish.\n* iterating over the neighbor list for the to-be-deactivated interface is\n currently done using the RCU specific methods. Which means that it is\n possible to miss items when iterating over it without the associated\n spinlock - a behaviour which is acceptable for a periodic metric check\n but not for a cleanup routine (which must \"stop\" all still running\n workers)\n\nThe better approch is to get rid of the per interface neighbor metric\nworker and handle everything in the interface worker. The original problems\nare solved by:\n\n* creating a list of neighbors which require new metric information inside\n the RCU protected context, gathering the metric according to the new list\n outside the RCU protected context\n* only use rcu_trylock inside metric gathering code to avoid a deadlock\n when the cancel_delayed_work_sync is called in the interface removal code\n (which is called with the rtnl_lock held)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21823",
"url": "https://www.suse.com/security/cve/CVE-2025-21823"
},
{
"category": "external",
"summary": "SUSE Bug 1238475 for CVE-2025-21823",
"url": "https://bugzilla.suse.com/1238475"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21823"
},
{
"cve": "CVE-2025-21825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21825"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Cancel the running bpf_timer through kworker for PREEMPT_RT\n\nDuring the update procedure, when overwrite element in a pre-allocated\nhtab, the freeing of old_element is protected by the bucket lock. The\nreason why the bucket lock is necessary is that the old_element has\nalready been stashed in htab-\u003eextra_elems after alloc_htab_elem()\nreturns. If freeing the old_element after the bucket lock is unlocked,\nthe stashed element may be reused by concurrent update procedure and the\nfreeing of old_element will run concurrently with the reuse of the\nold_element. However, the invocation of check_and_free_fields() may\nacquire a spin-lock which violates the lockdep rule because its caller\nhas already held a raw-spin-lock (bucket lock). The following warning\nwill be reported when such race happens:\n\n BUG: scheduling while atomic: test_progs/676/0x00000003\n 3 locks held by test_progs/676:\n #0: ffffffff864b0240 (rcu_read_lock_trace){....}-{0:0}, at: bpf_prog_test_run_syscall+0x2c0/0x830\n #1: ffff88810e961188 (\u0026htab-\u003elockdep_key){....}-{2:2}, at: htab_map_update_elem+0x306/0x1500\n #2: ffff8881f4eac1b8 (\u0026base-\u003esoftirq_expiry_lock){....}-{2:2}, at: hrtimer_cancel_wait_running+0xe9/0x1b0\n Modules linked in: bpf_testmod(O)\n Preemption disabled at:\n [\u003cffffffff817837a3\u003e] htab_map_update_elem+0x293/0x1500\n CPU: 0 UID: 0 PID: 676 Comm: test_progs Tainted: G ... 6.12.0+ #11\n Tainted: [W]=WARN, [O]=OOT_MODULE\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)...\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x57/0x70\n dump_stack+0x10/0x20\n __schedule_bug+0x120/0x170\n __schedule+0x300c/0x4800\n schedule_rtlock+0x37/0x60\n rtlock_slowlock_locked+0x6d9/0x54c0\n rt_spin_lock+0x168/0x230\n hrtimer_cancel_wait_running+0xe9/0x1b0\n hrtimer_cancel+0x24/0x30\n bpf_timer_delete_work+0x1d/0x40\n bpf_timer_cancel_and_free+0x5e/0x80\n bpf_obj_free_fields+0x262/0x4a0\n check_and_free_fields+0x1d0/0x280\n htab_map_update_elem+0x7fc/0x1500\n bpf_prog_9f90bc20768e0cb9_overwrite_cb+0x3f/0x43\n bpf_prog_ea601c4649694dbd_overwrite_timer+0x5d/0x7e\n bpf_prog_test_run_syscall+0x322/0x830\n __sys_bpf+0x135d/0x3ca0\n __x64_sys_bpf+0x75/0xb0\n x64_sys_call+0x1b5/0xa10\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n ...\n \u003c/TASK\u003e\n\nIt seems feasible to break the reuse and refill of per-cpu extra_elems\ninto two independent parts: reuse the per-cpu extra_elems with bucket\nlock being held and refill the old_element as per-cpu extra_elems after\nthe bucket lock is unlocked. However, it will make the concurrent\noverwrite procedures on the same CPU return unexpected -E2BIG error when\nthe map is full.\n\nTherefore, the patch fixes the lock problem by breaking the cancelling\nof bpf_timer into two steps for PREEMPT_RT:\n1) use hrtimer_try_to_cancel() and check its return value\n2) if the timer is running, use hrtimer_cancel() through a kworker to\n cancel it again\nConsidering that the current implementation of hrtimer_cancel() will try\nto acquire a being held softirq_expiry_lock when the current timer is\nrunning, these steps above are reasonable. However, it also has\ndownside. When the timer is running, the cancelling of the timer is\ndelayed when releasing the last map uref. The delay is also fixable\n(e.g., break the cancelling of bpf timer into two parts: one part in\nlocked scope, another one in unlocked scope), it can be revised later if\nnecessary.\n\nIt is a bit hard to decide the right fix tag. One reason is that the\nproblem depends on PREEMPT_RT which is enabled in v6.12. Considering the\nsoftirq_expiry_lock lock exists since v5.4 and bpf_timer is introduced\nin v5.15, the bpf_timer commit is used in the fixes tag and an extra\ndepends-on tag is added to state the dependency on PREEMPT_RT.\n\nDepends-on: v6.12+ with PREEMPT_RT enabled",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21825",
"url": "https://www.suse.com/security/cve/CVE-2025-21825"
},
{
"category": "external",
"summary": "SUSE Bug 1238971 for CVE-2025-21825",
"url": "https://bugzilla.suse.com/1238971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21825"
},
{
"cve": "CVE-2025-21828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21828"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: don\u0027t flush non-uploaded STAs\n\nIf STA state is pre-moved to AUTHORIZED (such as in IBSS\nscenarios) and insertion fails, the station is freed.\nIn this case, the driver never knew about the station,\nso trying to flush it is unexpected and may crash.\n\nCheck if the sta was uploaded to the driver before and\nfix this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21828",
"url": "https://www.suse.com/security/cve/CVE-2025-21828"
},
{
"category": "external",
"summary": "SUSE Bug 1238958 for CVE-2025-21828",
"url": "https://bugzilla.suse.com/1238958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21828"
},
{
"cve": "CVE-2025-21829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21829"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix the warning \"__rxe_cleanup+0x12c/0x170 [rdma_rxe]\"\n\nThe Call Trace is as below:\n\"\n \u003cTASK\u003e\n ? show_regs.cold+0x1a/0x1f\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? __warn+0x84/0xd0\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? report_bug+0x105/0x180\n ? handle_bug+0x46/0x80\n ? exc_invalid_op+0x19/0x70\n ? asm_exc_invalid_op+0x1b/0x20\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? __rxe_cleanup+0x124/0x170 [rdma_rxe]\n rxe_destroy_qp.cold+0x24/0x29 [rdma_rxe]\n ib_destroy_qp_user+0x118/0x190 [ib_core]\n rdma_destroy_qp.cold+0x43/0x5e [rdma_cm]\n rtrs_cq_qp_destroy.cold+0x1d/0x2b [rtrs_core]\n rtrs_srv_close_work.cold+0x1b/0x31 [rtrs_server]\n process_one_work+0x21d/0x3f0\n worker_thread+0x4a/0x3c0\n ? process_one_work+0x3f0/0x3f0\n kthread+0xf0/0x120\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n \u003c/TASK\u003e\n\"\nWhen too many rdma resources are allocated, rxe needs more time to\nhandle these rdma resources. Sometimes with the current timeout, rxe\ncan not release the rdma resources correctly.\n\nCompared with other rdma drivers, a bigger timeout is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21829",
"url": "https://www.suse.com/security/cve/CVE-2025-21829"
},
{
"category": "external",
"summary": "SUSE Bug 1239030 for CVE-2025-21829",
"url": "https://bugzilla.suse.com/1239030"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21829"
},
{
"cve": "CVE-2025-21830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21830"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Handle weird files\n\nA corrupted filesystem (e.g. bcachefs) might return weird files.\nInstead of throwing a warning and allowing access to such file, treat\nthem as regular files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21830",
"url": "https://www.suse.com/security/cve/CVE-2025-21830"
},
{
"category": "external",
"summary": "SUSE Bug 1239033 for CVE-2025-21830",
"url": "https://bugzilla.suse.com/1239033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21830"
},
{
"cve": "CVE-2025-21831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1\n\ncommit 9d26d3a8f1b0 (\"PCI: Put PCIe ports into D3 during suspend\") sets the\npolicy that all PCIe ports are allowed to use D3. When the system is\nsuspended if the port is not power manageable by the platform and won\u0027t be\nused for wakeup via a PME this sets up the policy for these ports to go\ninto D3hot.\n\nThis policy generally makes sense from an OSPM perspective but it leads to\nproblems with wakeup from suspend on the TUXEDO Sirius 16 Gen 1 with a\nspecific old BIOS. This manifests as a system hang.\n\nOn the affected Device + BIOS combination, add a quirk for the root port of\nthe problematic controller to ensure that these root ports are not put into\nD3hot at suspend.\n\nThis patch is based on\n\n https://lore.kernel.org/linux-pci/20230708214457.1229-2-mario.limonciello@amd.com\n\nbut with the added condition both in the documentation and in the code to\napply only to the TUXEDO Sirius 16 Gen 1 with a specific old BIOS and only\nthe affected root ports.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21831",
"url": "https://www.suse.com/security/cve/CVE-2025-21831"
},
{
"category": "external",
"summary": "SUSE Bug 1239039 for CVE-2025-21831",
"url": "https://bugzilla.suse.com/1239039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21831"
},
{
"cve": "CVE-2025-21832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21832"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: don\u0027t revert iter for -EIOCBQUEUED\n\nblkdev_read_iter() has a few odd checks, like gating the position and\ncount adjustment on whether or not the result is bigger-than-or-equal to\nzero (where bigger than makes more sense), and not checking the return\nvalue of blkdev_direct_IO() before doing an iov_iter_revert(). The\nlatter can lead to attempting to revert with a negative value, which\nwhen passed to iov_iter_revert() as an unsigned value will lead to\nthrowing a WARN_ON() because unroll is bigger than MAX_RW_COUNT.\n\nBe sane and don\u0027t revert for -EIOCBQUEUED, like what is done in other\nspots.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21832",
"url": "https://www.suse.com/security/cve/CVE-2025-21832"
},
{
"category": "external",
"summary": "SUSE Bug 1239105 for CVE-2025-21832",
"url": "https://bugzilla.suse.com/1239105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21832"
},
{
"cve": "CVE-2025-21835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21835"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_midi: fix MIDI Streaming descriptor lengths\n\nWhile the MIDI jacks are configured correctly, and the MIDIStreaming\nendpoint descriptors are filled with the correct information,\nbNumEmbMIDIJack and bLength are set incorrectly in these descriptors.\n\nThis does not matter when the numbers of in and out ports are equal, but\nwhen they differ the host will receive broken descriptors with\nuninitialized stack memory leaking into the descriptor for whichever\nvalue is smaller.\n\nThe precise meaning of \"in\" and \"out\" in the port counts is not clearly\ndefined and can be confusing. But elsewhere the driver consistently\nuses this to match the USB meaning of IN and OUT viewed from the host,\nso that \"in\" ports send data to the host and \"out\" ports receive data\nfrom it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21835",
"url": "https://www.suse.com/security/cve/CVE-2025-21835"
},
{
"category": "external",
"summary": "SUSE Bug 1239068 for CVE-2025-21835",
"url": "https://bugzilla.suse.com/1239068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21835"
},
{
"cve": "CVE-2025-21838",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21838"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: flush gadget workqueue after device removal\n\ndevice_del() can lead to new work being scheduled in gadget-\u003ework\nworkqueue. This is observed, for example, with the dwc3 driver with the\nfollowing call stack:\n device_del()\n gadget_unbind_driver()\n usb_gadget_disconnect_locked()\n dwc3_gadget_pullup()\n\t dwc3_gadget_soft_disconnect()\n\t usb_gadget_set_state()\n\t schedule_work(\u0026gadget-\u003ework)\n\nMove flush_work() after device_del() to ensure the workqueue is cleaned\nup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21838",
"url": "https://www.suse.com/security/cve/CVE-2025-21838"
},
{
"category": "external",
"summary": "SUSE Bug 1239065 for CVE-2025-21838",
"url": "https://bugzilla.suse.com/1239065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21838"
},
{
"cve": "CVE-2025-21844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21844"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Add check for next_buffer in receive_encrypted_standard()\n\nAdd check for the return value of cifs_buf_get() and cifs_small_buf_get()\nin receive_encrypted_standard() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21844",
"url": "https://www.suse.com/security/cve/CVE-2025-21844"
},
{
"category": "external",
"summary": "SUSE Bug 1239512 for CVE-2025-21844",
"url": "https://bugzilla.suse.com/1239512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21844"
},
{
"cve": "CVE-2025-21846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21846"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nacct: perform last write from workqueue\n\nIn [1] it was reported that the acct(2) system call can be used to\ntrigger NULL deref in cases where it is set to write to a file that\ntriggers an internal lookup. This can e.g., happen when pointing acc(2)\nto /sys/power/resume. At the point the where the write to this file\nhappens the calling task has already exited and called exit_fs(). A\nlookup will thus trigger a NULL-deref when accessing current-\u003efs.\n\nReorganize the code so that the the final write happens from the\nworkqueue but with the caller\u0027s credentials. This preserves the\n(strange) permission model and has almost no regression risk.\n\nThis api should stop to exist though.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21846",
"url": "https://www.suse.com/security/cve/CVE-2025-21846"
},
{
"category": "external",
"summary": "SUSE Bug 1239508 for CVE-2025-21846",
"url": "https://bugzilla.suse.com/1239508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21846"
},
{
"cve": "CVE-2025-21847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21847"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()\n\nThe nullity of sps-\u003ecstream should be checked similarly as it is done in\nsof_set_stream_data_offset() function.\nAssuming that it is not NULL if sps-\u003estream is NULL is incorrect and can\nlead to NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21847",
"url": "https://www.suse.com/security/cve/CVE-2025-21847"
},
{
"category": "external",
"summary": "SUSE Bug 1239471 for CVE-2025-21847",
"url": "https://bugzilla.suse.com/1239471"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21847"
},
{
"cve": "CVE-2025-21848",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21848"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfp: bpf: Add check for nfp_app_ctrl_msg_alloc()\n\nAdd check for the return value of nfp_app_ctrl_msg_alloc() in\nnfp_bpf_cmsg_alloc() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21848",
"url": "https://www.suse.com/security/cve/CVE-2025-21848"
},
{
"category": "external",
"summary": "SUSE Bug 1239479 for CVE-2025-21848",
"url": "https://bugzilla.suse.com/1239479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21848"
},
{
"cve": "CVE-2025-21850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21850"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: Fix crash when a namespace is disabled\n\nThe namespace percpu counter protects pending I/O, and we can\nonly safely diable the namespace once the counter drop to zero.\nOtherwise we end up with a crash when running blktests/nvme/058\n(eg for loop transport):\n\n[ 2352.930426] [ T53909] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN PTI\n[ 2352.930431] [ T53909] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]\n[ 2352.930434] [ T53909] CPU: 3 UID: 0 PID: 53909 Comm: kworker/u16:5 Tainted: G W 6.13.0-rc6 #232\n[ 2352.930438] [ T53909] Tainted: [W]=WARN\n[ 2352.930440] [ T53909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n[ 2352.930443] [ T53909] Workqueue: nvmet-wq nvme_loop_execute_work [nvme_loop]\n[ 2352.930449] [ T53909] RIP: 0010:blkcg_set_ioprio+0x44/0x180\n\nas the queue is already torn down when calling submit_bio();\n\nSo we need to init the percpu counter in nvmet_ns_enable(), and\nwait for it to drop to zero in nvmet_ns_disable() to avoid having\nI/O pending after the namespace has been disabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21850",
"url": "https://www.suse.com/security/cve/CVE-2025-21850"
},
{
"category": "external",
"summary": "SUSE Bug 1239477 for CVE-2025-21850",
"url": "https://bugzilla.suse.com/1239477"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21850"
},
{
"cve": "CVE-2025-21855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21855"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Don\u0027t reference skb after sending to VIOS\n\nPreviously, after successfully flushing the xmit buffer to VIOS,\nthe tx_bytes stat was incremented by the length of the skb.\n\nIt is invalid to access the skb memory after sending the buffer to\nthe VIOS because, at any point after sending, the VIOS can trigger\nan interrupt to free this memory. A race between reading skb-\u003elen\nand freeing the skb is possible (especially during LPM) and will\nresult in use-after-free:\n ==================================================================\n BUG: KASAN: slab-use-after-free in ibmvnic_xmit+0x75c/0x1808 [ibmvnic]\n Read of size 4 at addr c00000024eb48a70 by task hxecom/14495\n \u003c...\u003e\n Call Trace:\n [c000000118f66cf0] [c0000000018cba6c] dump_stack_lvl+0x84/0xe8 (unreliable)\n [c000000118f66d20] [c0000000006f0080] print_report+0x1a8/0x7f0\n [c000000118f66df0] [c0000000006f08f0] kasan_report+0x128/0x1f8\n [c000000118f66f00] [c0000000006f2868] __asan_load4+0xac/0xe0\n [c000000118f66f20] [c0080000046eac84] ibmvnic_xmit+0x75c/0x1808 [ibmvnic]\n [c000000118f67340] [c0000000014be168] dev_hard_start_xmit+0x150/0x358\n \u003c...\u003e\n Freed by task 0:\n kasan_save_stack+0x34/0x68\n kasan_save_track+0x2c/0x50\n kasan_save_free_info+0x64/0x108\n __kasan_mempool_poison_object+0x148/0x2d4\n napi_skb_cache_put+0x5c/0x194\n net_tx_action+0x154/0x5b8\n handle_softirqs+0x20c/0x60c\n do_softirq_own_stack+0x6c/0x88\n \u003c...\u003e\n The buggy address belongs to the object at c00000024eb48a00 which\n belongs to the cache skbuff_head_cache of size 224\n==================================================================",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21855",
"url": "https://www.suse.com/security/cve/CVE-2025-21855"
},
{
"category": "external",
"summary": "SUSE Bug 1239484 for CVE-2025-21855",
"url": "https://bugzilla.suse.com/1239484"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21855"
},
{
"cve": "CVE-2025-21856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21856"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ism: add release function for struct device\n\nAccording to device_release() in /drivers/base/core.c,\na device without a release function is a broken device\nand must be fixed.\n\nThe current code directly frees the device after calling device_add()\nwithout waiting for other kernel parts to release their references.\nThus, a reference could still be held to a struct device,\ne.g., by sysfs, leading to potential use-after-free\nissues if a proper release function is not set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21856",
"url": "https://www.suse.com/security/cve/CVE-2025-21856"
},
{
"category": "external",
"summary": "SUSE Bug 1239486 for CVE-2025-21856",
"url": "https://bugzilla.suse.com/1239486"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21856"
},
{
"cve": "CVE-2025-21857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21857"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_api: fix error handling causing NULL dereference\n\ntcf_exts_miss_cookie_base_alloc() calls xa_alloc_cyclic() which can\nreturn 1 if the allocation succeeded after wrapping. This was treated as\nan error, with value 1 returned to caller tcf_exts_init_ex() which sets\nexts-\u003eactions to NULL and returns 1 to caller fl_change().\n\nfl_change() treats err == 1 as success, calling tcf_exts_validate_ex()\nwhich calls tcf_action_init() with exts-\u003eactions as argument, where it\nis dereferenced.\n\nExample trace:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nCPU: 114 PID: 16151 Comm: handler114 Kdump: loaded Not tainted 5.14.0-503.16.1.el9_5.x86_64 #1\nRIP: 0010:tcf_action_init+0x1f8/0x2c0\nCall Trace:\n tcf_action_init+0x1f8/0x2c0\n tcf_exts_validate_ex+0x175/0x190\n fl_change+0x537/0x1120 [cls_flower]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21857",
"url": "https://www.suse.com/security/cve/CVE-2025-21857"
},
{
"category": "external",
"summary": "SUSE Bug 1239478 for CVE-2025-21857",
"url": "https://bugzilla.suse.com/1239478"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21857"
},
{
"cve": "CVE-2025-21858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngeneve: Fix use-after-free in geneve_find_dev().\n\nsyzkaller reported a use-after-free in geneve_find_dev() [0]\nwithout repro.\n\ngeneve_configure() links struct geneve_dev.next to\nnet_generic(net, geneve_net_id)-\u003egeneve_list.\n\nThe net here could differ from dev_net(dev) if IFLA_NET_NS_PID,\nIFLA_NET_NS_FD, or IFLA_TARGET_NETNSID is set.\n\nWhen dev_net(dev) is dismantled, geneve_exit_batch_rtnl() finally\ncalls unregister_netdevice_queue() for each dev in the netns,\nand later the dev is freed.\n\nHowever, its geneve_dev.next is still linked to the backend UDP\nsocket netns.\n\nThen, use-after-free will occur when another geneve dev is created\nin the netns.\n\nLet\u0027s call geneve_dellink() instead in geneve_destroy_tunnels().\n\n[0]:\nBUG: KASAN: slab-use-after-free in geneve_find_dev drivers/net/geneve.c:1295 [inline]\nBUG: KASAN: slab-use-after-free in geneve_configure+0x234/0x858 drivers/net/geneve.c:1343\nRead of size 2 at addr ffff000054d6ee24 by task syz.1.4029/13441\n\nCPU: 1 UID: 0 PID: 13441 Comm: syz.1.4029 Not tainted 6.13.0-g0ad9617c78ac #24 dc35ca22c79fb82e8e7bc5c9c9adafea898b1e3d\nHardware name: linux,dummy-virt (DT)\nCall trace:\n show_stack+0x38/0x50 arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0xbc/0x108 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x16c/0x6f0 mm/kasan/report.c:489\n kasan_report+0xc0/0x120 mm/kasan/report.c:602\n __asan_report_load2_noabort+0x20/0x30 mm/kasan/report_generic.c:379\n geneve_find_dev drivers/net/geneve.c:1295 [inline]\n geneve_configure+0x234/0x858 drivers/net/geneve.c:1343\n geneve_newlink+0xb8/0x128 drivers/net/geneve.c:1634\n rtnl_newlink_create+0x23c/0x868 net/core/rtnetlink.c:3795\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]\n rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x618/0x838 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x5fc/0x8b0 net/netlink/af_netlink.c:1892\n sock_sendmsg_nosec net/socket.c:713 [inline]\n __sock_sendmsg net/socket.c:728 [inline]\n ____sys_sendmsg+0x410/0x6f8 net/socket.c:2568\n ___sys_sendmsg+0x178/0x1d8 net/socket.c:2622\n __sys_sendmsg net/socket.c:2654 [inline]\n __do_sys_sendmsg net/socket.c:2659 [inline]\n __se_sys_sendmsg net/socket.c:2657 [inline]\n __arm64_sys_sendmsg+0x12c/0x1c8 net/socket.c:2657\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x90/0x278 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x13c/0x250 arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x54/0x70 arch/arm64/kernel/syscall.c:151\n el0_svc+0x4c/0xa8 arch/arm64/kernel/entry-common.c:744\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:762\n el0t_64_sync+0x198/0x1a0 arch/arm64/kernel/entry.S:600\n\nAllocated by task 13247:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x30/0x68 mm/kasan/common.c:68\n kasan_save_alloc_info+0x44/0x58 mm/kasan/generic.c:568\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x84/0xa0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4298 [inline]\n __kmalloc_node_noprof+0x2a0/0x560 mm/slub.c:4304\n __kvmalloc_node_noprof+0x9c/0x230 mm/util.c:645\n alloc_netdev_mqs+0xb8/0x11a0 net/core/dev.c:11470\n rtnl_create_link+0x2b8/0xb50 net/core/rtnetlink.c:3604\n rtnl_newlink_create+0x19c/0x868 net/core/rtnetlink.c:3780\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]\n rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938\n netlink_unicast_kernel net/netlink/af_n\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21858",
"url": "https://www.suse.com/security/cve/CVE-2025-21858"
},
{
"category": "external",
"summary": "SUSE Bug 1239468 for CVE-2025-21858",
"url": "https://bugzilla.suse.com/1239468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21858"
},
{
"cve": "CVE-2025-21859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21859"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: f_midi: f_midi_complete to call queue_work\n\nWhen using USB MIDI, a lock is attempted to be acquired twice through a\nre-entrant call to f_midi_transmit, causing a deadlock.\n\nFix it by using queue_work() to schedule the inner f_midi_transmit() via\na high priority work queue from the completion handler.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21859",
"url": "https://www.suse.com/security/cve/CVE-2025-21859"
},
{
"category": "external",
"summary": "SUSE Bug 1239467 for CVE-2025-21859",
"url": "https://bugzilla.suse.com/1239467"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21859"
},
{
"cve": "CVE-2025-21861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/migrate_device: don\u0027t add folio to be freed to LRU in migrate_device_finalize()\n\nIf migration succeeded, we called\nfolio_migrate_flags()-\u003emem_cgroup_migrate() to migrate the memcg from the\nold to the new folio. This will set memcg_data of the old folio to 0.\n\nSimilarly, if migration failed, memcg_data of the dst folio is left unset.\n\nIf we call folio_putback_lru() on such folios (memcg_data == 0), we will\nadd the folio to be freed to the LRU, making memcg code unhappy. Running\nthe hmm selftests:\n\n # ./hmm-tests\n ...\n # RUN hmm.hmm_device_private.migrate ...\n [ 102.078007][T14893] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7ff27d200 pfn:0x13cc00\n [ 102.079974][T14893] anon flags: 0x17ff00000020018(uptodate|dirty|swapbacked|node=0|zone=2|lastcpupid=0x7ff)\n [ 102.082037][T14893] raw: 017ff00000020018 dead000000000100 dead000000000122 ffff8881353896c9\n [ 102.083687][T14893] raw: 00000007ff27d200 0000000000000000 00000001ffffffff 0000000000000000\n [ 102.085331][T14893] page dumped because: VM_WARN_ON_ONCE_FOLIO(!memcg \u0026\u0026 !mem_cgroup_disabled())\n [ 102.087230][T14893] ------------[ cut here ]------------\n [ 102.088279][T14893] WARNING: CPU: 0 PID: 14893 at ./include/linux/memcontrol.h:726 folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.090478][T14893] Modules linked in:\n [ 102.091244][T14893] CPU: 0 UID: 0 PID: 14893 Comm: hmm-tests Not tainted 6.13.0-09623-g6c216bc522fd #151\n [ 102.093089][T14893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n [ 102.094848][T14893] RIP: 0010:folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.096104][T14893] Code: ...\n [ 102.099908][T14893] RSP: 0018:ffffc900236c37b0 EFLAGS: 00010293\n [ 102.101152][T14893] RAX: 0000000000000000 RBX: ffffea0004f30000 RCX: ffffffff8183f426\n [ 102.102684][T14893] RDX: ffff8881063cb880 RSI: ffffffff81b8117f RDI: ffff8881063cb880\n [ 102.104227][T14893] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000\n [ 102.105757][T14893] R10: 0000000000000001 R11: 0000000000000002 R12: ffffc900236c37d8\n [ 102.107296][T14893] R13: ffff888277a2bcb0 R14: 000000000000001f R15: 0000000000000000\n [ 102.108830][T14893] FS: 00007ff27dbdd740(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000\n [ 102.110643][T14893] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 102.111924][T14893] CR2: 00007ff27d400000 CR3: 000000010866e000 CR4: 0000000000750ef0\n [ 102.113478][T14893] PKRU: 55555554\n [ 102.114172][T14893] Call Trace:\n [ 102.114805][T14893] \u003cTASK\u003e\n [ 102.115397][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.116547][T14893] ? __warn.cold+0x110/0x210\n [ 102.117461][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.118667][T14893] ? report_bug+0x1b9/0x320\n [ 102.119571][T14893] ? handle_bug+0x54/0x90\n [ 102.120494][T14893] ? exc_invalid_op+0x17/0x50\n [ 102.121433][T14893] ? asm_exc_invalid_op+0x1a/0x20\n [ 102.122435][T14893] ? __wake_up_klogd.part.0+0x76/0xd0\n [ 102.123506][T14893] ? dump_page+0x4f/0x60\n [ 102.124352][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.125500][T14893] folio_batch_move_lru+0xd4/0x200\n [ 102.126577][T14893] ? __pfx_lru_add+0x10/0x10\n [ 102.127505][T14893] __folio_batch_add_and_move+0x391/0x720\n [ 102.128633][T14893] ? __pfx_lru_add+0x10/0x10\n [ 102.129550][T14893] folio_putback_lru+0x16/0x80\n [ 102.130564][T14893] migrate_device_finalize+0x9b/0x530\n [ 102.131640][T14893] dmirror_migrate_to_device.constprop.0+0x7c5/0xad0\n [ 102.133047][T14893] dmirror_fops_unlocked_ioctl+0x89b/0xc80\n\nLikely, nothing else goes wrong: putting the last folio reference will\nremove the folio from the LRU again. So besides memcg complaining, adding\nthe folio to be freed to the LRU is just an unnecessary step.\n\nThe new flow resembles what we have in migrate_folio_move(): add the dst\nto the lru, rem\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21861",
"url": "https://www.suse.com/security/cve/CVE-2025-21861"
},
{
"category": "external",
"summary": "SUSE Bug 1239483 for CVE-2025-21861",
"url": "https://bugzilla.suse.com/1239483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21861"
},
{
"cve": "CVE-2025-21862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21862"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: fix incorrect initialization order\n\nSyzkaller reports the following bug:\n\nBUG: spinlock bad magic on CPU#1, syz-executor.0/7995\n lock: 0xffff88805303f3e0, .magic: 00000000, .owner: \u003cnone\u003e/-1, .owner_cpu: 0\nCPU: 1 PID: 7995 Comm: syz-executor.0 Tainted: G E 5.10.209+ #1\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x119/0x179 lib/dump_stack.c:118\n debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline]\n do_raw_spin_lock+0x1f6/0x270 kernel/locking/spinlock_debug.c:112\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline]\n _raw_spin_lock_irqsave+0x50/0x70 kernel/locking/spinlock.c:159\n reset_per_cpu_data+0xe6/0x240 [drop_monitor]\n net_dm_cmd_trace+0x43d/0x17a0 [drop_monitor]\n genl_family_rcv_msg_doit+0x22f/0x330 net/netlink/genetlink.c:739\n genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]\n genl_rcv_msg+0x341/0x5a0 net/netlink/genetlink.c:800\n netlink_rcv_skb+0x14d/0x440 net/netlink/af_netlink.c:2497\n genl_rcv+0x29/0x40 net/netlink/genetlink.c:811\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x54b/0x800 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x914/0xe00 net/netlink/af_netlink.c:1916\n sock_sendmsg_nosec net/socket.c:651 [inline]\n __sock_sendmsg+0x157/0x190 net/socket.c:663\n ____sys_sendmsg+0x712/0x870 net/socket.c:2378\n ___sys_sendmsg+0xf8/0x170 net/socket.c:2432\n __sys_sendmsg+0xea/0x1b0 net/socket.c:2461\n do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x62/0xc7\nRIP: 0033:0x7f3f9815aee9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f3f972bf0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f3f9826d050 RCX: 00007f3f9815aee9\nRDX: 0000000020000000 RSI: 0000000020001300 RDI: 0000000000000007\nRBP: 00007f3f981b63bd R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000006e R14: 00007f3f9826d050 R15: 00007ffe01ee6768\n\nIf drop_monitor is built as a kernel module, syzkaller may have time\nto send a netlink NET_DM_CMD_START message during the module loading.\nThis will call the net_dm_monitor_start() function that uses\na spinlock that has not yet been initialized.\n\nTo fix this, let\u0027s place resource initialization above the registration\nof a generic netlink family.\n\nFound by InfoTeCS on behalf of Linux Verification Center\n(linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21862",
"url": "https://www.suse.com/security/cve/CVE-2025-21862"
},
{
"category": "external",
"summary": "SUSE Bug 1239474 for CVE-2025-21862",
"url": "https://bugzilla.suse.com/1239474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21862"
},
{
"cve": "CVE-2025-21864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: drop secpath at the same time as we currently drop dst\n\nXiumei reported hitting the WARN in xfrm6_tunnel_net_exit while\nrunning tests that boil down to:\n - create a pair of netns\n - run a basic TCP test over ipcomp6\n - delete the pair of netns\n\nThe xfrm_state found on spi_byaddr was not deleted at the time we\ndelete the netns, because we still have a reference on it. This\nlingering reference comes from a secpath (which holds a ref on the\nxfrm_state), which is still attached to an skb. This skb is not\nleaked, it ends up on sk_receive_queue and then gets defer-free\u0027d by\nskb_attempt_defer_free.\n\nThe problem happens when we defer freeing an skb (push it on one CPU\u0027s\ndefer_list), and don\u0027t flush that list before the netns is deleted. In\nthat case, we still have a reference on the xfrm_state that we don\u0027t\nexpect at this point.\n\nWe already drop the skb\u0027s dst in the TCP receive path when it\u0027s no\nlonger needed, so let\u0027s also drop the secpath. At this point,\ntcp_filter has already called into the LSM hooks that may require the\nsecpath, so it should not be needed anymore. However, in some of those\nplaces, the MPTCP extension has just been attached to the skb, so we\ncannot simply drop all extensions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21864",
"url": "https://www.suse.com/security/cve/CVE-2025-21864"
},
{
"category": "external",
"summary": "SUSE Bug 1239482 for CVE-2025-21864",
"url": "https://bugzilla.suse.com/1239482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21864"
},
{
"cve": "CVE-2025-21865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21865"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().\n\nBrad Spengler reported the list_del() corruption splat in\ngtp_net_exit_batch_rtnl(). [0]\n\nCommit eb28fd76c0a0 (\"gtp: Destroy device along with udp socket\u0027s netns\ndismantle.\") added the for_each_netdev() loop in gtp_net_exit_batch_rtnl()\nto destroy devices in each netns as done in geneve and ip tunnels.\n\nHowever, this could trigger -\u003edellink() twice for the same device during\n-\u003eexit_batch_rtnl().\n\nSay we have two netns A \u0026 B and gtp device B that resides in netns B but\nwhose UDP socket is in netns A.\n\n 1. cleanup_net() processes netns A and then B.\n\n 2. gtp_net_exit_batch_rtnl() finds the device B while iterating\n netns A\u0027s gn-\u003egtp_dev_list and calls -\u003edellink().\n\n [ device B is not yet unlinked from netns B\n as unregister_netdevice_many() has not been called. ]\n\n 3. gtp_net_exit_batch_rtnl() finds the device B while iterating\n netns B\u0027s for_each_netdev() and calls -\u003edellink().\n\ngtp_dellink() cleans up the device\u0027s hash table, unlinks the dev from\ngn-\u003egtp_dev_list, and calls unregister_netdevice_queue().\n\nBasically, calling gtp_dellink() multiple times is fine unless\nCONFIG_DEBUG_LIST is enabled.\n\nLet\u0027s remove for_each_netdev() in gtp_net_exit_batch_rtnl() and\ndelegate the destruction to default_device_exit_batch() as done\nin bareudp.\n\n[0]:\nlist_del corruption, ffff8880aaa62c00-\u003enext (autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc00/0x1000 [slab object]) is LIST_POISON1 (ffffffffffffff02) (prev is 0xffffffffffffff04)\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN\nCPU: 1 UID: 0 PID: 1804 Comm: kworker/u8:7 Tainted: G T 6.12.13-grsec-full-20250211091339 #1\nTainted: [T]=RANDSTRUCT\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: netns cleanup_net\nRIP: 0010:[\u003cffffffff84947381\u003e] __list_del_entry_valid_or_report+0x141/0x200 lib/list_debug.c:58\nCode: c2 76 91 31 c0 e8 9f b1 f7 fc 0f 0b 4d 89 f0 48 c7 c1 02 ff ff ff 48 89 ea 48 89 ee 48 c7 c7 e0 c2 76 91 31 c0 e8 7f b1 f7 fc \u003c0f\u003e 0b 4d 89 e8 48 c7 c1 04 ff ff ff 48 89 ea 48 89 ee 48 c7 c7 60\nRSP: 0018:fffffe8040b4fbd0 EFLAGS: 00010283\nRAX: 00000000000000cc RBX: dffffc0000000000 RCX: ffffffff818c4054\nRDX: ffffffff84947381 RSI: ffffffff818d1512 RDI: 0000000000000000\nRBP: ffff8880aaa62c00 R08: 0000000000000001 R09: fffffbd008169f32\nR10: fffffe8040b4f997 R11: 0000000000000001 R12: a1988d84f24943e4\nR13: ffffffffffffff02 R14: ffffffffffffff04 R15: ffff8880aaa62c08\nRBX: kasan shadow of 0x0\nRCX: __wake_up_klogd.part.0+0x74/0xe0 kernel/printk/printk.c:4554\nRDX: __list_del_entry_valid_or_report+0x141/0x200 lib/list_debug.c:58\nRSI: vprintk+0x72/0x100 kernel/printk/printk_safe.c:71\nRBP: autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc00/0x1000 [slab object]\nRSP: process kstack fffffe8040b4fbd0+0x7bd0/0x8000 [kworker/u8:7+netns 1804 ]\nR09: kasan shadow of process kstack fffffe8040b4f990+0x7990/0x8000 [kworker/u8:7+netns 1804 ]\nR10: process kstack fffffe8040b4f997+0x7997/0x8000 [kworker/u8:7+netns 1804 ]\nR15: autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc08/0x1000 [slab object]\nFS: 0000000000000000(0000) GS:ffff888116000000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000748f5372c000 CR3: 0000000015408000 CR4: 00000000003406f0 shadow CR4: 00000000003406f0\nStack:\n 0000000000000000 ffffffff8a0c35e7 ffffffff8a0c3603 ffff8880aaa62c00\n ffff8880aaa62c00 0000000000000004 ffff88811145311c 0000000000000005\n 0000000000000001 ffff8880aaa62000 fffffe8040b4fd40 ffffffff8a0c360d\nCall Trace:\n \u003cTASK\u003e\n [\u003cffffffff8a0c360d\u003e] __list_del_entry_valid include/linux/list.h:131 [inline] fffffe8040b4fc28\n [\u003cffffffff8a0c360d\u003e] __list_del_entry include/linux/list.h:248 [inline] fffffe8040b4fc28\n [\u003cffffffff8a0c360d\u003e] list_del include/linux/list.h:262 [inl\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21865",
"url": "https://www.suse.com/security/cve/CVE-2025-21865"
},
{
"category": "external",
"summary": "SUSE Bug 1239481 for CVE-2025-21865",
"url": "https://bugzilla.suse.com/1239481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21865"
},
{
"cve": "CVE-2025-21866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC\n\nErhard reported the following KASAN hit while booting his PowerMac G4\nwith a KASAN-enabled kernel 6.13-rc6:\n\n BUG: KASAN: vmalloc-out-of-bounds in copy_to_kernel_nofault+0xd8/0x1c8\n Write of size 8 at addr f1000000 by task chronyd/1293\n\n CPU: 0 UID: 123 PID: 1293 Comm: chronyd Tainted: G W 6.13.0-rc6-PMacG4 #2\n Tainted: [W]=WARN\n Hardware name: PowerMac3,6 7455 0x80010303 PowerMac\n Call Trace:\n [c2437590] [c1631a84] dump_stack_lvl+0x70/0x8c (unreliable)\n [c24375b0] [c0504998] print_report+0xdc/0x504\n [c2437610] [c050475c] kasan_report+0xf8/0x108\n [c2437690] [c0505a3c] kasan_check_range+0x24/0x18c\n [c24376a0] [c03fb5e4] copy_to_kernel_nofault+0xd8/0x1c8\n [c24376c0] [c004c014] patch_instructions+0x15c/0x16c\n [c2437710] [c00731a8] bpf_arch_text_copy+0x60/0x7c\n [c2437730] [c0281168] bpf_jit_binary_pack_finalize+0x50/0xac\n [c2437750] [c0073cf4] bpf_int_jit_compile+0xb30/0xdec\n [c2437880] [c0280394] bpf_prog_select_runtime+0x15c/0x478\n [c24378d0] [c1263428] bpf_prepare_filter+0xbf8/0xc14\n [c2437990] [c12677ec] bpf_prog_create_from_user+0x258/0x2b4\n [c24379d0] [c027111c] do_seccomp+0x3dc/0x1890\n [c2437ac0] [c001d8e0] system_call_exception+0x2dc/0x420\n [c2437f30] [c00281ac] ret_from_syscall+0x0/0x2c\n --- interrupt: c00 at 0x5a1274\n NIP: 005a1274 LR: 006a3b3c CTR: 005296c8\n REGS: c2437f40 TRAP: 0c00 Tainted: G W (6.13.0-rc6-PMacG4)\n MSR: 0200f932 \u003cVEC,EE,PR,FP,ME,IR,DR,RI\u003e CR: 24004422 XER: 00000000\n\n GPR00: 00000166 af8f3fa0 a7ee3540 00000001 00000000 013b6500 005a5858 0200f932\n GPR08: 00000000 00001fe9 013d5fc8 005296c8 2822244c 00b2fcd8 00000000 af8f4b57\n GPR16: 00000000 00000001 00000000 00000000 00000000 00000001 00000000 00000002\n GPR24: 00afdbb0 00000000 00000000 00000000 006e0004 013ce060 006e7c1c 00000001\n NIP [005a1274] 0x5a1274\n LR [006a3b3c] 0x6a3b3c\n --- interrupt: c00\n\n The buggy address belongs to the virtual mapping at\n [f1000000, f1002000) created by:\n text_area_cpu_up+0x20/0x190\n\n The buggy address belongs to the physical page:\n page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x76e30\n flags: 0x80000000(zone=2)\n raw: 80000000 00000000 00000122 00000000 00000000 00000000 ffffffff 00000001\n raw: 00000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n f0ffff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n f0ffff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n \u003ef1000000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n f1000080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n f1000100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ==================================================================\n\nf8 corresponds to KASAN_VMALLOC_INVALID which means the area is not\ninitialised hence not supposed to be used yet.\n\nPowerpc text patching infrastructure allocates a virtual memory area\nusing get_vm_area() and flags it as VM_ALLOC. But that flag is meant\nto be used for vmalloc() and vmalloc() allocated memory is not\nsupposed to be used before a call to __vmalloc_node_range() which is\nnever called for that area.\n\nThat went undetected until commit e4137f08816b (\"mm, kasan, kmsan:\ninstrument copy_from/to_kernel_nofault\")\n\nThe area allocated by text_area_cpu_up() is not vmalloc memory, it is\nmapped directly on demand when needed by map_kernel_page(). There is\nno VM flag corresponding to such usage, so just pass no flag. That way\nthe area will be unpoisonned and usable immediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21866",
"url": "https://www.suse.com/security/cve/CVE-2025-21866"
},
{
"category": "external",
"summary": "SUSE Bug 1239473 for CVE-2025-21866",
"url": "https://bugzilla.suse.com/1239473"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21866"
},
{
"cve": "CVE-2025-21869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21869"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/code-patching: Disable KASAN report during patching via temporary mm\n\nErhard reports the following KASAN hit on Talos II (power9) with kernel 6.13:\n\n[ 12.028126] ==================================================================\n[ 12.028198] BUG: KASAN: user-memory-access in copy_to_kernel_nofault+0x8c/0x1a0\n[ 12.028260] Write of size 8 at addr 0000187e458f2000 by task systemd/1\n\n[ 12.028346] CPU: 87 UID: 0 PID: 1 Comm: systemd Tainted: G T 6.13.0-P9-dirty #3\n[ 12.028408] Tainted: [T]=RANDSTRUCT\n[ 12.028446] Hardware name: T2P9D01 REV 1.01 POWER9 0x4e1202 opal:skiboot-bc106a0 PowerNV\n[ 12.028500] Call Trace:\n[ 12.028536] [c000000008dbf3b0] [c000000001656a48] dump_stack_lvl+0xbc/0x110 (unreliable)\n[ 12.028609] [c000000008dbf3f0] [c0000000006e2fc8] print_report+0x6b0/0x708\n[ 12.028666] [c000000008dbf4e0] [c0000000006e2454] kasan_report+0x164/0x300\n[ 12.028725] [c000000008dbf600] [c0000000006e54d4] kasan_check_range+0x314/0x370\n[ 12.028784] [c000000008dbf640] [c0000000006e6310] __kasan_check_write+0x20/0x40\n[ 12.028842] [c000000008dbf660] [c000000000578e8c] copy_to_kernel_nofault+0x8c/0x1a0\n[ 12.028902] [c000000008dbf6a0] [c0000000000acfe4] __patch_instructions+0x194/0x210\n[ 12.028965] [c000000008dbf6e0] [c0000000000ade80] patch_instructions+0x150/0x590\n[ 12.029026] [c000000008dbf7c0] [c0000000001159bc] bpf_arch_text_copy+0x6c/0xe0\n[ 12.029085] [c000000008dbf800] [c000000000424250] bpf_jit_binary_pack_finalize+0x40/0xc0\n[ 12.029147] [c000000008dbf830] [c000000000115dec] bpf_int_jit_compile+0x3bc/0x930\n[ 12.029206] [c000000008dbf990] [c000000000423720] bpf_prog_select_runtime+0x1f0/0x280\n[ 12.029266] [c000000008dbfa00] [c000000000434b18] bpf_prog_load+0xbb8/0x1370\n[ 12.029324] [c000000008dbfb70] [c000000000436ebc] __sys_bpf+0x5ac/0x2e00\n[ 12.029379] [c000000008dbfd00] [c00000000043a228] sys_bpf+0x28/0x40\n[ 12.029435] [c000000008dbfd20] [c000000000038eb4] system_call_exception+0x334/0x610\n[ 12.029497] [c000000008dbfe50] [c00000000000c270] system_call_vectored_common+0xf0/0x280\n[ 12.029561] --- interrupt: 3000 at 0x3fff82f5cfa8\n[ 12.029608] NIP: 00003fff82f5cfa8 LR: 00003fff82f5cfa8 CTR: 0000000000000000\n[ 12.029660] REGS: c000000008dbfe80 TRAP: 3000 Tainted: G T (6.13.0-P9-dirty)\n[ 12.029735] MSR: 900000000280f032 \u003cSF,HV,VEC,VSX,EE,PR,FP,ME,IR,DR,RI\u003e CR: 42004848 XER: 00000000\n[ 12.029855] IRQMASK: 0\n GPR00: 0000000000000169 00003fffdcf789a0 00003fff83067100 0000000000000005\n GPR04: 00003fffdcf78a98 0000000000000090 0000000000000000 0000000000000008\n GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000\n GPR12: 0000000000000000 00003fff836ff7e0 c000000000010678 0000000000000000\n GPR16: 0000000000000000 0000000000000000 00003fffdcf78f28 00003fffdcf78f90\n GPR20: 0000000000000000 0000000000000000 0000000000000000 00003fffdcf78f80\n GPR24: 00003fffdcf78f70 00003fffdcf78d10 00003fff835c7239 00003fffdcf78bd8\n GPR28: 00003fffdcf78a98 0000000000000000 0000000000000000 000000011f547580\n[ 12.030316] NIP [00003fff82f5cfa8] 0x3fff82f5cfa8\n[ 12.030361] LR [00003fff82f5cfa8] 0x3fff82f5cfa8\n[ 12.030405] --- interrupt: 3000\n[ 12.030444] ==================================================================\n\nCommit c28c15b6d28a (\"powerpc/code-patching: Use temporary mm for\nRadix MMU\") is inspired from x86 but unlike x86 is doesn\u0027t disable\nKASAN reports during patching. This wasn\u0027t a problem at the begining\nbecause __patch_mem() is not instrumented.\n\nCommit 465cabc97b42 (\"powerpc/code-patching: introduce\npatch_instructions()\") use copy_to_kernel_nofault() to copy several\ninstructions at once. But when using temporary mm the destination is\nnot regular kernel memory but a kind of kernel-like memory located\nin user address space. \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21869",
"url": "https://www.suse.com/security/cve/CVE-2025-21869"
},
{
"category": "external",
"summary": "SUSE Bug 1240182 for CVE-2025-21869",
"url": "https://bugzilla.suse.com/1240182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21869"
},
{
"cve": "CVE-2025-21870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21870"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers\n\nOther, non DAI copier widgets could have the same stream name (sname) as\nthe ALH copier and in that case the copier-\u003edata is NULL, no alh_data is\nattached, which could lead to NULL pointer dereference.\nWe could check for this NULL pointer in sof_ipc4_prepare_copier_module()\nand avoid the crash, but a similar loop in sof_ipc4_widget_setup_comp_dai()\nwill miscalculate the ALH device count, causing broken audio.\n\nThe correct fix is to harden the matching logic by making sure that the\n1. widget is a DAI widget - so dai = w-\u003eprivate is valid\n2. the dai (and thus the copier) is ALH copier",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21870",
"url": "https://www.suse.com/security/cve/CVE-2025-21870"
},
{
"category": "external",
"summary": "SUSE Bug 1240191 for CVE-2025-21870",
"url": "https://bugzilla.suse.com/1240191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21870"
},
{
"cve": "CVE-2025-21871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21871"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: optee: Fix supplicant wait loop\n\nOP-TEE supplicant is a user-space daemon and it\u0027s possible for it\nbe hung or crashed or killed in the middle of processing an OP-TEE\nRPC call. It becomes more complicated when there is incorrect shutdown\nordering of the supplicant process vs the OP-TEE client application which\ncan eventually lead to system hang-up waiting for the closure of the\nclient application.\n\nAllow the client process waiting in kernel for supplicant response to\nbe killed rather than indefinitely waiting in an unkillable state. Also,\na normal uninterruptible wait should not have resulted in the hung-task\nwatchdog getting triggered, but the endless loop would.\n\nThis fixes issues observed during system reboot/shutdown when supplicant\ngot hung for some reason or gets crashed/killed which lead to client\ngetting hung in an unkillable state. It in turn lead to system being in\nhung up state requiring hard power off/on to recover.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21871",
"url": "https://www.suse.com/security/cve/CVE-2025-21871"
},
{
"category": "external",
"summary": "SUSE Bug 1240183 for CVE-2025-21871",
"url": "https://bugzilla.suse.com/1240183"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21871"
},
{
"cve": "CVE-2025-21876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21876"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix suspicious RCU usage\n\nCommit \u003cd74169ceb0d2\u003e (\"iommu/vt-d: Allocate DMAR fault interrupts\nlocally\") moved the call to enable_drhd_fault_handling() to a code\npath that does not hold any lock while traversing the drhd list. Fix\nit by ensuring the dmar_global_lock lock is held when traversing the\ndrhd list.\n\nWithout this fix, the following warning is triggered:\n =============================\n WARNING: suspicious RCU usage\n 6.14.0-rc3 #55 Not tainted\n -----------------------------\n drivers/iommu/intel/dmar.c:2046 RCU-list traversed in non-reader section!!\n other info that might help us debug this:\n rcu_scheduler_active = 1, debug_locks = 1\n 2 locks held by cpuhp/1/23:\n #0: ffffffff84a67c50 (cpu_hotplug_lock){++++}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0\n #1: ffffffff84a6a380 (cpuhp_state-up){+.+.}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0\n stack backtrace:\n CPU: 1 UID: 0 PID: 23 Comm: cpuhp/1 Not tainted 6.14.0-rc3 #55\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xb7/0xd0\n lockdep_rcu_suspicious+0x159/0x1f0\n ? __pfx_enable_drhd_fault_handling+0x10/0x10\n enable_drhd_fault_handling+0x151/0x180\n cpuhp_invoke_callback+0x1df/0x990\n cpuhp_thread_fun+0x1ea/0x2c0\n smpboot_thread_fn+0x1f5/0x2e0\n ? __pfx_smpboot_thread_fn+0x10/0x10\n kthread+0x12a/0x2d0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x4a/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nHolding the lock in enable_drhd_fault_handling() triggers a lockdep splat\nabout a possible deadlock between dmar_global_lock and cpu_hotplug_lock.\nThis is avoided by not holding dmar_global_lock when calling\niommu_device_register(), which initiates the device probe process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21876",
"url": "https://www.suse.com/security/cve/CVE-2025-21876"
},
{
"category": "external",
"summary": "SUSE Bug 1240179 for CVE-2025-21876",
"url": "https://bugzilla.suse.com/1240179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21876"
},
{
"cve": "CVE-2025-21877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21877"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: gl620a: fix endpoint checking in genelink_bind()\n\nSyzbot reports [1] a warning in usb_submit_urb() triggered by\ninconsistencies between expected and actually present endpoints\nin gl620a driver. Since genelink_bind() does not properly\nverify whether specified eps are in fact provided by the device,\nin this case, an artificially manufactured one, one may get a\nmismatch.\n\nFix the issue by resorting to a usbnet utility function\nusbnet_get_endpoints(), usually reserved for this very problem.\nCheck for endpoints and return early before proceeding further if\nany are missing.\n\n[1] Syzbot report:\nusb 5-1: Manufacturer: syz\nusb 5-1: SerialNumber: syz\nusb 5-1: config 0 descriptor??\ngl620a 5-1:0.23 usb0: register \u0027gl620a\u0027 at usb-dummy_hcd.0-1, ...\n------------[ cut here ]------------\nusb 5-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 2 PID: 1841 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\nModules linked in:\nCPU: 2 UID: 0 PID: 1841 Comm: kworker/2:2 Not tainted 6.12.0-syzkaller-07834-g06afb0f36106 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: mld mld_ifc_work\nRIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\n...\nCall Trace:\n \u003cTASK\u003e\n usbnet_start_xmit+0x6be/0x2780 drivers/net/usb/usbnet.c:1467\n __netdev_start_xmit include/linux/netdevice.h:5002 [inline]\n netdev_start_xmit include/linux/netdevice.h:5011 [inline]\n xmit_one net/core/dev.c:3590 [inline]\n dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3606\n sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343\n __dev_xmit_skb net/core/dev.c:3827 [inline]\n __dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4400\n dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n neigh_resolve_output net/core/neighbour.c:1514 [inline]\n neigh_resolve_output+0x5bc/0x950 net/core/neighbour.c:1494\n neigh_output include/net/neighbour.h:539 [inline]\n ip6_finish_output2+0xb1b/0x2070 net/ipv6/ip6_output.c:141\n __ip6_finish_output net/ipv6/ip6_output.c:215 [inline]\n ip6_finish_output+0x3f9/0x1360 net/ipv6/ip6_output.c:226\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip6_output+0x1f8/0x540 net/ipv6/ip6_output.c:247\n dst_output include/net/dst.h:450 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netfilter.h:308 [inline]\n mld_sendpack+0x9f0/0x11d0 net/ipv6/mcast.c:1819\n mld_send_cr net/ipv6/mcast.c:2120 [inline]\n mld_ifc_work+0x740/0xca0 net/ipv6/mcast.c:2651\n process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21877",
"url": "https://www.suse.com/security/cve/CVE-2025-21877"
},
{
"category": "external",
"summary": "SUSE Bug 1240172 for CVE-2025-21877",
"url": "https://bugzilla.suse.com/1240172"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21877"
},
{
"cve": "CVE-2025-21878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21878"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: npcm: disable interrupt enable bit before devm_request_irq\n\nThe customer reports that there is a soft lockup issue related to\nthe i2c driver. After checking, the i2c module was doing a tx transfer\nand the bmc machine reboots in the middle of the i2c transaction, the i2c\nmodule keeps the status without being reset.\n\nDue to such an i2c module status, the i2c irq handler keeps getting\ntriggered since the i2c irq handler is registered in the kernel booting\nprocess after the bmc machine is doing a warm rebooting.\nThe continuous triggering is stopped by the soft lockup watchdog timer.\n\nDisable the interrupt enable bit in the i2c module before calling\ndevm_request_irq to fix this issue since the i2c relative status bit\nis read-only.\n\nHere is the soft lockup log.\n[ 28.176395] watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [swapper/0:1]\n[ 28.183351] Modules linked in:\n[ 28.186407] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.15.120-yocto-s-dirty-bbebc78 #1\n[ 28.201174] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 28.208128] pc : __do_softirq+0xb0/0x368\n[ 28.212055] lr : __do_softirq+0x70/0x368\n[ 28.215972] sp : ffffff8035ebca00\n[ 28.219278] x29: ffffff8035ebca00 x28: 0000000000000002 x27: ffffff80071a3780\n[ 28.226412] x26: ffffffc008bdc000 x25: ffffffc008bcc640 x24: ffffffc008be50c0\n[ 28.233546] x23: ffffffc00800200c x22: 0000000000000000 x21: 000000000000001b\n[ 28.240679] x20: 0000000000000000 x19: ffffff80001c3200 x18: ffffffffffffffff\n[ 28.247812] x17: ffffffc02d2e0000 x16: ffffff8035eb8b40 x15: 00001e8480000000\n[ 28.254945] x14: 02c3647e37dbfcb6 x13: 02c364f2ab14200c x12: 0000000002c364f2\n[ 28.262078] x11: 00000000fa83b2da x10: 000000000000b67e x9 : ffffffc008010250\n[ 28.269211] x8 : 000000009d983d00 x7 : 7fffffffffffffff x6 : 0000036d74732434\n[ 28.276344] x5 : 00ffffffffffffff x4 : 0000000000000015 x3 : 0000000000000198\n[ 28.283476] x2 : ffffffc02d2e0000 x1 : 00000000000000e0 x0 : ffffffc008bdcb40\n[ 28.290611] Call trace:\n[ 28.293052] __do_softirq+0xb0/0x368\n[ 28.296625] __irq_exit_rcu+0xe0/0x100\n[ 28.300374] irq_exit+0x14/0x20\n[ 28.303513] handle_domain_irq+0x68/0x90\n[ 28.307440] gic_handle_irq+0x78/0xb0\n[ 28.311098] call_on_irq_stack+0x20/0x38\n[ 28.315019] do_interrupt_handler+0x54/0x5c\n[ 28.319199] el1_interrupt+0x2c/0x4c\n[ 28.322777] el1h_64_irq_handler+0x14/0x20\n[ 28.326872] el1h_64_irq+0x74/0x78\n[ 28.330269] __setup_irq+0x454/0x780\n[ 28.333841] request_threaded_irq+0xd0/0x1b4\n[ 28.338107] devm_request_threaded_irq+0x84/0x100\n[ 28.342809] npcm_i2c_probe_bus+0x188/0x3d0\n[ 28.346990] platform_probe+0x6c/0xc4\n[ 28.350653] really_probe+0xcc/0x45c\n[ 28.354227] __driver_probe_device+0x8c/0x160\n[ 28.358578] driver_probe_device+0x44/0xe0\n[ 28.362670] __driver_attach+0x124/0x1d0\n[ 28.366589] bus_for_each_dev+0x7c/0xe0\n[ 28.370426] driver_attach+0x28/0x30\n[ 28.373997] bus_add_driver+0x124/0x240\n[ 28.377830] driver_register+0x7c/0x124\n[ 28.381662] __platform_driver_register+0x2c/0x34\n[ 28.386362] npcm_i2c_init+0x3c/0x5c\n[ 28.389937] do_one_initcall+0x74/0x230\n[ 28.393768] kernel_init_freeable+0x24c/0x2b4\n[ 28.398126] kernel_init+0x28/0x130\n[ 28.401614] ret_from_fork+0x10/0x20\n[ 28.405189] Kernel panic - not syncing: softlockup: hung tasks\n[ 28.411011] SMP: stopping secondary CPUs\n[ 28.414933] Kernel Offset: disabled\n[ 28.418412] CPU features: 0x00000000,00000802\n[ 28.427644] Rebooting in 20 seconds..",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21878",
"url": "https://www.suse.com/security/cve/CVE-2025-21878"
},
{
"category": "external",
"summary": "SUSE Bug 1240192 for CVE-2025-21878",
"url": "https://bugzilla.suse.com/1240192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21878"
},
{
"cve": "CVE-2025-21883",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21883"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix deinitializing VF in error path\n\nIf ice_ena_vfs() fails after calling ice_create_vf_entries(), it frees\nall VFs without removing them from snapshot PF-VF mailbox list, leading\nto list corruption.\n\nReproducer:\n devlink dev eswitch set $PF1_PCI mode switchdev\n ip l s $PF1 up\n ip l s $PF1 promisc on\n sleep 1\n echo 1 \u003e /sys/class/net/$PF1/device/sriov_numvfs\n sleep 1\n echo 1 \u003e /sys/class/net/$PF1/device/sriov_numvfs\n\nTrace (minimized):\n list_add corruption. next-\u003eprev should be prev (ffff8882e241c6f0), but was 0000000000000000. (next=ffff888455da1330).\n kernel BUG at lib/list_debug.c:29!\n RIP: 0010:__list_add_valid_or_report+0xa6/0x100\n ice_mbx_init_vf_info+0xa7/0x180 [ice]\n ice_initialize_vf_entry+0x1fa/0x250 [ice]\n ice_sriov_configure+0x8d7/0x1520 [ice]\n ? __percpu_ref_switch_mode+0x1b1/0x5d0\n ? __pfx_ice_sriov_configure+0x10/0x10 [ice]\n\nSometimes a KASAN report can be seen instead with a similar stack trace:\n BUG: KASAN: use-after-free in __list_add_valid_or_report+0xf1/0x100\n\nVFs are added to this list in ice_mbx_init_vf_info(), but only removed\nin ice_free_vfs(). Move the removing to ice_free_vf_entries(), which is\nalso being called in other places where VFs are being removed (including\nice_free_vfs() itself).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21883",
"url": "https://www.suse.com/security/cve/CVE-2025-21883"
},
{
"category": "external",
"summary": "SUSE Bug 1240189 for CVE-2025-21883",
"url": "https://bugzilla.suse.com/1240189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21883"
},
{
"cve": "CVE-2025-21885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21885"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix the page details for the srq created by kernel consumers\n\nWhile using nvme target with use_srq on, below kernel panic is noticed.\n\n[ 549.698111] bnxt_en 0000:41:00.0 enp65s0np0: FEC autoneg off encoding: Clause 91 RS(544,514)\n[ 566.393619] Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI\n..\n[ 566.393799] \u003cTASK\u003e\n[ 566.393807] ? __die_body+0x1a/0x60\n[ 566.393823] ? die+0x38/0x60\n[ 566.393835] ? do_trap+0xe4/0x110\n[ 566.393847] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393867] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393881] ? do_error_trap+0x7c/0x120\n[ 566.393890] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393911] ? exc_divide_error+0x34/0x50\n[ 566.393923] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393939] ? asm_exc_divide_error+0x16/0x20\n[ 566.393966] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393997] bnxt_qplib_create_srq+0xc9/0x340 [bnxt_re]\n[ 566.394040] bnxt_re_create_srq+0x335/0x3b0 [bnxt_re]\n[ 566.394057] ? srso_return_thunk+0x5/0x5f\n[ 566.394068] ? __init_swait_queue_head+0x4a/0x60\n[ 566.394090] ib_create_srq_user+0xa7/0x150 [ib_core]\n[ 566.394147] nvmet_rdma_queue_connect+0x7d0/0xbe0 [nvmet_rdma]\n[ 566.394174] ? lock_release+0x22c/0x3f0\n[ 566.394187] ? srso_return_thunk+0x5/0x5f\n\nPage size and shift info is set only for the user space SRQs.\nSet page size and page shift for kernel space SRQs also.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21885",
"url": "https://www.suse.com/security/cve/CVE-2025-21885"
},
{
"category": "external",
"summary": "SUSE Bug 1240169 for CVE-2025-21885",
"url": "https://bugzilla.suse.com/1240169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21885"
},
{
"cve": "CVE-2025-21886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21886"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix implicit ODP hang on parent deregistration\n\nFix the destroy_unused_implicit_child_mr() to prevent hanging during\nparent deregistration as of below [1].\n\nUpon entering destroy_unused_implicit_child_mr(), the reference count\nfor the implicit MR parent is incremented using:\nrefcount_inc_not_zero().\n\nA corresponding decrement must be performed if\nfree_implicit_child_mr_work() is not called.\n\nThe code has been updated to properly manage the reference count that\nwas incremented.\n\n[1]\nINFO: task python3:2157 blocked for more than 120 seconds.\nNot tainted 6.12.0-rc7+ #1633\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:python3 state:D stack:0 pid:2157 tgid:2157 ppid:1685 flags:0x00000000\nCall Trace:\n\u003cTASK\u003e\n__schedule+0x420/0xd30\nschedule+0x47/0x130\n__mlx5_ib_dereg_mr+0x379/0x5d0 [mlx5_ib]\n? __pfx_autoremove_wake_function+0x10/0x10\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0x116/0x170 [ib_uverbs]\n? lock_release+0xc6/0x280\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n __x64_sys_ioctl+0x1b0/0xa70\n? kmem_cache_free+0x221/0x400\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f20f21f017b\nRSP: 002b:00007ffcfc4a77c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffcfc4a78d8 RCX: 00007f20f21f017b\nRDX: 00007ffcfc4a78c0 RSI: 00000000c0181b01 RDI: 0000000000000003\nRBP: 00007ffcfc4a78a0 R08: 000056147d125190 R09: 00007f20f1f14c60\nR10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcfc4a7890\nR13: 000000000000001c R14: 000056147d100fc0 R15: 00007f20e365c9d0\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21886",
"url": "https://www.suse.com/security/cve/CVE-2025-21886"
},
{
"category": "external",
"summary": "SUSE Bug 1240188 for CVE-2025-21886",
"url": "https://bugzilla.suse.com/1240188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21886"
},
{
"cve": "CVE-2025-21888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21888"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix a WARN during dereg_mr for DM type\n\nMemory regions (MR) of type DM (device memory) do not have an associated\numem.\n\nIn the __mlx5_ib_dereg_mr() -\u003e mlx5_free_priv_descs() flow, the code\nincorrectly takes the wrong branch, attempting to call\ndma_unmap_single() on a DMA address that is not mapped.\n\nThis results in a WARN [1], as shown below.\n\nThe issue is resolved by properly accounting for the DM type and\nensuring the correct branch is selected in mlx5_free_priv_descs().\n\n[1]\nWARNING: CPU: 12 PID: 1346 at drivers/iommu/dma-iommu.c:1230 iommu_dma_unmap_page+0x79/0x90\nModules linked in: ip6table_mangle ip6table_nat ip6table_filter ip6_tables iptable_mangle xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry ovelay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core fuse mlx5_core\nCPU: 12 UID: 0 PID: 1346 Comm: ibv_rc_pingpong Not tainted 6.12.0-rc7+ #1631\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:iommu_dma_unmap_page+0x79/0x90\nCode: 2b 49 3b 29 72 26 49 3b 69 08 73 20 4d 89 f0 44 89 e9 4c 89 e2 48 89 ee 48 89 df 5b 5d 41 5c 41 5d 41 5e 41 5f e9 07 b8 88 ff \u003c0f\u003e 0b 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 66 0f 1f 44 00\nRSP: 0018:ffffc90001913a10 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88810194b0a8 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001\nRBP: ffff88810194b0a8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f537abdd740(0000) GS:ffff88885fb00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f537aeb8000 CR3: 000000010c248001 CR4: 0000000000372eb0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x84/0x190\n? iommu_dma_unmap_page+0x79/0x90\n? report_bug+0xf8/0x1c0\n? handle_bug+0x55/0x90\n? exc_invalid_op+0x13/0x60\n? asm_exc_invalid_op+0x16/0x20\n? iommu_dma_unmap_page+0x79/0x90\ndma_unmap_page_attrs+0xe6/0x290\nmlx5_free_priv_descs+0xb0/0xe0 [mlx5_ib]\n__mlx5_ib_dereg_mr+0x37e/0x520 [mlx5_ib]\n? _raw_spin_unlock_irq+0x24/0x40\n? wait_for_completion+0xfe/0x130\n? rdma_restrack_put+0x63/0xe0 [ib_core]\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0x116/0x170 [ib_uverbs]\n? lock_release+0xc6/0x280\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n__x64_sys_ioctl+0x1b0/0xa70\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f537adaf17b\nCode: 0f 1e fa 48 8b 05 1d ad 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d ed ac 0c 00 f7 d8 64 89 01 48\nRSP: 002b:00007ffff218f0b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffff218f1d8 RCX: 00007f537adaf17b\nRDX: 00007ffff218f1c0 RSI: 00000000c0181b01 RDI: 0000000000000003\nRBP: 00007ffff218f1a0 R08: 00007f537aa8d010 R09: 0000561ee2e4f270\nR10: 00007f537aace3a8 R11: 0000000000000246 R12: 00007ffff218f190\nR13: 000000000000001c R14: 0000561ee2e4d7c0 R15: 00007ffff218f450\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21888",
"url": "https://www.suse.com/security/cve/CVE-2025-21888"
},
{
"category": "external",
"summary": "SUSE Bug 1240177 for CVE-2025-21888",
"url": "https://bugzilla.suse.com/1240177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21888"
},
{
"cve": "CVE-2025-21890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21890"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix checksums set in idpf_rx_rsc()\n\nidpf_rx_rsc() uses skb_transport_offset(skb) while the transport header\nis not set yet.\n\nThis triggers the following warning for CONFIG_DEBUG_NET=y builds.\n\nDEBUG_NET_WARN_ON_ONCE(!skb_transport_header_was_set(skb))\n\n[ 69.261620] WARNING: CPU: 7 PID: 0 at ./include/linux/skbuff.h:3020 idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261629] Modules linked in: vfat fat dummy bridge intel_uncore_frequency_tpmi intel_uncore_frequency_common intel_vsec_tpmi idpf intel_vsec cdc_ncm cdc_eem cdc_ether usbnet mii xhci_pci xhci_hcd ehci_pci ehci_hcd libeth\n[ 69.261644] CPU: 7 UID: 0 PID: 0 Comm: swapper/7 Tainted: G S W 6.14.0-smp-DEV #1697\n[ 69.261648] Tainted: [S]=CPU_OUT_OF_SPEC, [W]=WARN\n[ 69.261650] RIP: 0010:idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261677] ? __warn (kernel/panic.c:242 kernel/panic.c:748)\n[ 69.261682] ? idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261687] ? report_bug (lib/bug.c:?)\n[ 69.261690] ? handle_bug (arch/x86/kernel/traps.c:285)\n[ 69.261694] ? exc_invalid_op (arch/x86/kernel/traps.c:309)\n[ 69.261697] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)\n[ 69.261700] ? __pfx_idpf_vport_splitq_napi_poll (drivers/net/ethernet/intel/idpf/idpf_txrx.c:4011) idpf\n[ 69.261704] ? idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261708] ? idpf_vport_splitq_napi_poll (drivers/net/ethernet/intel/idpf/idpf_txrx.c:3072) idpf\n[ 69.261712] __napi_poll (net/core/dev.c:7194)\n[ 69.261716] net_rx_action (net/core/dev.c:7265)\n[ 69.261718] ? __qdisc_run (net/sched/sch_generic.c:293)\n[ 69.261721] ? sched_clock (arch/x86/include/asm/preempt.h:84 arch/x86/kernel/tsc.c:288)\n[ 69.261726] handle_softirqs (kernel/softirq.c:561)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21890",
"url": "https://www.suse.com/security/cve/CVE-2025-21890"
},
{
"category": "external",
"summary": "SUSE Bug 1240173 for CVE-2025-21890",
"url": "https://bugzilla.suse.com/1240173"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21890"
},
{
"cve": "CVE-2025-21891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21891"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: ensure network headers are in skb linear part\n\nsyzbot found that ipvlan_process_v6_outbound() was assuming\nthe IPv6 network header isis present in skb-\u003ehead [1]\n\nAdd the needed pskb_network_may_pull() calls for both\nIPv4 and IPv6 handlers.\n\n[1]\nBUG: KMSAN: uninit-value in __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n ipv6_addr_type include/net/ipv6.h:555 [inline]\n ip6_route_output_flags_noref net/ipv6/route.c:2616 [inline]\n ip6_route_output_flags+0x51/0x720 net/ipv6/route.c:2651\n ip6_route_output include/net/ip6_route.h:93 [inline]\n ipvlan_route_v6_outbound+0x24e/0x520 drivers/net/ipvlan/ipvlan_core.c:476\n ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:491 [inline]\n ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:541 [inline]\n ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:605 [inline]\n ipvlan_queue_xmit+0xd72/0x1780 drivers/net/ipvlan/ipvlan_core.c:671\n ipvlan_start_xmit+0x5b/0x210 drivers/net/ipvlan/ipvlan_main.c:223\n __netdev_start_xmit include/linux/netdevice.h:5150 [inline]\n netdev_start_xmit include/linux/netdevice.h:5159 [inline]\n xmit_one net/core/dev.c:3735 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3751\n sch_direct_xmit+0x399/0xd40 net/sched/sch_generic.c:343\n qdisc_restart net/sched/sch_generic.c:408 [inline]\n __qdisc_run+0x14da/0x35d0 net/sched/sch_generic.c:416\n qdisc_run+0x141/0x4d0 include/net/pkt_sched.h:127\n net_tx_action+0x78b/0x940 net/core/dev.c:5484\n handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561\n __do_softirq+0x14/0x1a kernel/softirq.c:595\n do_softirq+0x9a/0x100 kernel/softirq.c:462\n __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:389\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]\n __dev_queue_xmit+0x2758/0x57d0 net/core/dev.c:4611\n dev_queue_xmit include/linux/netdevice.h:3311 [inline]\n packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3132 [inline]\n packet_sendmsg+0x93e0/0xa7e0 net/packet/af_packet.c:3164\n sock_sendmsg_nosec net/socket.c:718 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21891",
"url": "https://www.suse.com/security/cve/CVE-2025-21891"
},
{
"category": "external",
"summary": "SUSE Bug 1240186 for CVE-2025-21891",
"url": "https://bugzilla.suse.com/1240186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21891"
},
{
"cve": "CVE-2025-21892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21892"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix the recovery flow of the UMR QP\n\nThis patch addresses an issue in the recovery flow of the UMR QP,\nensuring tasks do not get stuck, as highlighted by the call trace [1].\n\nDuring recovery, before transitioning the QP to the RESET state, the\nsoftware must wait for all outstanding WRs to complete.\n\nFailing to do so can cause the firmware to skip sending some flushed\nCQEs with errors and simply discard them upon the RESET, as per the IB\nspecification.\n\nThis race condition can result in lost CQEs and tasks becoming stuck.\n\nTo resolve this, the patch sends a final WR which serves only as a\nbarrier before moving the QP state to RESET.\n\nOnce a CQE is received for that final WR, it guarantees that no\noutstanding WRs remain, making it safe to transition the QP to RESET and\nsubsequently back to RTS, restoring proper functionality.\n\nNote:\nFor the barrier WR, we simply reuse the failed and ready WR.\nSince the QP is in an error state, it will only receive\nIB_WC_WR_FLUSH_ERR. However, as it serves only as a barrier we don\u0027t\ncare about its status.\n\n[1]\nINFO: task rdma_resource_l:1922 blocked for more than 120 seconds.\nTainted: G W 6.12.0-rc7+ #1626\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:rdma_resource_l state:D stack:0 pid:1922 tgid:1922 ppid:1369\n flags:0x00004004\nCall Trace:\n\u003cTASK\u003e\n__schedule+0x420/0xd30\nschedule+0x47/0x130\nschedule_timeout+0x280/0x300\n? mark_held_locks+0x48/0x80\n? lockdep_hardirqs_on_prepare+0xe5/0x1a0\nwait_for_completion+0x75/0x130\nmlx5r_umr_post_send_wait+0x3c2/0x5b0 [mlx5_ib]\n? __pfx_mlx5r_umr_done+0x10/0x10 [mlx5_ib]\nmlx5r_umr_revoke_mr+0x93/0xc0 [mlx5_ib]\n__mlx5_ib_dereg_mr+0x299/0x520 [mlx5_ib]\n? _raw_spin_unlock_irq+0x24/0x40\n? wait_for_completion+0xfe/0x130\n? rdma_restrack_put+0x63/0xe0 [ib_core]\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? __lock_acquire+0x64e/0x2080\n? mark_held_locks+0x48/0x80\n? find_held_lock+0x2d/0xa0\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? __fget_files+0xc3/0x1b0\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n__x64_sys_ioctl+0x1b0/0xa70\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f99c918b17b\nRSP: 002b:00007ffc766d0468 EFLAGS: 00000246 ORIG_RAX:\n 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffc766d0578 RCX:\n 00007f99c918b17b\nRDX: 00007ffc766d0560 RSI: 00000000c0181b01 RDI:\n 0000000000000003\nRBP: 00007ffc766d0540 R08: 00007f99c8f99010 R09:\n 000000000000bd7e\nR10: 00007f99c94c1c70 R11: 0000000000000246 R12:\n 00007ffc766d0530\nR13: 000000000000001c R14: 0000000040246a80 R15:\n 0000000000000000\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21892",
"url": "https://www.suse.com/security/cve/CVE-2025-21892"
},
{
"category": "external",
"summary": "SUSE Bug 1240175 for CVE-2025-21892",
"url": "https://bugzilla.suse.com/1240175"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21892"
}
]
}
suse-su-2025:01919-1
Vulnerability from csaf_suse
Published
2025-06-12 06:29
Modified
2025-06-12 06:29
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP6 Confidential Computing kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching (bsc#1242006).
- CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() (bsc#1224597).
- CVE-2024-35910: tcp: properly terminate timers for kernel sockets (bsc#1224489).
- CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858).
- CVE-2024-43869: perf: Fix hang while freeing sigtrap event (bsc#1229491).
- CVE-2024-46713: kabi fix for perf/aux: Fix AUX buffer serialization (bsc#1230581).
- CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769).
- CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711).
- CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712).
- CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733).
- CVE-2024-49940: l2tp: prevent possible tunnel refcount underflow (bsc#1232812).
- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).
- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).
- CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910).
- CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389).
- CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060).
- CVE-2024-50162: bpf: selftests: send packet to devmap redirect XDP (bsc#1233075).
- CVE-2024-50163: bpf: Make sure internal and UAPI bpf_redirect flags do not overlap (bsc#1233098).
- CVE-2024-50223: sched/numa: Fix the potential null pointer dereference in (bsc#1233192).
- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074).
- CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154).
- CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157).
- CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222).
- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).
- CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715).
- CVE-2024-54458: scsi: ufs: bsg: Set bsg_queue to NULL after removal (bsc#1238992).
- CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729).
- CVE-2024-56638: kABI fix for 'netfilter: nft_inner: incorrect percpu area handling under softirq' (bsc#1235524).
- CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436).
- CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455).
- CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589).
- CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591).
- CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936).
- CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621).
- CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637).
- CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973).
- CVE-2024-57924: fs: relax assertions on failure to encode file handles (bsc#1236086).
- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).
- CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532).
- CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).
- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).
- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
- CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104).
- CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990).
- CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997).
- CVE-2024-58068: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized (bsc#1238961).
- CVE-2024-58070: bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT (bsc#1238983).
- CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970).
- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).
- CVE-2024-58088: bpf: Fix deadlock when freeing cgroup storage (bsc#1239510).
- CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111).
- CVE-2025-21648: netfilter: conntrack: clamp maximum hashtable size to INT_MAX (bsc#1236142).
- CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206).
- CVE-2025-21683: bpf: Fix bpf_sk_select_reuseport() memory leak (bsc#1236704).
- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).
- CVE-2025-21696: mm: clear uffd-wp PTE/PMD state on mremap() (bsc#1237111).
- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
- CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).
- CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528).
- CVE-2025-21707: mptcp: consolidate suboption status (bsc#1238862).
- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).
- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).
- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).
- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).
- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).
- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).
- CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874).
- CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494).
- CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506).
- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).
- CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496).
- CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882).
- CVE-2025-21758: ipv6: mcast: add RCU protection to mld_newpack() (bsc#1238737).
- CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738).
- CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763).
- CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775).
- CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780).
- CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897).
- CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906).
- CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754).
- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).
- CVE-2025-21768: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels (bsc#1238714).
- CVE-2025-21787: team: better TEAM_OPTION_TYPE_STRING validation (bsc#1238774).
- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
- CVE-2025-21792: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt (bsc#1238745).
- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).
- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).
- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).
- CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746).
- CVE-2025-21808: net: xdp: Disallow attaching device-bound programs in generic mode (bsc#1238742).
- CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
- CVE-2025-21814: ptp: Ensure info->enable callback is always set (bsc#1238473).
- CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971).
- CVE-2025-21833: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE (bsc#1239108).
- CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066).
- CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512).
- CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479).
- CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting unconnected (bsc#1239470).
- CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486).
- CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478).
- CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483).
- CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474).
- CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475).
- CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482).
- CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481).
- CVE-2025-21867: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() (bsc#1240181).
- CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191).
- CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183).
- CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184).
- CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168).
- CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185).
- CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189).
- CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171).
- CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176).
- CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167).
- CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173).
- CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186).
- CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581).
- CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585).
- CVE-2025-21904: caif_virtio: fix wrong pointer check in cfv_probe() (bsc#1240576).
- CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587).
- CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600).
- CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591).
- CVE-2025-21919: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list (bsc#1240593).
- CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639).
- CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error (bsc#1240720).
- CVE-2025-21925: llc: do not use skb_get() before dev_queue_xmit() (bsc#1240713).
- CVE-2025-21926: net: gso: fix ownership in __udp_gso_segment (bsc#1240712).
- CVE-2025-21931: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio (bsc#1240709).
- CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level > 2 (bsc#1240742).
- CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815).
- CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816).
- CVE-2025-21962: cifs: Fix integer overflow while processing closetimeo mount option (bsc#1240655).
- CVE-2025-21963: cifs: Fix integer overflow while processing acdirmax mount option (bsc#1240717).
- CVE-2025-21964: cifs: Fix integer overflow while processing acregmax mount option (bsc#1240740).
- CVE-2025-21969: kABI workaround for l2cap_conn changes (bsc#1240784).
- CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819).
- CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813).
- CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812).
- CVE-2025-21980: sched: address a potential NULL pointer dereference in the GRED scheduler (bsc#1240809).
- CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612).
- CVE-2025-21985: drm/amd/display: Fix out-of-bound accesses (bsc#1240811).
- CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795).
- CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797).
- CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).
- CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
- CVE-2025-22015: mm/migrate: fix shmem xarray update during migration (bsc#1240944).
- CVE-2025-22016: dpll: fix xa_alloc_cyclic() error handling (bsc#1240934).
- CVE-2025-22017: devlink: fix xa_alloc_cyclic() error handling (bsc#1240936).
- CVE-2025-22018: atm: Fix NULL pointer dereference (bsc#1241266).
- CVE-2025-22021: netfilter: socket: Lookup orig tuple for IPv6 SNAT (bsc#1241282).
- CVE-2025-22029: exec: fix the racy usage of fs_struct->in_exec (bsc#1241378).
- CVE-2025-22030: mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() (bsc#1241376).
- CVE-2025-22036: exfat: fix random stack corruption after get_block (bsc#1241426).
- CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433).
- CVE-2025-22053: net: ibmveth: make veth_pool_store stop hanging (bsc#1241373).
- CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).
- CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525).
- CVE-2025-22057: net: decrease cached dst counters in dst_release (bsc#1241533).
- CVE-2025-22058: udp: Fix memory accounting leak (bsc#1241332).
- CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526).
- CVE-2025-22063: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (bsc#1241351).
- CVE-2025-22064: netfilter: nf_tables: do not unregister hook when table is dormant (bsc#1241413).
- CVE-2025-22070: fs/9p: fix NULL pointer dereference on mkdir (bsc#1241305).
- CVE-2025-22080: fs/ntfs3: Prevent integer overflow in hdr_first_de() (bsc#1241416).
- CVE-2025-22090: mm: (un)track_pfn_copy() fix + doc improvements (bsc#1241537).
- CVE-2025-22102: Bluetooth: btnxpuart: Fix kernel panic during FW release (bsc#1241456).
- CVE-2025-22103: net: fix NULL pointer dereference in l3mdev_l3_rcv (bsc#1241448).
- CVE-2025-22104: ibmvnic: Use kernel helpers for hex dumps (bsc#1241550).
- CVE-2025-22105, CVE-2025-37860: Add missing bugzilla references (bsc#1241452 bsc#1241548).
- CVE-2025-22107: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() (bsc#1241575).
- CVE-2025-22109: ax25: Remove broken autobind (bsc#1241573).
- CVE-2025-22115: btrfs: fix block group refcount race in btrfs_create_pending_block_groups() (bsc#1241578).
- CVE-2025-22121: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (bsc#1241593).
- CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684).
- CVE-2025-23133: wifi: ath11k: update channel list in reg notifier instead reg worker (bsc#1241451).
- CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648).
- CVE-2025-23140: misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error (bsc#1242763).
- CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596).
- CVE-2025-23150: ext4: fix off-by-one error in do_split (bsc#1242513).
- CVE-2025-23160: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization (bsc#1242507).
- CVE-2025-37748: iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group (bsc#1242523).
- CVE-2025-37749: net: ppp: Add bound checking for skb data on ppp_sync_txmung (bsc#1242859).
- CVE-2025-37750: smb: client: fix UAF in decryption with multichannel (bsc#1242510).
- CVE-2025-37755: net: libwx: handle page_pool_dev_alloc_pages error (bsc#1242506).
- CVE-2025-37773: virtiofs: add filesystem context source name check (bsc#1242502).
- CVE-2025-37780: isofs: Prevent the use of too small fid (bsc#1242786).
- CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640).
- CVE-2025-37787: net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered (bsc#1242585).
- CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).
- CVE-2025-37790: net: mctp: Set SOCK_RCU_FREE (bsc#1242509).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).
- CVE-2025-37798: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (bsc#1242414).
- CVE-2025-37799: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp (bsc#1242283).
- CVE-2025-37803: udmabuf: fix a buf size overflow issue during udmabuf creation (bsc#1242852).
- CVE-2025-37804: io_uring: always do atomic put from iowq (bsc#1242854).
- CVE-2025-37809: usb: typec: class: Unlocked on error in typec_register_partner() (bsc#1242856).
- CVE-2025-37820: xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() (bsc#1242866).
- CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924).
- CVE-2025-37824: tipc: fix NULL pointer dereference in tipc_mon_reinit_self() (bsc#1242867).
- CVE-2025-37829: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() (bsc#1242875).
- CVE-2025-37830: cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() (bsc#1242860).
- CVE-2025-37831: cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() (bsc#1242861).
- CVE-2025-37833: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads (bsc#1242868).
- CVE-2025-37842: spi: fsl-qspi: Fix double cleanup in probe error path (bsc#1242951).
- CVE-2025-37870: drm/amd/display: prevent hang on link training fail (bsc#1243056).
- CVE-2025-37879: 9p/net: fix improper handling of bogus negative read/write replies (bsc#1243077).
- CVE-2025-37886: pds_core: make wait_context part of q_info (bsc#1242944).
- CVE-2025-37887: pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result (bsc#1242962).
- CVE-2025-37949: xenbus: Use kref to track req lifetime (bsc#1243541).
- CVE-2025-37957: KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception (bsc#1243513).
- CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539).
- CVE-2025-37960: memblock: Accept allocated memory before use in memblock_double_array() (bsc#1243519).
- CVE-2025-37974: s390/pci: Fix missing check for zpci_create_device() error return (bsc#1243547).
- CVE-2025-38152: remoteproc: core: Clear table_sz when rproc_shutdown (bsc#1241627).
- CVE-2025-38637: net_sched: skbprio: Remove overly strict queue assertions (bsc#1241657).
- CVE-2025-39728: clk: samsung: Fix UBSAN panic in samsung_clk_init() (bsc#1241626).
The following non-security bugs were fixed:
- ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls (stable-fixes).
- ACPI: EC: Set ec_no_wakeup for Lenovo Go S (stable-fixes).
- ACPI: PPTT: Fix processor subtable walk (git-fixes).
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).
- ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes).
- ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes).
- ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes).
- ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() (git-fixes).
- ALSA: hda/realtek - Enable speaker for HP platform (git-fixes).
- ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes).
- ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes).
- ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes).
- ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes).
- ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes).
- ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes).
- ALSA: hda/realtek: Fix built-mic regression on other ASUS models (git-fixes).
- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).
- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).
- ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes).
- ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes).
- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes).
- ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes).
- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes).
- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes).
- ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist (stable-fixes).
- ALSA: hda: intel: Fix Optimus when GPU has no sound (stable-fixes).
- ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes).
- ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes).
- ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes).
- ALSA: seq: Fix delivery of UMP events to group ports (git-fixes).
- ALSA: sh: SND_AICA should depend on SH_DMA_API (git-fixes).
- ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info (git-fixes).
- ALSA: ump: Fix buffer overflow at UMP SysEx message conversion (bsc#1242044).
- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes).
- ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() (stable-fixes).
- ALSA: usb-audio: Add sample rate quirk for Audioengine D1 (git-fixes).
- ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera (stable-fixes).
- ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset (stable-fixes).
- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).
- ALSA: usb-audio: Fix CME quirk for UF series keyboards (stable-fixes).
- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).
- ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes).
- ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes).
- ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() (git-fixes).
- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes).
- ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes).
- ASoC: SOF: ipc4-control: Use SOF_CTRL_CMD_BINARY as numid for bytes_ext (git-fixes).
- ASoC: SOF: ipc4-pcm: Delay reporting is only supported for playback direction (git-fixes).
- ASoC: SOF: topology: Use krealloc_array() to replace krealloc() (stable-fixes).
- ASoC: Use of_property_read_bool() (stable-fixes).
- ASoC: amd: Add DMI quirk for ACP6X mic support (stable-fixes).
- ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes).
- ASoC: amd: yc: update quirk data for new Lenovo model (stable-fixes).
- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes).
- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes).
- ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels (git-fixes).
- ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate (git-fixes).
- ASoC: cs35l41: check the return value from spi_setup() (git-fixes).
- ASoC: es8328: fix route from DAC to output (git-fixes).
- ASoC: fsl_audmix: register card device depends on 'dais' property (stable-fixes).
- ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes).
- ASoC: ops: Consistently treat platform_max as control value (git-fixes).
- ASoC: qcom: Fix sc7280 lpass potential buffer overflow (git-fixes).
- ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes).
- ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes).
- ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes).
- ASoC: rt722-sdca: add missing readable registers (git-fixes).
- ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties (stable-fixes).
- ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence (git-fixes).
- ASoC: tas2764: Fix power control mask (stable-fixes).
- ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes).
- ASoC: tas2770: Fix volume scale (stable-fixes).
- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes).
- ASoc: SOF: topology: connect DAI to a single DAI link (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).
- Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes).
- Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes).
- Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes).
- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).
- Bluetooth: L2CAP: Fix not checking l2cap_chan security level (git-fixes).
- Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags (git-fixes).
- Bluetooth: btrtl: Prevent potential NULL dereference (git-fixes).
- Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() (git-fixes).
- Bluetooth: btusb: use skb_pull to avoid unsafe access in QCA dump handling (git-fixes).
- Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes).
- Bluetooth: hci_event: Fix enabling passive scanning (git-fixes).
- Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address (git-fixes).
- Bluetooth: hci_uart: Fix another race during initialization (git-fixes).
- Bluetooth: hci_uart: fix race during initialization (stable-fixes).
- Bluetooth: l2cap: Check encryption key size on incoming connection (git-fixes).
- Bluetooth: l2cap: Process valid commands in too long frame (stable-fixes).
- Bluetooth: vhci: Avoid needless snprintf() calls (git-fixes).
- GHES: Fatal hardware error (GHES panic timeout) (bsc#1239615).
- Documentation: qat: fix auto_reset attribute details (git-fixes).
- Documentation: qat: fix auto_reset section (git-fixes).
- Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (git-fixes).
- Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes).
- PCI: Drop PCI patch that caused a regression (bsc#1241123).
- memory: Fix memory-hotplug regression (bsc#1237504).
- net/ipv6: Fix write to cloned skb in ipv6_hop_ioam() (git-fixes).
- HID: Enable playstation driver independently of sony driver (git-fixes).
- HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes).
- HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes).
- HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes).
- HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes).
- HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes).
- HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes).
- HID: hid-steam: Fix use-after-free when detaching device (git-fixes).
- HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes).
- HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes).
- HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes).
- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes).
- HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes).
- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes).
- HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes).
- HID: thrustmaster: fix memory leak in thrustmaster_interrupts() (git-fixes).
- HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes).
- HID: uclogic: Add NULL check in uclogic_input_configured() (git-fixes).
- IB/cm: use rwlock for MAD agent lock (git-fixes)
- IB/mad: Check available slots before posting receive WRs (git-fixes)
- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)
- Input: ads7846 - fix gpiod allocation (git-fixes).
- Input: cyttsp5 - ensure minimum reset pulse width (git-fixes).
- Input: i8042 - add required quirks for missing old boardnames (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes).
- Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes).
- Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes).
- Input: iqs7222 - preserve system status register (git-fixes).
- Input: mtk-pmic-keys - fix possible null pointer dereference (git-fixes).
- Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes).
- Input: synaptics - enable InterTouch on Dell Precision M3800 (stable-fixes).
- Input: synaptics - enable InterTouch on Dynabook Portege X30-D (stable-fixes).
- Input: synaptics - enable InterTouch on Dynabook Portege X30L-G (stable-fixes).
- Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 (stable-fixes).
- Input: synaptics - enable SMBus for HP Elitebook 850 G1 (stable-fixes).
- Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes).
- Input: synaptics-rmi - fix crash with unsupported versions of F34 (git-fixes).
- Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes).
- Input: xpad - add multiple supported devices (stable-fixes).
- Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller (stable-fixes).
- Input: xpad - add support for TECNO Pocket Go (stable-fixes).
- Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes).
- Input: xpad - fix Share button on Xbox One controllers (stable-fixes).
- Input: xpad - fix two controller table values (git-fixes).
- Input: xpad - rename QH controller to Legion Go S (stable-fixes).
- KVM: SVM: Allocate IR data using atomic allocation (git-fixes).
- KVM: SVM: Disable AVIC on SNP-enabled system without HvInUseWrAllowed feature (bsc#1235862).
- KVM: SVM: Do not change target vCPU state on AP Creation VMGEXIT error (git-fixes).
- KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value (git-fixes).
- KVM: SVM: Refuse to attempt VRMUN if an SEV-ES+ guest had an invalid VMSA (git-fixes).
- KVM: SVM: Save host DR masks on CPUs with DebugSwap (jsc#PED-348).
- KVM: SVM: Suppress DEBUGCTL.BTF on AMD (git-fixes).
- KVM: SVM: Update dump_ghcb() to use the GHCB snapshot fields (git-fixes).
- KVM: VMX: Do not modify guest XFD_ERR if CR0.TS=1 (git-fixes).
- KVM: arm64: Change kvm_handle_mmio_return() return polarity (git-fixes).
- KVM: arm64: Fix RAS trapping in pKVM for protected VMs (git-fixes).
- KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status (git-fixes).
- KVM: arm64: Mark some header functions as inline (git-fixes).
- KVM: arm64: Tear down vGIC on failed vCPU creation (git-fixes).
- KVM: arm64: timer: Always evaluate the need for a soft timer (git-fixes).
- KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* (git-fixes).
- KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device (git-fixes).
- KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE (git-fixes).
- KVM: arm64: vgic-v4: Fall back to software irqbypass if LPI not found (git-fixes).
- KVM: arm64: vgic-v4: Only attempt vLPI mapping for actual MSIs (git-fixes).
- KVM: nSVM: Pass next RIP, not current RIP, for nested VM-Exit on emulation (git-fixes).
- KVM: nVMX: Allow emulating RDPID on behalf of L2 (git-fixes).
- KVM: nVMX: Check PAUSE_EXITING, not BUS_LOCK_DETECTION, on PAUSE emulation (git-fixes).
- KVM: s390: Do not use %pK through debug printing (git-fixes bsc#1243657).
- KVM: s390: Do not use %pK through tracepoints (git-fixes bsc#1243658).
- KVM: x86/mmu: Check and free obsolete roots in kvm_mmu_reload() (git-fixes).
- KVM: x86/xen: Use guest's copy of pvclock when starting timer (git-fixes).
- KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (git-fixes).
- KVM: x86: Check that the high 32bits are clear in kvm_arch_vcpu_ioctl_run() (git-fixes).
- KVM: x86: Do not take kvm->lock when iterating over vCPUs in suspend notifier (git-fixes).
- KVM: x86: Explicitly treat routing entry type changes as changes (git-fixes).
- KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn't supported by KVM (git-fixes).
- KVM: x86: Explicitly zero-initialize on-stack CPUID unions (git-fixes).
- KVM: x86: Make x2APIC ID 100% readonly (git-fixes).
- KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes).
- KVM: x86: Reject disabling of MWAIT/HLT interception when not allowed (git-fixes).
- KVM: x86: Remove the unreachable case for 0x80000022 leaf in __do_cpuid_func() (git-fixes).
- KVM: x86: Wake vCPU for PIC interrupt injection iff a valid IRQ was found (git-fixes).
- KVM: x86: block KVM_CAP_SYNC_REGS if guest state is protected (git-fixes).
- Move upstreamed ACPI patch into sorted section
- Move upstreamed PCI and initramfs patches into sorted section
- Move upstreamed nfsd and sunrpc patches into sorted section
- Move upstreamed powerpc and SCSI patches into sorted section
- Move upstreamed smb patch into sorted section Also move other out-of-tree patches into the proper section
- Move upstreamed sound patch into sorted section
- Move upstreamed tpm patch into sorted section
- NFS: O_DIRECT writes must check and adjust the file length (git-fixes).
- NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up (git-fixes).
- NFSv4/pnfs: Reset the layout state after a layoutreturn (git-fixes).
- NFSv4: Do not trigger uneccessary scans for return-on-close delegations (git-fixes).
- OPP: add index check to assert to avoid buffer overflow in _read_freq() (bsc#1238961)
- PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes).
- PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes).
- PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853)
- PCI/DOE: Support discovery version 2 (bsc#1237853)
- PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads (git-fixes).
- PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes).
- PCI: Avoid reset when disabled via sysfs (git-fixes).
- PCI: Fix BAR resizing when VF BARs are assigned (git-fixes).
- PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes).
- PCI: Fix reference leak in pci_register_host_bridge() (git-fixes).
- PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes).
- PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes).
- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes).
- PCI: brcmstb: Fix potential premature regulator disabling (git-fixes).
- PCI: brcmstb: Set generation limit before PCIe link up (git-fixes).
- PCI: brcmstb: Use internal register to change link capability (git-fixes).
- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes).
- PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes).
- PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes).
- PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes).
- PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type (stable-fixes).
- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes).
- PM: sleep: Adjust check before setting power.must_resume (git-fixes).
- PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes).
- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). Replace our patch with the upstream version.
- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes)
- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes)
- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)
- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)
- RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work (git-fixes)
- RDMA/cma: Fix workqueue crash in cma_netevent_work_handler (git-fixes)
- RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes)
- RDMA/core: Fix 'KASAN: slab-use-after-free Read in ib_register_device' problem (git-fixes)
- RDMA/core: Silence oversized kvmalloc() warning (git-fixes)
- RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes)
- RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes)
- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)
- RDMA/hns: Fix missing xa_destroy() (git-fixes)
- RDMA/hns: Fix soft lockup during bt pages loop (git-fixes)
- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes)
- RDMA/hns: Fix wrong maximum DMA segment size (git-fixes)
- RDMA/hns: Fix wrong value of max_sge_rd (git-fixes)
- RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h (git-fixes)
- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (git-fixes)
- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).
- RDMA/mana_ib: Ensure variable err is initialized (git-fixes).
- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).
- RDMA/mlx5: Fix AH static rate parsing (git-fixes)
- RDMA/mlx5: Fix MR cache initialization error flow (git-fixes)
- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)
- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)
- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)
- RDMA/mlx5: Fix cache entry update on dereg error (git-fixes)
- RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes)
- RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (git-fixes)
- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)
- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes)
- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)
- RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes)
- RDMA/rxe: Fix 'trying to register non-static key in rxe_qp_do_cleanup' bug (git-fixes)
- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (git-fixes)
- RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes)
- RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() (git-fixes)
- mm: Revert patch mm-various-give-up-if-pte_offset_map-_lock-fails.patch (bsc#1241051).
- SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes).
- SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes).
- SUNRPC: convert RPC_TASK_* constants to enum (git-fixes).
- Squashfs: check return result of sb_min_blocksize (git-fixes).
- USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) (stable-fixes).
- USB: VLI disk crashes if LPM is used (stable-fixes).
- USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe (stable-fixes).
- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes).
- USB: serial: option: add Sierra Wireless EM9291 (stable-fixes).
- USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes).
- USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes).
- USB: serial: option: match on interface class for Telit FN990B (stable-fixes).
- USB: serial: simple: add OWON HDS200 series oscilloscope support (stable-fixes).
- USB: storage: quirk for ADATA Portable HDD CH94 (stable-fixes).
- USB: usbtmc: use interruptible sleep in usbtmc_read (git-fixes).
- USB: wdm: add annotation (git-fixes).
- USB: wdm: close race between wdm_open and wdm_wwan_port_stop (git-fixes).
- USB: wdm: handle IO errors in wdm_wwan_port_start (git-fixes).
- USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context (git-fixes).
- RDMA: Update patch RDMA-core-Don-t-expose-hw_counters-outside-of-init-n.patch (git-fixes bsc#1239925).
- kABI: Update patch kABI-fix-for-RDMA-core-Don-t-expose-hw_counters-outs.patch (git-fixes bsc#1239925).
- nvme: Update patch nvme-fixup-scan-failure-for-non-ANA-multipath-contro.patch (git-fixes bsc#1235149).
- nvme: Update patch nvme-re-read-ANA-log-page-after-ns-scan-completes.patch (git-fixes bsc#1235149).
- s390: Update patch s390-pci-Fix-SR-IOV-for-PFs-initially-in-standby.patch (git-fixes bsc#1236752 bsc#1238368).
- Xen/swiotlb: mark xen_swiotlb_fixup() __init (git-fixes).
- accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes).
- accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes).
- acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes).
- add bug reference for an existing hv_netvsc change (bsc#1243737).
- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).
- af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435).
- af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435).
- af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334).
- affs: do not write overlarge OFS data block size fields (git-fixes).
- affs: generate OFS sequence numbers starting at 1 (git-fixes).
- afs: Fix the server_list to unuse a displaced server rather than putting it (git-fixes).
- afs: Make it possible to find the volumes that are using a server (git-fixes).
- ahci: add PCI ID for Marvell 88SE9215 SATA Controller (stable-fixes).
- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).
- arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052)
- arch_topology: init capacity_freq_ref to 0 (bsc#1238052)
- arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052)
- arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes)
- arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052)
- arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052)
- arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052)
- arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052)
- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (git-fixes)
- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (git-fixes)
- arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes)
- arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (git-fixes)
- arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes)
- arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes)
- arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2 (git-fixes)
- arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes)
- arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes)
- arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes)
- arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes)
- arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes)
- arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes)
- arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes)
- arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes)
- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes)
- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes)
- arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays (git-fixes)
- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes)
- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes)
- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)
- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)
- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)
- arm64: insn: Add support for encoding DSB (git-fixes)
- arm64: mm: Correct the update of max_pfn (git-fixes)
- arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes)
- arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (git-fixes)
- arm64: proton-pack: Expose whether the branchy loop k value (git-fixes)
- arm64: proton-pack: Expose whether the platform is mitigated by (git-fixes)
- arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes)
- arp: switch to dev_getbyhwaddr() in arp_req_set_public() (git-fixes).
- asus-laptop: Fix an uninitialized variable (git-fixes).
- ata: ahci: Add mask_port_map module parameter (git-fixes).
- ata: libata-sata: Save all fields from sense data descriptor (git-fixes).
- ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes).
- ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type (git-fixes).
- ata: libata-scsi: Fix ata_msense_control_ata_feature() (git-fixes).
- ata: libata-scsi: Improve CDL control (git-fixes).
- ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes).
- ata: libata: Fix NCQ Non-Data log not supported print (git-fixes).
- ata: pata_parport: add custom version of wait_after_reset (git-fixes).
- ata: pata_parport: fit3: implement IDE command set registers (git-fixes).
- ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() (git-fixes).
- ata: pata_serverworks: Do not use the term blacklist (git-fixes).
- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes).
- ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes).
- ata: sata_sx4: Add error handling in pdc20621_i2c_read() (git-fixes).
- auxdisplay: hd44780: Convert to platform remove callback returning void (stable-fixes).
- auxdisplay: hd44780: Fix an API misuse in hd44780.c (git-fixes).
- auxdisplay: panel: Fix an API misuse in panel.c (git-fixes).
- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes).
- badblocks: Fix error shitf ops (git-fixes).
- badblocks: fix merge issue when new badblocks align with pre+1 (git-fixes).
- badblocks: fix missing bad blocks on retry in _badblocks_check() (git-fixes).
- badblocks: fix the using of MAX_BADBLOCKS (git-fixes).
- badblocks: return error directly when setting badblocks exceeds 512 (git-fixes).
- badblocks: return error if any badblock set fails (git-fixes).
- batman-adv: Ignore own maximum aggregation size during RX (git-fixes).
- bitmap: introduce generic optimized bitmap_size() (git-fixes).
- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).
- blk-throttle: fix lower bps rate by throtl_trim_slice() (git-fixes).
- block: change blk_mq_add_to_batch() third argument type to bool (git-fixes).
- block: cleanup and fix batch completion adding conditions (git-fixes).
- block: do not revert iter for -EIOCBQUEUED (git-fixes).
- block: fix 'kmem_cache of name 'bio-108' already exists' (git-fixes).
- block: fix conversion of GPT partition name to 7-bit (git-fixes).
- block: fix resource leak in blk_register_queue() error path (git-fixes).
- block: integrity: Do not call set_page_dirty_lock() (git-fixes).
- block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone (git-fixes).
- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).
- bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan() (git-fixes).
- bnxt_en: Fix coredump logic to free allocated buffer (git-fixes).
- bnxt_en: Fix ethtool -d byte order for 32-bit values (git-fixes).
- bnxt_en: Fix out-of-bound memcpy() during ethtool -w (git-fixes).
- bnxt_en: Linearize TX SKB if the fragments exceed the max (git-fixes).
- bnxt_en: Mask the bd_cnt field in the TX BD properly (git-fixes).
- bpf: Add missed var_off setting in coerce_subreg_to_size_sx() (git-fixes).
- bpf: Add missed var_off setting in set_sext32_default_val() (git-fixes).
- bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes).
- bpf: Check size for BTF-based ctx access of pointer members (git-fixes).
- bpf: Fix a verifier verbose message (git-fixes).
- bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6 (git-fixes).
- bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes).
- bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes).
- bpf: Scrub packet on bpf_redirect_peer (git-fixes).
- bpf: Use -Wno-error in certain tests when building with GCC (git-fixes).
- bpf: add find_containing_subprog() utility function (bsc#1241590).
- bpf: avoid holding freeze_mutex during mmap operation (git-fixes).
- bpf: check changes_pkt_data property for extension programs (bsc#1241590).
- bpf: consider that tail calls invalidate packet pointers (bsc#1241590).
- bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs (bsc#1241590).
- bpf: fix potential error return (git-fixes).
- bpf: prevent r10 register from being marked as precise (git-fixes).
- bpf: refactor bpf_helper_changes_pkt_data to use helper number (bsc#1241590).
- bpf: track changes_pkt_data property for global functions (bsc#1241590).
- bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes).
- broadcom: fix supported flag check in periodic output function (git-fixes).
- btrfs: add and use helper to verify the calling task has locked the inode (bsc#1241204).
- btrfs: adjust subpage bit start based on sectorsize (bsc#1241492).
- btrfs: always fallback to buffered write if the inode requires checksum (bsc#1242831 bsc#1242710).
- btrfs: avoid NULL pointer dereference if no valid csum tree (bsc#1243342).
- btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1236208).
- btrfs: avoid monopolizing a core when activating a swap file (git-fixes).
- btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605).
- btrfs: do not loop for nowait writes when checking for cross references (git-fixes).
- btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045).
- btrfs: drop the backref cache during relocation if we commit (bsc#1239605).
- btrfs: fix a leaked chunk map issue in read_one_chunk() (git-fixes).
- btrfs: fix discard worker infinite loop after disabling discard (bsc#1242012).
- btrfs: fix hole expansion when writing at an offset beyond EOF (bsc#1241151).
- btrfs: fix missing snapshot drew unlock when root is dead during swap activation (bsc#1241204).
- btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers (git-fixes).
- btrfs: fix race with memory mapped writes when activating swap file (bsc#1241204).
- btrfs: fix swap file activation failure due to extents that used to be shared (bsc#1241204).
- btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045).
- btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045).
- btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045).
- bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes).
- bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes).
- bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes).
- bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes).
- bus: simple-pm-bus: fix forced runtime PM use (git-fixes).
- can: bcm: add locking for bcm_op runtime updates (git-fixes).
- can: bcm: add missing rcu read protection for procfs content (git-fixes).
- can: flexcan: disable transceiver during system PM (git-fixes).
- can: flexcan: only change CAN state when link up in system PM (git-fixes).
- can: gw: fix RCU/BH usage in cgw_create_job() (git-fixes).
- can: mcan: m_can_class_unregister(): fix order of unregistration calls (git-fixes).
- can: mcp251xfd: fix TDC setting for low data bit rates (git-fixes).
- can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls (git-fixes).
- can: rcar_canfd: Fix page entries in the AFL list (git-fixes).
- can: slcan: allow reception of short error messages (git-fixes).
- can: ucan: fix out of bound read in strscpy() source (git-fixes).
- cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk (stable-fixes).
- cdx: Fix possible UAF error in driver_override_show() (git-fixes).
- char: misc: deallocate static minor in error path (git-fixes).
- char: misc: register chrdev region with all possible minors (git-fixes).
- check-for-config-changes: Fix flag name typo
- cifs: Fix integer overflow while processing actimeo mount option (git-fixes).
- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).
- cifs: Remove intermediate object of failed create reparse call (git-fixes).
- cifs: commands that are retried should have replay flag set (bsc#1231432).
- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).
- cifs: helper function to check replayable error codes (bsc#1231432).
- cifs: new mount option called retrans (bsc#1231432).
- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).
- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).
- cifs: reduce warning log level for server not advertising interfaces (git-fixes).
- cifs: update desired access while requesting for directory lease (git-fixes).
- cifs: update the same create_guid on replay (git-fixes).
- clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes).
- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).
- counter: fix privdata alignment (git-fixes).
- counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes).
- counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes).
- cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856)
- cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707).
- cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856)
- cpufreq/cppc: Move and rename (bsc#1237856)
- cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052)
- cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052)
- cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052)
- cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856)
- cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856)
- cpumask: add cpumask_weight_andnot() (bsc#1239015).
- cpumask: define cleanup function for cpumasks (bsc#1239015).
- crypto: algif_hash - fix double free in hash_accept (git-fixes).
- crypto: atmel-sha204a - Set hwrng quality to lowest possible (git-fixes).
- crypto: caam/qi - Fix drv_ctx refcount bug (git-fixes).
- crypto: ccp - Add support for PCI device 0x1134 (stable-fixes).
- crypto: ccp - Fix check for the primary ASP device (git-fixes).
- crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes).
- crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes).
- crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes).
- crypto: hisilicon/sec2 - fix for sec spec check (git-fixes).
- crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416).
- crypto: iaa - Change desc->priv to 0 (jsc#PED-12416).
- crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416).
- crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416).
- crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416).
- crypto: iaa - Remove header table code (jsc#PED-12416).
- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416).
- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416).
- crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416).
- crypto: iaa - Test the correct request flag (git-fixes).
- crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416).
- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416).
- crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416).
- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416).
- crypto: iaa - remove unneeded semicolon (jsc#PED-12416).
- crypto: nx - Fix uninitialised hv_nxc on error (git-fixes).
- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416).
- crypto: qat - Constify struct pm_status_row (jsc#PED-12416).
- crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416).
- crypto: qat - Fix spelling mistake 'Invalide' -> 'Invalid' (jsc#PED-12416).
- crypto: qat - Fix typo 'accelaration' (jsc#PED-12416).
- crypto: qat - Fix typo (jsc#PED-12416).
- crypto: qat - Remove trailing space after \n newline (jsc#PED-12416).
- crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416).
- crypto: qat - add admin msgs for telemetry (jsc#PED-12416).
- crypto: qat - add auto reset on error (jsc#PED-12416).
- crypto: qat - add bank save and restore flows (jsc#PED-12416).
- crypto: qat - add fatal error notification (jsc#PED-12416).
- crypto: qat - add fatal error notify method (jsc#PED-12416).
- crypto: qat - add heartbeat error simulator (jsc#PED-12416).
- crypto: qat - add interface for live migration (jsc#PED-12416).
- crypto: qat - add support for 420xx devices (jsc#PED-12416).
- crypto: qat - add support for device telemetry (jsc#PED-12416).
- crypto: qat - add support for ring pair level telemetry (jsc#PED-12416).
- crypto: qat - adf_get_etr_base() helper (jsc#PED-12416).
- crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416).
- crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416).
- crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416).
- crypto: qat - disable arbitration before reset (jsc#PED-12416).
- crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416).
- crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416).
- crypto: qat - fix 'Full Going True' macro definition (jsc#PED-12416).
- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416).
- crypto: qat - fix comment structure (jsc#PED-12416).
- crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416).
- crypto: qat - fix recovery flow for VFs (jsc#PED-12416).
- crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416).
- crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416).
- crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416).
- crypto: qat - implement interface for live migration (jsc#PED-12416).
- crypto: qat - improve aer error reset handling (jsc#PED-12416).
- crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416).
- crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416).
- crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416).
- crypto: qat - limit heartbeat notifications (jsc#PED-12416).
- crypto: qat - make adf_ctl_class constant (jsc#PED-12416).
- crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416).
- crypto: qat - move PFVF compat checker to a function (jsc#PED-12416).
- crypto: qat - move fw config related structures (jsc#PED-12416).
- crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416).
- crypto: qat - re-enable sriov after pf reset (jsc#PED-12416).
- crypto: qat - relocate CSR access code (jsc#PED-12416).
- crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416).
- crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416).
- crypto: qat - remove access to parity register for QAT GEN4 (git-fixes).
- crypto: qat - remove unnecessary description from comment (jsc#PED-12416).
- crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416).
- crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416).
- crypto: qat - set parity error mask for qat_420xx (git-fixes).
- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416).
- crypto: qat - update PFVF protocol for recovery (jsc#PED-12416).
- crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416).
- crypto: qat - validate slices count returned by FW (jsc#PED-12416).
- crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416).
- cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path (git-fixes).
- devlink: fix port new reply cmd type (git-fixes).
- dlm: prevent NPD when writing a positive value to event_done (git-fixes).
- dm array: fix cursor index when skipping across block boundaries (git-fixes).
- dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes).
- dm init: Handle minors larger than 255 (git-fixes).
- dm integrity: fix out-of-range warning (git-fixes).
- dm persistent data: fix memory allocation failure (git-fixes).
- dm resume: do not return EINVAL when signalled (git-fixes).
- dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes).
- dm thin: Add missing destroy_work_on_stack() (git-fixes).
- dm-bufio: do not schedule in atomic context (git-fixes).
- dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes).
- dm-crypt: track tag_offset in convert_context (git-fixes).
- dm-delay: fix hung task introduced by kthread mode (git-fixes).
- dm-delay: fix max_delay calculations (git-fixes).
- dm-delay: fix workqueue delay_timer race (git-fixes).
- dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes).
- dm-ebs: fix prefetch-vs-suspend race (git-fixes).
- dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes).
- dm-integrity: align the outgoing bio in integrity_recheck (git-fixes).
- dm-integrity: fix a race condition when accessing recalc_sector (git-fixes).
- dm-integrity: fix a warning on invalid table line (git-fixes).
- dm-integrity: set ti->error on memory allocation failure (git-fixes).
- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes).
- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes).
- dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes).
- dm-verity: fix prefetch-vs-suspend race (git-fixes).
- dm: Fix typo in error message (git-fixes).
- dm: add missing unlock on in dm_keyslot_evict() (git-fixes).
- dm: always update the array size in realloc_argv on success (git-fixes).
- dm: fix copying after src array boundaries (git-fixes).
- dma-buf: insert memory barrier before updating num_fences (git-fixes).
- dma: kmsan: export kmsan_handle_dma() for modules (git-fixes).
- dmaengine: Revert 'dmaengine: dmatest: Fix dmatest waiting less when interrupted' (git-fixes).
- dmaengine: dmatest: Fix dmatest waiting less when interrupted (stable-fixes).
- dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals (git-fixes).
- dmaengine: idxd: Add missing cleanups in cleanup internals (git-fixes).
- dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call (git-fixes).
- dmaengine: idxd: Fix ->poll() return value (git-fixes).
- dmaengine: idxd: Fix allowing write() from different address spaces (git-fixes).
- dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (git-fixes).
- dmaengine: idxd: fix memory leak in error handling path of idxd_alloc (git-fixes).
- dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe (git-fixes).
- dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines (git-fixes).
- dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups (git-fixes).
- dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs (git-fixes).
- dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() (git-fixes).
- dmaengine: mediatek: drop unused variable (git-fixes).
- dmaengine: ti: k3-udma: Add missing locking (git-fixes).
- dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy (git-fixes).
- driver core: Remove needless return in void API device_remove_group() (git-fixes).
- drivers: base: devres: Allow to release group on device release (stable-fixes).
- drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes).
- drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes).
- drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp (stable-fixes).
- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes).
- drm/amd/display: Avoid flooding unnecessary info messages (git-fixes).
- drm/amd/display: Copy AUX read reply data whenever length > 0 (git-fixes).
- drm/amd/display: Correct the reply value when AUX write incomplete (git-fixes).
- drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes).
- drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes).
- drm/amd/display: Fix HPD after gpu reset (stable-fixes).
- drm/amd/display: Fix gpu reset in multidisplay config (git-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes).
- drm/amd/display: Fix slab-use-after-free in hdcp (git-fixes).
- drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes).
- drm/amd/display: Fix the checking condition in dmub aux handling (stable-fixes).
- drm/amd/display: Fix wrong handling for AUX_DEFER case (git-fixes).
- drm/amd/display: Force full update in gpu reset (stable-fixes).
- drm/amd/display: Remove incorrect checking in dmub aux handler (git-fixes).
- drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes).
- drm/amd/display: Shift DMUB AUX reply command if necessary (git-fixes).
- drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes).
- drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes).
- drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes).
- drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes).
- drm/amd/display: more liberal vmin/vmax update for freesync (stable-fixes).
- drm/amd/pm/smu11: Prevent division by zero (git-fixes).
- drm/amd/pm: Prevent division by zero (git-fixes).
- drm/amd: Add Suspend/Hibernate notification callback support (stable-fixes).
- drm/amd: Handle being compiled without SI or CIK support better (stable-fixes).
- drm/amd: Keep display off while going into S4 (stable-fixes).
- drm/amdgpu/dma_buf: fix page_link check (git-fixes).
- drm/amdgpu/gfx11: fix num_mec (git-fixes).
- drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush (git-fixes).
- drm/amdgpu/umsch: declare umsch firmware (git-fixes).
- drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes).
- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes).
- drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes).
- drm/amdgpu: Queue KFD reset workitem in VF FED (stable-fixes).
- drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes).
- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).
- drm/amdgpu: fix pm notifier handling (git-fixes).
- drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() (stable-fixes).
- drm/amdgpu: trigger flr_work if reading pf2vf data failed (stable-fixes).
- drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes).
- drm/amdkfd: Fix mode1 reset crash issue (stable-fixes).
- drm/amdkfd: Fix pqm_destroy_queue race with GPU reset (stable-fixes).
- drm/amdkfd: clamp queue size to minimum (stable-fixes).
- drm/amdkfd: debugfs hang_hws skip GPU with MES (stable-fixes).
- drm/atomic: Filter out redundant DPMS calls (stable-fixes).
- drm/bridge: Fix spelling mistake 'gettin' -> 'getting' (git-fixes).
- drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes).
- drm/bridge: panel: forbid initializing a panel with unknown connector type (stable-fixes).
- drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes).
- drm/dp_mst: Add a helper to queue a topology probe (stable-fixes).
- drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes).
- drm/dp_mst: Fix drm RAD print (git-fixes).
- drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes).
- drm/edid: fixed the bug that hdr metadata was not reset (git-fixes).
- drm/fdinfo: Protect against driver unbind (git-fixes).
- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes).
- drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes).
- drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes).
- drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes).
- drm/i915/dg2: wait for HuC load completion before running selftests (stable-fixes).
- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).
- drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes).
- drm/i915/gvt: fix unterminated-string-initialization warning (stable-fixes).
- drm/i915/huc: Fix fence not released on early probe errors (git-fixes).
- drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions' (git-fixes).
- drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes).
- drm/i915/xelpg: Extend driver code of Xe_LPG to Xe_LPG+ (stable-fixes).
- drm/i915: Disable RPG during live selftest (git-fixes).
- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).
- drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes).
- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes).
- drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off (stable-fixes).
- drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data (stable-fixes).
- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes).
- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes).
- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes).
- drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes).
- drm/msm/dpu: do not use active in atomic_check() (git-fixes).
- drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes).
- drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes).
- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).
- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).
- drm/nouveau: Do not override forced connector status (stable-fixes).
- drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() (git-fixes).
- drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes).
- drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes).
- drm/panel: simple: Update timings for AUO G101EVN010 (git-fixes).
- drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes).
- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes).
- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes).
- drm/repaper: fix integer overflows in repeat functions (git-fixes).
- drm/sched: Fix fence reference count leak (git-fixes).
- drm/sched: Fix preprocessor guard (git-fixes).
- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes).
- drm/ssd130x: ensure ssd132x pitch is correct (git-fixes).
- drm/ssd130x: fix ssd132x encoding (git-fixes).
- drm/sti: remove duplicate object names (git-fixes).
- drm/tests: Add helper to create mock crtc (stable-fixes).
- drm/tests: Add helper to create mock plane (stable-fixes).
- drm/tests: Build KMS helpers when DRM_KUNIT_TEST_HELPERS is enabled (git-fixes).
- drm/tests: cmdline: Fix drm_display_mode memory leak (git-fixes).
- drm/tests: helpers: Add atomic helpers (stable-fixes).
- drm/tests: helpers: Add helper for drm_display_mode_from_cea_vic() (stable-fixes).
- drm/tests: helpers: Create kunit helper to destroy a drm_display_mode (stable-fixes).
- drm/tests: helpers: Fix compiler warning (git-fixes).
- drm/tests: modes: Fix drm_display_mode memory leak (git-fixes).
- drm/tests: probe-helper: Fix drm_display_mode memory leak (git-fixes).
- drm/v3d: Add job to pending list if the reset was skipped (stable-fixes).
- drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes).
- drm/vkms: Fix use after free and double free on init error (git-fixes).
- drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes).
- drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS (git-fixes).
- drm: allow encoder mode_set even when connectors change for crtc (stable-fixes).
- drm: panel-orientation-quirks: Add new quirk for GPD Win 2 (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for AYA NEO Slide (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) (stable-fixes).
- drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB (stable-fixes).
- drm: panel-orientation-quirks: Add support for AYANEO 2S (stable-fixes).
- drm: xlnx: zynqmp: Fix max dma segment size (git-fixes).
- dummycon: fix default rows/cols (git-fixes).
- e1000e: change k1 configuration on MTP and later platforms (git-fixes).
- eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes).
- efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349).
- eth: bnxt: fix missing ring index trim on error path (git-fixes).
- ethtool: Fix context creation with no parameters (git-fixes).
- ethtool: Fix set RXNFC command with symmetric RSS hash (git-fixes).
- ethtool: Fix wrong mod state in case of verbose and no_mask bitset (git-fixes).
- ethtool: do not propagate EOPNOTSUPP from dumps (git-fixes).
- ethtool: fix setting key and resetting indir at once (git-fixes).
- ethtool: netlink: Add missing ethnl_ops_begin/complete (git-fixes).
- ethtool: netlink: do not return SQI value if link is down (git-fixes).
- ethtool: plca: fix plca enable data type while parsing the value (git-fixes).
- ethtool: rss: echo the context number back (git-fixes).
- exfat: do not fallback to buffered write (git-fixes).
- exfat: do not zero the extended part (bsc#1237356).
- exfat: drop ->i_size_ondisk (git-fixes).
- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).
- exfat: fix potential wrong error return from get_block (git-fixes).
- exfat: fix soft lockup in exfat_clear_bitmap (git-fixes).
- exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes).
- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).
- exfat: short-circuit zero-byte writes in exfat_file_write_iter (git-fixes).
- ext4: add missing brelse() for bh2 in ext4_dx_add_entry() (bsc#1242342).
- ext4: correct encrypted dentry name hash when not casefolded (bsc#1242540).
- ext4: do not over-report free space or inodes in statvfs (bsc#1242345).
- ext4: do not treat fhandle lookup of ea_inode as FS corruption (bsc#1242347).
- ext4: fix FS_IOC_GETFSMAP handling (bsc#1240557).
- ext4: goto right label 'out_mmap_sem' in ext4_setattr() (bsc#1242556).
- ext4: make block validity check resistent to sb bh corruption (bsc#1242348).
- ext4: partial zero eof block on unaligned inode size extension (bsc#1242336).
- ext4: protect ext4_release_dquot against freezing (bsc#1242335).
- ext4: replace the traditional ternary conditional operator with with max()/min() (bsc#1242536).
- ext4: treat end of range as exclusive in ext4_zero_range() (bsc#1242539).
- ext4: unify the type of flexbg_size to unsigned int (bsc#1242538).
- fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes).
- fbdev: omapfb: Add 'plane' value check (stable-fixes).
- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).
- fbdev: sm501fb: Add some geometry checks (git-fixes).
- firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes).
- firmware: arm_ffa: Skip Rx buffer ownership release if not acquired (git-fixes).
- firmware: arm_scmi: Balance device refcount when destroying devices (git-fixes).
- firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes).
- firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes).
- firmware: cs_dsp: Remove async regmap writes (git-fixes).
- firmware: imx-scu: fix OF node leak in .probe() (git-fixes).
- flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994).
- fs/jfs: Prevent integer overflow in AG size calculation (git-fixes).
- fs/jfs: cast inactags to s64 to prevent potential overflow (git-fixes).
- fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() (bsc#1241250).
- fs: better handle deep ancestor chains in is_subdir() (bsc#1242528).
- fs: consistently deref the files table with rcu_dereference_raw() (bsc#1242535).
- fs: do not allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT (bsc#1242526).
- fs: support relative paths with FSCONFIG_SET_STRING (git-fixes).
- gpio: aggregator: protect driver attr handlers against module unload (git-fixes).
- gpio: rcar: Fix missing of_node_put() call (git-fixes).
- gpio: rcar: Use raw_spinlock to protect register access (stable-fixes).
- gpio: tegra186: fix resource handling in ACPI probe path (git-fixes).
- gpio: zynq: Fix wakeup source leaks on device unbind (stable-fixes).
- gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes).
- gup: make the stack expansion warning a bit more targeted (bsc#1238214).
- gve: handle overflow when reporting TX consumed descriptors (git-fixes).
- gve: set xdp redirect target only when it is available (git-fixes).
- hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key (git-fixes).
- hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (git-fixes).
- hv_netvsc: Remove rmsg_pgcnt (git-fixes).
- hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (git-fixes).
- hwmon: (ad7314) Validate leading zero bits and return error (git-fixes).
- hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes).
- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes).
- hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes).
- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes).
- i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes).
- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes).
- i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes).
- i2c: cros-ec-tunnel: defer probe if parent EC is not present (git-fixes).
- i2c: designware: Fix an error handling path in i2c_dw_pci_probe() (git-fixes).
- i2c: imx-lpi2c: Fix clock count when probe defers (git-fixes).
- i2c: ls2x: Fix frequency division register access (git-fixes).
- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).
- i2c: omap: fix IRQ storms (git-fixes).
- i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes).
- i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes).
- i3c: master: svc: Fix missing the IBI rules (git-fixes).
- i3c: master: svc: Use readsb helper for reading MDB (git-fixes).
- ice: Add check for devm_kzalloc() (git-fixes).
- ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() (git-fixes).
- ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518).
- ice: fix reservation of resources for RDMA when disabled (git-fixes).
- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).
- ice: stop truncating queue ids when checking (git-fixes).
- idpf: check error for register_netdev() on init (git-fixes).
- idpf: fix adapter NULL pointer dereference on reboot (git-fixes).
- idpf: fix offloads support for encapsulated packets (git-fixes).
- idpf: fix potential memory leak on kcalloc() failure (git-fixes).
- idpf: protect shutdown from reset (git-fixes).
- igb: reject invalid external timestamp requests for 82580-based HW (git-fixes).
- igc: add lock preventing multiple simultaneous PTM transactions (git-fixes).
- igc: cleanup PTP module if probe fails (git-fixes).
- igc: fix PTM cycle trigger logic (git-fixes).
- igc: fix lock order in igc_ptp_reset (git-fixes).
- igc: handle the IGC_PTP_ENABLED flag correctly (git-fixes).
- igc: increase wait time before retrying PTM (git-fixes).
- igc: move ktime snapshot into PTM retry loop (git-fixes).
- iio: accel: adxl367: fix setting odr for activity time update (git-fixes).
- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes).
- iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes).
- iio: adc: ad4130: Fix comparison of channel setups (git-fixes).
- iio: adc: ad7124: Fix comparison of channel configs (git-fixes).
- iio: adc: ad7606: fix serial register access (git-fixes).
- iio: adc: ad7768-1: Fix conversion result sign (git-fixes).
- iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check (stable-fixes).
- iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes).
- iio: adis16201: Correct inclinometer channel resolution (git-fixes).
- iio: dac: ad3552r: clear reset status flag (git-fixes).
- iio: filter: admv8818: Force initialization of SDO (git-fixes).
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo (git-fixes).
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo (git-fixes).
- iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer (git-fixes).
- include/linux/mmzone.h: clean up watermark accessors (bsc#1239600).
- include: net: add static inline dst_dev_overhead() to dst.h (git-fixes).
- inetpeer: remove create argument of inet_getpeer_v() (git-fixes).
- inetpeer: update inetpeer timestamp in inet_getpeer() (git-fixes).
- init: add initramfs_internal.h (bsc#1232848).
- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).
- initramfs: allocate heap buffers together (bsc#1232848).
- initramfs: fix hardlink hash leak without TRAILER (bsc#1232848).
- intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes).
- intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes).
- intel_th: pci: Add Arrow Lake support (stable-fixes).
- intel_th: pci: Add Panther Lake-H support (stable-fixes).
- intel_th: pci: Add Panther Lake-P/U support (stable-fixes).
- ioam6: improve checks on user data (git-fixes).
- iommu/vt-d: Fix suspicious RCU usage (git-fixes).
- iommu: Fix two issues in iommu_copy_struct_from_user() (git-fixes).
- ipv4/route: avoid unused-but-set-variable warning (git-fixes).
- ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR) (git-fixes).
- ipv4: Convert icmp_route_lookup() to dscp_t (git-fixes).
- ipv4: Fix incorrect source address in Record Route option (git-fixes).
- ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family (git-fixes).
- ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994).
- ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr (git-fixes).
- ipv4: fix source address selection with route leak (git-fixes).
- ipv4: give an IPv4 dev to blackhole_netdev (git-fixes).
- ipv4: icmp: Pass full DS field to ip_route_input() (git-fixes).
- ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() (git-fixes).
- ipv4: ip_gre: Fix drops of small packets in ipgre_xmit (git-fixes).
- ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit() (git-fixes).
- ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev() (git-fixes).
- ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit() (git-fixes).
- ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid (git-fixes).
- ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels (git-fixes).
- ipv4: use RCU protection in inet_select_addr() (bsc#1239994).
- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994).
- ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994).
- ipv4: use RCU protection in rt_is_expired() (bsc#1239994).
- ipv6: Align behavior across nexthops during path selection (git-fixes).
- ipv6: Do not consider link down nexthops in path selection (git-fixes).
- ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes).
- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes).
- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes).
- ipv6: Start path selection from the first nexthop (git-fixes).
- ipv6: Use RCU in ip6_input() (bsc#1239994).
- ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes).
- ipv6: avoid atomic fragment on GSO packets (git-fixes).
- ipv6: fib6_rules: flush route cache when rule is changed (git-fixes).
- ipv6: fib: hide unused 'pn' variable (git-fixes).
- ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes).
- ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS (git-fixes).
- ipv6: fix potential NULL deref in fib6_add() (git-fixes).
- ipv6: icmp: convert to dev_net_rcu() (bsc#1239994).
- ipv6: introduce dst_rt6_info() helper (git-fixes).
- ipv6: ioam: block BH from ioam6_output() (git-fixes).
- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes).
- ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).
- ipv6: sr: add missing seg6_local_exit (git-fixes).
- ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes).
- ipv6: take care of scope when choosing the src addr (git-fixes).
- irqchip/davinci: Remove leftover header (git-fixes).
- irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (git-fixes).
- irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs (git-fixes).
- isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (bsc#1242307).
- jbd2: add a missing data flush during file and fs synchronization (bsc#1242346).
- jbd2: fix off-by-one while erasing journal (bsc#1242344).
- jbd2: flush filesystem device before updating tail sequence (bsc#1242333).
- jbd2: increase IO priority for writing revoke records (bsc#1242332).
- jbd2: increase the journal IO's priority (bsc#1242537).
- jbd2: remove wrong sb->s_sequence check (bsc#1242343).
- jfs: Fix uninit-value access of imap allocated in the diMount() function (git-fixes).
- jfs: Prevent copying of nlink with value 0 from disk inode (git-fixes).
- jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes).
- jfs: add check read-only before txBeginAnon() call (git-fixes).
- jfs: add index corruption check to DT_GETPAGE() (git-fixes).
- jfs: add sanity check for agwidth in dbMount (git-fixes).
- jfs: fix slab-out-of-bounds read in ea_get() (git-fixes).
- jfs: reject on-disk inodes of an unsupported type (git-fixes).
- jiffies: Cast to unsigned long in secs_to_jiffies() conversion (bsc#1242993).
- jiffies: Define secs_to_jiffies() (bsc#1242993).
- kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes)
- kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).
- kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).
- kABI fix for netlink: terminate outstanding dump on socket close (git-fixes).
- kABI fix for sctp: detect and prevent references to a freed transport in sendmsg (git-fixes).
- kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes).
- kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes).
- kABI workaround for intel-ish-hid (git-fixes).
- kABI workaround for powercap update (bsc#1241010).
- kABI workaround for soc_mixer_control changes (git-fixes).
- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).
- kbuild: hdrcheck: fix cross build with clang (git-fixes).
- kernel-binary: Support livepatch_rt with merged RT branch
- kernel-obs-qa: Use srchash for dependency as well
- kernel-source: Also replace bin/env
- ktest: Fix Test Failures Due to Missing LOG_FILE Directories (stable-fixes).
- kunit: qemu_configs: SH: Respect kunit cmdline (git-fixes).
- kunit: qemu_configs: sparc: use Zilog console (git-fixes).
- l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes).
- l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes).
- l2tp: fix lockdep splat (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes).
- lib: 842: Improve error handling in sw842_compress() (git-fixes).
- lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes).
- libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Rename perf_cpu_map__default_new() to perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309).
- lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes).
- loop: Add sanity check for read/write_iter (git-fixes).
- loop: LOOP_SET_FD: send uevents for partitions (git-fixes).
- loop: aio inherit the ioprio of original request (git-fixes).
- loop: do not require ->write_iter for writable files in loop_configure (git-fixes).
- loop: properly send KOBJ_CHANGED uevent for disk device (git-fixes).
- loop: stop using vfs_iter_{read,write} for buffered I/O (git-fixes).
- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).
- md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes).
- md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb (bsc#1238212).
- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).
- md/md-cluster: fix spares warnings for __le64 (git-fixes).
- md/raid0: do not free conf on raid0_run failure (git-fixes).
- md/raid1,raid10: do not ignore IO flags (git-fixes).
- md/raid10: fix missing discard IO accounting (git-fixes).
- md/raid10: wait barrier before returning discard request with REQ_NOWAIT (git-fixes).
- md/raid1: Add check for missing source disk in process_checks() (git-fixes).
- md/raid1: do not free conf on raid0_run failure (git-fixes).
- md/raid1: fix memory leak in raid1_run() if no active rdev (git-fixes).
- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).
- md/raid5: implement pers->bitmap_sector() (git-fixes).
- md: Do not flush sync_work in md_write_start() (git-fixes).
- md: add a new callback pers->bitmap_sector() (git-fixes).
- md: convert comma to semicolon (git-fixes).
- md: ensure resync is prioritized over recovery (git-fixes).
- md: fix mddev uaf while iterating all_mddevs list (git-fixes).
- md: preserve KABI in struct md_personality v2 (git-fixes).
- mdacon: rework dependency list (git-fixes).
- media: i2c: adv748x: Fix test pattern selection mask (git-fixes).
- media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes).
- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes).
- media: i2c: ov7251: Set enable GPIO low in probe (git-fixes).
- media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes).
- media: platform: stm32: Add check for clk_enable() (git-fixes).
- media: siano: Fix error handling in smsdvb_module_init() (git-fixes).
- media: streamzap: fix race between device disconnection and urb callback (git-fixes).
- media: streamzap: prevent processing IR data on URB failure (git-fixes).
- media: uvcvideo: Add quirk for Actions UVC05 (stable-fixes).
- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes).
- media: venus: hfi: add a check to handle OOB in sfr region (git-fixes).
- media: venus: hfi: add check to handle incorrect queue size (git-fixes).
- media: venus: hfi_parser: add check to avoid out of bound access (git-fixes).
- media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes).
- media: verisilicon: HEVC: Initialize start_bit field (git-fixes).
- media: videobuf2: Add missing doc comment for waiting_in_dqbuf (git-fixes).
- media: vim2m: print device name after registering device (git-fixes).
- media: visl: Fix ERANGE error when setting enum controls (git-fixes).
- mei: me: add panther lake H DID (stable-fixes).
- mei: me: add panther lake P DID (stable-fixes).
- memblock tests: fix warning: '__ALIGN_KERNEL' redefined (git-fixes).
- memory: mtk-smi: Add ostd setting for mt8192 (git-fixes).
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes).
- mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes).
- mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes).
- mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes).
- mfd: syscon: Fix race in device_node_get_regmap() (git-fixes).
- mfd: syscon: Remove extern from function prototypes (stable-fixes).
- mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes).
- misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration (git-fixes).
- misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack (git-fixes).
- mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600).
- mm/readahead: fix large folio support in async readahead (bsc#1242321).
- mm: accept to promo watermark (bsc#1239600).
- mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600).
- mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600).
- mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT (bsc#1242326).
- mm: fix filemap_get_folios_contig returning batches of identical folios (bsc#1242327).
- mm: fix oops when filemap_map_pmd() without prealloc_pte (bsc#1242546).
- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)
- mm: zswap: move allocations during CPU init outside the lock (git-fixes).
- mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes).
- mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves (stable-fixes).
- mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes).
- mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe (git-fixes).
- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes).
- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes).
- mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes).
- mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN (git-fixes).
- mptcp: refine opt_mp_capable determination (git-fixes).
- mptcp: relax check on MPC passive fallback (git-fixes).
- mptcp: strict validation before using mp_opt->hmac (git-fixes).
- mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req() (git-fixes).
- mtd: Add check for devm_kcalloc() (git-fixes).
- mtd: Replace kcalloc() with devm_kcalloc() (git-fixes).
- mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes).
- mtd: nand: Fix a kdoc comment (git-fixes).
- mtd: phram: Add the kernel lock down check (bsc#1232649).
- mtd: rawnand: Add status chack in r852_ready() (git-fixes).
- mtd: rawnand: brcmnand: fix PM resume warning (git-fixes).
- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994).
- ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994).
- neighbour: delete redundant judgment statements (git-fixes).
- net l2tp: drop flow hash on forward (git-fixes).
- net/handshake: Fix handshake_req_destroy_test1 (git-fixes).
- net/handshake: Fix memory leak in __sock_create() and sock_alloc_file() (git-fixes).
- net/ipv6: Fix route deleting failure when metric equals 0 (git-fixes).
- net/ipv6: Fix the RT cache flush via sysctl using a previous delay (git-fixes).
- net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged (git-fixes).
- net/mlx5: E-Switch, Initialize MAC Address for Default GID (git-fixes).
- net/mlx5: E-switch, Fix error handling for enabling roce (git-fixes).
- net/mlx5: Fill out devlink dev info only for PFs (git-fixes).
- net/mlx5: IRQ, Fix null string in debug print (git-fixes).
- net/mlx5: Lag, Check shared fdb before creating MultiPort E-Switch (git-fixes).
- net/mlx5: Start health poll after enable hca (git-fixes).
- net/mlx5e: Disable MACsec offload for uplink representor profile (git-fixes).
- net/mlx5e: Fix ethtool -N flow-type ip4 to RSS context (git-fixes).
- net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (git-fixes).
- net/mlx5e: SHAMPO, Make reserved size independent of page size (git-fixes).
- net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes).
- net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes).
- net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes).
- net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes).
- net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes).
- net/sched: flower: Add lock protection when remove filter handle (git-fixes).
- net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes).
- net/sched: tbf: correct backlog statistic for GSO packets (git-fixes).
- net/tcp: refactor tcp_inet6_sk() (git-fixes).
- net: Add non-RCU dev_getbyhwaddr() helper (git-fixes).
- net: Clear old fragment checksum value in napi_reuse_skb (git-fixes).
- net: Fix undefined behavior in netdev name allocation (bsc#1233749).
- net: Handle napi_schedule() calls from non-interrupt (git-fixes).
- net: Implement missing SO_TIMESTAMPING_NEW cmsg support (git-fixes).
- net: Remove acked SYN flag from packet in the transmit queue correctly (git-fixes).
- net: add dev_net_rcu() helper (bsc#1239994).
- net: annotate data-races around sk->sk_dst_pending_confirm (git-fixes).
- net: annotate data-races around sk->sk_tx_queue_mapping (git-fixes).
- net: avoid UAF on deleted altname (bsc#1233749).
- net: blackhole_dev: fix build warning for ethh set but not used (git-fixes).
- net: check for altname conflicts when changing netdev's netns (bsc#1233749).
- net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes).
- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).
- net: do not dump stack on queue timeout (git-fixes).
- net: do not send a MOVE event when netdev changes netns (bsc#1233749).
- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).
- net: ethtool: Do not call .cleanup_data when prepare_data fails (git-fixes).
- net: ethtool: Fix RSS setting (git-fixes).
- net: fix ifname in netlink ntf during netns move (bsc#1233749).
- net: fix removing a namespace with conflicting altnames (bsc#1233749).
- net: free altname using an RCU callback (bsc#1233749).
- net: gro: parse ipv6 ext headers without frag0 invalidation (git-fixes).
- net: ipv6: fix UDPv6 GSO segmentation with NAT (git-fixes).
- net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes).
- net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes).
- net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes).
- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes).
- net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes).
- net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes).
- net: ipv6: ioam6: code alignment (git-fixes).
- net: ipv6: ioam6: fix lwtunnel_output() loop (git-fixes).
- net: ipv6: ioam6: new feature tunsrc (git-fixes).
- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes).
- net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes).
- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes).
- net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).
- net: loopback: Avoid sending IP packets without an Ethernet header (git-fixes).
- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).
- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).
- net: mana: Allow variable size indirection table (bsc#1239016).
- net: mana: Assigning IRQ affinity on HT cores (bsc#1239015).
- net: mana: Avoid open coded arithmetic (bsc#1239016).
- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015).
- net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015).
- net: mana: Support holes in device list reply msg (git-fixes).
- net: mana: Switch to page pool for jumbo frames (git-fixes).
- net: mana: add a function to spread IRQs per CPUs (bsc#1239015).
- net: mana: cleanup mana struct after debugfs_remove() (git-fixes).
- net: mark racy access on sk->sk_rcvbuf (git-fixes).
- net: move altnames together with the netdevice (bsc#1233749).
- net: phy: leds: fix memory leak (git-fixes).
- net: phy: microchip: force IRQ polling mode for lan88xx (git-fixes).
- net: qede: Initialize qede_ll_ops with designated initializer (git-fixes).
- net: reduce indentation of __dev_alloc_name() (bsc#1233749).
- net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets (git-fixes).
- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).
- net: remove else after return in dev_prep_valid_name() (bsc#1233749).
- net: sctp: fix skb leak in sctp_inq_free() (git-fixes).
- net: set SOCK_RCU_FREE before inserting socket into hashtable (git-fixes).
- net: set the minimum for net_hotdata.netdev_budget_usecs (git-fixes).
- net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension (git-fixes).
- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).
- net: usb: asix_devices: add FiberGecko DeviceID (stable-fixes).
- net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes).
- net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes).
- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480).
- net: use unrcu_pointer() helper (git-fixes).
- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes).
- net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes).
- net_sched: drr: Fix double list add in class with netem as child qdisc (git-fixes).
- net_sched: ets: Fix double list add in class with netem as child qdisc (git-fixes).
- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (git-fixes).
- net_sched: qfq: Fix double list add in class with netem as child qdisc (git-fixes).
- net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes).
- net_sched: sch_sfq: handle bigger packets (git-fixes).
- netdev-genl: avoid empty messages in queue dump (git-fixes).
- netdev: fix repeated netlink messages in queue dump (git-fixes).
- netlink: annotate data-races around sk->sk_err (git-fixes).
- netpoll: Ensure clean state on setup failures (git-fixes).
- netpoll: Use rcu_access_pointer() in netpoll_poll_lock (git-fixes).
- nfs: add missing selections of CONFIG_CRC32 (git-fixes).
- nfs: clear SB_RDONLY before getting superblock (bsc#1238565).
- nfs: handle failure of nfs_get_lock_context in unlock path (git-fixes).
- nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565).
- nfsd: add list_head nf_gc to struct nfsd_file (git-fixes).
- nfsd: clear acl_access/acl_default after releasing them (git-fixes).
- nfsd: decrease sc_count directly if fail to queue dl_recall (git-fixes).
- nfsd: put dl_stid if fail to queue dl_recall (git-fixes).
- nilfs2: add pointer check for nilfs_direct_propagate() (git-fixes).
- nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() (git-fixes).
- ntb: Force physically contiguous allocation of rx ring buffers (git-fixes).
- ntb: intel: Fix using link status DB's (git-fixes).
- ntb: reduce stack usage in idt_scan_mws (stable-fixes).
- ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes).
- ntb_hw_amd: Add NTB PCI ID for new gen CPU (stable-fixes).
- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes).
- ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes).
- ntb_perf: Fix printk format (git-fixes).
- nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649).
- nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649).
- nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649).
- nvme-fc: use ctrl state getter (git-fixes).
- nvme-ioctl: fix leaked requests on mapping error (git-fixes).
- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).
- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).
- nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable (git-fixes bsc#1223096).
- nvme-pci: add quirk for Samsung PM173x/PM173xa disk (bsc#1241148).
- nvme-pci: clean up CMBMSC when registering CMB fails (git-fixes).
- nvme-pci: fix queue unquiesce check on slot_reset (git-fixes).
- nvme-pci: fix stuck reset on concurrent DPC and HP (git-fixes).
- nvme-pci: make nvme_pci_npages_prp() __always_inline (git-fixes).
- nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes).
- nvme-pci: remove stale comment (git-fixes).
- nvme-pci: skip CMB blocks incompatible with PCI P2P DMA (git-fixes).
- nvme-pci: skip nvme_write_sq_db on empty rqlist (git-fixes).
- nvme-tcp: Fix a C2HTermReq error message (git-fixes).
- nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes).
- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).
- nvme-tcp: fix possible UAF in nvme_tcp_poll (git-fixes).
- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes).
- nvme-tcp: fix premature queue removal and I/O failover (git-fixes).
- nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes).
- nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS (git-fixes).
- nvme/ioctl: add missing space in err message (git-fixes).
- nvme/ioctl: do not warn on vectorized uring_cmd with fixed buffer (git-fixes).
- nvme: Add 'partial_nid' quirk (bsc#1241148).
- nvme: Add warning when a partiually unique NID is detected (bsc#1241148).
- nvme: fixup scan failure for non-ANA multipath controllers (git-fixes).
- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).
- nvme: introduce nvme_disk_is_ns_head helper (git-fixes).
- nvme: make nvme_tls_attrs_group static (git-fixes).
- nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes).
- nvme: move passthrough logging attribute to head (git-fixes).
- nvme: multipath: fix return value of nvme_available_path (git-fixes).
- nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649).
- nvme: re-read ANA log page after ns scan completes (git-fixes).
- nvme: requeue namespace scan on missed AENs (git-fixes).
- nvme: tcp: Fix compilation warning with W=1 (git-fixes).
- nvme: unblock ctrl state transition for firmware update (git-fixes).
- nvmet-fc: Remove unused functions (git-fixes).
- nvmet-fc: inline nvmet_fc_delete_assoc (git-fixes).
- nvmet-fc: inline nvmet_fc_free_hostport (git-fixes).
- nvmet-fc: put ref when assoc->del_work is already scheduled (git-fixes).
- nvmet-fc: take tgtport reference only once (git-fixes).
- nvmet-fc: update tgtport ref per assoc (git-fixes).
- nvmet-fcloop: Remove remote port from list when unlinking (git-fixes).
- nvmet-fcloop: add ref counting to lport (git-fixes).
- nvmet-fcloop: replace kref with refcount (git-fixes).
- nvmet-fcloop: swap list_add_tail arguments (git-fixes).
- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes).
- nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes).
- nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS (git-fixes).
- nvmet: Fix crash when a namespace is disabled (git-fixes).
- nvmet: remove old function prototype (git-fixes).
- objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes).
- objtool, panic: Disable SMAP in __stack_chk_fail() (bsc#1243963).
- objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes).
- objtool: Fix segfault in ignore_unreachable_insn() (git-fixes).
- ocfs2: check dir i_size in ocfs2_find_entry (git-fixes).
- ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes).
- ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).
- ocfs2: handle a symlink read error correctly (git-fixes).
- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes).
- ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes).
- octeontx2-pf: qos: fix VF root node parent queue index (git-fixes).
- orangefs: fix a oob in orangefs_debug_write (git-fixes).
- packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251).
- packaging: Turn gcc version into config.sh variable Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).')
- padata: do not leak refcount in reorder_work (git-fixes).
- padata: fix sysfs store callback check (git-fixes).
- partitions: mac: fix handling of bogus partition table (git-fixes).
- perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).
- perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).
- perf tools: annotate asm_pure_loop.S (bsc#1239906).
- perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309).
- perf: arm_cspmu: nvidia: enable NVLINK-C2C port filtering (bsc#1242172)
- perf: arm_cspmu: nvidia: fix sysfs path in the kernel doc (bsc#1242172)
- perf: arm_cspmu: nvidia: monitor all ports by default (bsc#1242172)
- perf: arm_cspmu: nvidia: remove unsupported SCF events (bsc#1242172)
- phy: Fix error handling in tegra_xusb_port_init (git-fixes).
- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).
- phy: freescale: imx8m-pcie: assert phy reset and perst in power off (git-fixes).
- phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind (git-fixes).
- phy: renesas: rcar-gen3-usb2: Set timing registers only once (git-fixes).
- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).
- phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking (git-fixes).
- phy: tegra: xusb: remove a stray unlock (git-fixes).
- phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes).
- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes).
- pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes).
- pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes).
- pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes).
- pinctrl: renesas: rza2: Fix potential NULL pointer dereference (stable-fixes).
- pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes).
- pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes).
- platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) (git-fixes).
- platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles (stable-fixes).
- platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug (git-fixes).
- platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes).
- platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes).
- platform/x86: ISST: Correct command storage data length (git-fixes).
- platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection (git-fixes).
- platform/x86: dell-ddv: Fix temperature calculation (git-fixes).
- platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() (git-fixes).
- platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes).
- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes).
- platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes).
- platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes).
- pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes).
- pnfs/flexfiles: retry getting layout segment for reads (git-fixes).
- power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes).
- powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes).
- powercap: intel_rapl: Fix locking in TPMI RAPL (git-fixes).
- powercap: intel_rapl: Introduce APIs for PMU support (bsc#1241010).
- powercap: intel_rapl_tpmi: Enable PMU support (bsc#1241010).
- powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes).
- powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes).
- powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes).
- powerpc/boot: Check for ld-option support (bsc#1215199).
- powerpc/boot: Fix dash warning (bsc#1215199).
- powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573).
- powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573).
- powerpc/pseries/iommu: create DDW for devices with DMA mask less than 64-bits (bsc#1239691 bsc#1243044 ltc#212555).
- powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055).
- powerpc: Do not use --- in kernel logs (git-fixes).
- powerpc: Stop using no_llseek (bsc#1239573).
- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).
- pwm: fsl-ftm: Handle clk_get_rate() returning 0 (git-fixes).
- pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() (git-fixes).
- pwm: rcar: Improve register calculation (git-fixes).
- qibfs: fix _another_ leak (git-fixes)
- rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes).
- rapidio: fix an API misues when rio_add_net() fails (git-fixes).
- rcu/tasks-trace: Handle new PF_IDLE semantics (git-fixes)
- rcu/tasks: Handle new PF_IDLE semantics (git-fixes)
- rcu: Break rcu_node_0 --> &rq->__lock order (git-fixes)
- rcu: Introduce rcu_cpu_online() (git-fixes)
- regulator: check that dummy regulator has been probed before using it (stable-fixes).
- regulator: core: Fix deadlock in create_regulator() (git-fixes).
- regulator: dummy: force synchronous probing (git-fixes).
- regulator: max20086: fix invalid memory access (git-fixes).
- rndis_host: Flag RNDIS modems as WWAN devices (git-fixes).
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN
- rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038).
- rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986).
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- rpm/package-descriptions: Add rt and rt_debug descriptions
- rpm/release-projects: Update the ALP projects again (bsc#1231293).
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- rtc: pcf85063: do a SW reset if POR failed (stable-fixes).
- rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013).
- s390/bpf: Store backchain even for leaf progs (git-fixes bsc#1243805).
- s390/cio: Fix CHPID 'configure' attribute caching (git-fixes bsc#1240979).
- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).
- s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978).
- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).
- s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594).
- s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595).
- sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743).
- sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052)
- scsi: Improve CDL control (git-fixes).
- scsi: core: Clear driver private data when retrying request (git-fixes).
- scsi: core: Clear flags for scsi_cmnd that did not complete (git-fixes).
- scsi: core: Do not retry I/Os during depopulation (git-fixes).
- scsi: core: Handle depopulation and restoration in progress (git-fixes).
- scsi: core: Use GFP_NOIO to avoid circular locking dependency (git-fixes).
- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).
- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).
- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).
- scsi: hisi_sas: Enable force phy when SATA disk directly connected (git-fixes).
- scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes (git-fixes).
- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).
- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).
- scsi: iscsi: Fix missing scsi_host_put() in error path (git-fixes).
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).
- scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (bsc#1242993).
- scsi: lpfc: Convert timeouts to secs_to_jiffies() (bsc#1242993).
- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).
- scsi: lpfc: Copyright updates for 14.4.0.9 patches (bsc#1242993).
- scsi: lpfc: Create lpfc_vmid_info sysfs entry (bsc#1242993).
- scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands (bsc#1242993).
- scsi: lpfc: Fix spelling mistake 'Toplogy' -> 'Topology' (bsc#1242993).
- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).
- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).
- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).
- scsi: lpfc: Notify FC transport of rport disappearance during PCI fcn reset (bsc#1242993).
- scsi: lpfc: Prevent failure to reregister with NVMe transport after PRLI retry (bsc#1242993).
- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).
- scsi: lpfc: Restart eratt_poll timer if HBA_SETUP flag still unset (bsc#1242993).
- scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag (git-fixes).
- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).
- scsi: lpfc: Update lpfc version to 14.4.0.9 (bsc#1242993).
- scsi: lpfc: Use memcpy() for BIOS version (bsc#1240966).
- scsi: lpfc: convert timeouts to secs_to_jiffies() (bsc#1242993).
- scsi: megaraid_sas: Block zero-length ATA VPD inquiry (git-fixes).
- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).
- scsi: mpi3mr: Fix locking in an error path (git-fixes).
- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).
- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).
- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).
- scsi: mpt3sas: Fix a locking bug in an error path (git-fixes).
- scsi: mpt3sas: Reduce log level of ignore_delay_remove message to KERN_INFO (git-fixes).
- scsi: myrb: Remove dead code (git-fixes).
- scsi: pm80xx: Set phy_attached to zero when device is gone (git-fixes).
- scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).
- scsi: qla2xxx: Fix typos in a comment (bsc#1243090).
- scsi: qla2xxx: Mark device strings as nonstring (bsc#1243090).
- scsi: qla2xxx: Remove duplicate struct crb_addr_pair (bsc#1243090).
- scsi: qla2xxx: Remove unused module parameters (bsc#1243090).
- scsi: qla2xxx: Remove unused ql_log_qp (bsc#1243090).
- scsi: qla2xxx: Remove unused qla2x00_gpsc() (bsc#1243090).
- scsi: qla2xxx: Remove unused qla82xx_pci_region_offset() (bsc#1243090).
- scsi: qla2xxx: Remove unused qla82xx_wait_for_state_change() (bsc#1243090).
- scsi: qla2xxx: Remove unused qlt_83xx_iospace_config() (bsc#1243090).
- scsi: qla2xxx: Remove unused qlt_fc_port_deleted() (bsc#1243090).
- scsi: qla2xxx: Remove unused qlt_free_qfull_cmds() (bsc#1243090).
- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).
- scsi: scsi_debug: Remove a reference to in_use_bm (git-fixes).
- scsi: sg: Enable runtime power management (git-fixes).
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).
- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).
- sctp: Fix undefined behavior in left shift operation (git-fixes).
- sctp: add mutual exclusion in proc_sctp_do_udp_port() (git-fixes).
- sctp: detect and prevent references to a freed transport in sendmsg (git-fixes).
- sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start (git-fixes).
- sctp: fix association labeling in the duplicate COOKIE-ECHO case (git-fixes).
- sctp: fix busy polling (git-fixes).
- sctp: prefer struct_size over open coded arithmetic (git-fixes).
- sctp: support MSG_ERRQUEUE flag in recvmsg() (git-fixes).
- security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375).
- selftests/bpf: Add a few tests to cover (git-fixes).
- selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes).
- selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes).
- selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes).
- selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes).
- selftests/bpf: add fp-leaking precise subprog result tests (git-fixes).
- selftests/bpf: extend changes_pkt_data with cases w/o subprograms (bsc#1241590).
- selftests/bpf: freplace tests for tracking of changes_packet_data (bsc#1241590).
- selftests/bpf: test for changing packet data from global functions (bsc#1241590).
- selftests/bpf: validate that tail call invalidates packet pointers (bsc#1241590).
- selftests/futex: futex_waitv wouldblock test should fail (git-fixes).
- selftests/mm/cow: fix the incorrect error handling (git-fixes).
- selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test (bsc#1242203).
- selftests/mm: generate a temporary mountpoint for cgroup filesystem (git-fixes).
- selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes).
- selftests: mptcp: close fd_in before returning in main_loop (git-fixes).
- selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes).
- selinux: Implement mptcp_add_subflow hook (bsc#1240375).
- seq_file: add helper macro to define attribute for rw file (jsc#PED-12416).
- serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes).
- serial: msm: Configure correct working mode before starting earlycon (git-fixes).
- serial: sifive: lock port in startup()/shutdown() callbacks (git-fixes).
- series.conf: temporarily disable patches.suse/md-md-bitmap-fix-writing-non-bitmap-pages-ab99.patch (bsc#1238212)
- slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes).
- smb3: fix creating FIFOs when mounting with 'sfu' mount option (git-fixes).
- smb3: request handle caching when caching directories (bsc#1231432).
- smb3: retrying on failed server close (bsc#1231432).
- smb: cached directories can be more than root file handle (bsc#1231432).
- smb: cilent: set reparse mount points as automounts (git-fixes).
- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).
- smb: client: Fix minor whitespace errors and warnings (git-fixes).
- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).
- smb: client: add support for WSL reparse points (git-fixes).
- smb: client: allow creating special files via reparse points (git-fixes).
- smb: client: allow creating symlinks via reparse points (git-fixes).
- smb: client: cleanup smb2_query_reparse_point() (git-fixes).
- smb: client: destroy cfid_put_wq on module exit (git-fixes).
- smb: client: do not query reparse points twice on symlinks (git-fixes).
- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).
- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).
- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).
- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).
- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).
- smb: client: fix folio leaks and perf improvements (bsc#1239997, bsc1241265).
- smb: client: fix hardlinking of reparse points (git-fixes).
- smb: client: fix missing mode bits for SMB symlinks (git-fixes).
- smb: client: fix open_cached_dir retries with 'hard' mount option (bsc#1240616).
- smb: client: fix possible double free in smb2_set_ea() (git-fixes).
- smb: client: fix potential broken compound request (git-fixes).
- smb: client: fix renaming of reparse points (git-fixes).
- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).
- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).
- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).
- smb: client: handle path separator of created SMB symlinks (git-fixes).
- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).
- smb: client: ignore unhandled reparse tags (git-fixes).
- smb: client: implement ->query_reparse_point() for SMB1 (git-fixes).
- smb: client: instantiate when creating SFU files (git-fixes).
- smb: client: introduce ->parse_reparse_point() (git-fixes).
- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).
- smb: client: introduce cifs_sfu_make_node() (git-fixes).
- smb: client: introduce reparse mount option (git-fixes).
- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).
- smb: client: move most of reparse point handling code to common file (git-fixes).
- smb: client: move some params to cifs_open_info_data (bsc#1231432).
- smb: client: optimise reparse point querying (git-fixes).
- smb: client: parse owner/group when creating reparse points (git-fixes).
- smb: client: parse reparse point flag in create response (bsc#1231432).
- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).
- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).
- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).
- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).
- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).
- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).
- smb: client: retry compound request without reusing lease (git-fixes).
- smb: client: return reparse type in /proc/mounts (git-fixes).
- smb: client: reuse file lease key in compound operations (git-fixes).
- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).
- smb: client: set correct file type from NFS reparse points (git-fixes).
- smb: client: stop revalidating reparse points unnecessarily (git-fixes).
- smb: use kernel_connect() and kernel_bind() (git-fixes).
- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).
- soc: imx8m: Remove global soc_uid (stable-fixes).
- soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes).
- soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes).
- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).
- soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes).
- soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes).
- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).
- soc: qcom: pdr: Fix the potential deadlock (git-fixes).
- soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes).
- sound/virtio: Fix cancel_sync warnings on uninitialized work_structs (stable-fixes).
- soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes).
- spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes).
- spi: loopback-test: Do not split 1024-byte hexdumps (git-fixes).
- spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes).
- spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes).
- spi: spi-fsl-dspi: Halt the module after a new message transfer (git-fixes).
- spi: spi-fsl-dspi: Reset SR flags before sending a new message (git-fixes).
- spi: spi-fsl-dspi: restrict register range for regmap access (git-fixes).
- spi: tegra114: Do not fail set_cs_timing when delays are zero (git-fixes).
- spi: tegra114: Use value to check for invalid delays (git-fixes).
- spi: tegra210-quad: add rate limiting and simplify timeout error message (stable-fixes).
- spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts (stable-fixes).
- splice: do not checksum AF_UNIX sockets (bsc#1240333).
- splice: remove duplicate noinline from pipe_clear_nowait (bsc#1242328).
- staging: axis-fifo: Correct handling of tx_fifo_depth for size validation (git-fixes).
- staging: axis-fifo: Remove hardware resets for user errors (git-fixes).
- staging: iio: adc: ad7816: Correct conditional logic for store mode (git-fixes).
- staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes).
- string: Add load_unaligned_zeropad() code path to sized_strscpy() (git-fixes).
- sunrpc: suppress warnings for unused procfs functions (git-fixes).
- supported.conf: add now-included qat_420xx (external, intel)
- tcp: Add memory barrier to tcp_push() (git-fixes).
- tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes).
- tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes).
- tcp: Defer ts_recent changes until req is owned (git-fixes).
- tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes).
- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes).
- tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes).
- tcp: Update window clamping condition (git-fixes).
- tcp: add tcp_done_with_error() helper (git-fixes).
- tcp: adjust rcvq_space after updating scaling ratio (git-fixes).
- tcp: annotate data-races around tp->window_clamp (git-fixes).
- tcp: avoid premature drops in tcp_add_backlog() (git-fixes).
- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes).
- tcp: check mptcp-level constraints for backlog coalescing (git-fixes).
- tcp: check space before adding MPTCP SYN options (git-fixes).
- tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes).
- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes).
- tcp: define initial scaling factor value as a macro (git-fixes).
- tcp: derive delack_max from rto_min (git-fixes).
- tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes).
- tcp: fix cookie_init_timestamp() overflows (git-fixes).
- tcp: fix forever orphan socket caused by tcp_abort (git-fixes).
- tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes).
- tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes).
- tcp: fix mid stream window clamp (git-fixes).
- tcp: fix mptcp DSS corruption due to large pmtu xmit (git-fixes).
- tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes).
- tcp: fix race in tcp_write_err() (git-fixes).
- tcp: fix races in tcp_abort() (git-fixes).
- tcp: fix races in tcp_v_err() (git-fixes).
- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes).
- tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes).
- tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes).
- tcp: increase the default TCP scaling ratio (git-fixes).
- tcp: introduce tcp_clock_ms() (git-fixes).
- tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes).
- tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes).
- tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes).
- tcp: replace tcp_time_stamp_raw() (git-fixes).
- tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress() (git-fixes).
- tcp_cubic: fix incorrect HyStart round start detection (git-fixes).
- thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes).
- thermal: int340x: Add NULL check for adev (git-fixes).
- thermal: intel: x86_pkg_temp_thermal: Fix bogus trip temperature (git-fixes).
- thunderbolt: Scan retimers after device router has been enumerated (stable-fixes).
- tools/hv: update route parsing in kvp daemon (git-fixes).
- tools/power turbostat: Increase CPU_SUBSET_MAXCPUS to 8192 (bsc#1241175).
- tools/power turbostat: report CoreThr per measurement interval (git-fixes).
- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes).
- tools: move alignment-related macros to new <linux/align.h> (git-fixes).
- topology: Set capacity_freq_ref in all cases (bsc#1238052)
- tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes).
- tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870).
- tpm: do not start chip while suspended (git-fixes).
- tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870).
- tpm: tis: Double the timeout B to 4s (bsc#1235870).
- tpm_tis: Move CRC check to generic send routine (bsc#1235870).
- tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870).
- tty: n_tty: use uint for space returned by tty_write_room() (git-fixes).
- tty: serial: 8250: Add Brainboxes XC devices (stable-fixes).
- tty: serial: 8250: Add some more device IDs (stable-fixes).
- tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes).
- tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes).
- ubi: Add a check for ubi_num (git-fixes).
- ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes).
- ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes).
- ubi: correct the calculation of fastmap size (stable-fixes).
- ubi: eba: properly rollback inside self_check_eba (git-fixes).
- ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes).
- ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes).
- ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes).
- ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes).
- ublk: set_params: properly check if parameters can be applied (git-fixes).
- ucsi_ccg: Do not show failed to get FW build information error (git-fixes).
- udf: Fix inode_getblk() return value (bsc#1242313).
- udf: Skip parent dir link count update if corrupted (bsc#1242315).
- udf: Verify inode link counts before performing rename (bsc#1242314).
- usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes).
- usb: cdns3: Fix deadlock when using NCM gadget (git-fixes).
- usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version (git-fixes).
- usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines (git-fixes).
- usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling (git-fixes).
- usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes).
- usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield (stable-fixes).
- usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes).
- usb: dwc3: gadget: Refactor loop to avoid NULL endpoints (stable-fixes).
- usb: dwc3: gadget: check that event count does not exceed event buffer length (git-fixes).
- usb: dwc3: xilinx: Prevent spike in reset signal (git-fixes).
- usb: gadget: Check bmAttributes only if configuration is valid (git-fixes).
- usb: gadget: Fix setting self-powered state on suspend (git-fixes).
- usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes).
- usb: gadget: Use get_status callback to set remote wakeup capability (git-fixes).
- usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() (stable-fixes).
- usb: gadget: f_ecm: Add get_status callback (git-fixes).
- usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN (git-fixes).
- usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes).
- usb: host: max3421-hcd: Add missing spi_device_id table (stable-fixes).
- usb: host: tegra: Prevent host controller crash when OTG port is used (git-fixes).
- usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func (stable-fixes).
- usb: hub: lack of clearing xHC resources (git-fixes).
- usb: phy: generic: Use proper helper for property detection (stable-fixes).
- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes).
- usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive (stable-fixes).
- usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive (stable-fixes).
- usb: renesas_usbhs: Call clk_put() (git-fixes).
- usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes).
- usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes).
- usb: typec: class: Invalidate USB device pointers on partner unregistration (git-fixes).
- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes).
- usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition (git-fixes).
- usb: typec: ucsi: Fix NULL pointer access (git-fixes).
- usb: typec: ucsi: displayport: Fix NULL pointer access (git-fixes).
- usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes).
- usb: uhci-platform: Make the clock really optional (git-fixes).
- usb: usbtmc: Fix erroneous generic_read ioctl return (git-fixes).
- usb: usbtmc: Fix erroneous get_stb ioctl error returns (git-fixes).
- usb: usbtmc: Fix erroneous wait_srq ioctl return (git-fixes).
- usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes).
- usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes).
- usb: xhci: correct debug message page size calculation (git-fixes).
- usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes).
- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).
- usbnet:fix NPE during rx_complete (git-fixes).
- vboxsf: fix building with GCC 15 (stable-fixes).
- vdpa/mlx5: Fix oversized null mkey longer than 32bit (git-fixes).
- vfs: do not mod negative dentry count when on shrinker list (bsc#1242534).
- vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint (git-fixes).
- virtchnl: make proto and filter action count unsigned (git-fixes).
- virtio_console: fix missing byte order handling for cols and rows (git-fixes).
- vmxnet3: Fix tx queue race condition with XDP (bsc#1241394).
- vmxnet3: unregister xdp rxq info in the reset path (bsc#1241394).
- wifi: at76c50x: fix use after free access in at76_disconnect (git-fixes).
- wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes).
- wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes).
- wifi: ath11k: choose default PM policy for hibernation (bsc#1207948).
- wifi: ath11k: determine PM policy based on machine model (bsc#1207948).
- wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes).
- wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes).
- wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes).
- wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948).
- wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948).
- wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948).
- wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes).
- wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi (stable-fixes).
- wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process (stable-fixes).
- wifi: ath12k: encode max Tx power in scan channel list command (git-fixes).
- wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes).
- wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() (git-fixes).
- wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes).
- wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes).
- wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation (git-fixes).
- wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes).
- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).
- wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes).
- wifi: iwlwifi: limit printed string from FW file (git-fixes).
- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).
- wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes).
- wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes).
- wifi: mac80211: Purge vif txq in ieee80211_do_stop() (git-fixes).
- wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request (git-fixes).
- wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() (git-fixes).
- wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes).
- wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes).
- wifi: mt76: Add check for devm_kstrdup() (git-fixes).
- wifi: mt76: disable napi on driver removal (git-fixes).
- wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table (stable-fixes).
- wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes).
- wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes).
- wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes).
- wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes).
- wifi: mwifiex: Fix premature release of RF calibration data (git-fixes).
- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).
- wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release (git-fixes).
- wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes).
- wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes).
- wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes).
- wifi: wl1251: fix memory leak in wl1251_tx_work (git-fixes).
- x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes).
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).
- x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Temporarily map initrd for microcode loading (git-fixes).
- x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes).
- x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).
- x86/bpf: Call branch history clearing sequence on exit (bsc#1242778).
- x86/bugs: Add RSB mitigation document (git-fixes).
- x86/bugs: Do not fill RSB on VMEXIT with eIBRS+retpoline (git-fixes).
- x86/bugs: Do not fill RSB on context switch with eIBRS (git-fixes).
- x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (git-fixes).
- x86/bugs: Rename entry_ibpb() to write_ibpb() (git-fixes).
- x86/bugs: Use SBPB in write_ibpb() if applicable (git-fixes).
- x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes).
- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes).
- x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes).
- x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (git-fixes).
- x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes).
- x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes).
- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).
- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes).
- x86/hyperv: Fix check of return value from snp_set_vmsa() (git-fixes).
- x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes).
- x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes).
- x86/its: Fix build errors when CONFIG_MODULES=n (git-fixes).
- x86/microcode/32: Move early loading after paging enable (git-fixes).
- x86/microcode/AMD: Fix a -Wsometimes-uninitialized clang false positive (git-fixes).
- x86/microcode/AMD: Flush patch buffer mapping after application (git-fixes).
- x86/microcode/AMD: Pay attention to the stepping dynamically (git-fixes).
- x86/microcode/AMD: Split load_microcode_amd() (git-fixes).
- x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID (git-fixes).
- x86/microcode/amd: Cache builtin microcode too (git-fixes).
- x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes).
- x86/microcode/amd: Use cached microcode for AP load (git-fixes).
- x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes).
- x86/microcode/intel: Add a minimum required revision for late loading (git-fixes).
- x86/microcode/intel: Cleanup code further (git-fixes).
- x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes).
- x86/microcode/intel: Remove debug code (git-fixes).
- x86/microcode/intel: Remove pointless mutex (git-fixes).
- x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes).
- x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes).
- x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes).
- x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes).
- x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes).
- x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes).
- x86/microcode/intel: Set new revision only after a successful update (git-fixes).
- x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes).
- x86/microcode/intel: Simplify early loading (git-fixes).
- x86/microcode/intel: Simplify scan_microcode() (git-fixes).
- x86/microcode/intel: Switch to kvmalloc() (git-fixes).
- x86/microcode/intel: Unify microcode apply() functions (git-fixes).
- x86/microcode: Add per CPU control field (git-fixes).
- x86/microcode: Add per CPU result state (git-fixes).
- x86/microcode: Clarify the late load logic (git-fixes).
- x86/microcode: Clean up mc_cpu_down_prep() (git-fixes).
- x86/microcode: Get rid of the schedule work indirection (git-fixes).
- x86/microcode: Handle 'nosmt' correctly (git-fixes).
- x86/microcode: Handle 'offline' CPUs correctly (git-fixes).
- x86/microcode: Hide the config knob (git-fixes).
- x86/microcode: Include vendor headers into microcode.h (git-fixes).
- x86/microcode: Make reload_early_microcode() static (git-fixes).
- x86/microcode: Mop up early loading leftovers (git-fixes).
- x86/microcode: Move core specific defines to local header (git-fixes).
- x86/microcode: Prepare for minimal revision check (git-fixes).
- x86/microcode: Protect against instrumentation (git-fixes).
- x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes).
- x86/microcode: Provide new control functions (git-fixes).
- x86/microcode: Remove microcode_mutex (git-fixes).
- x86/microcode: Remove pointless apply() invocation (git-fixes).
- x86/microcode: Remove the driver announcement and version (git-fixes).
- x86/microcode: Rendezvous and load in NMI (git-fixes).
- x86/microcode: Replace the all-in-one rendevous handler (git-fixes).
- x86/microcode: Rework early revisions reporting (git-fixes).
- x86/microcode: Sanitize __wait_for_cpus() (git-fixes).
- x86/mm: Remove unused microcode.h include (git-fixes).
- x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT (git-fixes).
- x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes).
- x86/speculation: Add __update_spec_ctrl() helper (git-fixes).
- x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling (git-fixes).
- x86/tdx: Fix arch_safe_halt() execution for TDX VMs (git-fixes).
- x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs (git-fixes).
- x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes).
- x86/xen: move xen_reserve_extra_memory() (git-fixes).
- xen/mcelog: Add __nonstring annotations for unterminated strings (git-fixes).
- xen: Change xen-acpi-processor dom0 dependency (git-fixes).
- xenfs/xensyms: respect hypervisor's 'next' indication (git-fixes).
- xfs: flush inodegc before swapon (git-fixes).
- xhci: Add helper to set an interrupters interrupt moderation interval (git-fixes).
- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes).
- xhci: Clean up stale comment on ERST_SIZE macro (stable-fixes).
- xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes).
- xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701).
- xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701).
- xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes).
- xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550).
- xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550).
- xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes).
- xhci: dbc: Convert to use sysfs_streq() (git-fixes).
- xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes).
- xhci: dbc: Fix STALL transfer event handling (git-fixes).
- xhci: dbc: Replace custom return value with proper Linux error code (git-fixes).
- xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes).
- xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes).
- xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550).
- xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes).
- xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes).
- xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes).
- xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes).
- xhci: pci: Use standard pattern for device IDs (git-fixes).
- xhci: split free interrupter into separate remove and free parts (git-fixes).
- xsk: Add truesize to skb_add_rx_frag() (git-fixes).
- xsk: Do not assume metadata is always requested in TX completion (git-fixes).
- zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING (bsc#1241167).
- zram: clear IDLE flag after recompression (git-fixes).
- zram: clear IDLE flag in mark_idle() (git-fixes).
- zram: do not mark idle slots that cannot be idle (git-fixes).
- zram: fix potential UAF of zram table (git-fixes).
- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).
- zram: refuse to use zero sized block device as backing device (git-fixes).
- zram: split memory-tracking and ac-time tracking (git-fixes).
Patchnames
SUSE-2025-1919,SUSE-SLE-Module-Confidential-Computing-15-SP6-2025-1919
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP6 Confidential Computing kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).\n- CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching (bsc#1242006).\n- CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() (bsc#1224597).\n- CVE-2024-35910: tcp: properly terminate timers for kernel sockets (bsc#1224489).\n- CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858).\n- CVE-2024-43869: perf: Fix hang while freeing sigtrap event (bsc#1229491).\n- CVE-2024-46713: kabi fix for perf/aux: Fix AUX buffer serialization (bsc#1230581).\n- CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769).\n- CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711).\n- CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712).\n- CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733).\n- CVE-2024-49940: l2tp: prevent possible tunnel refcount underflow (bsc#1232812).\n- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).\n- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).\n- CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910).\n- CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389).\n- CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060).\n- CVE-2024-50162: bpf: selftests: send packet to devmap redirect XDP (bsc#1233075).\n- CVE-2024-50163: bpf: Make sure internal and UAPI bpf_redirect flags do not overlap (bsc#1233098).\n- CVE-2024-50223: sched/numa: Fix the potential null pointer dereference in (bsc#1233192).\n- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).\n- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).\n- CVE-2024-53124: net: fix data-races around sk-\u003esk_forward_alloc (bsc#1234074).\n- CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154).\n- CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157).\n- CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222).\n- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).\n- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).\n- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).\n- CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715).\n- CVE-2024-54458: scsi: ufs: bsg: Set bsg_queue to NULL after removal (bsc#1238992).\n- CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729).\n- CVE-2024-56638: kABI fix for \u0027netfilter: nft_inner: incorrect percpu area handling under softirq\u0027 (bsc#1235524).\n- CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436).\n- CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455).\n- CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589).\n- CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591).\n- CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936).\n- CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621).\n- CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637).\n- CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973).\n- CVE-2024-57924: fs: relax assertions on failure to encode file handles (bsc#1236086).\n- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).\n- CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532).\n- CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).\n- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).\n- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).\n- CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104).\n- CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990).\n- CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997).\n- CVE-2024-58068: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized (bsc#1238961).\n- CVE-2024-58070: bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT (bsc#1238983).\n- CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970).\n- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).\n- CVE-2024-58088: bpf: Fix deadlock when freeing cgroup storage (bsc#1239510).\n- CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current-\u003ensproxy (bsc#1236111).\n- CVE-2025-21648: netfilter: conntrack: clamp maximum hashtable size to INT_MAX (bsc#1236142).\n- CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206).\n- CVE-2025-21683: bpf: Fix bpf_sk_select_reuseport() memory leak (bsc#1236704).\n- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).\n- CVE-2025-21696: mm: clear uffd-wp PTE/PMD state on mremap() (bsc#1237111).\n- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).\n- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0 (bsc#1237312).\n- CVE-2025-21703: netem: Update sch-\u003eq.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).\n- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).\n- CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528).\n- CVE-2025-21707: mptcp: consolidate suboption status (bsc#1238862).\n- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).\n- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).\n- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).\n- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).\n- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).\n- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).\n- CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874).\n- CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494).\n- CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506).\n- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).\n- CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496).\n- CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882).\n- CVE-2025-21758: ipv6: mcast: add RCU protection to mld_newpack() (bsc#1238737).\n- CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738).\n- CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763).\n- CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775).\n- CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780).\n- CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897).\n- CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906).\n- CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754).\n- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).\n- CVE-2025-21768: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels (bsc#1238714).\n- CVE-2025-21787: team: better TEAM_OPTION_TYPE_STRING validation (bsc#1238774).\n- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).\n- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).\n- CVE-2025-21792: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt (bsc#1238745).\n- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).\n- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).\n- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).\n- CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746).\n- CVE-2025-21808: net: xdp: Disallow attaching device-bound programs in generic mode (bsc#1238742).\n- CVE-2025-21812: ax25: rcu protect dev-\u003eax25_ptr (bsc#1238471).\n- CVE-2025-21814: ptp: Ensure info-\u003eenable callback is always set (bsc#1238473).\n- CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971).\n- CVE-2025-21833: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE (bsc#1239108).\n- CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066).\n- CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512).\n- CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479).\n- CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting unconnected (bsc#1239470).\n- CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486).\n- CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478).\n- CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483).\n- CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474).\n- CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475).\n- CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482).\n- CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481).\n- CVE-2025-21867: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() (bsc#1240181).\n- CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191).\n- CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183).\n- CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184).\n- CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168).\n- CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185).\n- CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189).\n- CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171).\n- CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176).\n- CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167).\n- CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173).\n- CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186).\n- CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581).\n- CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585).\n- CVE-2025-21904: caif_virtio: fix wrong pointer check in cfv_probe() (bsc#1240576).\n- CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587).\n- CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600).\n- CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591).\n- CVE-2025-21919: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list (bsc#1240593).\n- CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639).\n- CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error (bsc#1240720).\n- CVE-2025-21925: llc: do not use skb_get() before dev_queue_xmit() (bsc#1240713).\n- CVE-2025-21926: net: gso: fix ownership in __udp_gso_segment (bsc#1240712).\n- CVE-2025-21931: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio (bsc#1240709).\n- CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level \u003e 2 (bsc#1240742).\n- CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815).\n- CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816).\n- CVE-2025-21962: cifs: Fix integer overflow while processing closetimeo mount option (bsc#1240655).\n- CVE-2025-21963: cifs: Fix integer overflow while processing acdirmax mount option (bsc#1240717).\n- CVE-2025-21964: cifs: Fix integer overflow while processing acregmax mount option (bsc#1240740).\n- CVE-2025-21969: kABI workaround for l2cap_conn changes (bsc#1240784).\n- CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819).\n- CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813).\n- CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812).\n- CVE-2025-21980: sched: address a potential NULL pointer dereference in the GRED scheduler (bsc#1240809).\n- CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612).\n- CVE-2025-21985: drm/amd/display: Fix out-of-bound accesses (bsc#1240811).\n- CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795).\n- CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797).\n- CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).\n- CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).\n- CVE-2025-22015: mm/migrate: fix shmem xarray update during migration (bsc#1240944).\n- CVE-2025-22016: dpll: fix xa_alloc_cyclic() error handling (bsc#1240934).\n- CVE-2025-22017: devlink: fix xa_alloc_cyclic() error handling (bsc#1240936).\n- CVE-2025-22018: atm: Fix NULL pointer dereference (bsc#1241266).\n- CVE-2025-22021: netfilter: socket: Lookup orig tuple for IPv6 SNAT (bsc#1241282).\n- CVE-2025-22029: exec: fix the racy usage of fs_struct-\u003ein_exec (bsc#1241378).\n- CVE-2025-22030: mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() (bsc#1241376).\n- CVE-2025-22036: exfat: fix random stack corruption after get_block (bsc#1241426).\n- CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433).\n- CVE-2025-22053: net: ibmveth: make veth_pool_store stop hanging (bsc#1241373).\n- CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).\n- CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525).\n- CVE-2025-22057: net: decrease cached dst counters in dst_release (bsc#1241533).\n- CVE-2025-22058: udp: Fix memory accounting leak (bsc#1241332).\n- CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526).\n- CVE-2025-22063: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (bsc#1241351).\n- CVE-2025-22064: netfilter: nf_tables: do not unregister hook when table is dormant (bsc#1241413).\n- CVE-2025-22070: fs/9p: fix NULL pointer dereference on mkdir (bsc#1241305).\n- CVE-2025-22080: fs/ntfs3: Prevent integer overflow in hdr_first_de() (bsc#1241416).\n- CVE-2025-22090: mm: (un)track_pfn_copy() fix + doc improvements (bsc#1241537).\n- CVE-2025-22102: Bluetooth: btnxpuart: Fix kernel panic during FW release (bsc#1241456).\n- CVE-2025-22103: net: fix NULL pointer dereference in l3mdev_l3_rcv (bsc#1241448).\n- CVE-2025-22104: ibmvnic: Use kernel helpers for hex dumps (bsc#1241550).\n- CVE-2025-22105, CVE-2025-37860: Add missing bugzilla references (bsc#1241452 bsc#1241548).\n- CVE-2025-22107: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() (bsc#1241575).\n- CVE-2025-22109: ax25: Remove broken autobind (bsc#1241573).\n- CVE-2025-22115: btrfs: fix block group refcount race in btrfs_create_pending_block_groups() (bsc#1241578).\n- CVE-2025-22121: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (bsc#1241593).\n- CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684).\n- CVE-2025-23133: wifi: ath11k: update channel list in reg notifier instead reg worker (bsc#1241451).\n- CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648).\n- CVE-2025-23140: misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error (bsc#1242763).\n- CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596).\n- CVE-2025-23150: ext4: fix off-by-one error in do_split (bsc#1242513).\n- CVE-2025-23160: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization (bsc#1242507).\n- CVE-2025-37748: iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group (bsc#1242523).\n- CVE-2025-37749: net: ppp: Add bound checking for skb data on ppp_sync_txmung (bsc#1242859).\n- CVE-2025-37750: smb: client: fix UAF in decryption with multichannel (bsc#1242510).\n- CVE-2025-37755: net: libwx: handle page_pool_dev_alloc_pages error (bsc#1242506).\n- CVE-2025-37773: virtiofs: add filesystem context source name check (bsc#1242502).\n- CVE-2025-37780: isofs: Prevent the use of too small fid (bsc#1242786).\n- CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640).\n- CVE-2025-37787: net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered (bsc#1242585).\n- CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).\n- CVE-2025-37790: net: mctp: Set SOCK_RCU_FREE (bsc#1242509).\n- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).\n- CVE-2025-37798: codel: remove sch-\u003eq.qlen check before qdisc_tree_reduce_backlog() (bsc#1242414).\n- CVE-2025-37799: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp (bsc#1242283).\n- CVE-2025-37803: udmabuf: fix a buf size overflow issue during udmabuf creation (bsc#1242852).\n- CVE-2025-37804: io_uring: always do atomic put from iowq (bsc#1242854).\n- CVE-2025-37809: usb: typec: class: Unlocked on error in typec_register_partner() (bsc#1242856).\n- CVE-2025-37820: xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() (bsc#1242866).\n- CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924).\n- CVE-2025-37824: tipc: fix NULL pointer dereference in tipc_mon_reinit_self() (bsc#1242867).\n- CVE-2025-37829: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() (bsc#1242875).\n- CVE-2025-37830: cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() (bsc#1242860).\n- CVE-2025-37831: cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() (bsc#1242861).\n- CVE-2025-37833: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads (bsc#1242868).\n- CVE-2025-37842: spi: fsl-qspi: Fix double cleanup in probe error path (bsc#1242951).\n- CVE-2025-37870: drm/amd/display: prevent hang on link training fail (bsc#1243056).\n- CVE-2025-37879: 9p/net: fix improper handling of bogus negative read/write replies (bsc#1243077).\n- CVE-2025-37886: pds_core: make wait_context part of q_info (bsc#1242944).\n- CVE-2025-37887: pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result (bsc#1242962).\n- CVE-2025-37949: xenbus: Use kref to track req lifetime (bsc#1243541).\n- CVE-2025-37957: KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception (bsc#1243513).\n- CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539).\n- CVE-2025-37960: memblock: Accept allocated memory before use in memblock_double_array() (bsc#1243519).\n- CVE-2025-37974: s390/pci: Fix missing check for zpci_create_device() error return (bsc#1243547).\n- CVE-2025-38152: remoteproc: core: Clear table_sz when rproc_shutdown (bsc#1241627).\n- CVE-2025-38637: net_sched: skbprio: Remove overly strict queue assertions (bsc#1241657).\n- CVE-2025-39728: clk: samsung: Fix UBSAN panic in samsung_clk_init() (bsc#1241626).\n\nThe following non-security bugs were fixed:\n\n- ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls (stable-fixes).\n- ACPI: EC: Set ec_no_wakeup for Lenovo Go S (stable-fixes).\n- ACPI: PPTT: Fix processor subtable walk (git-fixes).\n- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).\n- ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes).\n- ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes).\n- ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes).\n- ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() (git-fixes).\n- ALSA: hda/realtek - Enable speaker for HP platform (git-fixes).\n- ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes).\n- ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes).\n- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes).\n- ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes).\n- ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes).\n- ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes).\n- ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes).\n- ALSA: hda/realtek: Fix built-mic regression on other ASUS models (git-fixes).\n- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).\n- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).\n- ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes).\n- ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes).\n- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes).\n- ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes).\n- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes).\n- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes).\n- ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist (stable-fixes).\n- ALSA: hda: intel: Fix Optimus when GPU has no sound (stable-fixes).\n- ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes).\n- ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes).\n- ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes).\n- ALSA: seq: Fix delivery of UMP events to group ports (git-fixes).\n- ALSA: sh: SND_AICA should depend on SH_DMA_API (git-fixes).\n- ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info (git-fixes).\n- ALSA: ump: Fix buffer overflow at UMP SysEx message conversion (bsc#1242044).\n- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes).\n- ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() (stable-fixes).\n- ALSA: usb-audio: Add sample rate quirk for Audioengine D1 (git-fixes).\n- ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera (stable-fixes).\n- ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset (stable-fixes).\n- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).\n- ALSA: usb-audio: Fix CME quirk for UF series keyboards (stable-fixes).\n- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).\n- ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes).\n- ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes).\n- ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() (git-fixes).\n- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes).\n- ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes).\n- ASoC: SOF: ipc4-control: Use SOF_CTRL_CMD_BINARY as numid for bytes_ext (git-fixes).\n- ASoC: SOF: ipc4-pcm: Delay reporting is only supported for playback direction (git-fixes).\n- ASoC: SOF: topology: Use krealloc_array() to replace krealloc() (stable-fixes).\n- ASoC: Use of_property_read_bool() (stable-fixes).\n- ASoC: amd: Add DMI quirk for ACP6X mic support (stable-fixes).\n- ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes).\n- ASoC: amd: yc: update quirk data for new Lenovo model (stable-fixes).\n- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes).\n- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes).\n- ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels (git-fixes).\n- ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate (git-fixes).\n- ASoC: cs35l41: check the return value from spi_setup() (git-fixes).\n- ASoC: es8328: fix route from DAC to output (git-fixes).\n- ASoC: fsl_audmix: register card device depends on \u0027dais\u0027 property (stable-fixes).\n- ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes).\n- ASoC: ops: Consistently treat platform_max as control value (git-fixes).\n- ASoC: qcom: Fix sc7280 lpass potential buffer overflow (git-fixes).\n- ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes).\n- ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes).\n- ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes).\n- ASoC: rt722-sdca: add missing readable registers (git-fixes).\n- ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties (stable-fixes).\n- ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence (git-fixes).\n- ASoC: tas2764: Fix power control mask (stable-fixes).\n- ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes).\n- ASoC: tas2770: Fix volume scale (stable-fixes).\n- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes).\n- ASoc: SOF: topology: connect DAI to a single DAI link (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).\n- Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes).\n- Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes).\n- Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes).\n- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).\n- Bluetooth: L2CAP: Fix not checking l2cap_chan security level (git-fixes).\n- Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags (git-fixes).\n- Bluetooth: btrtl: Prevent potential NULL dereference (git-fixes).\n- Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() (git-fixes).\n- Bluetooth: btusb: use skb_pull to avoid unsafe access in QCA dump handling (git-fixes).\n- Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes).\n- Bluetooth: hci_event: Fix enabling passive scanning (git-fixes).\n- Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address (git-fixes).\n- Bluetooth: hci_uart: Fix another race during initialization (git-fixes).\n- Bluetooth: hci_uart: fix race during initialization (stable-fixes).\n- Bluetooth: l2cap: Check encryption key size on incoming connection (git-fixes).\n- Bluetooth: l2cap: Process valid commands in too long frame (stable-fixes).\n- Bluetooth: vhci: Avoid needless snprintf() calls (git-fixes).\n- GHES: Fatal hardware error (GHES panic timeout) (bsc#1239615).\n- Documentation: qat: fix auto_reset attribute details (git-fixes).\n- Documentation: qat: fix auto_reset section (git-fixes).\n- Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (git-fixes).\n- Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes).\n- PCI: Drop PCI patch that caused a regression (bsc#1241123).\n- memory: Fix memory-hotplug regression (bsc#1237504).\n- net/ipv6: Fix write to cloned skb in ipv6_hop_ioam() (git-fixes).\n- HID: Enable playstation driver independently of sony driver (git-fixes).\n- HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes).\n- HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes).\n- HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes).\n- HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes).\n- HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes).\n- HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes).\n- HID: hid-steam: Fix use-after-free when detaching device (git-fixes).\n- HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes).\n- HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes).\n- HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes).\n- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes).\n- HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes).\n- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes).\n- HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes).\n- HID: thrustmaster: fix memory leak in thrustmaster_interrupts() (git-fixes).\n- HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes).\n- HID: uclogic: Add NULL check in uclogic_input_configured() (git-fixes).\n- IB/cm: use rwlock for MAD agent lock (git-fixes)\n- IB/mad: Check available slots before posting receive WRs (git-fixes)\n- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)\n- Input: ads7846 - fix gpiod allocation (git-fixes).\n- Input: cyttsp5 - ensure minimum reset pulse width (git-fixes).\n- Input: i8042 - add required quirks for missing old boardnames (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes).\n- Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes).\n- Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes).\n- Input: iqs7222 - preserve system status register (git-fixes).\n- Input: mtk-pmic-keys - fix possible null pointer dereference (git-fixes).\n- Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes).\n- Input: synaptics - enable InterTouch on Dell Precision M3800 (stable-fixes).\n- Input: synaptics - enable InterTouch on Dynabook Portege X30-D (stable-fixes).\n- Input: synaptics - enable InterTouch on Dynabook Portege X30L-G (stable-fixes).\n- Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 (stable-fixes).\n- Input: synaptics - enable SMBus for HP Elitebook 850 G1 (stable-fixes).\n- Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes).\n- Input: synaptics-rmi - fix crash with unsupported versions of F34 (git-fixes).\n- Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes).\n- Input: xpad - add multiple supported devices (stable-fixes).\n- Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller (stable-fixes).\n- Input: xpad - add support for TECNO Pocket Go (stable-fixes).\n- Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes).\n- Input: xpad - fix Share button on Xbox One controllers (stable-fixes).\n- Input: xpad - fix two controller table values (git-fixes).\n- Input: xpad - rename QH controller to Legion Go S (stable-fixes).\n- KVM: SVM: Allocate IR data using atomic allocation (git-fixes).\n- KVM: SVM: Disable AVIC on SNP-enabled system without HvInUseWrAllowed feature (bsc#1235862).\n- KVM: SVM: Do not change target vCPU state on AP Creation VMGEXIT error (git-fixes).\n- KVM: SVM: Drop DEBUGCTL[5:2] from guest\u0027s effective value (git-fixes).\n- KVM: SVM: Refuse to attempt VRMUN if an SEV-ES+ guest had an invalid VMSA (git-fixes).\n- KVM: SVM: Save host DR masks on CPUs with DebugSwap (jsc#PED-348).\n- KVM: SVM: Suppress DEBUGCTL.BTF on AMD (git-fixes).\n- KVM: SVM: Update dump_ghcb() to use the GHCB snapshot fields (git-fixes).\n- KVM: VMX: Do not modify guest XFD_ERR if CR0.TS=1 (git-fixes).\n- KVM: arm64: Change kvm_handle_mmio_return() return polarity (git-fixes).\n- KVM: arm64: Fix RAS trapping in pKVM for protected VMs (git-fixes).\n- KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status (git-fixes).\n- KVM: arm64: Mark some header functions as inline (git-fixes).\n- KVM: arm64: Tear down vGIC on failed vCPU creation (git-fixes).\n- KVM: arm64: timer: Always evaluate the need for a soft timer (git-fixes).\n- KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* (git-fixes).\n- KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device (git-fixes).\n- KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE (git-fixes).\n- KVM: arm64: vgic-v4: Fall back to software irqbypass if LPI not found (git-fixes).\n- KVM: arm64: vgic-v4: Only attempt vLPI mapping for actual MSIs (git-fixes).\n- KVM: nSVM: Pass next RIP, not current RIP, for nested VM-Exit on emulation (git-fixes).\n- KVM: nVMX: Allow emulating RDPID on behalf of L2 (git-fixes).\n- KVM: nVMX: Check PAUSE_EXITING, not BUS_LOCK_DETECTION, on PAUSE emulation (git-fixes).\n- KVM: s390: Do not use %pK through debug printing (git-fixes bsc#1243657).\n- KVM: s390: Do not use %pK through tracepoints (git-fixes bsc#1243658).\n- KVM: x86/mmu: Check and free obsolete roots in kvm_mmu_reload() (git-fixes).\n- KVM: x86/xen: Use guest\u0027s copy of pvclock when starting timer (git-fixes).\n- KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (git-fixes).\n- KVM: x86: Check that the high 32bits are clear in kvm_arch_vcpu_ioctl_run() (git-fixes).\n- KVM: x86: Do not take kvm-\u003elock when iterating over vCPUs in suspend notifier (git-fixes).\n- KVM: x86: Explicitly treat routing entry type changes as changes (git-fixes).\n- KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn\u0027t supported by KVM (git-fixes).\n- KVM: x86: Explicitly zero-initialize on-stack CPUID unions (git-fixes).\n- KVM: x86: Make x2APIC ID 100% readonly (git-fixes).\n- KVM: x86: Reject Hyper-V\u0027s SEND_IPI hypercalls if local APIC isn\u0027t in-kernel (git-fixes).\n- KVM: x86: Reject disabling of MWAIT/HLT interception when not allowed (git-fixes).\n- KVM: x86: Remove the unreachable case for 0x80000022 leaf in __do_cpuid_func() (git-fixes).\n- KVM: x86: Wake vCPU for PIC interrupt injection iff a valid IRQ was found (git-fixes).\n- KVM: x86: block KVM_CAP_SYNC_REGS if guest state is protected (git-fixes).\n- Move upstreamed ACPI patch into sorted section\n- Move upstreamed PCI and initramfs patches into sorted section\n- Move upstreamed nfsd and sunrpc patches into sorted section\n- Move upstreamed powerpc and SCSI patches into sorted section\n- Move upstreamed smb patch into sorted section Also move other out-of-tree patches into the proper section\n- Move upstreamed sound patch into sorted section\n- Move upstreamed tpm patch into sorted section\n- NFS: O_DIRECT writes must check and adjust the file length (git-fixes).\n- NFSD: Skip sending CB_RECALL_ANY when the backchannel isn\u0027t up (git-fixes).\n- NFSv4/pnfs: Reset the layout state after a layoutreturn (git-fixes).\n- NFSv4: Do not trigger uneccessary scans for return-on-close delegations (git-fixes).\n- OPP: add index check to assert to avoid buffer overflow in _read_freq() (bsc#1238961)\n- PCI/ACS: Fix \u0027pci=config_acs=\u0027 parameter (git-fixes).\n- PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes).\n- PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853)\n- PCI/DOE: Support discovery version 2 (bsc#1237853)\n- PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads (git-fixes).\n- PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes).\n- PCI: Avoid reset when disabled via sysfs (git-fixes).\n- PCI: Fix BAR resizing when VF BARs are assigned (git-fixes).\n- PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes).\n- PCI: Fix reference leak in pci_register_host_bridge() (git-fixes).\n- PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes).\n- PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes).\n- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes).\n- PCI: brcmstb: Fix potential premature regulator disabling (git-fixes).\n- PCI: brcmstb: Set generation limit before PCIe link up (git-fixes).\n- PCI: brcmstb: Use internal register to change link capability (git-fixes).\n- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes).\n- PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes).\n- PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes).\n- PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes).\n- PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type (stable-fixes).\n- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes).\n- PM: sleep: Adjust check before setting power.must_resume (git-fixes).\n- PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes).\n- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). Replace our patch with the upstream version.\n- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes)\n- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes)\n- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)\n- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)\n- RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work (git-fixes)\n- RDMA/cma: Fix workqueue crash in cma_netevent_work_handler (git-fixes)\n- RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes)\n- RDMA/core: Fix \u0027KASAN: slab-use-after-free Read in ib_register_device\u0027 problem (git-fixes)\n- RDMA/core: Silence oversized kvmalloc() warning (git-fixes)\n- RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes)\n- RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes)\n- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)\n- RDMA/hns: Fix missing xa_destroy() (git-fixes)\n- RDMA/hns: Fix soft lockup during bt pages loop (git-fixes)\n- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes)\n- RDMA/hns: Fix wrong maximum DMA segment size (git-fixes)\n- RDMA/hns: Fix wrong value of max_sge_rd (git-fixes)\n- RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h (git-fixes)\n- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (git-fixes)\n- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).\n- RDMA/mana_ib: Ensure variable err is initialized (git-fixes).\n- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).\n- RDMA/mlx5: Fix AH static rate parsing (git-fixes)\n- RDMA/mlx5: Fix MR cache initialization error flow (git-fixes)\n- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)\n- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)\n- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)\n- RDMA/mlx5: Fix cache entry update on dereg error (git-fixes)\n- RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes)\n- RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (git-fixes)\n- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)\n- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes)\n- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)\n- RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes)\n- RDMA/rxe: Fix \u0027trying to register non-static key in rxe_qp_do_cleanup\u0027 bug (git-fixes)\n- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (git-fixes)\n- RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes)\n- RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() (git-fixes)\n- mm: Revert patch mm-various-give-up-if-pte_offset_map-_lock-fails.patch (bsc#1241051).\n- SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes).\n- SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes).\n- SUNRPC: convert RPC_TASK_* constants to enum (git-fixes).\n- Squashfs: check return result of sb_min_blocksize (git-fixes).\n- USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) (stable-fixes).\n- USB: VLI disk crashes if LPM is used (stable-fixes).\n- USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe (stable-fixes).\n- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes).\n- USB: serial: option: add Sierra Wireless EM9291 (stable-fixes).\n- USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes).\n- USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes).\n- USB: serial: option: match on interface class for Telit FN990B (stable-fixes).\n- USB: serial: simple: add OWON HDS200 series oscilloscope support (stable-fixes).\n- USB: storage: quirk for ADATA Portable HDD CH94 (stable-fixes).\n- USB: usbtmc: use interruptible sleep in usbtmc_read (git-fixes).\n- USB: wdm: add annotation (git-fixes).\n- USB: wdm: close race between wdm_open and wdm_wwan_port_stop (git-fixes).\n- USB: wdm: handle IO errors in wdm_wwan_port_start (git-fixes).\n- USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context (git-fixes).\n- RDMA: Update patch RDMA-core-Don-t-expose-hw_counters-outside-of-init-n.patch (git-fixes bsc#1239925).\n- kABI: Update patch kABI-fix-for-RDMA-core-Don-t-expose-hw_counters-outs.patch (git-fixes bsc#1239925).\n- nvme: Update patch nvme-fixup-scan-failure-for-non-ANA-multipath-contro.patch (git-fixes bsc#1235149).\n- nvme: Update patch nvme-re-read-ANA-log-page-after-ns-scan-completes.patch (git-fixes bsc#1235149).\n- s390: Update patch s390-pci-Fix-SR-IOV-for-PFs-initially-in-standby.patch (git-fixes bsc#1236752 bsc#1238368).\n- Xen/swiotlb: mark xen_swiotlb_fixup() __init (git-fixes).\n- accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes).\n- accel/qaic: Fix possible data corruption in BOs \u003e 2G (git-fixes).\n- acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes).\n- add bug reference for an existing hv_netvsc change (bsc#1243737).\n- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).\n- af_unix: Annotate data-race of sk-\u003esk_state in unix_stream_read_skb() (bsc#1239435).\n- af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435).\n- af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334).\n- affs: do not write overlarge OFS data block size fields (git-fixes).\n- affs: generate OFS sequence numbers starting at 1 (git-fixes).\n- afs: Fix the server_list to unuse a displaced server rather than putting it (git-fixes).\n- afs: Make it possible to find the volumes that are using a server (git-fixes).\n- ahci: add PCI ID for Marvell 88SE9215 SATA Controller (stable-fixes).\n- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).\n- arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052)\n- arch_topology: init capacity_freq_ref to 0 (bsc#1238052)\n- arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052)\n- arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes)\n- arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052)\n- arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052)\n- arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052)\n- arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052)\n- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (git-fixes)\n- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (git-fixes)\n- arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes)\n- arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (git-fixes)\n- arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes)\n- arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes)\n- arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2 (git-fixes)\n- arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes)\n- arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes)\n- arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes)\n- arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes)\n- arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes)\n- arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes)\n- arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes)\n- arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes)\n- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes)\n- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes)\n- arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays (git-fixes)\n- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes)\n- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes)\n- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)\n- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)\n- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)\n- arm64: insn: Add support for encoding DSB (git-fixes)\n- arm64: mm: Correct the update of max_pfn (git-fixes)\n- arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes)\n- arm64: proton-pack: Add new CPUs \u0027k\u0027 values for branch mitigation (git-fixes)\n- arm64: proton-pack: Expose whether the branchy loop k value (git-fixes)\n- arm64: proton-pack: Expose whether the platform is mitigated by (git-fixes)\n- arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes)\n- arp: switch to dev_getbyhwaddr() in arp_req_set_public() (git-fixes).\n- asus-laptop: Fix an uninitialized variable (git-fixes).\n- ata: ahci: Add mask_port_map module parameter (git-fixes).\n- ata: libata-sata: Save all fields from sense data descriptor (git-fixes).\n- ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes).\n- ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type (git-fixes).\n- ata: libata-scsi: Fix ata_msense_control_ata_feature() (git-fixes).\n- ata: libata-scsi: Improve CDL control (git-fixes).\n- ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes).\n- ata: libata: Fix NCQ Non-Data log not supported print (git-fixes).\n- ata: pata_parport: add custom version of wait_after_reset (git-fixes).\n- ata: pata_parport: fit3: implement IDE command set registers (git-fixes).\n- ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() (git-fixes).\n- ata: pata_serverworks: Do not use the term blacklist (git-fixes).\n- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes).\n- ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes).\n- ata: sata_sx4: Add error handling in pdc20621_i2c_read() (git-fixes).\n- auxdisplay: hd44780: Convert to platform remove callback returning void (stable-fixes).\n- auxdisplay: hd44780: Fix an API misuse in hd44780.c (git-fixes).\n- auxdisplay: panel: Fix an API misuse in panel.c (git-fixes).\n- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes).\n- badblocks: Fix error shitf ops (git-fixes).\n- badblocks: fix merge issue when new badblocks align with pre+1 (git-fixes).\n- badblocks: fix missing bad blocks on retry in _badblocks_check() (git-fixes).\n- badblocks: fix the using of MAX_BADBLOCKS (git-fixes).\n- badblocks: return error directly when setting badblocks exceeds 512 (git-fixes).\n- badblocks: return error if any badblock set fails (git-fixes).\n- batman-adv: Ignore own maximum aggregation size during RX (git-fixes).\n- bitmap: introduce generic optimized bitmap_size() (git-fixes).\n- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).\n- blk-throttle: fix lower bps rate by throtl_trim_slice() (git-fixes).\n- block: change blk_mq_add_to_batch() third argument type to bool (git-fixes).\n- block: cleanup and fix batch completion adding conditions (git-fixes).\n- block: do not revert iter for -EIOCBQUEUED (git-fixes).\n- block: fix \u0027kmem_cache of name \u0027bio-108\u0027 already exists\u0027 (git-fixes).\n- block: fix conversion of GPT partition name to 7-bit (git-fixes).\n- block: fix resource leak in blk_register_queue() error path (git-fixes).\n- block: integrity: Do not call set_page_dirty_lock() (git-fixes).\n- block: make sure -\u003enr_integrity_segments is cloned in blk_rq_prep_clone (git-fixes).\n- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).\n- bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan() (git-fixes).\n- bnxt_en: Fix coredump logic to free allocated buffer (git-fixes).\n- bnxt_en: Fix ethtool -d byte order for 32-bit values (git-fixes).\n- bnxt_en: Fix out-of-bound memcpy() during ethtool -w (git-fixes).\n- bnxt_en: Linearize TX SKB if the fragments exceed the max (git-fixes).\n- bnxt_en: Mask the bd_cnt field in the TX BD properly (git-fixes).\n- bpf: Add missed var_off setting in coerce_subreg_to_size_sx() (git-fixes).\n- bpf: Add missed var_off setting in set_sext32_default_val() (git-fixes).\n- bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes).\n- bpf: Check size for BTF-based ctx access of pointer members (git-fixes).\n- bpf: Fix a verifier verbose message (git-fixes).\n- bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6 (git-fixes).\n- bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes).\n- bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes).\n- bpf: Scrub packet on bpf_redirect_peer (git-fixes).\n- bpf: Use -Wno-error in certain tests when building with GCC (git-fixes).\n- bpf: add find_containing_subprog() utility function (bsc#1241590).\n- bpf: avoid holding freeze_mutex during mmap operation (git-fixes).\n- bpf: check changes_pkt_data property for extension programs (bsc#1241590).\n- bpf: consider that tail calls invalidate packet pointers (bsc#1241590).\n- bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs (bsc#1241590).\n- bpf: fix potential error return (git-fixes).\n- bpf: prevent r10 register from being marked as precise (git-fixes).\n- bpf: refactor bpf_helper_changes_pkt_data to use helper number (bsc#1241590).\n- bpf: track changes_pkt_data property for global functions (bsc#1241590).\n- bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes).\n- broadcom: fix supported flag check in periodic output function (git-fixes).\n- btrfs: add and use helper to verify the calling task has locked the inode (bsc#1241204).\n- btrfs: adjust subpage bit start based on sectorsize (bsc#1241492).\n- btrfs: always fallback to buffered write if the inode requires checksum (bsc#1242831 bsc#1242710).\n- btrfs: avoid NULL pointer dereference if no valid csum tree (bsc#1243342).\n- btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1236208).\n- btrfs: avoid monopolizing a core when activating a swap file (git-fixes).\n- btrfs: check delayed refs when we\u0027re checking if a ref exists (bsc#1239605).\n- btrfs: do not loop for nowait writes when checking for cross references (git-fixes).\n- btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045).\n- btrfs: drop the backref cache during relocation if we commit (bsc#1239605).\n- btrfs: fix a leaked chunk map issue in read_one_chunk() (git-fixes).\n- btrfs: fix discard worker infinite loop after disabling discard (bsc#1242012).\n- btrfs: fix hole expansion when writing at an offset beyond EOF (bsc#1241151).\n- btrfs: fix missing snapshot drew unlock when root is dead during swap activation (bsc#1241204).\n- btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers (git-fixes).\n- btrfs: fix race with memory mapped writes when activating swap file (bsc#1241204).\n- btrfs: fix swap file activation failure due to extents that used to be shared (bsc#1241204).\n- btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045).\n- btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045).\n- btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045).\n- bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes).\n- bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes).\n- bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes).\n- bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes).\n- bus: simple-pm-bus: fix forced runtime PM use (git-fixes).\n- can: bcm: add locking for bcm_op runtime updates (git-fixes).\n- can: bcm: add missing rcu read protection for procfs content (git-fixes).\n- can: flexcan: disable transceiver during system PM (git-fixes).\n- can: flexcan: only change CAN state when link up in system PM (git-fixes).\n- can: gw: fix RCU/BH usage in cgw_create_job() (git-fixes).\n- can: mcan: m_can_class_unregister(): fix order of unregistration calls (git-fixes).\n- can: mcp251xfd: fix TDC setting for low data bit rates (git-fixes).\n- can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls (git-fixes).\n- can: rcar_canfd: Fix page entries in the AFL list (git-fixes).\n- can: slcan: allow reception of short error messages (git-fixes).\n- can: ucan: fix out of bound read in strscpy() source (git-fixes).\n- cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk (stable-fixes).\n- cdx: Fix possible UAF error in driver_override_show() (git-fixes).\n- char: misc: deallocate static minor in error path (git-fixes).\n- char: misc: register chrdev region with all possible minors (git-fixes).\n- check-for-config-changes: Fix flag name typo\n- cifs: Fix integer overflow while processing actimeo mount option (git-fixes).\n- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).\n- cifs: Remove intermediate object of failed create reparse call (git-fixes).\n- cifs: commands that are retried should have replay flag set (bsc#1231432).\n- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).\n- cifs: helper function to check replayable error codes (bsc#1231432).\n- cifs: new mount option called retrans (bsc#1231432).\n- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).\n- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).\n- cifs: reduce warning log level for server not advertising interfaces (git-fixes).\n- cifs: update desired access while requesting for directory lease (git-fixes).\n- cifs: update the same create_guid on replay (git-fixes).\n- clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes).\n- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).\n- counter: fix privdata alignment (git-fixes).\n- counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes).\n- counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes).\n- cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856)\n- cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707).\n- cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856)\n- cpufreq/cppc: Move and rename (bsc#1237856)\n- cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052)\n- cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052)\n- cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052)\n- cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856)\n- cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856)\n- cpumask: add cpumask_weight_andnot() (bsc#1239015).\n- cpumask: define cleanup function for cpumasks (bsc#1239015).\n- crypto: algif_hash - fix double free in hash_accept (git-fixes).\n- crypto: atmel-sha204a - Set hwrng quality to lowest possible (git-fixes).\n- crypto: caam/qi - Fix drv_ctx refcount bug (git-fixes).\n- crypto: ccp - Add support for PCI device 0x1134 (stable-fixes).\n- crypto: ccp - Fix check for the primary ASP device (git-fixes).\n- crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes).\n- crypto: hisilicon/sec2 - fix for sec spec check (git-fixes).\n- crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416).\n- crypto: iaa - Change desc-\u003epriv to 0 (jsc#PED-12416).\n- crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416).\n- crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416).\n- crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416).\n- crypto: iaa - Remove header table code (jsc#PED-12416).\n- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416).\n- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416).\n- crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416).\n- crypto: iaa - Test the correct request flag (git-fixes).\n- crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416).\n- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416).\n- crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416).\n- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416).\n- crypto: iaa - remove unneeded semicolon (jsc#PED-12416).\n- crypto: nx - Fix uninitialised hv_nxc on error (git-fixes).\n- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416).\n- crypto: qat - Constify struct pm_status_row (jsc#PED-12416).\n- crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416).\n- crypto: qat - Fix spelling mistake \u0027Invalide\u0027 -\u003e \u0027Invalid\u0027 (jsc#PED-12416).\n- crypto: qat - Fix typo \u0027accelaration\u0027 (jsc#PED-12416).\n- crypto: qat - Fix typo (jsc#PED-12416).\n- crypto: qat - Remove trailing space after \\n newline (jsc#PED-12416).\n- crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416).\n- crypto: qat - add admin msgs for telemetry (jsc#PED-12416).\n- crypto: qat - add auto reset on error (jsc#PED-12416).\n- crypto: qat - add bank save and restore flows (jsc#PED-12416).\n- crypto: qat - add fatal error notification (jsc#PED-12416).\n- crypto: qat - add fatal error notify method (jsc#PED-12416).\n- crypto: qat - add heartbeat error simulator (jsc#PED-12416).\n- crypto: qat - add interface for live migration (jsc#PED-12416).\n- crypto: qat - add support for 420xx devices (jsc#PED-12416).\n- crypto: qat - add support for device telemetry (jsc#PED-12416).\n- crypto: qat - add support for ring pair level telemetry (jsc#PED-12416).\n- crypto: qat - adf_get_etr_base() helper (jsc#PED-12416).\n- crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416).\n- crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416).\n- crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416).\n- crypto: qat - disable arbitration before reset (jsc#PED-12416).\n- crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416).\n- crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416).\n- crypto: qat - fix \u0027Full Going True\u0027 macro definition (jsc#PED-12416).\n- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416).\n- crypto: qat - fix comment structure (jsc#PED-12416).\n- crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416).\n- crypto: qat - fix recovery flow for VFs (jsc#PED-12416).\n- crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416).\n- crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416).\n- crypto: qat - implement dh fallback for primes \u003e 4K (jsc#PED-12416).\n- crypto: qat - implement interface for live migration (jsc#PED-12416).\n- crypto: qat - improve aer error reset handling (jsc#PED-12416).\n- crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416).\n- crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416).\n- crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416).\n- crypto: qat - limit heartbeat notifications (jsc#PED-12416).\n- crypto: qat - make adf_ctl_class constant (jsc#PED-12416).\n- crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416).\n- crypto: qat - move PFVF compat checker to a function (jsc#PED-12416).\n- crypto: qat - move fw config related structures (jsc#PED-12416).\n- crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416).\n- crypto: qat - re-enable sriov after pf reset (jsc#PED-12416).\n- crypto: qat - relocate CSR access code (jsc#PED-12416).\n- crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416).\n- crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416).\n- crypto: qat - remove access to parity register for QAT GEN4 (git-fixes).\n- crypto: qat - remove unnecessary description from comment (jsc#PED-12416).\n- crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416).\n- crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416).\n- crypto: qat - set parity error mask for qat_420xx (git-fixes).\n- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416).\n- crypto: qat - update PFVF protocol for recovery (jsc#PED-12416).\n- crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416).\n- crypto: qat - validate slices count returned by FW (jsc#PED-12416).\n- crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416).\n- cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path (git-fixes).\n- devlink: fix port new reply cmd type (git-fixes).\n- dlm: prevent NPD when writing a positive value to event_done (git-fixes).\n- dm array: fix cursor index when skipping across block boundaries (git-fixes).\n- dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes).\n- dm init: Handle minors larger than 255 (git-fixes).\n- dm integrity: fix out-of-range warning (git-fixes).\n- dm persistent data: fix memory allocation failure (git-fixes).\n- dm resume: do not return EINVAL when signalled (git-fixes).\n- dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes).\n- dm thin: Add missing destroy_work_on_stack() (git-fixes).\n- dm-bufio: do not schedule in atomic context (git-fixes).\n- dm-crypt: do not update io-\u003esector after kcryptd_crypt_write_io_submit() (git-fixes).\n- dm-crypt: track tag_offset in convert_context (git-fixes).\n- dm-delay: fix hung task introduced by kthread mode (git-fixes).\n- dm-delay: fix max_delay calculations (git-fixes).\n- dm-delay: fix workqueue delay_timer race (git-fixes).\n- dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes).\n- dm-ebs: fix prefetch-vs-suspend race (git-fixes).\n- dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes).\n- dm-integrity: align the outgoing bio in integrity_recheck (git-fixes).\n- dm-integrity: fix a race condition when accessing recalc_sector (git-fixes).\n- dm-integrity: fix a warning on invalid table line (git-fixes).\n- dm-integrity: set ti-\u003eerror on memory allocation failure (git-fixes).\n- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes).\n- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes).\n- dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes).\n- dm-verity: fix prefetch-vs-suspend race (git-fixes).\n- dm: Fix typo in error message (git-fixes).\n- dm: add missing unlock on in dm_keyslot_evict() (git-fixes).\n- dm: always update the array size in realloc_argv on success (git-fixes).\n- dm: fix copying after src array boundaries (git-fixes).\n- dma-buf: insert memory barrier before updating num_fences (git-fixes).\n- dma: kmsan: export kmsan_handle_dma() for modules (git-fixes).\n- dmaengine: Revert \u0027dmaengine: dmatest: Fix dmatest waiting less when interrupted\u0027 (git-fixes).\n- dmaengine: dmatest: Fix dmatest waiting less when interrupted (stable-fixes).\n- dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals (git-fixes).\n- dmaengine: idxd: Add missing cleanups in cleanup internals (git-fixes).\n- dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call (git-fixes).\n- dmaengine: idxd: Fix -\u003epoll() return value (git-fixes).\n- dmaengine: idxd: Fix allowing write() from different address spaces (git-fixes).\n- dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (git-fixes).\n- dmaengine: idxd: fix memory leak in error handling path of idxd_alloc (git-fixes).\n- dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe (git-fixes).\n- dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines (git-fixes).\n- dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups (git-fixes).\n- dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs (git-fixes).\n- dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() (git-fixes).\n- dmaengine: mediatek: drop unused variable (git-fixes).\n- dmaengine: ti: k3-udma: Add missing locking (git-fixes).\n- dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy (git-fixes).\n- driver core: Remove needless return in void API device_remove_group() (git-fixes).\n- drivers: base: devres: Allow to release group on device release (stable-fixes).\n- drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes).\n- drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes).\n- drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp (stable-fixes).\n- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes).\n- drm/amd/display: Avoid flooding unnecessary info messages (git-fixes).\n- drm/amd/display: Copy AUX read reply data whenever length \u003e 0 (git-fixes).\n- drm/amd/display: Correct the reply value when AUX write incomplete (git-fixes).\n- drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes).\n- drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes).\n- drm/amd/display: Fix HPD after gpu reset (stable-fixes).\n- drm/amd/display: Fix gpu reset in multidisplay config (git-fixes).\n- drm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in resource_build_scaling_params (git-fixes).\n- drm/amd/display: Fix slab-use-after-free in hdcp (git-fixes).\n- drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes).\n- drm/amd/display: Fix the checking condition in dmub aux handling (stable-fixes).\n- drm/amd/display: Fix wrong handling for AUX_DEFER case (git-fixes).\n- drm/amd/display: Force full update in gpu reset (stable-fixes).\n- drm/amd/display: Remove incorrect checking in dmub aux handler (git-fixes).\n- drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes).\n- drm/amd/display: Shift DMUB AUX reply command if necessary (git-fixes).\n- drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes).\n- drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes).\n- drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes).\n- drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes).\n- drm/amd/display: more liberal vmin/vmax update for freesync (stable-fixes).\n- drm/amd/pm/smu11: Prevent division by zero (git-fixes).\n- drm/amd/pm: Prevent division by zero (git-fixes).\n- drm/amd: Add Suspend/Hibernate notification callback support (stable-fixes).\n- drm/amd: Handle being compiled without SI or CIK support better (stable-fixes).\n- drm/amd: Keep display off while going into S4 (stable-fixes).\n- drm/amdgpu/dma_buf: fix page_link check (git-fixes).\n- drm/amdgpu/gfx11: fix num_mec (git-fixes).\n- drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush (git-fixes).\n- drm/amdgpu/umsch: declare umsch firmware (git-fixes).\n- drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes).\n- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes).\n- drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes).\n- drm/amdgpu: Queue KFD reset workitem in VF FED (stable-fixes).\n- drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes).\n- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).\n- drm/amdgpu: fix pm notifier handling (git-fixes).\n- drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() (stable-fixes).\n- drm/amdgpu: trigger flr_work if reading pf2vf data failed (stable-fixes).\n- drm/amdkfd: Fix Circular Locking Dependency in \u0027svm_range_cpu_invalidate_pagetables\u0027 (git-fixes).\n- drm/amdkfd: Fix mode1 reset crash issue (stable-fixes).\n- drm/amdkfd: Fix pqm_destroy_queue race with GPU reset (stable-fixes).\n- drm/amdkfd: clamp queue size to minimum (stable-fixes).\n- drm/amdkfd: debugfs hang_hws skip GPU with MES (stable-fixes).\n- drm/atomic: Filter out redundant DPMS calls (stable-fixes).\n- drm/bridge: Fix spelling mistake \u0027gettin\u0027 -\u003e \u0027getting\u0027 (git-fixes).\n- drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes).\n- drm/bridge: panel: forbid initializing a panel with unknown connector type (stable-fixes).\n- drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes).\n- drm/dp_mst: Add a helper to queue a topology probe (stable-fixes).\n- drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes).\n- drm/dp_mst: Fix drm RAD print (git-fixes).\n- drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes).\n- drm/edid: fixed the bug that hdr metadata was not reset (git-fixes).\n- drm/fdinfo: Protect against driver unbind (git-fixes).\n- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes).\n- drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes).\n- drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes).\n- drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes).\n- drm/i915/dg2: wait for HuC load completion before running selftests (stable-fixes).\n- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).\n- drm/i915/dsi: Use TRANS_DDI_FUNC_CTL\u0027s own port width macro (git-fixes).\n- drm/i915/gvt: fix unterminated-string-initialization warning (stable-fixes).\n- drm/i915/huc: Fix fence not released on early probe errors (git-fixes).\n- drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions\u0027 (git-fixes).\n- drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes).\n- drm/i915/xelpg: Extend driver code of Xe_LPG to Xe_LPG+ (stable-fixes).\n- drm/i915: Disable RPG during live selftest (git-fixes).\n- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).\n- drm/mediatek: dp: drm_err =\u003e dev_err in HPD path to avoid NULL ptr (git-fixes).\n- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes).\n- drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off (stable-fixes).\n- drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data (stable-fixes).\n- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes).\n- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes).\n- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes).\n- drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes).\n- drm/msm/dpu: do not use active in atomic_check() (git-fixes).\n- drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes).\n- drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes).\n- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).\n- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).\n- drm/nouveau: Do not override forced connector status (stable-fixes).\n- drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() (git-fixes).\n- drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes).\n- drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes).\n- drm/panel: simple: Update timings for AUO G101EVN010 (git-fixes).\n- drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes).\n- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes).\n- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes).\n- drm/repaper: fix integer overflows in repeat functions (git-fixes).\n- drm/sched: Fix fence reference count leak (git-fixes).\n- drm/sched: Fix preprocessor guard (git-fixes).\n- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes).\n- drm/ssd130x: ensure ssd132x pitch is correct (git-fixes).\n- drm/ssd130x: fix ssd132x encoding (git-fixes).\n- drm/sti: remove duplicate object names (git-fixes).\n- drm/tests: Add helper to create mock crtc (stable-fixes).\n- drm/tests: Add helper to create mock plane (stable-fixes).\n- drm/tests: Build KMS helpers when DRM_KUNIT_TEST_HELPERS is enabled (git-fixes).\n- drm/tests: cmdline: Fix drm_display_mode memory leak (git-fixes).\n- drm/tests: helpers: Add atomic helpers (stable-fixes).\n- drm/tests: helpers: Add helper for drm_display_mode_from_cea_vic() (stable-fixes).\n- drm/tests: helpers: Create kunit helper to destroy a drm_display_mode (stable-fixes).\n- drm/tests: helpers: Fix compiler warning (git-fixes).\n- drm/tests: modes: Fix drm_display_mode memory leak (git-fixes).\n- drm/tests: probe-helper: Fix drm_display_mode memory leak (git-fixes).\n- drm/v3d: Add job to pending list if the reset was skipped (stable-fixes).\n- drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes).\n- drm/vkms: Fix use after free and double free on init error (git-fixes).\n- drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes).\n- drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS (git-fixes).\n- drm: allow encoder mode_set even when connectors change for crtc (stable-fixes).\n- drm: panel-orientation-quirks: Add new quirk for GPD Win 2 (stable-fixes).\n- drm: panel-orientation-quirks: Add quirk for AYA NEO Slide (stable-fixes).\n- drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) (stable-fixes).\n- drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB (stable-fixes).\n- drm: panel-orientation-quirks: Add support for AYANEO 2S (stable-fixes).\n- drm: xlnx: zynqmp: Fix max dma segment size (git-fixes).\n- dummycon: fix default rows/cols (git-fixes).\n- e1000e: change k1 configuration on MTP and later platforms (git-fixes).\n- eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes).\n- efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349).\n- eth: bnxt: fix missing ring index trim on error path (git-fixes).\n- ethtool: Fix context creation with no parameters (git-fixes).\n- ethtool: Fix set RXNFC command with symmetric RSS hash (git-fixes).\n- ethtool: Fix wrong mod state in case of verbose and no_mask bitset (git-fixes).\n- ethtool: do not propagate EOPNOTSUPP from dumps (git-fixes).\n- ethtool: fix setting key and resetting indir at once (git-fixes).\n- ethtool: netlink: Add missing ethnl_ops_begin/complete (git-fixes).\n- ethtool: netlink: do not return SQI value if link is down (git-fixes).\n- ethtool: plca: fix plca enable data type while parsing the value (git-fixes).\n- ethtool: rss: echo the context number back (git-fixes).\n- exfat: do not fallback to buffered write (git-fixes).\n- exfat: do not zero the extended part (bsc#1237356).\n- exfat: drop -\u003ei_size_ondisk (git-fixes).\n- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).\n- exfat: fix potential wrong error return from get_block (git-fixes).\n- exfat: fix soft lockup in exfat_clear_bitmap (git-fixes).\n- exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes).\n- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).\n- exfat: short-circuit zero-byte writes in exfat_file_write_iter (git-fixes).\n- ext4: add missing brelse() for bh2 in ext4_dx_add_entry() (bsc#1242342).\n- ext4: correct encrypted dentry name hash when not casefolded (bsc#1242540).\n- ext4: do not over-report free space or inodes in statvfs (bsc#1242345).\n- ext4: do not treat fhandle lookup of ea_inode as FS corruption (bsc#1242347).\n- ext4: fix FS_IOC_GETFSMAP handling (bsc#1240557).\n- ext4: goto right label \u0027out_mmap_sem\u0027 in ext4_setattr() (bsc#1242556).\n- ext4: make block validity check resistent to sb bh corruption (bsc#1242348).\n- ext4: partial zero eof block on unaligned inode size extension (bsc#1242336).\n- ext4: protect ext4_release_dquot against freezing (bsc#1242335).\n- ext4: replace the traditional ternary conditional operator with with max()/min() (bsc#1242536).\n- ext4: treat end of range as exclusive in ext4_zero_range() (bsc#1242539).\n- ext4: unify the type of flexbg_size to unsigned int (bsc#1242538).\n- fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes).\n- fbdev: omapfb: Add \u0027plane\u0027 value check (stable-fixes).\n- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).\n- fbdev: sm501fb: Add some geometry checks (git-fixes).\n- firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes).\n- firmware: arm_ffa: Skip Rx buffer ownership release if not acquired (git-fixes).\n- firmware: arm_scmi: Balance device refcount when destroying devices (git-fixes).\n- firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes).\n- firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes).\n- firmware: cs_dsp: Remove async regmap writes (git-fixes).\n- firmware: imx-scu: fix OF node leak in .probe() (git-fixes).\n- flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994).\n- fs/jfs: Prevent integer overflow in AG size calculation (git-fixes).\n- fs/jfs: cast inactags to s64 to prevent potential overflow (git-fixes).\n- fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() (bsc#1241250).\n- fs: better handle deep ancestor chains in is_subdir() (bsc#1242528).\n- fs: consistently deref the files table with rcu_dereference_raw() (bsc#1242535).\n- fs: do not allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT (bsc#1242526).\n- fs: support relative paths with FSCONFIG_SET_STRING (git-fixes).\n- gpio: aggregator: protect driver attr handlers against module unload (git-fixes).\n- gpio: rcar: Fix missing of_node_put() call (git-fixes).\n- gpio: rcar: Use raw_spinlock to protect register access (stable-fixes).\n- gpio: tegra186: fix resource handling in ACPI probe path (git-fixes).\n- gpio: zynq: Fix wakeup source leaks on device unbind (stable-fixes).\n- gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes).\n- gup: make the stack expansion warning a bit more targeted (bsc#1238214).\n- gve: handle overflow when reporting TX consumed descriptors (git-fixes).\n- gve: set xdp redirect target only when it is available (git-fixes).\n- hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key (git-fixes).\n- hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (git-fixes).\n- hv_netvsc: Remove rmsg_pgcnt (git-fixes).\n- hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (git-fixes).\n- hwmon: (ad7314) Validate leading zero bits and return error (git-fixes).\n- hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes).\n- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes).\n- hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes).\n- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes).\n- i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes).\n- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes).\n- i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes).\n- i2c: cros-ec-tunnel: defer probe if parent EC is not present (git-fixes).\n- i2c: designware: Fix an error handling path in i2c_dw_pci_probe() (git-fixes).\n- i2c: imx-lpi2c: Fix clock count when probe defers (git-fixes).\n- i2c: ls2x: Fix frequency division register access (git-fixes).\n- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).\n- i2c: omap: fix IRQ storms (git-fixes).\n- i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes).\n- i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes).\n- i3c: master: svc: Fix missing the IBI rules (git-fixes).\n- i3c: master: svc: Use readsb helper for reading MDB (git-fixes).\n- ice: Add check for devm_kzalloc() (git-fixes).\n- ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() (git-fixes).\n- ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518).\n- ice: fix reservation of resources for RDMA when disabled (git-fixes).\n- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).\n- ice: stop truncating queue ids when checking (git-fixes).\n- idpf: check error for register_netdev() on init (git-fixes).\n- idpf: fix adapter NULL pointer dereference on reboot (git-fixes).\n- idpf: fix offloads support for encapsulated packets (git-fixes).\n- idpf: fix potential memory leak on kcalloc() failure (git-fixes).\n- idpf: protect shutdown from reset (git-fixes).\n- igb: reject invalid external timestamp requests for 82580-based HW (git-fixes).\n- igc: add lock preventing multiple simultaneous PTM transactions (git-fixes).\n- igc: cleanup PTP module if probe fails (git-fixes).\n- igc: fix PTM cycle trigger logic (git-fixes).\n- igc: fix lock order in igc_ptp_reset (git-fixes).\n- igc: handle the IGC_PTP_ENABLED flag correctly (git-fixes).\n- igc: increase wait time before retrying PTM (git-fixes).\n- igc: move ktime snapshot into PTM retry loop (git-fixes).\n- iio: accel: adxl367: fix setting odr for activity time update (git-fixes).\n- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes).\n- iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes).\n- iio: adc: ad4130: Fix comparison of channel setups (git-fixes).\n- iio: adc: ad7124: Fix comparison of channel configs (git-fixes).\n- iio: adc: ad7606: fix serial register access (git-fixes).\n- iio: adc: ad7768-1: Fix conversion result sign (git-fixes).\n- iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check (stable-fixes).\n- iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes).\n- iio: adis16201: Correct inclinometer channel resolution (git-fixes).\n- iio: dac: ad3552r: clear reset status flag (git-fixes).\n- iio: filter: admv8818: Force initialization of SDO (git-fixes).\n- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo (git-fixes).\n- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo (git-fixes).\n- iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer (git-fixes).\n- include/linux/mmzone.h: clean up watermark accessors (bsc#1239600).\n- include: net: add static inline dst_dev_overhead() to dst.h (git-fixes).\n- inetpeer: remove create argument of inet_getpeer_v() (git-fixes).\n- inetpeer: update inetpeer timestamp in inet_getpeer() (git-fixes).\n- init: add initramfs_internal.h (bsc#1232848).\n- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).\n- initramfs: allocate heap buffers together (bsc#1232848).\n- initramfs: fix hardlink hash leak without TRAILER (bsc#1232848).\n- intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes).\n- intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes).\n- intel_th: pci: Add Arrow Lake support (stable-fixes).\n- intel_th: pci: Add Panther Lake-H support (stable-fixes).\n- intel_th: pci: Add Panther Lake-P/U support (stable-fixes).\n- ioam6: improve checks on user data (git-fixes).\n- iommu/vt-d: Fix suspicious RCU usage (git-fixes).\n- iommu: Fix two issues in iommu_copy_struct_from_user() (git-fixes).\n- ipv4/route: avoid unused-but-set-variable warning (git-fixes).\n- ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR) (git-fixes).\n- ipv4: Convert icmp_route_lookup() to dscp_t (git-fixes).\n- ipv4: Fix incorrect source address in Record Route option (git-fixes).\n- ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family (git-fixes).\n- ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994).\n- ipv4: fib: annotate races around nh-\u003enh_saddr_genid and nh-\u003enh_saddr (git-fixes).\n- ipv4: fix source address selection with route leak (git-fixes).\n- ipv4: give an IPv4 dev to blackhole_netdev (git-fixes).\n- ipv4: icmp: Pass full DS field to ip_route_input() (git-fixes).\n- ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() (git-fixes).\n- ipv4: ip_gre: Fix drops of small packets in ipgre_xmit (git-fixes).\n- ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit() (git-fixes).\n- ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev() (git-fixes).\n- ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit() (git-fixes).\n- ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid (git-fixes).\n- ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels (git-fixes).\n- ipv4: use RCU protection in inet_select_addr() (bsc#1239994).\n- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994).\n- ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994).\n- ipv4: use RCU protection in rt_is_expired() (bsc#1239994).\n- ipv6: Align behavior across nexthops during path selection (git-fixes).\n- ipv6: Do not consider link down nexthops in path selection (git-fixes).\n- ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes).\n- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes).\n- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes).\n- ipv6: Start path selection from the first nexthop (git-fixes).\n- ipv6: Use RCU in ip6_input() (bsc#1239994).\n- ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes).\n- ipv6: avoid atomic fragment on GSO packets (git-fixes).\n- ipv6: fib6_rules: flush route cache when rule is changed (git-fixes).\n- ipv6: fib: hide unused \u0027pn\u0027 variable (git-fixes).\n- ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes).\n- ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS (git-fixes).\n- ipv6: fix potential NULL deref in fib6_add() (git-fixes).\n- ipv6: icmp: convert to dev_net_rcu() (bsc#1239994).\n- ipv6: introduce dst_rt6_info() helper (git-fixes).\n- ipv6: ioam: block BH from ioam6_output() (git-fixes).\n- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes).\n- ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).\n- ipv6: sr: add missing seg6_local_exit (git-fixes).\n- ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes).\n- ipv6: take care of scope when choosing the src addr (git-fixes).\n- irqchip/davinci: Remove leftover header (git-fixes).\n- irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (git-fixes).\n- irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs (git-fixes).\n- isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (bsc#1242307).\n- jbd2: add a missing data flush during file and fs synchronization (bsc#1242346).\n- jbd2: fix off-by-one while erasing journal (bsc#1242344).\n- jbd2: flush filesystem device before updating tail sequence (bsc#1242333).\n- jbd2: increase IO priority for writing revoke records (bsc#1242332).\n- jbd2: increase the journal IO\u0027s priority (bsc#1242537).\n- jbd2: remove wrong sb-\u003es_sequence check (bsc#1242343).\n- jfs: Fix uninit-value access of imap allocated in the diMount() function (git-fixes).\n- jfs: Prevent copying of nlink with value 0 from disk inode (git-fixes).\n- jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes).\n- jfs: add check read-only before txBeginAnon() call (git-fixes).\n- jfs: add index corruption check to DT_GETPAGE() (git-fixes).\n- jfs: add sanity check for agwidth in dbMount (git-fixes).\n- jfs: fix slab-out-of-bounds read in ea_get() (git-fixes).\n- jfs: reject on-disk inodes of an unsupported type (git-fixes).\n- jiffies: Cast to unsigned long in secs_to_jiffies() conversion (bsc#1242993).\n- jiffies: Define secs_to_jiffies() (bsc#1242993).\n- kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes)\n- kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).\n- kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).\n- kABI fix for netlink: terminate outstanding dump on socket close (git-fixes).\n- kABI fix for sctp: detect and prevent references to a freed transport in sendmsg (git-fixes).\n- kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes).\n- kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes).\n- kABI workaround for intel-ish-hid (git-fixes).\n- kABI workaround for powercap update (bsc#1241010).\n- kABI workaround for soc_mixer_control changes (git-fixes).\n- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).\n- kbuild: hdrcheck: fix cross build with clang (git-fixes).\n- kernel-binary: Support livepatch_rt with merged RT branch\n- kernel-obs-qa: Use srchash for dependency as well\n- kernel-source: Also replace bin/env\n- ktest: Fix Test Failures Due to Missing LOG_FILE Directories (stable-fixes).\n- kunit: qemu_configs: SH: Respect kunit cmdline (git-fixes).\n- kunit: qemu_configs: sparc: use Zilog console (git-fixes).\n- l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes).\n- l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes).\n- l2tp: fix lockdep splat (git-fixes).\n- leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes).\n- leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes).\n- lib: 842: Improve error handling in sw842_compress() (git-fixes).\n- lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes).\n- libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Rename perf_cpu_map__default_new() to perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309).\n- lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes).\n- loop: Add sanity check for read/write_iter (git-fixes).\n- loop: LOOP_SET_FD: send uevents for partitions (git-fixes).\n- loop: aio inherit the ioprio of original request (git-fixes).\n- loop: do not require -\u003ewrite_iter for writable files in loop_configure (git-fixes).\n- loop: properly send KOBJ_CHANGED uevent for disk device (git-fixes).\n- loop: stop using vfs_iter_{read,write} for buffered I/O (git-fixes).\n- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).\n- md/md-bitmap: add \u0027sync_size\u0027 into struct md_bitmap_stats (git-fixes).\n- md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb (bsc#1238212).\n- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).\n- md/md-cluster: fix spares warnings for __le64 (git-fixes).\n- md/raid0: do not free conf on raid0_run failure (git-fixes).\n- md/raid1,raid10: do not ignore IO flags (git-fixes).\n- md/raid10: fix missing discard IO accounting (git-fixes).\n- md/raid10: wait barrier before returning discard request with REQ_NOWAIT (git-fixes).\n- md/raid1: Add check for missing source disk in process_checks() (git-fixes).\n- md/raid1: do not free conf on raid0_run failure (git-fixes).\n- md/raid1: fix memory leak in raid1_run() if no active rdev (git-fixes).\n- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).\n- md/raid5: implement pers-\u003ebitmap_sector() (git-fixes).\n- md: Do not flush sync_work in md_write_start() (git-fixes).\n- md: add a new callback pers-\u003ebitmap_sector() (git-fixes).\n- md: convert comma to semicolon (git-fixes).\n- md: ensure resync is prioritized over recovery (git-fixes).\n- md: fix mddev uaf while iterating all_mddevs list (git-fixes).\n- md: preserve KABI in struct md_personality v2 (git-fixes).\n- mdacon: rework dependency list (git-fixes).\n- media: i2c: adv748x: Fix test pattern selection mask (git-fixes).\n- media: i2c: ccs: Set the device\u0027s runtime PM status correctly in remove (git-fixes).\n- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes).\n- media: i2c: ov7251: Set enable GPIO low in probe (git-fixes).\n- media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes).\n- media: platform: stm32: Add check for clk_enable() (git-fixes).\n- media: siano: Fix error handling in smsdvb_module_init() (git-fixes).\n- media: streamzap: fix race between device disconnection and urb callback (git-fixes).\n- media: streamzap: prevent processing IR data on URB failure (git-fixes).\n- media: uvcvideo: Add quirk for Actions UVC05 (stable-fixes).\n- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes).\n- media: venus: hfi: add a check to handle OOB in sfr region (git-fixes).\n- media: venus: hfi: add check to handle incorrect queue size (git-fixes).\n- media: venus: hfi_parser: add check to avoid out of bound access (git-fixes).\n- media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes).\n- media: verisilicon: HEVC: Initialize start_bit field (git-fixes).\n- media: videobuf2: Add missing doc comment for waiting_in_dqbuf (git-fixes).\n- media: vim2m: print device name after registering device (git-fixes).\n- media: visl: Fix ERANGE error when setting enum controls (git-fixes).\n- mei: me: add panther lake H DID (stable-fixes).\n- mei: me: add panther lake P DID (stable-fixes).\n- memblock tests: fix warning: \u0027__ALIGN_KERNEL\u0027 redefined (git-fixes).\n- memory: mtk-smi: Add ostd setting for mt8192 (git-fixes).\n- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes).\n- mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes).\n- mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes).\n- mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes).\n- mfd: syscon: Fix race in device_node_get_regmap() (git-fixes).\n- mfd: syscon: Remove extern from function prototypes (stable-fixes).\n- mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes).\n- misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration (git-fixes).\n- misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack (git-fixes).\n- mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600).\n- mm/readahead: fix large folio support in async readahead (bsc#1242321).\n- mm: accept to promo watermark (bsc#1239600).\n- mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600).\n- mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600).\n- mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT (bsc#1242326).\n- mm: fix filemap_get_folios_contig returning batches of identical folios (bsc#1242327).\n- mm: fix oops when filemap_map_pmd() without prealloc_pte (bsc#1242546).\n- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)\n- mm: zswap: move allocations during CPU init outside the lock (git-fixes).\n- mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes).\n- mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves (stable-fixes).\n- mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes).\n- mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe (git-fixes).\n- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes).\n- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes).\n- mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes).\n- mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN (git-fixes).\n- mptcp: refine opt_mp_capable determination (git-fixes).\n- mptcp: relax check on MPC passive fallback (git-fixes).\n- mptcp: strict validation before using mp_opt-\u003ehmac (git-fixes).\n- mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req() (git-fixes).\n- mtd: Add check for devm_kcalloc() (git-fixes).\n- mtd: Replace kcalloc() with devm_kcalloc() (git-fixes).\n- mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes).\n- mtd: nand: Fix a kdoc comment (git-fixes).\n- mtd: phram: Add the kernel lock down check (bsc#1232649).\n- mtd: rawnand: Add status chack in r852_ready() (git-fixes).\n- mtd: rawnand: brcmnand: fix PM resume warning (git-fixes).\n- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994).\n- ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994).\n- neighbour: delete redundant judgment statements (git-fixes).\n- net l2tp: drop flow hash on forward (git-fixes).\n- net/handshake: Fix handshake_req_destroy_test1 (git-fixes).\n- net/handshake: Fix memory leak in __sock_create() and sock_alloc_file() (git-fixes).\n- net/ipv6: Fix route deleting failure when metric equals 0 (git-fixes).\n- net/ipv6: Fix the RT cache flush via sysctl using a previous delay (git-fixes).\n- net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged (git-fixes).\n- net/mlx5: E-Switch, Initialize MAC Address for Default GID (git-fixes).\n- net/mlx5: E-switch, Fix error handling for enabling roce (git-fixes).\n- net/mlx5: Fill out devlink dev info only for PFs (git-fixes).\n- net/mlx5: IRQ, Fix null string in debug print (git-fixes).\n- net/mlx5: Lag, Check shared fdb before creating MultiPort E-Switch (git-fixes).\n- net/mlx5: Start health poll after enable hca (git-fixes).\n- net/mlx5e: Disable MACsec offload for uplink representor profile (git-fixes).\n- net/mlx5e: Fix ethtool -N flow-type ip4 to RSS context (git-fixes).\n- net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (git-fixes).\n- net/mlx5e: SHAMPO, Make reserved size independent of page size (git-fixes).\n- net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes).\n- net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes).\n- net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes).\n- net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes).\n- net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes).\n- net/sched: flower: Add lock protection when remove filter handle (git-fixes).\n- net/sched: taprio: make q-\u003epicos_per_byte available to fill_sched_entry() (git-fixes).\n- net/sched: tbf: correct backlog statistic for GSO packets (git-fixes).\n- net/tcp: refactor tcp_inet6_sk() (git-fixes).\n- net: Add non-RCU dev_getbyhwaddr() helper (git-fixes).\n- net: Clear old fragment checksum value in napi_reuse_skb (git-fixes).\n- net: Fix undefined behavior in netdev name allocation (bsc#1233749).\n- net: Handle napi_schedule() calls from non-interrupt (git-fixes).\n- net: Implement missing SO_TIMESTAMPING_NEW cmsg support (git-fixes).\n- net: Remove acked SYN flag from packet in the transmit queue correctly (git-fixes).\n- net: add dev_net_rcu() helper (bsc#1239994).\n- net: annotate data-races around sk-\u003esk_dst_pending_confirm (git-fixes).\n- net: annotate data-races around sk-\u003esk_tx_queue_mapping (git-fixes).\n- net: avoid UAF on deleted altname (bsc#1233749).\n- net: blackhole_dev: fix build warning for ethh set but not used (git-fixes).\n- net: check for altname conflicts when changing netdev\u0027s netns (bsc#1233749).\n- net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes).\n- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).\n- net: do not dump stack on queue timeout (git-fixes).\n- net: do not send a MOVE event when netdev changes netns (bsc#1233749).\n- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).\n- net: ethtool: Do not call .cleanup_data when prepare_data fails (git-fixes).\n- net: ethtool: Fix RSS setting (git-fixes).\n- net: fix ifname in netlink ntf during netns move (bsc#1233749).\n- net: fix removing a namespace with conflicting altnames (bsc#1233749).\n- net: free altname using an RCU callback (bsc#1233749).\n- net: gro: parse ipv6 ext headers without frag0 invalidation (git-fixes).\n- net: ipv6: fix UDPv6 GSO segmentation with NAT (git-fixes).\n- net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes).\n- net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes).\n- net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes).\n- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes).\n- net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes).\n- net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes).\n- net: ipv6: ioam6: code alignment (git-fixes).\n- net: ipv6: ioam6: fix lwtunnel_output() loop (git-fixes).\n- net: ipv6: ioam6: new feature tunsrc (git-fixes).\n- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes).\n- net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes).\n- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes).\n- net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).\n- net: loopback: Avoid sending IP packets without an Ethernet header (git-fixes).\n- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).\n- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).\n- net: mana: Allow variable size indirection table (bsc#1239016).\n- net: mana: Assigning IRQ affinity on HT cores (bsc#1239015).\n- net: mana: Avoid open coded arithmetic (bsc#1239016).\n- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015).\n- net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015).\n- net: mana: Support holes in device list reply msg (git-fixes).\n- net: mana: Switch to page pool for jumbo frames (git-fixes).\n- net: mana: add a function to spread IRQs per CPUs (bsc#1239015).\n- net: mana: cleanup mana struct after debugfs_remove() (git-fixes).\n- net: mark racy access on sk-\u003esk_rcvbuf (git-fixes).\n- net: move altnames together with the netdevice (bsc#1233749).\n- net: phy: leds: fix memory leak (git-fixes).\n- net: phy: microchip: force IRQ polling mode for lan88xx (git-fixes).\n- net: qede: Initialize qede_ll_ops with designated initializer (git-fixes).\n- net: reduce indentation of __dev_alloc_name() (bsc#1233749).\n- net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets (git-fixes).\n- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).\n- net: remove else after return in dev_prep_valid_name() (bsc#1233749).\n- net: sctp: fix skb leak in sctp_inq_free() (git-fixes).\n- net: set SOCK_RCU_FREE before inserting socket into hashtable (git-fixes).\n- net: set the minimum for net_hotdata.netdev_budget_usecs (git-fixes).\n- net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension (git-fixes).\n- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).\n- net: usb: asix_devices: add FiberGecko DeviceID (stable-fixes).\n- net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes).\n- net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes).\n- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480).\n- net: use unrcu_pointer() helper (git-fixes).\n- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes).\n- net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes).\n- net_sched: drr: Fix double list add in class with netem as child qdisc (git-fixes).\n- net_sched: ets: Fix double list add in class with netem as child qdisc (git-fixes).\n- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (git-fixes).\n- net_sched: qfq: Fix double list add in class with netem as child qdisc (git-fixes).\n- net_sched: sch_sfq: annotate data-races around q-\u003eperturb_period (git-fixes).\n- net_sched: sch_sfq: handle bigger packets (git-fixes).\n- netdev-genl: avoid empty messages in queue dump (git-fixes).\n- netdev: fix repeated netlink messages in queue dump (git-fixes).\n- netlink: annotate data-races around sk-\u003esk_err (git-fixes).\n- netpoll: Ensure clean state on setup failures (git-fixes).\n- netpoll: Use rcu_access_pointer() in netpoll_poll_lock (git-fixes).\n- nfs: add missing selections of CONFIG_CRC32 (git-fixes).\n- nfs: clear SB_RDONLY before getting superblock (bsc#1238565).\n- nfs: handle failure of nfs_get_lock_context in unlock path (git-fixes).\n- nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565).\n- nfsd: add list_head nf_gc to struct nfsd_file (git-fixes).\n- nfsd: clear acl_access/acl_default after releasing them (git-fixes).\n- nfsd: decrease sc_count directly if fail to queue dl_recall (git-fixes).\n- nfsd: put dl_stid if fail to queue dl_recall (git-fixes).\n- nilfs2: add pointer check for nilfs_direct_propagate() (git-fixes).\n- nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() (git-fixes).\n- ntb: Force physically contiguous allocation of rx ring buffers (git-fixes).\n- ntb: intel: Fix using link status DB\u0027s (git-fixes).\n- ntb: reduce stack usage in idt_scan_mws (stable-fixes).\n- ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes).\n- ntb_hw_amd: Add NTB PCI ID for new gen CPU (stable-fixes).\n- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes).\n- ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes).\n- ntb_perf: Fix printk format (git-fixes).\n- nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649).\n- nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649).\n- nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649).\n- nvme-fc: use ctrl state getter (git-fixes).\n- nvme-ioctl: fix leaked requests on mapping error (git-fixes).\n- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).\n- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).\n- nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable (git-fixes bsc#1223096).\n- nvme-pci: add quirk for Samsung PM173x/PM173xa disk (bsc#1241148).\n- nvme-pci: clean up CMBMSC when registering CMB fails (git-fixes).\n- nvme-pci: fix queue unquiesce check on slot_reset (git-fixes).\n- nvme-pci: fix stuck reset on concurrent DPC and HP (git-fixes).\n- nvme-pci: make nvme_pci_npages_prp() __always_inline (git-fixes).\n- nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes).\n- nvme-pci: remove stale comment (git-fixes).\n- nvme-pci: skip CMB blocks incompatible with PCI P2P DMA (git-fixes).\n- nvme-pci: skip nvme_write_sq_db on empty rqlist (git-fixes).\n- nvme-tcp: Fix a C2HTermReq error message (git-fixes).\n- nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes).\n- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).\n- nvme-tcp: fix possible UAF in nvme_tcp_poll (git-fixes).\n- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes).\n- nvme-tcp: fix premature queue removal and I/O failover (git-fixes).\n- nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes).\n- nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS (git-fixes).\n- nvme/ioctl: add missing space in err message (git-fixes).\n- nvme/ioctl: do not warn on vectorized uring_cmd with fixed buffer (git-fixes).\n- nvme: Add \u0027partial_nid\u0027 quirk (bsc#1241148).\n- nvme: Add warning when a partiually unique NID is detected (bsc#1241148).\n- nvme: fixup scan failure for non-ANA multipath controllers (git-fixes).\n- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).\n- nvme: introduce nvme_disk_is_ns_head helper (git-fixes).\n- nvme: make nvme_tls_attrs_group static (git-fixes).\n- nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes).\n- nvme: move passthrough logging attribute to head (git-fixes).\n- nvme: multipath: fix return value of nvme_available_path (git-fixes).\n- nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649).\n- nvme: re-read ANA log page after ns scan completes (git-fixes).\n- nvme: requeue namespace scan on missed AENs (git-fixes).\n- nvme: tcp: Fix compilation warning with W=1 (git-fixes).\n- nvme: unblock ctrl state transition for firmware update (git-fixes).\n- nvmet-fc: Remove unused functions (git-fixes).\n- nvmet-fc: inline nvmet_fc_delete_assoc (git-fixes).\n- nvmet-fc: inline nvmet_fc_free_hostport (git-fixes).\n- nvmet-fc: put ref when assoc-\u003edel_work is already scheduled (git-fixes).\n- nvmet-fc: take tgtport reference only once (git-fixes).\n- nvmet-fc: update tgtport ref per assoc (git-fixes).\n- nvmet-fcloop: Remove remote port from list when unlinking (git-fixes).\n- nvmet-fcloop: add ref counting to lport (git-fixes).\n- nvmet-fcloop: replace kref with refcount (git-fixes).\n- nvmet-fcloop: swap list_add_tail arguments (git-fixes).\n- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes).\n- nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes).\n- nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS (git-fixes).\n- nvmet: Fix crash when a namespace is disabled (git-fixes).\n- nvmet: remove old function prototype (git-fixes).\n- objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes).\n- objtool, panic: Disable SMAP in __stack_chk_fail() (bsc#1243963).\n- objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes).\n- objtool: Fix segfault in ignore_unreachable_insn() (git-fixes).\n- ocfs2: check dir i_size in ocfs2_find_entry (git-fixes).\n- ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes).\n- ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).\n- ocfs2: handle a symlink read error correctly (git-fixes).\n- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes).\n- ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes).\n- octeontx2-pf: qos: fix VF root node parent queue index (git-fixes).\n- orangefs: fix a oob in orangefs_debug_write (git-fixes).\n- packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251). \n- packaging: Turn gcc version into config.sh variable Fixes: 51dacec21eb1 (\u0027Use gcc-13 for build on SLE16 (jsc#PED-10028).\u0027)\n- padata: do not leak refcount in reorder_work (git-fixes).\n- padata: fix sysfs store callback check (git-fixes).\n- partitions: mac: fix handling of bogus partition table (git-fixes).\n- perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).\n- perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).\n- perf tools: annotate asm_pure_loop.S (bsc#1239906).\n- perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309).\n- perf: arm_cspmu: nvidia: enable NVLINK-C2C port filtering (bsc#1242172)\n- perf: arm_cspmu: nvidia: fix sysfs path in the kernel doc (bsc#1242172)\n- perf: arm_cspmu: nvidia: monitor all ports by default (bsc#1242172)\n- perf: arm_cspmu: nvidia: remove unsupported SCF events (bsc#1242172)\n- phy: Fix error handling in tegra_xusb_port_init (git-fixes).\n- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).\n- phy: freescale: imx8m-pcie: assert phy reset and perst in power off (git-fixes).\n- phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind (git-fixes).\n- phy: renesas: rcar-gen3-usb2: Set timing registers only once (git-fixes).\n- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).\n- phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking (git-fixes).\n- phy: tegra: xusb: remove a stray unlock (git-fixes).\n- phy: tegra: xusb: reset VBUS \u0026 ID OVERRIDE (git-fixes).\n- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes).\n- pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes).\n- pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes).\n- pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes).\n- pinctrl: renesas: rza2: Fix potential NULL pointer dereference (stable-fixes).\n- pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes).\n- pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes).\n- platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) (git-fixes).\n- platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles (stable-fixes).\n- platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug (git-fixes).\n- platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes).\n- platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes).\n- platform/x86: ISST: Correct command storage data length (git-fixes).\n- platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection (git-fixes).\n- platform/x86: dell-ddv: Fix temperature calculation (git-fixes).\n- platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() (git-fixes).\n- platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes).\n- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes).\n- platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes).\n- platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes).\n- pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes).\n- pnfs/flexfiles: retry getting layout segment for reads (git-fixes).\n- power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes).\n- powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes).\n- powercap: intel_rapl: Fix locking in TPMI RAPL (git-fixes).\n- powercap: intel_rapl: Introduce APIs for PMU support (bsc#1241010).\n- powercap: intel_rapl_tpmi: Enable PMU support (bsc#1241010).\n- powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes).\n- powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes).\n- powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes).\n- powerpc/boot: Check for ld-option support (bsc#1215199).\n- powerpc/boot: Fix dash warning (bsc#1215199).\n- powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573).\n- powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573).\n- powerpc/pseries/iommu: create DDW for devices with DMA mask less than 64-bits (bsc#1239691 bsc#1243044 ltc#212555).\n- powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055).\n- powerpc: Do not use --- in kernel logs (git-fixes).\n- powerpc: Stop using no_llseek (bsc#1239573).\n- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).\n- pwm: fsl-ftm: Handle clk_get_rate() returning 0 (git-fixes).\n- pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() (git-fixes).\n- pwm: rcar: Improve register calculation (git-fixes).\n- qibfs: fix _another_ leak (git-fixes)\n- rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes).\n- rapidio: fix an API misues when rio_add_net() fails (git-fixes).\n- rcu/tasks-trace: Handle new PF_IDLE semantics (git-fixes)\n- rcu/tasks: Handle new PF_IDLE semantics (git-fixes)\n- rcu: Break rcu_node_0 --\u003e \u0026rq-\u003e__lock order (git-fixes)\n- rcu: Introduce rcu_cpu_online() (git-fixes)\n- regulator: check that dummy regulator has been probed before using it (stable-fixes).\n- regulator: core: Fix deadlock in create_regulator() (git-fixes).\n- regulator: dummy: force synchronous probing (git-fixes).\n- regulator: max20086: fix invalid memory access (git-fixes).\n- rndis_host: Flag RNDIS modems as WWAN devices (git-fixes).\n- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN\n- rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038).\n- rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986). \n- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)\n- rpm/package-descriptions: Add rt and rt_debug descriptions\n- rpm/release-projects: Update the ALP projects again (bsc#1231293).\n- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)\n- rtc: pcf85063: do a SW reset if POR failed (stable-fixes).\n- rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013).\n- s390/bpf: Store backchain even for leaf progs (git-fixes bsc#1243805).\n- s390/cio: Fix CHPID \u0027configure\u0027 attribute caching (git-fixes bsc#1240979).\n- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).\n- s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978).\n- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).\n- s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594).\n- s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595).\n- sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743).\n- sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052)\n- scsi: Improve CDL control (git-fixes).\n- scsi: core: Clear driver private data when retrying request (git-fixes).\n- scsi: core: Clear flags for scsi_cmnd that did not complete (git-fixes).\n- scsi: core: Do not retry I/Os during depopulation (git-fixes).\n- scsi: core: Handle depopulation and restoration in progress (git-fixes).\n- scsi: core: Use GFP_NOIO to avoid circular locking dependency (git-fixes).\n- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).\n- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).\n- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).\n- scsi: hisi_sas: Enable force phy when SATA disk directly connected (git-fixes).\n- scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes (git-fixes).\n- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).\n- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).\n- scsi: iscsi: Fix missing scsi_host_put() in error path (git-fixes).\n- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).\n- scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (bsc#1242993).\n- scsi: lpfc: Convert timeouts to secs_to_jiffies() (bsc#1242993).\n- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).\n- scsi: lpfc: Copyright updates for 14.4.0.9 patches (bsc#1242993).\n- scsi: lpfc: Create lpfc_vmid_info sysfs entry (bsc#1242993).\n- scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands (bsc#1242993).\n- scsi: lpfc: Fix spelling mistake \u0027Toplogy\u0027 -\u003e \u0027Topology\u0027 (bsc#1242993).\n- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).\n- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).\n- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).\n- scsi: lpfc: Notify FC transport of rport disappearance during PCI fcn reset (bsc#1242993).\n- scsi: lpfc: Prevent failure to reregister with NVMe transport after PRLI retry (bsc#1242993).\n- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).\n- scsi: lpfc: Restart eratt_poll timer if HBA_SETUP flag still unset (bsc#1242993).\n- scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp-\u003enlp_flag (git-fixes).\n- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).\n- scsi: lpfc: Update lpfc version to 14.4.0.9 (bsc#1242993).\n- scsi: lpfc: Use memcpy() for BIOS version (bsc#1240966).\n- scsi: lpfc: convert timeouts to secs_to_jiffies() (bsc#1242993).\n- scsi: megaraid_sas: Block zero-length ATA VPD inquiry (git-fixes).\n- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).\n- scsi: mpi3mr: Fix locking in an error path (git-fixes).\n- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).\n- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).\n- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).\n- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).\n- scsi: mpt3sas: Fix a locking bug in an error path (git-fixes).\n- scsi: mpt3sas: Reduce log level of ignore_delay_remove message to KERN_INFO (git-fixes).\n- scsi: myrb: Remove dead code (git-fixes).\n- scsi: pm80xx: Set phy_attached to zero when device is gone (git-fixes).\n- scsi: qedi: Fix potential deadlock on \u0026qedi_percpu-\u003ep_work_lock (git-fixes).\n- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).\n- scsi: qla2xxx: Fix typos in a comment (bsc#1243090).\n- scsi: qla2xxx: Mark device strings as nonstring (bsc#1243090).\n- scsi: qla2xxx: Remove duplicate struct crb_addr_pair (bsc#1243090).\n- scsi: qla2xxx: Remove unused module parameters (bsc#1243090).\n- scsi: qla2xxx: Remove unused ql_log_qp (bsc#1243090).\n- scsi: qla2xxx: Remove unused qla2x00_gpsc() (bsc#1243090).\n- scsi: qla2xxx: Remove unused qla82xx_pci_region_offset() (bsc#1243090).\n- scsi: qla2xxx: Remove unused qla82xx_wait_for_state_change() (bsc#1243090).\n- scsi: qla2xxx: Remove unused qlt_83xx_iospace_config() (bsc#1243090).\n- scsi: qla2xxx: Remove unused qlt_fc_port_deleted() (bsc#1243090).\n- scsi: qla2xxx: Remove unused qlt_free_qfull_cmds() (bsc#1243090).\n- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).\n- scsi: scsi_debug: Remove a reference to in_use_bm (git-fixes).\n- scsi: sg: Enable runtime power management (git-fixes).\n- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).\n- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).\n- sctp: Fix undefined behavior in left shift operation (git-fixes).\n- sctp: add mutual exclusion in proc_sctp_do_udp_port() (git-fixes).\n- sctp: detect and prevent references to a freed transport in sendmsg (git-fixes).\n- sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start (git-fixes).\n- sctp: fix association labeling in the duplicate COOKIE-ECHO case (git-fixes).\n- sctp: fix busy polling (git-fixes).\n- sctp: prefer struct_size over open coded arithmetic (git-fixes).\n- sctp: support MSG_ERRQUEUE flag in recvmsg() (git-fixes).\n- security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375).\n- selftests/bpf: Add a few tests to cover (git-fixes).\n- selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes).\n- selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes).\n- selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes).\n- selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes).\n- selftests/bpf: add fp-leaking precise subprog result tests (git-fixes).\n- selftests/bpf: extend changes_pkt_data with cases w/o subprograms (bsc#1241590).\n- selftests/bpf: freplace tests for tracking of changes_packet_data (bsc#1241590).\n- selftests/bpf: test for changing packet data from global functions (bsc#1241590).\n- selftests/bpf: validate that tail call invalidates packet pointers (bsc#1241590).\n- selftests/futex: futex_waitv wouldblock test should fail (git-fixes).\n- selftests/mm/cow: fix the incorrect error handling (git-fixes).\n- selftests/mm: fix incorrect buffer-\u003emirror size in hmm2 double_map test (bsc#1242203).\n- selftests/mm: generate a temporary mountpoint for cgroup filesystem (git-fixes).\n- selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes).\n- selftests: mptcp: close fd_in before returning in main_loop (git-fixes).\n- selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes).\n- selinux: Implement mptcp_add_subflow hook (bsc#1240375).\n- seq_file: add helper macro to define attribute for rw file (jsc#PED-12416).\n- serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes).\n- serial: msm: Configure correct working mode before starting earlycon (git-fixes).\n- serial: sifive: lock port in startup()/shutdown() callbacks (git-fixes).\n- series.conf: temporarily disable patches.suse/md-md-bitmap-fix-writing-non-bitmap-pages-ab99.patch (bsc#1238212)\n- slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes).\n- smb3: fix creating FIFOs when mounting with \u0027sfu\u0027 mount option (git-fixes).\n- smb3: request handle caching when caching directories (bsc#1231432).\n- smb3: retrying on failed server close (bsc#1231432).\n- smb: cached directories can be more than root file handle (bsc#1231432).\n- smb: cilent: set reparse mount points as automounts (git-fixes).\n- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).\n- smb: client: Fix minor whitespace errors and warnings (git-fixes).\n- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).\n- smb: client: add support for WSL reparse points (git-fixes).\n- smb: client: allow creating special files via reparse points (git-fixes).\n- smb: client: allow creating symlinks via reparse points (git-fixes).\n- smb: client: cleanup smb2_query_reparse_point() (git-fixes).\n- smb: client: destroy cfid_put_wq on module exit (git-fixes).\n- smb: client: do not query reparse points twice on symlinks (git-fixes).\n- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).\n- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).\n- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).\n- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).\n- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).\n- smb: client: fix folio leaks and perf improvements (bsc#1239997, bsc1241265).\n- smb: client: fix hardlinking of reparse points (git-fixes).\n- smb: client: fix missing mode bits for SMB symlinks (git-fixes).\n- smb: client: fix open_cached_dir retries with \u0027hard\u0027 mount option (bsc#1240616).\n- smb: client: fix possible double free in smb2_set_ea() (git-fixes).\n- smb: client: fix potential broken compound request (git-fixes).\n- smb: client: fix renaming of reparse points (git-fixes).\n- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).\n- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).\n- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).\n- smb: client: handle path separator of created SMB symlinks (git-fixes).\n- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).\n- smb: client: ignore unhandled reparse tags (git-fixes).\n- smb: client: implement -\u003equery_reparse_point() for SMB1 (git-fixes).\n- smb: client: instantiate when creating SFU files (git-fixes).\n- smb: client: introduce -\u003eparse_reparse_point() (git-fixes).\n- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).\n- smb: client: introduce cifs_sfu_make_node() (git-fixes).\n- smb: client: introduce reparse mount option (git-fixes).\n- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).\n- smb: client: move most of reparse point handling code to common file (git-fixes).\n- smb: client: move some params to cifs_open_info_data (bsc#1231432).\n- smb: client: optimise reparse point querying (git-fixes).\n- smb: client: parse owner/group when creating reparse points (git-fixes).\n- smb: client: parse reparse point flag in create response (bsc#1231432).\n- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).\n- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).\n- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).\n- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).\n- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).\n- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).\n- smb: client: retry compound request without reusing lease (git-fixes).\n- smb: client: return reparse type in /proc/mounts (git-fixes).\n- smb: client: reuse file lease key in compound operations (git-fixes).\n- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).\n- smb: client: set correct file type from NFS reparse points (git-fixes).\n- smb: client: stop revalidating reparse points unnecessarily (git-fixes).\n- smb: use kernel_connect() and kernel_bind() (git-fixes).\n- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).\n- soc: imx8m: Remove global soc_uid (stable-fixes).\n- soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes).\n- soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes).\n- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).\n- soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes).\n- soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes).\n- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).\n- soc: qcom: pdr: Fix the potential deadlock (git-fixes).\n- soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes).\n- sound/virtio: Fix cancel_sync warnings on uninitialized work_structs (stable-fixes).\n- soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes).\n- spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes).\n- spi: loopback-test: Do not split 1024-byte hexdumps (git-fixes).\n- spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes).\n- spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes).\n- spi: spi-fsl-dspi: Halt the module after a new message transfer (git-fixes).\n- spi: spi-fsl-dspi: Reset SR flags before sending a new message (git-fixes).\n- spi: spi-fsl-dspi: restrict register range for regmap access (git-fixes).\n- spi: tegra114: Do not fail set_cs_timing when delays are zero (git-fixes).\n- spi: tegra114: Use value to check for invalid delays (git-fixes).\n- spi: tegra210-quad: add rate limiting and simplify timeout error message (stable-fixes).\n- spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts (stable-fixes).\n- splice: do not checksum AF_UNIX sockets (bsc#1240333).\n- splice: remove duplicate noinline from pipe_clear_nowait (bsc#1242328).\n- staging: axis-fifo: Correct handling of tx_fifo_depth for size validation (git-fixes).\n- staging: axis-fifo: Remove hardware resets for user errors (git-fixes).\n- staging: iio: adc: ad7816: Correct conditional logic for store mode (git-fixes).\n- staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes).\n- string: Add load_unaligned_zeropad() code path to sized_strscpy() (git-fixes).\n- sunrpc: suppress warnings for unused procfs functions (git-fixes).\n- supported.conf: add now-included qat_420xx (external, intel)\n- tcp: Add memory barrier to tcp_push() (git-fixes).\n- tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes).\n- tcp: Annotate data-race around sk-\u003esk_mark in tcp_v4_send_reset (git-fixes).\n- tcp: Defer ts_recent changes until req is owned (git-fixes).\n- tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes).\n- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes).\n- tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes).\n- tcp: Update window clamping condition (git-fixes).\n- tcp: add tcp_done_with_error() helper (git-fixes).\n- tcp: adjust rcvq_space after updating scaling ratio (git-fixes).\n- tcp: annotate data-races around tp-\u003ewindow_clamp (git-fixes).\n- tcp: avoid premature drops in tcp_add_backlog() (git-fixes).\n- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes).\n- tcp: check mptcp-level constraints for backlog coalescing (git-fixes).\n- tcp: check space before adding MPTCP SYN options (git-fixes).\n- tcp: clear tp-\u003eretrans_stamp in tcp_rcv_fastopen_synack() (git-fixes).\n- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes).\n- tcp: define initial scaling factor value as a macro (git-fixes).\n- tcp: derive delack_max from rto_min (git-fixes).\n- tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes).\n- tcp: fix cookie_init_timestamp() overflows (git-fixes).\n- tcp: fix forever orphan socket caused by tcp_abort (git-fixes).\n- tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes).\n- tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes).\n- tcp: fix mid stream window clamp (git-fixes).\n- tcp: fix mptcp DSS corruption due to large pmtu xmit (git-fixes).\n- tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes).\n- tcp: fix race in tcp_write_err() (git-fixes).\n- tcp: fix races in tcp_abort() (git-fixes).\n- tcp: fix races in tcp_v_err() (git-fixes).\n- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it\u0027s safe (git-fixes).\n- tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes).\n- tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes).\n- tcp: increase the default TCP scaling ratio (git-fixes).\n- tcp: introduce tcp_clock_ms() (git-fixes).\n- tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes).\n- tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes).\n- tcp: remove 64 KByte limit for initial tp-\u003ercv_wnd value (git-fixes).\n- tcp: replace tcp_time_stamp_raw() (git-fixes).\n- tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress() (git-fixes).\n- tcp_cubic: fix incorrect HyStart round start detection (git-fixes).\n- thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes).\n- thermal: int340x: Add NULL check for adev (git-fixes).\n- thermal: intel: x86_pkg_temp_thermal: Fix bogus trip temperature (git-fixes).\n- thunderbolt: Scan retimers after device router has been enumerated (stable-fixes).\n- tools/hv: update route parsing in kvp daemon (git-fixes).\n- tools/power turbostat: Increase CPU_SUBSET_MAXCPUS to 8192 (bsc#1241175).\n- tools/power turbostat: report CoreThr per measurement interval (git-fixes).\n- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes).\n- tools: move alignment-related macros to new \u0026lt;linux/align.h\u003e (git-fixes). \n- topology: Set capacity_freq_ref in all cases (bsc#1238052)\n- tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes).\n- tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870).\n- tpm: do not start chip while suspended (git-fixes).\n- tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870).\n- tpm: tis: Double the timeout B to 4s (bsc#1235870).\n- tpm_tis: Move CRC check to generic send routine (bsc#1235870).\n- tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870).\n- tty: n_tty: use uint for space returned by tty_write_room() (git-fixes).\n- tty: serial: 8250: Add Brainboxes XC devices (stable-fixes).\n- tty: serial: 8250: Add some more device IDs (stable-fixes).\n- tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes).\n- tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes).\n- ubi: Add a check for ubi_num (git-fixes).\n- ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes).\n- ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes).\n- ubi: correct the calculation of fastmap size (stable-fixes).\n- ubi: eba: properly rollback inside self_check_eba (git-fixes).\n- ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes).\n- ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes).\n- ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes).\n- ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes).\n- ublk: set_params: properly check if parameters can be applied (git-fixes).\n- ucsi_ccg: Do not show failed to get FW build information error (git-fixes).\n- udf: Fix inode_getblk() return value (bsc#1242313).\n- udf: Skip parent dir link count update if corrupted (bsc#1242315).\n- udf: Verify inode link counts before performing rename (bsc#1242314).\n- usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes).\n- usb: cdns3: Fix deadlock when using NCM gadget (git-fixes).\n- usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version (git-fixes).\n- usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines (git-fixes).\n- usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling (git-fixes).\n- usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes).\n- usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield (stable-fixes).\n- usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes).\n- usb: dwc3: gadget: Refactor loop to avoid NULL endpoints (stable-fixes).\n- usb: dwc3: gadget: check that event count does not exceed event buffer length (git-fixes).\n- usb: dwc3: xilinx: Prevent spike in reset signal (git-fixes).\n- usb: gadget: Check bmAttributes only if configuration is valid (git-fixes).\n- usb: gadget: Fix setting self-powered state on suspend (git-fixes).\n- usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes).\n- usb: gadget: Use get_status callback to set remote wakeup capability (git-fixes).\n- usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() (stable-fixes).\n- usb: gadget: f_ecm: Add get_status callback (git-fixes).\n- usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN (git-fixes).\n- usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes).\n- usb: host: max3421-hcd: Add missing spi_device_id table (stable-fixes).\n- usb: host: tegra: Prevent host controller crash when OTG port is used (git-fixes).\n- usb: host: xhci-plat: mvebu: use -\u003equirks instead of -\u003einit_quirk() func (stable-fixes).\n- usb: hub: lack of clearing xHC resources (git-fixes).\n- usb: phy: generic: Use proper helper for property detection (stable-fixes).\n- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes).\n- usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive (stable-fixes).\n- usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive (stable-fixes).\n- usb: renesas_usbhs: Call clk_put() (git-fixes).\n- usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes).\n- usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes).\n- usb: typec: class: Invalidate USB device pointers on partner unregistration (git-fixes).\n- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes).\n- usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition (git-fixes).\n- usb: typec: ucsi: Fix NULL pointer access (git-fixes).\n- usb: typec: ucsi: displayport: Fix NULL pointer access (git-fixes).\n- usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes).\n- usb: uhci-platform: Make the clock really optional (git-fixes).\n- usb: usbtmc: Fix erroneous generic_read ioctl return (git-fixes).\n- usb: usbtmc: Fix erroneous get_stb ioctl error returns (git-fixes).\n- usb: usbtmc: Fix erroneous wait_srq ioctl return (git-fixes).\n- usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes).\n- usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes).\n- usb: xhci: correct debug message page size calculation (git-fixes).\n- usb: xhci: remove \u0027retval\u0027 from xhci_pci_resume() (git-fixes).\n- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).\n- usbnet:fix NPE during rx_complete (git-fixes).\n- vboxsf: fix building with GCC 15 (stable-fixes).\n- vdpa/mlx5: Fix oversized null mkey longer than 32bit (git-fixes).\n- vfs: do not mod negative dentry count when on shrinker list (bsc#1242534).\n- vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint (git-fixes).\n- virtchnl: make proto and filter action count unsigned (git-fixes).\n- virtio_console: fix missing byte order handling for cols and rows (git-fixes).\n- vmxnet3: Fix tx queue race condition with XDP (bsc#1241394).\n- vmxnet3: unregister xdp rxq info in the reset path (bsc#1241394).\n- wifi: at76c50x: fix use after free access in at76_disconnect (git-fixes).\n- wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes).\n- wifi: ath11k: add srng-\u003elock for ath11k_hal_srng_* in monitor mode (git-fixes).\n- wifi: ath11k: choose default PM policy for hibernation (bsc#1207948).\n- wifi: ath11k: determine PM policy based on machine model (bsc#1207948).\n- wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes).\n- wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes).\n- wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes).\n- wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948).\n- wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948).\n- wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948).\n- wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes).\n- wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi (stable-fixes).\n- wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process (stable-fixes).\n- wifi: ath12k: encode max Tx power in scan channel list command (git-fixes).\n- wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes).\n- wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() (git-fixes).\n- wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes).\n- wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes).\n- wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation (git-fixes).\n- wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes).\n- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).\n- wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes).\n- wifi: iwlwifi: limit printed string from FW file (git-fixes).\n- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).\n- wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes).\n- wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes).\n- wifi: mac80211: Purge vif txq in ieee80211_do_stop() (git-fixes).\n- wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request (git-fixes).\n- wifi: mac80211: Update skb\u0027s control block key in ieee80211_tx_dequeue() (git-fixes).\n- wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes).\n- wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes).\n- wifi: mt76: Add check for devm_kstrdup() (git-fixes).\n- wifi: mt76: disable napi on driver removal (git-fixes).\n- wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table (stable-fixes).\n- wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes).\n- wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes).\n- wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes).\n- wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes).\n- wifi: mwifiex: Fix premature release of RF calibration data (git-fixes).\n- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).\n- wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release (git-fixes).\n- wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes).\n- wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes).\n- wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes).\n- wifi: wl1251: fix memory leak in wl1251_tx_work (git-fixes).\n- x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes).\n- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).\n- x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Temporarily map initrd for microcode loading (git-fixes).\n- x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes).\n- x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).\n- x86/bpf: Call branch history clearing sequence on exit (bsc#1242778).\n- x86/bugs: Add RSB mitigation document (git-fixes).\n- x86/bugs: Do not fill RSB on VMEXIT with eIBRS+retpoline (git-fixes).\n- x86/bugs: Do not fill RSB on context switch with eIBRS (git-fixes).\n- x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (git-fixes).\n- x86/bugs: Rename entry_ibpb() to write_ibpb() (git-fixes).\n- x86/bugs: Use SBPB in write_ibpb() if applicable (git-fixes).\n- x86/coco: Replace \u0027static const cc_mask\u0027 with the newly introduced cc_get_mask() function (git-fixes).\n- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes).\n- x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes).\n- x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (git-fixes).\n- x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes).\n- x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes).\n- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).\n- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes).\n- x86/hyperv: Fix check of return value from snp_set_vmsa() (git-fixes).\n- x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes).\n- x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes).\n- x86/its: Fix build errors when CONFIG_MODULES=n (git-fixes).\n- x86/microcode/32: Move early loading after paging enable (git-fixes).\n- x86/microcode/AMD: Fix a -Wsometimes-uninitialized clang false positive (git-fixes).\n- x86/microcode/AMD: Flush patch buffer mapping after application (git-fixes).\n- x86/microcode/AMD: Pay attention to the stepping dynamically (git-fixes).\n- x86/microcode/AMD: Split load_microcode_amd() (git-fixes).\n- x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID (git-fixes).\n- x86/microcode/amd: Cache builtin microcode too (git-fixes).\n- x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes).\n- x86/microcode/amd: Use cached microcode for AP load (git-fixes).\n- x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes).\n- x86/microcode/intel: Add a minimum required revision for late loading (git-fixes).\n- x86/microcode/intel: Cleanup code further (git-fixes).\n- x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes).\n- x86/microcode/intel: Remove debug code (git-fixes).\n- x86/microcode/intel: Remove pointless mutex (git-fixes).\n- x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes).\n- x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes).\n- x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes).\n- x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes).\n- x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes).\n- x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes).\n- x86/microcode/intel: Set new revision only after a successful update (git-fixes).\n- x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes).\n- x86/microcode/intel: Simplify early loading (git-fixes).\n- x86/microcode/intel: Simplify scan_microcode() (git-fixes).\n- x86/microcode/intel: Switch to kvmalloc() (git-fixes).\n- x86/microcode/intel: Unify microcode apply() functions (git-fixes).\n- x86/microcode: Add per CPU control field (git-fixes).\n- x86/microcode: Add per CPU result state (git-fixes).\n- x86/microcode: Clarify the late load logic (git-fixes).\n- x86/microcode: Clean up mc_cpu_down_prep() (git-fixes).\n- x86/microcode: Get rid of the schedule work indirection (git-fixes).\n- x86/microcode: Handle \u0027nosmt\u0027 correctly (git-fixes).\n- x86/microcode: Handle \u0027offline\u0027 CPUs correctly (git-fixes).\n- x86/microcode: Hide the config knob (git-fixes).\n- x86/microcode: Include vendor headers into microcode.h (git-fixes).\n- x86/microcode: Make reload_early_microcode() static (git-fixes).\n- x86/microcode: Mop up early loading leftovers (git-fixes).\n- x86/microcode: Move core specific defines to local header (git-fixes).\n- x86/microcode: Prepare for minimal revision check (git-fixes).\n- x86/microcode: Protect against instrumentation (git-fixes).\n- x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes).\n- x86/microcode: Provide new control functions (git-fixes).\n- x86/microcode: Remove microcode_mutex (git-fixes).\n- x86/microcode: Remove pointless apply() invocation (git-fixes).\n- x86/microcode: Remove the driver announcement and version (git-fixes).\n- x86/microcode: Rendezvous and load in NMI (git-fixes).\n- x86/microcode: Replace the all-in-one rendevous handler (git-fixes).\n- x86/microcode: Rework early revisions reporting (git-fixes).\n- x86/microcode: Sanitize __wait_for_cpus() (git-fixes).\n- x86/mm: Remove unused microcode.h include (git-fixes).\n- x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT (git-fixes).\n- x86/platform/olpc: Remove unused variable \u0027len\u0027 in olpc_dt_compatible_match() (git-fixes).\n- x86/speculation: Add __update_spec_ctrl() helper (git-fixes).\n- x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling (git-fixes).\n- x86/tdx: Fix arch_safe_halt() execution for TDX VMs (git-fixes).\n- x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs (git-fixes).\n- x86/usercopy: Fix kernel-doc func param name in clean_cache_range()\u0027s description (git-fixes).\n- x86/xen: move xen_reserve_extra_memory() (git-fixes).\n- xen/mcelog: Add __nonstring annotations for unterminated strings (git-fixes).\n- xen: Change xen-acpi-processor dom0 dependency (git-fixes).\n- xenfs/xensyms: respect hypervisor\u0027s \u0027next\u0027 indication (git-fixes).\n- xfs: flush inodegc before swapon (git-fixes).\n- xhci: Add helper to set an interrupters interrupt moderation interval (git-fixes).\n- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes).\n- xhci: Clean up stale comment on ERST_SIZE macro (stable-fixes).\n- xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes).\n- xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701).\n- xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701).\n- xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes).\n- xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550).\n- xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550).\n- xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes).\n- xhci: dbc: Convert to use sysfs_streq() (git-fixes).\n- xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes).\n- xhci: dbc: Fix STALL transfer event handling (git-fixes).\n- xhci: dbc: Replace custom return value with proper Linux error code (git-fixes).\n- xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes).\n- xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes).\n- xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550).\n- xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes).\n- xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes).\n- xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes).\n- xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes).\n- xhci: pci: Use standard pattern for device IDs (git-fixes).\n- xhci: split free interrupter into separate remove and free parts (git-fixes).\n- xsk: Add truesize to skb_add_rx_frag() (git-fixes).\n- xsk: Do not assume metadata is always requested in TX completion (git-fixes).\n- zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING (bsc#1241167).\n- zram: clear IDLE flag after recompression (git-fixes).\n- zram: clear IDLE flag in mark_idle() (git-fixes).\n- zram: do not mark idle slots that cannot be idle (git-fixes).\n- zram: fix potential UAF of zram table (git-fixes).\n- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).\n- zram: refuse to use zero sized block device as backing device (git-fixes).\n- zram: split memory-tracking and ac-time tracking (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1919,SUSE-SLE-Module-Confidential-Computing-15-SP6-2025-1919",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_01919-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:01919-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501919-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:01919-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021477.html"
},
{
"category": "self",
"summary": "SUSE Bug 1207948",
"url": "https://bugzilla.suse.com/1207948"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1215211",
"url": "https://bugzilla.suse.com/1215211"
},
{
"category": "self",
"summary": "SUSE Bug 1218470",
"url": "https://bugzilla.suse.com/1218470"
},
{
"category": "self",
"summary": "SUSE Bug 1221651",
"url": "https://bugzilla.suse.com/1221651"
},
{
"category": "self",
"summary": "SUSE Bug 1222649",
"url": "https://bugzilla.suse.com/1222649"
},
{
"category": "self",
"summary": "SUSE Bug 1223047",
"url": "https://bugzilla.suse.com/1223047"
},
{
"category": "self",
"summary": "SUSE Bug 1223096",
"url": "https://bugzilla.suse.com/1223096"
},
{
"category": "self",
"summary": "SUSE Bug 1223809",
"url": "https://bugzilla.suse.com/1223809"
},
{
"category": "self",
"summary": "SUSE Bug 1224013",
"url": "https://bugzilla.suse.com/1224013"
},
{
"category": "self",
"summary": "SUSE Bug 1224489",
"url": "https://bugzilla.suse.com/1224489"
},
{
"category": "self",
"summary": "SUSE Bug 1224597",
"url": "https://bugzilla.suse.com/1224597"
},
{
"category": "self",
"summary": "SUSE Bug 1224610",
"url": "https://bugzilla.suse.com/1224610"
},
{
"category": "self",
"summary": "SUSE Bug 1224757",
"url": "https://bugzilla.suse.com/1224757"
},
{
"category": "self",
"summary": "SUSE Bug 1225533",
"url": "https://bugzilla.suse.com/1225533"
},
{
"category": "self",
"summary": "SUSE Bug 1225606",
"url": "https://bugzilla.suse.com/1225606"
},
{
"category": "self",
"summary": "SUSE Bug 1225742",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "self",
"summary": "SUSE Bug 1225770",
"url": "https://bugzilla.suse.com/1225770"
},
{
"category": "self",
"summary": "SUSE Bug 1226871",
"url": "https://bugzilla.suse.com/1226871"
},
{
"category": "self",
"summary": "SUSE Bug 1227858",
"url": "https://bugzilla.suse.com/1227858"
},
{
"category": "self",
"summary": "SUSE Bug 1228653",
"url": "https://bugzilla.suse.com/1228653"
},
{
"category": "self",
"summary": "SUSE Bug 1228659",
"url": "https://bugzilla.suse.com/1228659"
},
{
"category": "self",
"summary": "SUSE Bug 1229311",
"url": "https://bugzilla.suse.com/1229311"
},
{
"category": "self",
"summary": "SUSE Bug 1229361",
"url": "https://bugzilla.suse.com/1229361"
},
{
"category": "self",
"summary": "SUSE Bug 1229491",
"url": "https://bugzilla.suse.com/1229491"
},
{
"category": "self",
"summary": "SUSE Bug 1230497",
"url": "https://bugzilla.suse.com/1230497"
},
{
"category": "self",
"summary": "SUSE Bug 1230581",
"url": "https://bugzilla.suse.com/1230581"
},
{
"category": "self",
"summary": "SUSE Bug 1230728",
"url": "https://bugzilla.suse.com/1230728"
},
{
"category": "self",
"summary": "SUSE Bug 1230764",
"url": "https://bugzilla.suse.com/1230764"
},
{
"category": "self",
"summary": "SUSE Bug 1230769",
"url": "https://bugzilla.suse.com/1230769"
},
{
"category": "self",
"summary": "SUSE Bug 1230832",
"url": "https://bugzilla.suse.com/1230832"
},
{
"category": "self",
"summary": "SUSE Bug 1231016",
"url": "https://bugzilla.suse.com/1231016"
},
{
"category": "self",
"summary": "SUSE Bug 1231103",
"url": "https://bugzilla.suse.com/1231103"
},
{
"category": "self",
"summary": "SUSE Bug 1231293",
"url": "https://bugzilla.suse.com/1231293"
},
{
"category": "self",
"summary": "SUSE Bug 1231432",
"url": "https://bugzilla.suse.com/1231432"
},
{
"category": "self",
"summary": "SUSE Bug 1231910",
"url": "https://bugzilla.suse.com/1231910"
},
{
"category": "self",
"summary": "SUSE Bug 1231912",
"url": "https://bugzilla.suse.com/1231912"
},
{
"category": "self",
"summary": "SUSE Bug 1231949",
"url": "https://bugzilla.suse.com/1231949"
},
{
"category": "self",
"summary": "SUSE Bug 1232299",
"url": "https://bugzilla.suse.com/1232299"
},
{
"category": "self",
"summary": "SUSE Bug 1232364",
"url": "https://bugzilla.suse.com/1232364"
},
{
"category": "self",
"summary": "SUSE Bug 1232389",
"url": "https://bugzilla.suse.com/1232389"
},
{
"category": "self",
"summary": "SUSE Bug 1232421",
"url": "https://bugzilla.suse.com/1232421"
},
{
"category": "self",
"summary": "SUSE Bug 1232493",
"url": "https://bugzilla.suse.com/1232493"
},
{
"category": "self",
"summary": "SUSE Bug 1232649",
"url": "https://bugzilla.suse.com/1232649"
},
{
"category": "self",
"summary": "SUSE Bug 1232743",
"url": "https://bugzilla.suse.com/1232743"
},
{
"category": "self",
"summary": "SUSE Bug 1232812",
"url": "https://bugzilla.suse.com/1232812"
},
{
"category": "self",
"summary": "SUSE Bug 1232848",
"url": "https://bugzilla.suse.com/1232848"
},
{
"category": "self",
"summary": "SUSE Bug 1232882",
"url": "https://bugzilla.suse.com/1232882"
},
{
"category": "self",
"summary": "SUSE Bug 1232895",
"url": "https://bugzilla.suse.com/1232895"
},
{
"category": "self",
"summary": "SUSE Bug 1233033",
"url": "https://bugzilla.suse.com/1233033"
},
{
"category": "self",
"summary": "SUSE Bug 1233060",
"url": "https://bugzilla.suse.com/1233060"
},
{
"category": "self",
"summary": "SUSE Bug 1233075",
"url": "https://bugzilla.suse.com/1233075"
},
{
"category": "self",
"summary": "SUSE Bug 1233098",
"url": "https://bugzilla.suse.com/1233098"
},
{
"category": "self",
"summary": "SUSE Bug 1233192",
"url": "https://bugzilla.suse.com/1233192"
},
{
"category": "self",
"summary": "SUSE Bug 1233259",
"url": "https://bugzilla.suse.com/1233259"
},
{
"category": "self",
"summary": "SUSE Bug 1233260",
"url": "https://bugzilla.suse.com/1233260"
},
{
"category": "self",
"summary": "SUSE Bug 1233479",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "self",
"summary": "SUSE Bug 1233483",
"url": "https://bugzilla.suse.com/1233483"
},
{
"category": "self",
"summary": "SUSE Bug 1233551",
"url": "https://bugzilla.suse.com/1233551"
},
{
"category": "self",
"summary": "SUSE Bug 1233557",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "self",
"summary": "SUSE Bug 1233749",
"url": "https://bugzilla.suse.com/1233749"
},
{
"category": "self",
"summary": "SUSE Bug 1234074",
"url": "https://bugzilla.suse.com/1234074"
},
{
"category": "self",
"summary": "SUSE Bug 1234154",
"url": "https://bugzilla.suse.com/1234154"
},
{
"category": "self",
"summary": "SUSE Bug 1234157",
"url": "https://bugzilla.suse.com/1234157"
},
{
"category": "self",
"summary": "SUSE Bug 1234222",
"url": "https://bugzilla.suse.com/1234222"
},
{
"category": "self",
"summary": "SUSE Bug 1234480",
"url": "https://bugzilla.suse.com/1234480"
},
{
"category": "self",
"summary": "SUSE Bug 1234698",
"url": "https://bugzilla.suse.com/1234698"
},
{
"category": "self",
"summary": "SUSE Bug 1234828",
"url": "https://bugzilla.suse.com/1234828"
},
{
"category": "self",
"summary": "SUSE Bug 1234894",
"url": "https://bugzilla.suse.com/1234894"
},
{
"category": "self",
"summary": "SUSE Bug 1234895",
"url": "https://bugzilla.suse.com/1234895"
},
{
"category": "self",
"summary": "SUSE Bug 1234896",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "self",
"summary": "SUSE Bug 1234936",
"url": "https://bugzilla.suse.com/1234936"
},
{
"category": "self",
"summary": "SUSE Bug 1235149",
"url": "https://bugzilla.suse.com/1235149"
},
{
"category": "self",
"summary": "SUSE Bug 1235436",
"url": "https://bugzilla.suse.com/1235436"
},
{
"category": "self",
"summary": "SUSE Bug 1235455",
"url": "https://bugzilla.suse.com/1235455"
},
{
"category": "self",
"summary": "SUSE Bug 1235501",
"url": "https://bugzilla.suse.com/1235501"
},
{
"category": "self",
"summary": "SUSE Bug 1235524",
"url": "https://bugzilla.suse.com/1235524"
},
{
"category": "self",
"summary": "SUSE Bug 1235526",
"url": "https://bugzilla.suse.com/1235526"
},
{
"category": "self",
"summary": "SUSE Bug 1235550",
"url": "https://bugzilla.suse.com/1235550"
},
{
"category": "self",
"summary": "SUSE Bug 1235589",
"url": "https://bugzilla.suse.com/1235589"
},
{
"category": "self",
"summary": "SUSE Bug 1235591",
"url": "https://bugzilla.suse.com/1235591"
},
{
"category": "self",
"summary": "SUSE Bug 1235599",
"url": "https://bugzilla.suse.com/1235599"
},
{
"category": "self",
"summary": "SUSE Bug 1235621",
"url": "https://bugzilla.suse.com/1235621"
},
{
"category": "self",
"summary": "SUSE Bug 1235637",
"url": "https://bugzilla.suse.com/1235637"
},
{
"category": "self",
"summary": "SUSE Bug 1235698",
"url": "https://bugzilla.suse.com/1235698"
},
{
"category": "self",
"summary": "SUSE Bug 1235711",
"url": "https://bugzilla.suse.com/1235711"
},
{
"category": "self",
"summary": "SUSE Bug 1235712",
"url": "https://bugzilla.suse.com/1235712"
},
{
"category": "self",
"summary": "SUSE Bug 1235715",
"url": "https://bugzilla.suse.com/1235715"
},
{
"category": "self",
"summary": "SUSE Bug 1235729",
"url": "https://bugzilla.suse.com/1235729"
},
{
"category": "self",
"summary": "SUSE Bug 1235733",
"url": "https://bugzilla.suse.com/1235733"
},
{
"category": "self",
"summary": "SUSE Bug 1235761",
"url": "https://bugzilla.suse.com/1235761"
},
{
"category": "self",
"summary": "SUSE Bug 1235862",
"url": "https://bugzilla.suse.com/1235862"
},
{
"category": "self",
"summary": "SUSE Bug 1235870",
"url": "https://bugzilla.suse.com/1235870"
},
{
"category": "self",
"summary": "SUSE Bug 1235973",
"url": "https://bugzilla.suse.com/1235973"
},
{
"category": "self",
"summary": "SUSE Bug 1236086",
"url": "https://bugzilla.suse.com/1236086"
},
{
"category": "self",
"summary": "SUSE Bug 1236099",
"url": "https://bugzilla.suse.com/1236099"
},
{
"category": "self",
"summary": "SUSE Bug 1236111",
"url": "https://bugzilla.suse.com/1236111"
},
{
"category": "self",
"summary": "SUSE Bug 1236142",
"url": "https://bugzilla.suse.com/1236142"
},
{
"category": "self",
"summary": "SUSE Bug 1236206",
"url": "https://bugzilla.suse.com/1236206"
},
{
"category": "self",
"summary": "SUSE Bug 1236208",
"url": "https://bugzilla.suse.com/1236208"
},
{
"category": "self",
"summary": "SUSE Bug 1236333",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "self",
"summary": "SUSE Bug 1236692",
"url": "https://bugzilla.suse.com/1236692"
},
{
"category": "self",
"summary": "SUSE Bug 1236704",
"url": "https://bugzilla.suse.com/1236704"
},
{
"category": "self",
"summary": "SUSE Bug 1236752",
"url": "https://bugzilla.suse.com/1236752"
},
{
"category": "self",
"summary": "SUSE Bug 1237029",
"url": "https://bugzilla.suse.com/1237029"
},
{
"category": "self",
"summary": "SUSE Bug 1237111",
"url": "https://bugzilla.suse.com/1237111"
},
{
"category": "self",
"summary": "SUSE Bug 1237164",
"url": "https://bugzilla.suse.com/1237164"
},
{
"category": "self",
"summary": "SUSE Bug 1237312",
"url": "https://bugzilla.suse.com/1237312"
},
{
"category": "self",
"summary": "SUSE Bug 1237313",
"url": "https://bugzilla.suse.com/1237313"
},
{
"category": "self",
"summary": "SUSE Bug 1237356",
"url": "https://bugzilla.suse.com/1237356"
},
{
"category": "self",
"summary": "SUSE Bug 1237504",
"url": "https://bugzilla.suse.com/1237504"
},
{
"category": "self",
"summary": "SUSE Bug 1237521",
"url": "https://bugzilla.suse.com/1237521"
},
{
"category": "self",
"summary": "SUSE Bug 1237530",
"url": "https://bugzilla.suse.com/1237530"
},
{
"category": "self",
"summary": "SUSE Bug 1237558",
"url": "https://bugzilla.suse.com/1237558"
},
{
"category": "self",
"summary": "SUSE Bug 1237562",
"url": "https://bugzilla.suse.com/1237562"
},
{
"category": "self",
"summary": "SUSE Bug 1237565",
"url": "https://bugzilla.suse.com/1237565"
},
{
"category": "self",
"summary": "SUSE Bug 1237571",
"url": "https://bugzilla.suse.com/1237571"
},
{
"category": "self",
"summary": "SUSE Bug 1237848",
"url": "https://bugzilla.suse.com/1237848"
},
{
"category": "self",
"summary": "SUSE Bug 1237849",
"url": "https://bugzilla.suse.com/1237849"
},
{
"category": "self",
"summary": "SUSE Bug 1237853",
"url": "https://bugzilla.suse.com/1237853"
},
{
"category": "self",
"summary": "SUSE Bug 1237856",
"url": "https://bugzilla.suse.com/1237856"
},
{
"category": "self",
"summary": "SUSE Bug 1237873",
"url": "https://bugzilla.suse.com/1237873"
},
{
"category": "self",
"summary": "SUSE Bug 1237874",
"url": "https://bugzilla.suse.com/1237874"
},
{
"category": "self",
"summary": "SUSE Bug 1237875",
"url": "https://bugzilla.suse.com/1237875"
},
{
"category": "self",
"summary": "SUSE Bug 1237876",
"url": "https://bugzilla.suse.com/1237876"
},
{
"category": "self",
"summary": "SUSE Bug 1237877",
"url": "https://bugzilla.suse.com/1237877"
},
{
"category": "self",
"summary": "SUSE Bug 1237879",
"url": "https://bugzilla.suse.com/1237879"
},
{
"category": "self",
"summary": "SUSE Bug 1237881",
"url": "https://bugzilla.suse.com/1237881"
},
{
"category": "self",
"summary": "SUSE Bug 1237882",
"url": "https://bugzilla.suse.com/1237882"
},
{
"category": "self",
"summary": "SUSE Bug 1237885",
"url": "https://bugzilla.suse.com/1237885"
},
{
"category": "self",
"summary": "SUSE Bug 1237889",
"url": "https://bugzilla.suse.com/1237889"
},
{
"category": "self",
"summary": "SUSE Bug 1237890",
"url": "https://bugzilla.suse.com/1237890"
},
{
"category": "self",
"summary": "SUSE Bug 1237891",
"url": "https://bugzilla.suse.com/1237891"
},
{
"category": "self",
"summary": "SUSE Bug 1237894",
"url": "https://bugzilla.suse.com/1237894"
},
{
"category": "self",
"summary": "SUSE Bug 1237897",
"url": "https://bugzilla.suse.com/1237897"
},
{
"category": "self",
"summary": "SUSE Bug 1237900",
"url": "https://bugzilla.suse.com/1237900"
},
{
"category": "self",
"summary": "SUSE Bug 1237901",
"url": "https://bugzilla.suse.com/1237901"
},
{
"category": "self",
"summary": "SUSE Bug 1237906",
"url": "https://bugzilla.suse.com/1237906"
},
{
"category": "self",
"summary": "SUSE Bug 1237907",
"url": "https://bugzilla.suse.com/1237907"
},
{
"category": "self",
"summary": "SUSE Bug 1237911",
"url": "https://bugzilla.suse.com/1237911"
},
{
"category": "self",
"summary": "SUSE Bug 1237912",
"url": "https://bugzilla.suse.com/1237912"
},
{
"category": "self",
"summary": "SUSE Bug 1237950",
"url": "https://bugzilla.suse.com/1237950"
},
{
"category": "self",
"summary": "SUSE Bug 1238052",
"url": "https://bugzilla.suse.com/1238052"
},
{
"category": "self",
"summary": "SUSE Bug 1238212",
"url": "https://bugzilla.suse.com/1238212"
},
{
"category": "self",
"summary": "SUSE Bug 1238214",
"url": "https://bugzilla.suse.com/1238214"
},
{
"category": "self",
"summary": "SUSE Bug 1238303",
"url": "https://bugzilla.suse.com/1238303"
},
{
"category": "self",
"summary": "SUSE Bug 1238347",
"url": "https://bugzilla.suse.com/1238347"
},
{
"category": "self",
"summary": "SUSE Bug 1238368",
"url": "https://bugzilla.suse.com/1238368"
},
{
"category": "self",
"summary": "SUSE Bug 1238471",
"url": "https://bugzilla.suse.com/1238471"
},
{
"category": "self",
"summary": "SUSE Bug 1238473",
"url": "https://bugzilla.suse.com/1238473"
},
{
"category": "self",
"summary": "SUSE Bug 1238474",
"url": "https://bugzilla.suse.com/1238474"
},
{
"category": "self",
"summary": "SUSE Bug 1238475",
"url": "https://bugzilla.suse.com/1238475"
},
{
"category": "self",
"summary": "SUSE Bug 1238479",
"url": "https://bugzilla.suse.com/1238479"
},
{
"category": "self",
"summary": "SUSE Bug 1238494",
"url": "https://bugzilla.suse.com/1238494"
},
{
"category": "self",
"summary": "SUSE Bug 1238496",
"url": "https://bugzilla.suse.com/1238496"
},
{
"category": "self",
"summary": "SUSE Bug 1238497",
"url": "https://bugzilla.suse.com/1238497"
},
{
"category": "self",
"summary": "SUSE Bug 1238500",
"url": "https://bugzilla.suse.com/1238500"
},
{
"category": "self",
"summary": "SUSE Bug 1238501",
"url": "https://bugzilla.suse.com/1238501"
},
{
"category": "self",
"summary": "SUSE Bug 1238502",
"url": "https://bugzilla.suse.com/1238502"
},
{
"category": "self",
"summary": "SUSE Bug 1238503",
"url": "https://bugzilla.suse.com/1238503"
},
{
"category": "self",
"summary": "SUSE Bug 1238506",
"url": "https://bugzilla.suse.com/1238506"
},
{
"category": "self",
"summary": "SUSE Bug 1238507",
"url": "https://bugzilla.suse.com/1238507"
},
{
"category": "self",
"summary": "SUSE Bug 1238509",
"url": "https://bugzilla.suse.com/1238509"
},
{
"category": "self",
"summary": "SUSE Bug 1238510",
"url": "https://bugzilla.suse.com/1238510"
},
{
"category": "self",
"summary": "SUSE Bug 1238511",
"url": "https://bugzilla.suse.com/1238511"
},
{
"category": "self",
"summary": "SUSE Bug 1238512",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "self",
"summary": "SUSE Bug 1238521",
"url": "https://bugzilla.suse.com/1238521"
},
{
"category": "self",
"summary": "SUSE Bug 1238523",
"url": "https://bugzilla.suse.com/1238523"
},
{
"category": "self",
"summary": "SUSE Bug 1238525",
"url": "https://bugzilla.suse.com/1238525"
},
{
"category": "self",
"summary": "SUSE Bug 1238526",
"url": "https://bugzilla.suse.com/1238526"
},
{
"category": "self",
"summary": "SUSE Bug 1238527",
"url": "https://bugzilla.suse.com/1238527"
},
{
"category": "self",
"summary": "SUSE Bug 1238528",
"url": "https://bugzilla.suse.com/1238528"
},
{
"category": "self",
"summary": "SUSE Bug 1238529",
"url": "https://bugzilla.suse.com/1238529"
},
{
"category": "self",
"summary": "SUSE Bug 1238531",
"url": "https://bugzilla.suse.com/1238531"
},
{
"category": "self",
"summary": "SUSE Bug 1238532",
"url": "https://bugzilla.suse.com/1238532"
},
{
"category": "self",
"summary": "SUSE Bug 1238565",
"url": "https://bugzilla.suse.com/1238565"
},
{
"category": "self",
"summary": "SUSE Bug 1238570",
"url": "https://bugzilla.suse.com/1238570"
},
{
"category": "self",
"summary": "SUSE Bug 1238714",
"url": "https://bugzilla.suse.com/1238714"
},
{
"category": "self",
"summary": "SUSE Bug 1238715",
"url": "https://bugzilla.suse.com/1238715"
},
{
"category": "self",
"summary": "SUSE Bug 1238716",
"url": "https://bugzilla.suse.com/1238716"
},
{
"category": "self",
"summary": "SUSE Bug 1238734",
"url": "https://bugzilla.suse.com/1238734"
},
{
"category": "self",
"summary": "SUSE Bug 1238735",
"url": "https://bugzilla.suse.com/1238735"
},
{
"category": "self",
"summary": "SUSE Bug 1238736",
"url": "https://bugzilla.suse.com/1238736"
},
{
"category": "self",
"summary": "SUSE Bug 1238737",
"url": "https://bugzilla.suse.com/1238737"
},
{
"category": "self",
"summary": "SUSE Bug 1238738",
"url": "https://bugzilla.suse.com/1238738"
},
{
"category": "self",
"summary": "SUSE Bug 1238739",
"url": "https://bugzilla.suse.com/1238739"
},
{
"category": "self",
"summary": "SUSE Bug 1238742",
"url": "https://bugzilla.suse.com/1238742"
},
{
"category": "self",
"summary": "SUSE Bug 1238745",
"url": "https://bugzilla.suse.com/1238745"
},
{
"category": "self",
"summary": "SUSE Bug 1238746",
"url": "https://bugzilla.suse.com/1238746"
},
{
"category": "self",
"summary": "SUSE Bug 1238747",
"url": "https://bugzilla.suse.com/1238747"
},
{
"category": "self",
"summary": "SUSE Bug 1238751",
"url": "https://bugzilla.suse.com/1238751"
},
{
"category": "self",
"summary": "SUSE Bug 1238753",
"url": "https://bugzilla.suse.com/1238753"
},
{
"category": "self",
"summary": "SUSE Bug 1238754",
"url": "https://bugzilla.suse.com/1238754"
},
{
"category": "self",
"summary": "SUSE Bug 1238757",
"url": "https://bugzilla.suse.com/1238757"
},
{
"category": "self",
"summary": "SUSE Bug 1238759",
"url": "https://bugzilla.suse.com/1238759"
},
{
"category": "self",
"summary": "SUSE Bug 1238760",
"url": "https://bugzilla.suse.com/1238760"
},
{
"category": "self",
"summary": "SUSE Bug 1238762",
"url": "https://bugzilla.suse.com/1238762"
},
{
"category": "self",
"summary": "SUSE Bug 1238763",
"url": "https://bugzilla.suse.com/1238763"
},
{
"category": "self",
"summary": "SUSE Bug 1238767",
"url": "https://bugzilla.suse.com/1238767"
},
{
"category": "self",
"summary": "SUSE Bug 1238768",
"url": "https://bugzilla.suse.com/1238768"
},
{
"category": "self",
"summary": "SUSE Bug 1238771",
"url": "https://bugzilla.suse.com/1238771"
},
{
"category": "self",
"summary": "SUSE Bug 1238772",
"url": "https://bugzilla.suse.com/1238772"
},
{
"category": "self",
"summary": "SUSE Bug 1238773",
"url": "https://bugzilla.suse.com/1238773"
},
{
"category": "self",
"summary": "SUSE Bug 1238774",
"url": "https://bugzilla.suse.com/1238774"
},
{
"category": "self",
"summary": "SUSE Bug 1238775",
"url": "https://bugzilla.suse.com/1238775"
},
{
"category": "self",
"summary": "SUSE Bug 1238780",
"url": "https://bugzilla.suse.com/1238780"
},
{
"category": "self",
"summary": "SUSE Bug 1238781",
"url": "https://bugzilla.suse.com/1238781"
},
{
"category": "self",
"summary": "SUSE Bug 1238785",
"url": "https://bugzilla.suse.com/1238785"
},
{
"category": "self",
"summary": "SUSE Bug 1238860",
"url": "https://bugzilla.suse.com/1238860"
},
{
"category": "self",
"summary": "SUSE Bug 1238862",
"url": "https://bugzilla.suse.com/1238862"
},
{
"category": "self",
"summary": "SUSE Bug 1238863",
"url": "https://bugzilla.suse.com/1238863"
},
{
"category": "self",
"summary": "SUSE Bug 1238864",
"url": "https://bugzilla.suse.com/1238864"
},
{
"category": "self",
"summary": "SUSE Bug 1238865",
"url": "https://bugzilla.suse.com/1238865"
},
{
"category": "self",
"summary": "SUSE Bug 1238876",
"url": "https://bugzilla.suse.com/1238876"
},
{
"category": "self",
"summary": "SUSE Bug 1238877",
"url": "https://bugzilla.suse.com/1238877"
},
{
"category": "self",
"summary": "SUSE Bug 1238903",
"url": "https://bugzilla.suse.com/1238903"
},
{
"category": "self",
"summary": "SUSE Bug 1238904",
"url": "https://bugzilla.suse.com/1238904"
},
{
"category": "self",
"summary": "SUSE Bug 1238905",
"url": "https://bugzilla.suse.com/1238905"
},
{
"category": "self",
"summary": "SUSE Bug 1238909",
"url": "https://bugzilla.suse.com/1238909"
},
{
"category": "self",
"summary": "SUSE Bug 1238911",
"url": "https://bugzilla.suse.com/1238911"
},
{
"category": "self",
"summary": "SUSE Bug 1238917",
"url": "https://bugzilla.suse.com/1238917"
},
{
"category": "self",
"summary": "SUSE Bug 1238958",
"url": "https://bugzilla.suse.com/1238958"
},
{
"category": "self",
"summary": "SUSE Bug 1238959",
"url": "https://bugzilla.suse.com/1238959"
},
{
"category": "self",
"summary": "SUSE Bug 1238961",
"url": "https://bugzilla.suse.com/1238961"
},
{
"category": "self",
"summary": "SUSE Bug 1238963",
"url": "https://bugzilla.suse.com/1238963"
},
{
"category": "self",
"summary": "SUSE Bug 1238964",
"url": "https://bugzilla.suse.com/1238964"
},
{
"category": "self",
"summary": "SUSE Bug 1238969",
"url": "https://bugzilla.suse.com/1238969"
},
{
"category": "self",
"summary": "SUSE Bug 1238970",
"url": "https://bugzilla.suse.com/1238970"
},
{
"category": "self",
"summary": "SUSE Bug 1238971",
"url": "https://bugzilla.suse.com/1238971"
},
{
"category": "self",
"summary": "SUSE Bug 1238973",
"url": "https://bugzilla.suse.com/1238973"
},
{
"category": "self",
"summary": "SUSE Bug 1238975",
"url": "https://bugzilla.suse.com/1238975"
},
{
"category": "self",
"summary": "SUSE Bug 1238978",
"url": "https://bugzilla.suse.com/1238978"
},
{
"category": "self",
"summary": "SUSE Bug 1238979",
"url": "https://bugzilla.suse.com/1238979"
},
{
"category": "self",
"summary": "SUSE Bug 1238981",
"url": "https://bugzilla.suse.com/1238981"
},
{
"category": "self",
"summary": "SUSE Bug 1238983",
"url": "https://bugzilla.suse.com/1238983"
},
{
"category": "self",
"summary": "SUSE Bug 1238984",
"url": "https://bugzilla.suse.com/1238984"
},
{
"category": "self",
"summary": "SUSE Bug 1238986",
"url": "https://bugzilla.suse.com/1238986"
},
{
"category": "self",
"summary": "SUSE Bug 1238990",
"url": "https://bugzilla.suse.com/1238990"
},
{
"category": "self",
"summary": "SUSE Bug 1238992",
"url": "https://bugzilla.suse.com/1238992"
},
{
"category": "self",
"summary": "SUSE Bug 1238993",
"url": "https://bugzilla.suse.com/1238993"
},
{
"category": "self",
"summary": "SUSE Bug 1238994",
"url": "https://bugzilla.suse.com/1238994"
},
{
"category": "self",
"summary": "SUSE Bug 1238997",
"url": "https://bugzilla.suse.com/1238997"
},
{
"category": "self",
"summary": "SUSE Bug 1239015",
"url": "https://bugzilla.suse.com/1239015"
},
{
"category": "self",
"summary": "SUSE Bug 1239016",
"url": "https://bugzilla.suse.com/1239016"
},
{
"category": "self",
"summary": "SUSE Bug 1239027",
"url": "https://bugzilla.suse.com/1239027"
},
{
"category": "self",
"summary": "SUSE Bug 1239029",
"url": "https://bugzilla.suse.com/1239029"
},
{
"category": "self",
"summary": "SUSE Bug 1239030",
"url": "https://bugzilla.suse.com/1239030"
},
{
"category": "self",
"summary": "SUSE Bug 1239033",
"url": "https://bugzilla.suse.com/1239033"
},
{
"category": "self",
"summary": "SUSE Bug 1239034",
"url": "https://bugzilla.suse.com/1239034"
},
{
"category": "self",
"summary": "SUSE Bug 1239036",
"url": "https://bugzilla.suse.com/1239036"
},
{
"category": "self",
"summary": "SUSE Bug 1239037",
"url": "https://bugzilla.suse.com/1239037"
},
{
"category": "self",
"summary": "SUSE Bug 1239038",
"url": "https://bugzilla.suse.com/1239038"
},
{
"category": "self",
"summary": "SUSE Bug 1239039",
"url": "https://bugzilla.suse.com/1239039"
},
{
"category": "self",
"summary": "SUSE Bug 1239045",
"url": "https://bugzilla.suse.com/1239045"
},
{
"category": "self",
"summary": "SUSE Bug 1239065",
"url": "https://bugzilla.suse.com/1239065"
},
{
"category": "self",
"summary": "SUSE Bug 1239066",
"url": "https://bugzilla.suse.com/1239066"
},
{
"category": "self",
"summary": "SUSE Bug 1239068",
"url": "https://bugzilla.suse.com/1239068"
},
{
"category": "self",
"summary": "SUSE Bug 1239073",
"url": "https://bugzilla.suse.com/1239073"
},
{
"category": "self",
"summary": "SUSE Bug 1239076",
"url": "https://bugzilla.suse.com/1239076"
},
{
"category": "self",
"summary": "SUSE Bug 1239079",
"url": "https://bugzilla.suse.com/1239079"
},
{
"category": "self",
"summary": "SUSE Bug 1239080",
"url": "https://bugzilla.suse.com/1239080"
},
{
"category": "self",
"summary": "SUSE Bug 1239085",
"url": "https://bugzilla.suse.com/1239085"
},
{
"category": "self",
"summary": "SUSE Bug 1239087",
"url": "https://bugzilla.suse.com/1239087"
},
{
"category": "self",
"summary": "SUSE Bug 1239095",
"url": "https://bugzilla.suse.com/1239095"
},
{
"category": "self",
"summary": "SUSE Bug 1239104",
"url": "https://bugzilla.suse.com/1239104"
},
{
"category": "self",
"summary": "SUSE Bug 1239105",
"url": "https://bugzilla.suse.com/1239105"
},
{
"category": "self",
"summary": "SUSE Bug 1239108",
"url": "https://bugzilla.suse.com/1239108"
},
{
"category": "self",
"summary": "SUSE Bug 1239109",
"url": "https://bugzilla.suse.com/1239109"
},
{
"category": "self",
"summary": "SUSE Bug 1239112",
"url": "https://bugzilla.suse.com/1239112"
},
{
"category": "self",
"summary": "SUSE Bug 1239114",
"url": "https://bugzilla.suse.com/1239114"
},
{
"category": "self",
"summary": "SUSE Bug 1239115",
"url": "https://bugzilla.suse.com/1239115"
},
{
"category": "self",
"summary": "SUSE Bug 1239117",
"url": "https://bugzilla.suse.com/1239117"
},
{
"category": "self",
"summary": "SUSE Bug 1239167",
"url": "https://bugzilla.suse.com/1239167"
},
{
"category": "self",
"summary": "SUSE Bug 1239174",
"url": "https://bugzilla.suse.com/1239174"
},
{
"category": "self",
"summary": "SUSE Bug 1239346",
"url": "https://bugzilla.suse.com/1239346"
},
{
"category": "self",
"summary": "SUSE Bug 1239349",
"url": "https://bugzilla.suse.com/1239349"
},
{
"category": "self",
"summary": "SUSE Bug 1239435",
"url": "https://bugzilla.suse.com/1239435"
},
{
"category": "self",
"summary": "SUSE Bug 1239467",
"url": "https://bugzilla.suse.com/1239467"
},
{
"category": "self",
"summary": "SUSE Bug 1239468",
"url": "https://bugzilla.suse.com/1239468"
},
{
"category": "self",
"summary": "SUSE Bug 1239470",
"url": "https://bugzilla.suse.com/1239470"
},
{
"category": "self",
"summary": "SUSE Bug 1239471",
"url": "https://bugzilla.suse.com/1239471"
},
{
"category": "self",
"summary": "SUSE Bug 1239473",
"url": "https://bugzilla.suse.com/1239473"
},
{
"category": "self",
"summary": "SUSE Bug 1239474",
"url": "https://bugzilla.suse.com/1239474"
},
{
"category": "self",
"summary": "SUSE Bug 1239475",
"url": "https://bugzilla.suse.com/1239475"
},
{
"category": "self",
"summary": "SUSE Bug 1239476",
"url": "https://bugzilla.suse.com/1239476"
},
{
"category": "self",
"summary": "SUSE Bug 1239477",
"url": "https://bugzilla.suse.com/1239477"
},
{
"category": "self",
"summary": "SUSE Bug 1239478",
"url": "https://bugzilla.suse.com/1239478"
},
{
"category": "self",
"summary": "SUSE Bug 1239479",
"url": "https://bugzilla.suse.com/1239479"
},
{
"category": "self",
"summary": "SUSE Bug 1239481",
"url": "https://bugzilla.suse.com/1239481"
},
{
"category": "self",
"summary": "SUSE Bug 1239482",
"url": "https://bugzilla.suse.com/1239482"
},
{
"category": "self",
"summary": "SUSE Bug 1239483",
"url": "https://bugzilla.suse.com/1239483"
},
{
"category": "self",
"summary": "SUSE Bug 1239484",
"url": "https://bugzilla.suse.com/1239484"
},
{
"category": "self",
"summary": "SUSE Bug 1239486",
"url": "https://bugzilla.suse.com/1239486"
},
{
"category": "self",
"summary": "SUSE Bug 1239487",
"url": "https://bugzilla.suse.com/1239487"
},
{
"category": "self",
"summary": "SUSE Bug 1239508",
"url": "https://bugzilla.suse.com/1239508"
},
{
"category": "self",
"summary": "SUSE Bug 1239510",
"url": "https://bugzilla.suse.com/1239510"
},
{
"category": "self",
"summary": "SUSE Bug 1239512",
"url": "https://bugzilla.suse.com/1239512"
},
{
"category": "self",
"summary": "SUSE Bug 1239518",
"url": "https://bugzilla.suse.com/1239518"
},
{
"category": "self",
"summary": "SUSE Bug 1239573",
"url": "https://bugzilla.suse.com/1239573"
},
{
"category": "self",
"summary": "SUSE Bug 1239594",
"url": "https://bugzilla.suse.com/1239594"
},
{
"category": "self",
"summary": "SUSE Bug 1239595",
"url": "https://bugzilla.suse.com/1239595"
},
{
"category": "self",
"summary": "SUSE Bug 1239600",
"url": "https://bugzilla.suse.com/1239600"
},
{
"category": "self",
"summary": "SUSE Bug 1239605",
"url": "https://bugzilla.suse.com/1239605"
},
{
"category": "self",
"summary": "SUSE Bug 1239615",
"url": "https://bugzilla.suse.com/1239615"
},
{
"category": "self",
"summary": "SUSE Bug 1239644",
"url": "https://bugzilla.suse.com/1239644"
},
{
"category": "self",
"summary": "SUSE Bug 1239684",
"url": "https://bugzilla.suse.com/1239684"
},
{
"category": "self",
"summary": "SUSE Bug 1239691",
"url": "https://bugzilla.suse.com/1239691"
},
{
"category": "self",
"summary": "SUSE Bug 1239707",
"url": "https://bugzilla.suse.com/1239707"
},
{
"category": "self",
"summary": "SUSE Bug 1239906",
"url": "https://bugzilla.suse.com/1239906"
},
{
"category": "self",
"summary": "SUSE Bug 1239925",
"url": "https://bugzilla.suse.com/1239925"
},
{
"category": "self",
"summary": "SUSE Bug 1239986",
"url": "https://bugzilla.suse.com/1239986"
},
{
"category": "self",
"summary": "SUSE Bug 1239994",
"url": "https://bugzilla.suse.com/1239994"
},
{
"category": "self",
"summary": "SUSE Bug 1239997",
"url": "https://bugzilla.suse.com/1239997"
},
{
"category": "self",
"summary": "SUSE Bug 1240167",
"url": "https://bugzilla.suse.com/1240167"
},
{
"category": "self",
"summary": "SUSE Bug 1240168",
"url": "https://bugzilla.suse.com/1240168"
},
{
"category": "self",
"summary": "SUSE Bug 1240169",
"url": "https://bugzilla.suse.com/1240169"
},
{
"category": "self",
"summary": "SUSE Bug 1240171",
"url": "https://bugzilla.suse.com/1240171"
},
{
"category": "self",
"summary": "SUSE Bug 1240172",
"url": "https://bugzilla.suse.com/1240172"
},
{
"category": "self",
"summary": "SUSE Bug 1240173",
"url": "https://bugzilla.suse.com/1240173"
},
{
"category": "self",
"summary": "SUSE Bug 1240175",
"url": "https://bugzilla.suse.com/1240175"
},
{
"category": "self",
"summary": "SUSE Bug 1240176",
"url": "https://bugzilla.suse.com/1240176"
},
{
"category": "self",
"summary": "SUSE Bug 1240177",
"url": "https://bugzilla.suse.com/1240177"
},
{
"category": "self",
"summary": "SUSE Bug 1240179",
"url": "https://bugzilla.suse.com/1240179"
},
{
"category": "self",
"summary": "SUSE Bug 1240181",
"url": "https://bugzilla.suse.com/1240181"
},
{
"category": "self",
"summary": "SUSE Bug 1240182",
"url": "https://bugzilla.suse.com/1240182"
},
{
"category": "self",
"summary": "SUSE Bug 1240183",
"url": "https://bugzilla.suse.com/1240183"
},
{
"category": "self",
"summary": "SUSE Bug 1240184",
"url": "https://bugzilla.suse.com/1240184"
},
{
"category": "self",
"summary": "SUSE Bug 1240185",
"url": "https://bugzilla.suse.com/1240185"
},
{
"category": "self",
"summary": "SUSE Bug 1240186",
"url": "https://bugzilla.suse.com/1240186"
},
{
"category": "self",
"summary": "SUSE Bug 1240188",
"url": "https://bugzilla.suse.com/1240188"
},
{
"category": "self",
"summary": "SUSE Bug 1240189",
"url": "https://bugzilla.suse.com/1240189"
},
{
"category": "self",
"summary": "SUSE Bug 1240191",
"url": "https://bugzilla.suse.com/1240191"
},
{
"category": "self",
"summary": "SUSE Bug 1240192",
"url": "https://bugzilla.suse.com/1240192"
},
{
"category": "self",
"summary": "SUSE Bug 1240333",
"url": "https://bugzilla.suse.com/1240333"
},
{
"category": "self",
"summary": "SUSE Bug 1240334",
"url": "https://bugzilla.suse.com/1240334"
},
{
"category": "self",
"summary": "SUSE Bug 1240375",
"url": "https://bugzilla.suse.com/1240375"
},
{
"category": "self",
"summary": "SUSE Bug 1240557",
"url": "https://bugzilla.suse.com/1240557"
},
{
"category": "self",
"summary": "SUSE Bug 1240575",
"url": "https://bugzilla.suse.com/1240575"
},
{
"category": "self",
"summary": "SUSE Bug 1240576",
"url": "https://bugzilla.suse.com/1240576"
},
{
"category": "self",
"summary": "SUSE Bug 1240581",
"url": "https://bugzilla.suse.com/1240581"
},
{
"category": "self",
"summary": "SUSE Bug 1240582",
"url": "https://bugzilla.suse.com/1240582"
},
{
"category": "self",
"summary": "SUSE Bug 1240583",
"url": "https://bugzilla.suse.com/1240583"
},
{
"category": "self",
"summary": "SUSE Bug 1240584",
"url": "https://bugzilla.suse.com/1240584"
},
{
"category": "self",
"summary": "SUSE Bug 1240585",
"url": "https://bugzilla.suse.com/1240585"
},
{
"category": "self",
"summary": "SUSE Bug 1240587",
"url": "https://bugzilla.suse.com/1240587"
},
{
"category": "self",
"summary": "SUSE Bug 1240590",
"url": "https://bugzilla.suse.com/1240590"
},
{
"category": "self",
"summary": "SUSE Bug 1240591",
"url": "https://bugzilla.suse.com/1240591"
},
{
"category": "self",
"summary": "SUSE Bug 1240592",
"url": "https://bugzilla.suse.com/1240592"
},
{
"category": "self",
"summary": "SUSE Bug 1240593",
"url": "https://bugzilla.suse.com/1240593"
},
{
"category": "self",
"summary": "SUSE Bug 1240594",
"url": "https://bugzilla.suse.com/1240594"
},
{
"category": "self",
"summary": "SUSE Bug 1240595",
"url": "https://bugzilla.suse.com/1240595"
},
{
"category": "self",
"summary": "SUSE Bug 1240596",
"url": "https://bugzilla.suse.com/1240596"
},
{
"category": "self",
"summary": "SUSE Bug 1240600",
"url": "https://bugzilla.suse.com/1240600"
},
{
"category": "self",
"summary": "SUSE Bug 1240612",
"url": "https://bugzilla.suse.com/1240612"
},
{
"category": "self",
"summary": "SUSE Bug 1240616",
"url": "https://bugzilla.suse.com/1240616"
},
{
"category": "self",
"summary": "SUSE Bug 1240639",
"url": "https://bugzilla.suse.com/1240639"
},
{
"category": "self",
"summary": "SUSE Bug 1240643",
"url": "https://bugzilla.suse.com/1240643"
},
{
"category": "self",
"summary": "SUSE Bug 1240647",
"url": "https://bugzilla.suse.com/1240647"
},
{
"category": "self",
"summary": "SUSE Bug 1240691",
"url": "https://bugzilla.suse.com/1240691"
},
{
"category": "self",
"summary": "SUSE Bug 1240700",
"url": "https://bugzilla.suse.com/1240700"
},
{
"category": "self",
"summary": "SUSE Bug 1240701",
"url": "https://bugzilla.suse.com/1240701"
},
{
"category": "self",
"summary": "SUSE Bug 1240703",
"url": "https://bugzilla.suse.com/1240703"
},
{
"category": "self",
"summary": "SUSE Bug 1240708",
"url": "https://bugzilla.suse.com/1240708"
},
{
"category": "self",
"summary": "SUSE Bug 1240709",
"url": "https://bugzilla.suse.com/1240709"
},
{
"category": "self",
"summary": "SUSE Bug 1240712",
"url": "https://bugzilla.suse.com/1240712"
},
{
"category": "self",
"summary": "SUSE Bug 1240713",
"url": "https://bugzilla.suse.com/1240713"
},
{
"category": "self",
"summary": "SUSE Bug 1240714",
"url": "https://bugzilla.suse.com/1240714"
},
{
"category": "self",
"summary": "SUSE Bug 1240715",
"url": "https://bugzilla.suse.com/1240715"
},
{
"category": "self",
"summary": "SUSE Bug 1240716",
"url": "https://bugzilla.suse.com/1240716"
},
{
"category": "self",
"summary": "SUSE Bug 1240717",
"url": "https://bugzilla.suse.com/1240717"
},
{
"category": "self",
"summary": "SUSE Bug 1240718",
"url": "https://bugzilla.suse.com/1240718"
},
{
"category": "self",
"summary": "SUSE Bug 1240719",
"url": "https://bugzilla.suse.com/1240719"
},
{
"category": "self",
"summary": "SUSE Bug 1240720",
"url": "https://bugzilla.suse.com/1240720"
},
{
"category": "self",
"summary": "SUSE Bug 1240722",
"url": "https://bugzilla.suse.com/1240722"
},
{
"category": "self",
"summary": "SUSE Bug 1240727",
"url": "https://bugzilla.suse.com/1240727"
},
{
"category": "self",
"summary": "SUSE Bug 1240739",
"url": "https://bugzilla.suse.com/1240739"
},
{
"category": "self",
"summary": "SUSE Bug 1240740",
"url": "https://bugzilla.suse.com/1240740"
},
{
"category": "self",
"summary": "SUSE Bug 1240742",
"url": "https://bugzilla.suse.com/1240742"
},
{
"category": "self",
"summary": "SUSE Bug 1240779",
"url": "https://bugzilla.suse.com/1240779"
},
{
"category": "self",
"summary": "SUSE Bug 1240783",
"url": "https://bugzilla.suse.com/1240783"
},
{
"category": "self",
"summary": "SUSE Bug 1240784",
"url": "https://bugzilla.suse.com/1240784"
},
{
"category": "self",
"summary": "SUSE Bug 1240785",
"url": "https://bugzilla.suse.com/1240785"
},
{
"category": "self",
"summary": "SUSE Bug 1240795",
"url": "https://bugzilla.suse.com/1240795"
},
{
"category": "self",
"summary": "SUSE Bug 1240796",
"url": "https://bugzilla.suse.com/1240796"
},
{
"category": "self",
"summary": "SUSE Bug 1240797",
"url": "https://bugzilla.suse.com/1240797"
},
{
"category": "self",
"summary": "SUSE Bug 1240799",
"url": "https://bugzilla.suse.com/1240799"
},
{
"category": "self",
"summary": "SUSE Bug 1240801",
"url": "https://bugzilla.suse.com/1240801"
},
{
"category": "self",
"summary": "SUSE Bug 1240802",
"url": "https://bugzilla.suse.com/1240802"
},
{
"category": "self",
"summary": "SUSE Bug 1240806",
"url": "https://bugzilla.suse.com/1240806"
},
{
"category": "self",
"summary": "SUSE Bug 1240808",
"url": "https://bugzilla.suse.com/1240808"
},
{
"category": "self",
"summary": "SUSE Bug 1240809",
"url": "https://bugzilla.suse.com/1240809"
},
{
"category": "self",
"summary": "SUSE Bug 1240811",
"url": "https://bugzilla.suse.com/1240811"
},
{
"category": "self",
"summary": "SUSE Bug 1240812",
"url": "https://bugzilla.suse.com/1240812"
},
{
"category": "self",
"summary": "SUSE Bug 1240813",
"url": "https://bugzilla.suse.com/1240813"
},
{
"category": "self",
"summary": "SUSE Bug 1240815",
"url": "https://bugzilla.suse.com/1240815"
},
{
"category": "self",
"summary": "SUSE Bug 1240816",
"url": "https://bugzilla.suse.com/1240816"
},
{
"category": "self",
"summary": "SUSE Bug 1240819",
"url": "https://bugzilla.suse.com/1240819"
},
{
"category": "self",
"summary": "SUSE Bug 1240821",
"url": "https://bugzilla.suse.com/1240821"
},
{
"category": "self",
"summary": "SUSE Bug 1240825",
"url": "https://bugzilla.suse.com/1240825"
},
{
"category": "self",
"summary": "SUSE Bug 1240829",
"url": "https://bugzilla.suse.com/1240829"
},
{
"category": "self",
"summary": "SUSE Bug 1240835",
"url": "https://bugzilla.suse.com/1240835"
},
{
"category": "self",
"summary": "SUSE Bug 1240873",
"url": "https://bugzilla.suse.com/1240873"
},
{
"category": "self",
"summary": "SUSE Bug 1240934",
"url": "https://bugzilla.suse.com/1240934"
},
{
"category": "self",
"summary": "SUSE Bug 1240936",
"url": "https://bugzilla.suse.com/1240936"
},
{
"category": "self",
"summary": "SUSE Bug 1240937",
"url": "https://bugzilla.suse.com/1240937"
},
{
"category": "self",
"summary": "SUSE Bug 1240938",
"url": "https://bugzilla.suse.com/1240938"
},
{
"category": "self",
"summary": "SUSE Bug 1240940",
"url": "https://bugzilla.suse.com/1240940"
},
{
"category": "self",
"summary": "SUSE Bug 1240942",
"url": "https://bugzilla.suse.com/1240942"
},
{
"category": "self",
"summary": "SUSE Bug 1240943",
"url": "https://bugzilla.suse.com/1240943"
},
{
"category": "self",
"summary": "SUSE Bug 1240944",
"url": "https://bugzilla.suse.com/1240944"
},
{
"category": "self",
"summary": "SUSE Bug 1240966",
"url": "https://bugzilla.suse.com/1240966"
},
{
"category": "self",
"summary": "SUSE Bug 1240978",
"url": "https://bugzilla.suse.com/1240978"
},
{
"category": "self",
"summary": "SUSE Bug 1240979",
"url": "https://bugzilla.suse.com/1240979"
},
{
"category": "self",
"summary": "SUSE Bug 1241010",
"url": "https://bugzilla.suse.com/1241010"
},
{
"category": "self",
"summary": "SUSE Bug 1241038",
"url": "https://bugzilla.suse.com/1241038"
},
{
"category": "self",
"summary": "SUSE Bug 1241051",
"url": "https://bugzilla.suse.com/1241051"
},
{
"category": "self",
"summary": "SUSE Bug 1241123",
"url": "https://bugzilla.suse.com/1241123"
},
{
"category": "self",
"summary": "SUSE Bug 1241148",
"url": "https://bugzilla.suse.com/1241148"
},
{
"category": "self",
"summary": "SUSE Bug 1241151",
"url": "https://bugzilla.suse.com/1241151"
},
{
"category": "self",
"summary": "SUSE Bug 1241167",
"url": "https://bugzilla.suse.com/1241167"
},
{
"category": "self",
"summary": "SUSE Bug 1241175",
"url": "https://bugzilla.suse.com/1241175"
},
{
"category": "self",
"summary": "SUSE Bug 1241204",
"url": "https://bugzilla.suse.com/1241204"
},
{
"category": "self",
"summary": "SUSE Bug 1241250",
"url": "https://bugzilla.suse.com/1241250"
},
{
"category": "self",
"summary": "SUSE Bug 1241265",
"url": "https://bugzilla.suse.com/1241265"
},
{
"category": "self",
"summary": "SUSE Bug 1241266",
"url": "https://bugzilla.suse.com/1241266"
},
{
"category": "self",
"summary": "SUSE Bug 1241280",
"url": "https://bugzilla.suse.com/1241280"
},
{
"category": "self",
"summary": "SUSE Bug 1241282",
"url": "https://bugzilla.suse.com/1241282"
},
{
"category": "self",
"summary": "SUSE Bug 1241305",
"url": "https://bugzilla.suse.com/1241305"
},
{
"category": "self",
"summary": "SUSE Bug 1241332",
"url": "https://bugzilla.suse.com/1241332"
},
{
"category": "self",
"summary": "SUSE Bug 1241333",
"url": "https://bugzilla.suse.com/1241333"
},
{
"category": "self",
"summary": "SUSE Bug 1241341",
"url": "https://bugzilla.suse.com/1241341"
},
{
"category": "self",
"summary": "SUSE Bug 1241343",
"url": "https://bugzilla.suse.com/1241343"
},
{
"category": "self",
"summary": "SUSE Bug 1241344",
"url": "https://bugzilla.suse.com/1241344"
},
{
"category": "self",
"summary": "SUSE Bug 1241347",
"url": "https://bugzilla.suse.com/1241347"
},
{
"category": "self",
"summary": "SUSE Bug 1241351",
"url": "https://bugzilla.suse.com/1241351"
},
{
"category": "self",
"summary": "SUSE Bug 1241357",
"url": "https://bugzilla.suse.com/1241357"
},
{
"category": "self",
"summary": "SUSE Bug 1241361",
"url": "https://bugzilla.suse.com/1241361"
},
{
"category": "self",
"summary": "SUSE Bug 1241369",
"url": "https://bugzilla.suse.com/1241369"
},
{
"category": "self",
"summary": "SUSE Bug 1241371",
"url": "https://bugzilla.suse.com/1241371"
},
{
"category": "self",
"summary": "SUSE Bug 1241373",
"url": "https://bugzilla.suse.com/1241373"
},
{
"category": "self",
"summary": "SUSE Bug 1241376",
"url": "https://bugzilla.suse.com/1241376"
},
{
"category": "self",
"summary": "SUSE Bug 1241378",
"url": "https://bugzilla.suse.com/1241378"
},
{
"category": "self",
"summary": "SUSE Bug 1241394",
"url": "https://bugzilla.suse.com/1241394"
},
{
"category": "self",
"summary": "SUSE Bug 1241402",
"url": "https://bugzilla.suse.com/1241402"
},
{
"category": "self",
"summary": "SUSE Bug 1241412",
"url": "https://bugzilla.suse.com/1241412"
},
{
"category": "self",
"summary": "SUSE Bug 1241413",
"url": "https://bugzilla.suse.com/1241413"
},
{
"category": "self",
"summary": "SUSE Bug 1241416",
"url": "https://bugzilla.suse.com/1241416"
},
{
"category": "self",
"summary": "SUSE Bug 1241424",
"url": "https://bugzilla.suse.com/1241424"
},
{
"category": "self",
"summary": "SUSE Bug 1241426",
"url": "https://bugzilla.suse.com/1241426"
},
{
"category": "self",
"summary": "SUSE Bug 1241433",
"url": "https://bugzilla.suse.com/1241433"
},
{
"category": "self",
"summary": "SUSE Bug 1241436",
"url": "https://bugzilla.suse.com/1241436"
},
{
"category": "self",
"summary": "SUSE Bug 1241441",
"url": "https://bugzilla.suse.com/1241441"
},
{
"category": "self",
"summary": "SUSE Bug 1241442",
"url": "https://bugzilla.suse.com/1241442"
},
{
"category": "self",
"summary": "SUSE Bug 1241443",
"url": "https://bugzilla.suse.com/1241443"
},
{
"category": "self",
"summary": "SUSE Bug 1241448",
"url": "https://bugzilla.suse.com/1241448"
},
{
"category": "self",
"summary": "SUSE Bug 1241451",
"url": "https://bugzilla.suse.com/1241451"
},
{
"category": "self",
"summary": "SUSE Bug 1241452",
"url": "https://bugzilla.suse.com/1241452"
},
{
"category": "self",
"summary": "SUSE Bug 1241456",
"url": "https://bugzilla.suse.com/1241456"
},
{
"category": "self",
"summary": "SUSE Bug 1241458",
"url": "https://bugzilla.suse.com/1241458"
},
{
"category": "self",
"summary": "SUSE Bug 1241459",
"url": "https://bugzilla.suse.com/1241459"
},
{
"category": "self",
"summary": "SUSE Bug 1241492",
"url": "https://bugzilla.suse.com/1241492"
},
{
"category": "self",
"summary": "SUSE Bug 1241525",
"url": "https://bugzilla.suse.com/1241525"
},
{
"category": "self",
"summary": "SUSE Bug 1241526",
"url": "https://bugzilla.suse.com/1241526"
},
{
"category": "self",
"summary": "SUSE Bug 1241528",
"url": "https://bugzilla.suse.com/1241528"
},
{
"category": "self",
"summary": "SUSE Bug 1241533",
"url": "https://bugzilla.suse.com/1241533"
},
{
"category": "self",
"summary": "SUSE Bug 1241537",
"url": "https://bugzilla.suse.com/1241537"
},
{
"category": "self",
"summary": "SUSE Bug 1241541",
"url": "https://bugzilla.suse.com/1241541"
},
{
"category": "self",
"summary": "SUSE Bug 1241545",
"url": "https://bugzilla.suse.com/1241545"
},
{
"category": "self",
"summary": "SUSE Bug 1241547",
"url": "https://bugzilla.suse.com/1241547"
},
{
"category": "self",
"summary": "SUSE Bug 1241548",
"url": "https://bugzilla.suse.com/1241548"
},
{
"category": "self",
"summary": "SUSE Bug 1241550",
"url": "https://bugzilla.suse.com/1241550"
},
{
"category": "self",
"summary": "SUSE Bug 1241573",
"url": "https://bugzilla.suse.com/1241573"
},
{
"category": "self",
"summary": "SUSE Bug 1241574",
"url": "https://bugzilla.suse.com/1241574"
},
{
"category": "self",
"summary": "SUSE Bug 1241575",
"url": "https://bugzilla.suse.com/1241575"
},
{
"category": "self",
"summary": "SUSE Bug 1241578",
"url": "https://bugzilla.suse.com/1241578"
},
{
"category": "self",
"summary": "SUSE Bug 1241590",
"url": "https://bugzilla.suse.com/1241590"
},
{
"category": "self",
"summary": "SUSE Bug 1241593",
"url": "https://bugzilla.suse.com/1241593"
},
{
"category": "self",
"summary": "SUSE Bug 1241596",
"url": "https://bugzilla.suse.com/1241596"
},
{
"category": "self",
"summary": "SUSE Bug 1241597",
"url": "https://bugzilla.suse.com/1241597"
},
{
"category": "self",
"summary": "SUSE Bug 1241598",
"url": "https://bugzilla.suse.com/1241598"
},
{
"category": "self",
"summary": "SUSE Bug 1241599",
"url": "https://bugzilla.suse.com/1241599"
},
{
"category": "self",
"summary": "SUSE Bug 1241601",
"url": "https://bugzilla.suse.com/1241601"
},
{
"category": "self",
"summary": "SUSE Bug 1241626",
"url": "https://bugzilla.suse.com/1241626"
},
{
"category": "self",
"summary": "SUSE Bug 1241627",
"url": "https://bugzilla.suse.com/1241627"
},
{
"category": "self",
"summary": "SUSE Bug 1241638",
"url": "https://bugzilla.suse.com/1241638"
},
{
"category": "self",
"summary": "SUSE Bug 1241640",
"url": "https://bugzilla.suse.com/1241640"
},
{
"category": "self",
"summary": "SUSE Bug 1241648",
"url": "https://bugzilla.suse.com/1241648"
},
{
"category": "self",
"summary": "SUSE Bug 1241657",
"url": "https://bugzilla.suse.com/1241657"
},
{
"category": "self",
"summary": "SUSE Bug 1242006",
"url": "https://bugzilla.suse.com/1242006"
},
{
"category": "self",
"summary": "SUSE Bug 1242012",
"url": "https://bugzilla.suse.com/1242012"
},
{
"category": "self",
"summary": "SUSE Bug 1242044",
"url": "https://bugzilla.suse.com/1242044"
},
{
"category": "self",
"summary": "SUSE Bug 1242172",
"url": "https://bugzilla.suse.com/1242172"
},
{
"category": "self",
"summary": "SUSE Bug 1242203",
"url": "https://bugzilla.suse.com/1242203"
},
{
"category": "self",
"summary": "SUSE Bug 1242283",
"url": "https://bugzilla.suse.com/1242283"
},
{
"category": "self",
"summary": "SUSE Bug 1242307",
"url": "https://bugzilla.suse.com/1242307"
},
{
"category": "self",
"summary": "SUSE Bug 1242313",
"url": "https://bugzilla.suse.com/1242313"
},
{
"category": "self",
"summary": "SUSE Bug 1242314",
"url": "https://bugzilla.suse.com/1242314"
},
{
"category": "self",
"summary": "SUSE Bug 1242315",
"url": "https://bugzilla.suse.com/1242315"
},
{
"category": "self",
"summary": "SUSE Bug 1242321",
"url": "https://bugzilla.suse.com/1242321"
},
{
"category": "self",
"summary": "SUSE Bug 1242326",
"url": "https://bugzilla.suse.com/1242326"
},
{
"category": "self",
"summary": "SUSE Bug 1242327",
"url": "https://bugzilla.suse.com/1242327"
},
{
"category": "self",
"summary": "SUSE Bug 1242328",
"url": "https://bugzilla.suse.com/1242328"
},
{
"category": "self",
"summary": "SUSE Bug 1242332",
"url": "https://bugzilla.suse.com/1242332"
},
{
"category": "self",
"summary": "SUSE Bug 1242333",
"url": "https://bugzilla.suse.com/1242333"
},
{
"category": "self",
"summary": "SUSE Bug 1242335",
"url": "https://bugzilla.suse.com/1242335"
},
{
"category": "self",
"summary": "SUSE Bug 1242336",
"url": "https://bugzilla.suse.com/1242336"
},
{
"category": "self",
"summary": "SUSE Bug 1242342",
"url": "https://bugzilla.suse.com/1242342"
},
{
"category": "self",
"summary": "SUSE Bug 1242343",
"url": "https://bugzilla.suse.com/1242343"
},
{
"category": "self",
"summary": "SUSE Bug 1242344",
"url": "https://bugzilla.suse.com/1242344"
},
{
"category": "self",
"summary": "SUSE Bug 1242345",
"url": "https://bugzilla.suse.com/1242345"
},
{
"category": "self",
"summary": "SUSE Bug 1242346",
"url": "https://bugzilla.suse.com/1242346"
},
{
"category": "self",
"summary": "SUSE Bug 1242347",
"url": "https://bugzilla.suse.com/1242347"
},
{
"category": "self",
"summary": "SUSE Bug 1242348",
"url": "https://bugzilla.suse.com/1242348"
},
{
"category": "self",
"summary": "SUSE Bug 1242414",
"url": "https://bugzilla.suse.com/1242414"
},
{
"category": "self",
"summary": "SUSE Bug 1242417",
"url": "https://bugzilla.suse.com/1242417"
},
{
"category": "self",
"summary": "SUSE Bug 1242502",
"url": "https://bugzilla.suse.com/1242502"
},
{
"category": "self",
"summary": "SUSE Bug 1242506",
"url": "https://bugzilla.suse.com/1242506"
},
{
"category": "self",
"summary": "SUSE Bug 1242507",
"url": "https://bugzilla.suse.com/1242507"
},
{
"category": "self",
"summary": "SUSE Bug 1242509",
"url": "https://bugzilla.suse.com/1242509"
},
{
"category": "self",
"summary": "SUSE Bug 1242510",
"url": "https://bugzilla.suse.com/1242510"
},
{
"category": "self",
"summary": "SUSE Bug 1242513",
"url": "https://bugzilla.suse.com/1242513"
},
{
"category": "self",
"summary": "SUSE Bug 1242523",
"url": "https://bugzilla.suse.com/1242523"
},
{
"category": "self",
"summary": "SUSE Bug 1242526",
"url": "https://bugzilla.suse.com/1242526"
},
{
"category": "self",
"summary": "SUSE Bug 1242528",
"url": "https://bugzilla.suse.com/1242528"
},
{
"category": "self",
"summary": "SUSE Bug 1242534",
"url": "https://bugzilla.suse.com/1242534"
},
{
"category": "self",
"summary": "SUSE Bug 1242535",
"url": "https://bugzilla.suse.com/1242535"
},
{
"category": "self",
"summary": "SUSE Bug 1242536",
"url": "https://bugzilla.suse.com/1242536"
},
{
"category": "self",
"summary": "SUSE Bug 1242537",
"url": "https://bugzilla.suse.com/1242537"
},
{
"category": "self",
"summary": "SUSE Bug 1242538",
"url": "https://bugzilla.suse.com/1242538"
},
{
"category": "self",
"summary": "SUSE Bug 1242539",
"url": "https://bugzilla.suse.com/1242539"
},
{
"category": "self",
"summary": "SUSE Bug 1242540",
"url": "https://bugzilla.suse.com/1242540"
},
{
"category": "self",
"summary": "SUSE Bug 1242546",
"url": "https://bugzilla.suse.com/1242546"
},
{
"category": "self",
"summary": "SUSE Bug 1242556",
"url": "https://bugzilla.suse.com/1242556"
},
{
"category": "self",
"summary": "SUSE Bug 1242585",
"url": "https://bugzilla.suse.com/1242585"
},
{
"category": "self",
"summary": "SUSE Bug 1242596",
"url": "https://bugzilla.suse.com/1242596"
},
{
"category": "self",
"summary": "SUSE Bug 1242710",
"url": "https://bugzilla.suse.com/1242710"
},
{
"category": "self",
"summary": "SUSE Bug 1242762",
"url": "https://bugzilla.suse.com/1242762"
},
{
"category": "self",
"summary": "SUSE Bug 1242763",
"url": "https://bugzilla.suse.com/1242763"
},
{
"category": "self",
"summary": "SUSE Bug 1242778",
"url": "https://bugzilla.suse.com/1242778"
},
{
"category": "self",
"summary": "SUSE Bug 1242786",
"url": "https://bugzilla.suse.com/1242786"
},
{
"category": "self",
"summary": "SUSE Bug 1242831",
"url": "https://bugzilla.suse.com/1242831"
},
{
"category": "self",
"summary": "SUSE Bug 1242852",
"url": "https://bugzilla.suse.com/1242852"
},
{
"category": "self",
"summary": "SUSE Bug 1242854",
"url": "https://bugzilla.suse.com/1242854"
},
{
"category": "self",
"summary": "SUSE Bug 1242856",
"url": "https://bugzilla.suse.com/1242856"
},
{
"category": "self",
"summary": "SUSE Bug 1242859",
"url": "https://bugzilla.suse.com/1242859"
},
{
"category": "self",
"summary": "SUSE Bug 1242860",
"url": "https://bugzilla.suse.com/1242860"
},
{
"category": "self",
"summary": "SUSE Bug 1242861",
"url": "https://bugzilla.suse.com/1242861"
},
{
"category": "self",
"summary": "SUSE Bug 1242866",
"url": "https://bugzilla.suse.com/1242866"
},
{
"category": "self",
"summary": "SUSE Bug 1242867",
"url": "https://bugzilla.suse.com/1242867"
},
{
"category": "self",
"summary": "SUSE Bug 1242868",
"url": "https://bugzilla.suse.com/1242868"
},
{
"category": "self",
"summary": "SUSE Bug 1242875",
"url": "https://bugzilla.suse.com/1242875"
},
{
"category": "self",
"summary": "SUSE Bug 1242924",
"url": "https://bugzilla.suse.com/1242924"
},
{
"category": "self",
"summary": "SUSE Bug 1242944",
"url": "https://bugzilla.suse.com/1242944"
},
{
"category": "self",
"summary": "SUSE Bug 1242951",
"url": "https://bugzilla.suse.com/1242951"
},
{
"category": "self",
"summary": "SUSE Bug 1242962",
"url": "https://bugzilla.suse.com/1242962"
},
{
"category": "self",
"summary": "SUSE Bug 1242985",
"url": "https://bugzilla.suse.com/1242985"
},
{
"category": "self",
"summary": "SUSE Bug 1242993",
"url": "https://bugzilla.suse.com/1242993"
},
{
"category": "self",
"summary": "SUSE Bug 1243044",
"url": "https://bugzilla.suse.com/1243044"
},
{
"category": "self",
"summary": "SUSE Bug 1243056",
"url": "https://bugzilla.suse.com/1243056"
},
{
"category": "self",
"summary": "SUSE Bug 1243077",
"url": "https://bugzilla.suse.com/1243077"
},
{
"category": "self",
"summary": "SUSE Bug 1243090",
"url": "https://bugzilla.suse.com/1243090"
},
{
"category": "self",
"summary": "SUSE Bug 1243342",
"url": "https://bugzilla.suse.com/1243342"
},
{
"category": "self",
"summary": "SUSE Bug 1243519",
"url": "https://bugzilla.suse.com/1243519"
},
{
"category": "self",
"summary": "SUSE Bug 1243539",
"url": "https://bugzilla.suse.com/1243539"
},
{
"category": "self",
"summary": "SUSE Bug 1243541",
"url": "https://bugzilla.suse.com/1243541"
},
{
"category": "self",
"summary": "SUSE Bug 1243547",
"url": "https://bugzilla.suse.com/1243547"
},
{
"category": "self",
"summary": "SUSE Bug 1243657",
"url": "https://bugzilla.suse.com/1243657"
},
{
"category": "self",
"summary": "SUSE Bug 1243658",
"url": "https://bugzilla.suse.com/1243658"
},
{
"category": "self",
"summary": "SUSE Bug 1243737",
"url": "https://bugzilla.suse.com/1243737"
},
{
"category": "self",
"summary": "SUSE Bug 1243805",
"url": "https://bugzilla.suse.com/1243805"
},
{
"category": "self",
"summary": "SUSE Bug 1243963",
"url": "https://bugzilla.suse.com/1243963"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52831 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52926 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52926/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52927 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53034 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53034/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26634 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26634/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26873 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27018 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27415 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27415/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-28956 page",
"url": "https://www.suse.com/security/cve/CVE-2024-28956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35826 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35840 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35910 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35910/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38606 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41005 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41077 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41149 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41149/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42307 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43820 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43869 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46713 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46736 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46763 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46782 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46796 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46865 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47408 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47408/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47794 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49571 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49924 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49940 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49940/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50029 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50036 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50038 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50038/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50083 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50106 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50126 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50140 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50152 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50162 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50162/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50163 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50223 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50223/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50290 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50294 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50294/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-52559 page",
"url": "https://www.suse.com/security/cve/CVE-2024-52559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53057 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53124 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53135 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53139 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53140 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53163 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53177 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53178 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53680 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-54458 page",
"url": "https://www.suse.com/security/cve/CVE-2024-54458/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-54683 page",
"url": "https://www.suse.com/security/cve/CVE-2024-54683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56638 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56640 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56641 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56641/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56702 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56703 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56718 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56719 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56751 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56758 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56758/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56770 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56770/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57807 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57834 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57900 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57924 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57947 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57973 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57978 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57979 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57979/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57981 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57986 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57990 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57990/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57993 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57996 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57997 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57998 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57999 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58001 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58002 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58005 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58006 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58007 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58011 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58012 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58013 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58014 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58017 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58018 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58019 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58020 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58034 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58034/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58051 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58052 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58054 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58054/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58057 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58058 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58061 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58068 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58069 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58070 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58070/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58071 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58071/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58072 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58072/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58076 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58078 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58079 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58080 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58083 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58086 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58088 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58093 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58094 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58094/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58095 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58096 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58097 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21631 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21635 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21635/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21648 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21659 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21671 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21683 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21693 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21696 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21701 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21703 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21704 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21705 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21706 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21707 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21707/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21708 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21711 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21714 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21715 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21716 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21718 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21719 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21723 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21727 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21729 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21731 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21732 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21733 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21734 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21735 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21736 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21738 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21739 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21741 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21742 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21743 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21743/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21744 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21745 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21745/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21749 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21750 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21753 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21755 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21755/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21756 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21758 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21758/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21759 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21759/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21760 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21760/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21761 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21762 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21762/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21763 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21764 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21765 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21765/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21766 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21767 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21768 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21768/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21772 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21773 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21773/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21775 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21776 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21776/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21779 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21780 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21780/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21781 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21782 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21784 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21784/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21785 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21787 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21787/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21790 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21792 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21792/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21793 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21793/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21794 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21796 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21799 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21802 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21804 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21804/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21806 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21808 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21808/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21810 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21812 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21814 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21815 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21819 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21820 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21821 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21823 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21825 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21828 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21829 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21830 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21831 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21832 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21833 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21835 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21836 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21838 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21838/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21844 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21846 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21847 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21848 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21848/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21850 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21852 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21852/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21853 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21854 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21854/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21855 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21856 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21857 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21858 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21859 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21861 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21862 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21863 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21864 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21865 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21866 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21867 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21867/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21871 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21873 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21875 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21876 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21877 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21878 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21883 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21883/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21884 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21885 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21886 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21887 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21887/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21888 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21889 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21890 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21891 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21892 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21892/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21894 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21894/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21895 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21904 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21904/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21905 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21906 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21908 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21908/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21909 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21909/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21910 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21910/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21912 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21915 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21915/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21916 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21916/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21917 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21917/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21918 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21919 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21919/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21922 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21922/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21923 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21924 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21925 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21926 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21926/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21927 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21928 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21928/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21930 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21930/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21931 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21934 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21935 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21935/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21936 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21936/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21937 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21941 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21941/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21943 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21943/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21948 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21950 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21951 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21951/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21953 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21953/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21956 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21957 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21960 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21960/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21961 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21961/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21962 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21963 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21963/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21964 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21964/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21966 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21966/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21968 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21969 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21970 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21971 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21972 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21975 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21975/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21978 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21979 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21979/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21980 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21981 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21985 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21985/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21991 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21992 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21992/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21993 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21995 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21996 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21999 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22001 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22003 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22003/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22004 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22004/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22007 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22008 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22009 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22010 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22013 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22014 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22015 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22015/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22016 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22017 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22018 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22020 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22021 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22021/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22025 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22025/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22027 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22027/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22029 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22030 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22030/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22033 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22033/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22036 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22044 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22045 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22045/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22050 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22050/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22053 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22053/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22055 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22056 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22057 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22058 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22060 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22062 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22063 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22064 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22065 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22065/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22070 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22070/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22075 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22075/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22080 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22086 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22088 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22090 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22090/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22093 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22097 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22102 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22103 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22104 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22105 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22105/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22106 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22107 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22107/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22108 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22109 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22109/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22115 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22116 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22116/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22121 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22121/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22125 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22126 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22128 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22128/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-2312 page",
"url": "https://www.suse.com/security/cve/CVE-2025-2312/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23129 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23129/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23131 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23131/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23133 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23136 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23138 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23140 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23145 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23150 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23160 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37748 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37748/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37749 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37750 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37755 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37755/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37773 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37773/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37780 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37780/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37785 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37787 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37787/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37789 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37789/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37790 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37797 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37798 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37799 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37803 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37803/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37804 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37804/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37809 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37809/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37820 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37823 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37824 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37829 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37830 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37831 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37833 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37842 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37842/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37860 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37860/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37879 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37879/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37886 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37887 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37887/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37949 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37949/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37957 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37958 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37958/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37960 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37960/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37974 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38152 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38637 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40325 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40325/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-06-12T06:29:09Z",
"generator": {
"date": "2025-06-12T06:29:09Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:01919-1",
"initial_release_date": "2025-06-12T06:29:09Z",
"revision_history": [
{
"date": "2025-06-12T06:29:09Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"product": {
"name": "kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"product_id": "kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"product": {
"name": "kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"product_id": "kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"product": {
"name": "cluster-md-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"product_id": "cluster-md-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"product": {
"name": "dlm-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"product_id": "dlm-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"product": {
"name": "gfs2-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"product_id": "gfs2-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"product": {
"name": "kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"product_id": "kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"product": {
"name": "kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"product_id": "kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-coco-extra-6.4.0-15061.21.coco15sp6.1.x86_64",
"product": {
"name": "kernel-coco-extra-6.4.0-15061.21.coco15sp6.1.x86_64",
"product_id": "kernel-coco-extra-6.4.0-15061.21.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-coco-livepatch-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"product": {
"name": "kernel-coco-livepatch-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"product_id": "kernel-coco-livepatch-devel-6.4.0-15061.21.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-coco-optional-6.4.0-15061.21.coco15sp6.1.x86_64",
"product": {
"name": "kernel-coco-optional-6.4.0-15061.21.coco15sp6.1.x86_64",
"product_id": "kernel-coco-optional-6.4.0-15061.21.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-coco-vdso-6.4.0-15061.21.coco15sp6.1.x86_64",
"product": {
"name": "kernel-coco-vdso-6.4.0-15061.21.coco15sp6.1.x86_64",
"product_id": "kernel-coco-vdso-6.4.0-15061.21.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"product": {
"name": "kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"product_id": "kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"product": {
"name": "kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"product_id": "kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-coco_debug-vdso-6.4.0-15061.21.coco15sp6.1.x86_64",
"product": {
"name": "kernel-coco_debug-vdso-6.4.0-15061.21.coco15sp6.1.x86_64",
"product_id": "kernel-coco_debug-vdso-6.4.0-15061.21.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"product": {
"name": "kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"product_id": "kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"product": {
"name": "kselftests-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"product_id": "kselftests-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"product": {
"name": "ocfs2-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"product_id": "ocfs2-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"product": {
"name": "reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"product_id": "reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-confidential-computing:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64 as component of SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
},
"product_reference": "kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64 as component of SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64"
},
"product_reference": "kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64 as component of SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64"
},
"product_reference": "kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64 as component of SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64"
},
"product_reference": "kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch as component of SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch"
},
"product_reference": "kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch as component of SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch"
},
"product_reference": "kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64 as component of SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
},
"product_reference": "kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64 as component of SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
},
"product_reference": "reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpu/hotplug: Don\u0027t offline the last non-isolated CPU\n\nIf a system has isolated CPUs via the \"isolcpus=\" command line parameter,\nthen an attempt to offline the last housekeeping CPU will result in a\nWARN_ON() when rebuilding the scheduler domains and a subsequent panic due\nto and unhandled empty CPU mas in partition_sched_domains_locked().\n\ncpuset_hotplug_workfn()\n rebuild_sched_domains_locked()\n ndoms = generate_sched_domains(\u0026doms, \u0026attr);\n cpumask_and(doms[0], top_cpuset.effective_cpus, housekeeping_cpumask(HK_FLAG_DOMAIN));\n\nThus results in an empty CPU mask which triggers the warning and then the\nsubsequent crash:\n\nWARNING: CPU: 4 PID: 80 at kernel/sched/topology.c:2366 build_sched_domains+0x120c/0x1408\nCall trace:\n build_sched_domains+0x120c/0x1408\n partition_sched_domains_locked+0x234/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n rebuild_sched_domains+0x30/0x58\n cpuset_hotplug_workfn+0x2a8/0x930\n\nUnable to handle kernel paging request at virtual address fffe80027ab37080\n partition_sched_domains_locked+0x318/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n\nAside of the resulting crash, it does not make any sense to offline the last\nlast housekeeping CPU.\n\nPrevent this by masking out the non-housekeeping CPUs when selecting a\ntarget CPU for initiating the CPU unplug operation via the work queue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52831",
"url": "https://www.suse.com/security/cve/CVE-2023-52831"
},
{
"category": "external",
"summary": "SUSE Bug 1225533 for CVE-2023-52831",
"url": "https://bugzilla.suse.com/1225533"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2023-52831"
},
{
"cve": "CVE-2023-52926",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52926"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIORING_OP_READ did not correctly consume the provided buffer list when\nread i/o returned \u003c 0 (except for -EAGAIN and -EIOCBQUEUED return).\nThis can lead to a potential use-after-free when the completion via\nio_rw_done runs at separate context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52926",
"url": "https://www.suse.com/security/cve/CVE-2023-52926"
},
{
"category": "external",
"summary": "SUSE Bug 1237565 for CVE-2023-52926",
"url": "https://bugzilla.suse.com/1237565"
},
{
"category": "external",
"summary": "SUSE Bug 1237567 for CVE-2023-52926",
"url": "https://bugzilla.suse.com/1237567"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2023-52926"
},
{
"cve": "CVE-2023-52927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: allow exp not to be removed in nf_ct_find_expectation\n\nCurrently nf_conntrack_in() calling nf_ct_find_expectation() will\nremove the exp from the hash table. However, in some scenario, we\nexpect the exp not to be removed when the created ct will not be\nconfirmed, like in OVS and TC conntrack in the following patches.\n\nThis patch allows exp not to be removed by setting IPS_CONFIRMED\nin the status of the tmpl.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52927",
"url": "https://www.suse.com/security/cve/CVE-2023-52927"
},
{
"category": "external",
"summary": "SUSE Bug 1239644 for CVE-2023-52927",
"url": "https://bugzilla.suse.com/1239644"
},
{
"category": "external",
"summary": "SUSE Bug 1246016 for CVE-2023-52927",
"url": "https://bugzilla.suse.com/1246016"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2023-52927"
},
{
"cve": "CVE-2023-53034",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53034"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans\n\nThere is a kernel API ntb_mw_clear_trans() would pass 0 to both addr and\nsize. This would make xlate_pos negative.\n\n[ 23.734156] switchtec switchtec0: MW 0: part 0 addr 0x0000000000000000 size 0x0000000000000000\n[ 23.734158] ================================================================================\n[ 23.734172] UBSAN: shift-out-of-bounds in drivers/ntb/hw/mscc/ntb_hw_switchtec.c:293:7\n[ 23.734418] shift exponent -1 is negative\n\nEnsuring xlate_pos is a positive or zero before BIT.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53034",
"url": "https://www.suse.com/security/cve/CVE-2023-53034"
},
{
"category": "external",
"summary": "SUSE Bug 1241341 for CVE-2023-53034",
"url": "https://bugzilla.suse.com/1241341"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2023-53034"
},
{
"cve": "CVE-2024-26634",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26634"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix removing a namespace with conflicting altnames\n\nMark reports a BUG() when a net namespace is removed.\n\n kernel BUG at net/core/dev.c:11520!\n\nPhysical interfaces moved outside of init_net get \"refunded\"\nto init_net when that namespace disappears. The main interface\nname may get overwritten in the process if it would have\nconflicted. We need to also discard all conflicting altnames.\nRecent fixes addressed ensuring that altnames get moved\nwith the main interface, which surfaced this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26634",
"url": "https://www.suse.com/security/cve/CVE-2024-26634"
},
{
"category": "external",
"summary": "SUSE Bug 1221651 for CVE-2024-26634",
"url": "https://bugzilla.suse.com/1221651"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-26634"
},
{
"cve": "CVE-2024-26873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26873"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hisi_sas: Fix a deadlock issue related to automatic dump\n\nIf we issue a disabling PHY command, the device attached with it will go\noffline, if a 2 bit ECC error occurs at the same time, a hung task may be\nfound:\n\n[ 4613.652388] INFO: task kworker/u256:0:165233 blocked for more than 120 seconds.\n[ 4613.666297] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.674809] task:kworker/u256:0 state:D stack: 0 pid:165233 ppid: 2 flags:0x00000208\n[ 4613.683959] Workqueue: 0000:74:02.0_disco_q sas_revalidate_domain [libsas]\n[ 4613.691518] Call trace:\n[ 4613.694678] __switch_to+0xf8/0x17c\n[ 4613.698872] __schedule+0x660/0xee0\n[ 4613.703063] schedule+0xac/0x240\n[ 4613.706994] schedule_timeout+0x500/0x610\n[ 4613.711705] __down+0x128/0x36c\n[ 4613.715548] down+0x240/0x2d0\n[ 4613.719221] hisi_sas_internal_abort_timeout+0x1bc/0x260 [hisi_sas_main]\n[ 4613.726618] sas_execute_internal_abort+0x144/0x310 [libsas]\n[ 4613.732976] sas_execute_internal_abort_dev+0x44/0x60 [libsas]\n[ 4613.739504] hisi_sas_internal_task_abort_dev.isra.0+0xbc/0x1b0 [hisi_sas_main]\n[ 4613.747499] hisi_sas_dev_gone+0x174/0x250 [hisi_sas_main]\n[ 4613.753682] sas_notify_lldd_dev_gone+0xec/0x2e0 [libsas]\n[ 4613.759781] sas_unregister_common_dev+0x4c/0x7a0 [libsas]\n[ 4613.765962] sas_destruct_devices+0xb8/0x120 [libsas]\n[ 4613.771709] sas_do_revalidate_domain.constprop.0+0x1b8/0x31c [libsas]\n[ 4613.778930] sas_revalidate_domain+0x60/0xa4 [libsas]\n[ 4613.784716] process_one_work+0x248/0x950\n[ 4613.789424] worker_thread+0x318/0x934\n[ 4613.793878] kthread+0x190/0x200\n[ 4613.797810] ret_from_fork+0x10/0x18\n[ 4613.802121] INFO: task kworker/u256:4:316722 blocked for more than 120 seconds.\n[ 4613.816026] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.824538] task:kworker/u256:4 state:D stack: 0 pid:316722 ppid: 2 flags:0x00000208\n[ 4613.833670] Workqueue: 0000:74:02.0 hisi_sas_rst_work_handler [hisi_sas_main]\n[ 4613.841491] Call trace:\n[ 4613.844647] __switch_to+0xf8/0x17c\n[ 4613.848852] __schedule+0x660/0xee0\n[ 4613.853052] schedule+0xac/0x240\n[ 4613.856984] schedule_timeout+0x500/0x610\n[ 4613.861695] __down+0x128/0x36c\n[ 4613.865542] down+0x240/0x2d0\n[ 4613.869216] hisi_sas_controller_prereset+0x58/0x1fc [hisi_sas_main]\n[ 4613.876324] hisi_sas_rst_work_handler+0x40/0x8c [hisi_sas_main]\n[ 4613.883019] process_one_work+0x248/0x950\n[ 4613.887732] worker_thread+0x318/0x934\n[ 4613.892204] kthread+0x190/0x200\n[ 4613.896118] ret_from_fork+0x10/0x18\n[ 4613.900423] INFO: task kworker/u256:1:348985 blocked for more than 121 seconds.\n[ 4613.914341] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.922852] task:kworker/u256:1 state:D stack: 0 pid:348985 ppid: 2 flags:0x00000208\n[ 4613.931984] Workqueue: 0000:74:02.0_event_q sas_port_event_worker [libsas]\n[ 4613.939549] Call trace:\n[ 4613.942702] __switch_to+0xf8/0x17c\n[ 4613.946892] __schedule+0x660/0xee0\n[ 4613.951083] schedule+0xac/0x240\n[ 4613.955015] schedule_timeout+0x500/0x610\n[ 4613.959725] wait_for_common+0x200/0x610\n[ 4613.964349] wait_for_completion+0x3c/0x5c\n[ 4613.969146] flush_workqueue+0x198/0x790\n[ 4613.973776] sas_porte_broadcast_rcvd+0x1e8/0x320 [libsas]\n[ 4613.979960] sas_port_event_worker+0x54/0xa0 [libsas]\n[ 4613.985708] process_one_work+0x248/0x950\n[ 4613.990420] worker_thread+0x318/0x934\n[ 4613.994868] kthread+0x190/0x200\n[ 4613.998800] ret_from_fork+0x10/0x18\n\nThis is because when the device goes offline, we obtain the hisi_hba\nsemaphore and send the ABORT_DEV command to the device. However, the\ninternal abort timed out due to the 2 bit ECC error and triggers automatic\ndump. In addition, since the hisi_hba semaphore has been obtained, the dump\ncannot be executed and the controller cannot be reset.\n\nTherefore, the deadlocks occur on the following circular dependencies\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26873",
"url": "https://www.suse.com/security/cve/CVE-2024-26873"
},
{
"category": "external",
"summary": "SUSE Bug 1223047 for CVE-2024-26873",
"url": "https://bugzilla.suse.com/1223047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-26873"
},
{
"cve": "CVE-2024-27018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27018"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: br_netfilter: skip conntrack input hook for promisc packets\n\nFor historical reasons, when bridge device is in promisc mode, packets\nthat are directed to the taps follow bridge input hook path. This patch\nadds a workaround to reset conntrack for these packets.\n\nJianbo Liu reports warning splats in their test infrastructure where\ncloned packets reach the br_netfilter input hook to confirm the\nconntrack object.\n\nScratch one bit from BR_INPUT_SKB_CB to annotate that this packet has\nreached the input hook because it is passed up to the bridge device to\nreach the taps.\n\n[ 57.571874] WARNING: CPU: 1 PID: 0 at net/bridge/br_netfilter_hooks.c:616 br_nf_local_in+0x157/0x180 [br_netfilter]\n[ 57.572749] Modules linked in: xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat xt_addrtype xt_conntrack nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_isc si ib_umad rdma_cm ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core mlx5ctl mlx5_core\n[ 57.575158] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0+ #19\n[ 57.575700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[ 57.576662] RIP: 0010:br_nf_local_in+0x157/0x180 [br_netfilter]\n[ 57.577195] Code: fe ff ff 41 bd 04 00 00 00 be 04 00 00 00 e9 4a ff ff ff be 04 00 00 00 48 89 ef e8 f3 a9 3c e1 66 83 ad b4 00 00 00 04 eb 91 \u003c0f\u003e 0b e9 f1 fe ff ff 0f 0b e9 df fe ff ff 48 89 df e8 b3 53 47 e1\n[ 57.578722] RSP: 0018:ffff88885f845a08 EFLAGS: 00010202\n[ 57.579207] RAX: 0000000000000002 RBX: ffff88812dfe8000 RCX: 0000000000000000\n[ 57.579830] RDX: ffff88885f845a60 RSI: ffff8881022dc300 RDI: 0000000000000000\n[ 57.580454] RBP: ffff88885f845a60 R08: 0000000000000001 R09: 0000000000000003\n[ 57.581076] R10: 00000000ffff1300 R11: 0000000000000002 R12: 0000000000000000\n[ 57.581695] R13: ffff8881047ffe00 R14: ffff888108dbee00 R15: ffff88814519b800\n[ 57.582313] FS: 0000000000000000(0000) GS:ffff88885f840000(0000) knlGS:0000000000000000\n[ 57.583040] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 57.583564] CR2: 000000c4206aa000 CR3: 0000000103847001 CR4: 0000000000370eb0\n[ 57.584194] DR0: 0000000000000000 DR1: 0000000000000000 DR2:\n0000000000000000\n[ 57.584820] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:\n0000000000000400\n[ 57.585440] Call Trace:\n[ 57.585721] \u003cIRQ\u003e\n[ 57.585976] ? __warn+0x7d/0x130\n[ 57.586323] ? br_nf_local_in+0x157/0x180 [br_netfilter]\n[ 57.586811] ? report_bug+0xf1/0x1c0\n[ 57.587177] ? handle_bug+0x3f/0x70\n[ 57.587539] ? exc_invalid_op+0x13/0x60\n[ 57.587929] ? asm_exc_invalid_op+0x16/0x20\n[ 57.588336] ? br_nf_local_in+0x157/0x180 [br_netfilter]\n[ 57.588825] nf_hook_slow+0x3d/0xd0\n[ 57.589188] ? br_handle_vlan+0x4b/0x110\n[ 57.589579] br_pass_frame_up+0xfc/0x150\n[ 57.589970] ? br_port_flags_change+0x40/0x40\n[ 57.590396] br_handle_frame_finish+0x346/0x5e0\n[ 57.590837] ? ipt_do_table+0x32e/0x430\n[ 57.591221] ? br_handle_local_finish+0x20/0x20\n[ 57.591656] br_nf_hook_thresh+0x4b/0xf0 [br_netfilter]\n[ 57.592286] ? br_handle_local_finish+0x20/0x20\n[ 57.592802] br_nf_pre_routing_finish+0x178/0x480 [br_netfilter]\n[ 57.593348] ? br_handle_local_finish+0x20/0x20\n[ 57.593782] ? nf_nat_ipv4_pre_routing+0x25/0x60 [nf_nat]\n[ 57.594279] br_nf_pre_routing+0x24c/0x550 [br_netfilter]\n[ 57.594780] ? br_nf_hook_thresh+0xf0/0xf0 [br_netfilter]\n[ 57.595280] br_handle_frame+0x1f3/0x3d0\n[ 57.595676] ? br_handle_local_finish+0x20/0x20\n[ 57.596118] ? br_handle_frame_finish+0x5e0/0x5e0\n[ 57.596566] __netif_receive_skb_core+0x25b/0xfc0\n[ 57.597017] ? __napi_build_skb+0x37/0x40\n[ 57.597418] __netif_receive_skb_list_core+0xfb/0x220",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27018",
"url": "https://www.suse.com/security/cve/CVE-2024-27018"
},
{
"category": "external",
"summary": "SUSE Bug 1223809 for CVE-2024-27018",
"url": "https://bugzilla.suse.com/1223809"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-27018"
},
{
"cve": "CVE-2024-27415",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27415"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: bridge: confirm multicast packets before passing them up the stack\n\nconntrack nf_confirm logic cannot handle cloned skbs referencing\nthe same nf_conn entry, which will happen for multicast (broadcast)\nframes on bridges.\n\n Example:\n macvlan0\n |\n br0\n / \\\n ethX ethY\n\n ethX (or Y) receives a L2 multicast or broadcast packet containing\n an IP packet, flow is not yet in conntrack table.\n\n 1. skb passes through bridge and fake-ip (br_netfilter)Prerouting.\n -\u003e skb-\u003e_nfct now references a unconfirmed entry\n 2. skb is broad/mcast packet. bridge now passes clones out on each bridge\n interface.\n 3. skb gets passed up the stack.\n 4. In macvlan case, macvlan driver retains clone(s) of the mcast skb\n and schedules a work queue to send them out on the lower devices.\n\n The clone skb-\u003e_nfct is not a copy, it is the same entry as the\n original skb. The macvlan rx handler then returns RX_HANDLER_PASS.\n 5. Normal conntrack hooks (in NF_INET_LOCAL_IN) confirm the orig skb.\n\nThe Macvlan broadcast worker and normal confirm path will race.\n\nThis race will not happen if step 2 already confirmed a clone. In that\ncase later steps perform skb_clone() with skb-\u003e_nfct already confirmed (in\nhash table). This works fine.\n\nBut such confirmation won\u0027t happen when eb/ip/nftables rules dropped the\npackets before they reached the nf_confirm step in postrouting.\n\nPablo points out that nf_conntrack_bridge doesn\u0027t allow use of stateful\nnat, so we can safely discard the nf_conn entry and let inet call\nconntrack again.\n\nThis doesn\u0027t work for bridge netfilter: skb could have a nat\ntransformation. Also bridge nf prevents re-invocation of inet prerouting\nvia \u0027sabotage_in\u0027 hook.\n\nWork around this problem by explicit confirmation of the entry at LOCAL_IN\ntime, before upper layer has a chance to clone the unconfirmed entry.\n\nThe downside is that this disables NAT and conntrack helpers.\n\nAlternative fix would be to add locking to all code parts that deal with\nunconfirmed packets, but even if that could be done in a sane way this\nopens up other problems, for example:\n\n-m physdev --physdev-out eth0 -j SNAT --snat-to 1.2.3.4\n-m physdev --physdev-out eth1 -j SNAT --snat-to 1.2.3.5\n\nFor multicast case, only one of such conflicting mappings will be\ncreated, conntrack only handles 1:1 NAT mappings.\n\nUsers should set create a setup that explicitly marks such traffic\nNOTRACK (conntrack bypass) to avoid this, but we cannot auto-bypass\nthem, ruleset might have accept rules for untracked traffic already,\nso user-visible behaviour would change.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27415",
"url": "https://www.suse.com/security/cve/CVE-2024-27415"
},
{
"category": "external",
"summary": "SUSE Bug 1224757 for CVE-2024-27415",
"url": "https://bugzilla.suse.com/1224757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-27415"
},
{
"cve": "CVE-2024-28956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-28956"
}
],
"notes": [
{
"category": "general",
"text": "Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-28956",
"url": "https://www.suse.com/security/cve/CVE-2024-28956"
},
{
"category": "external",
"summary": "SUSE Bug 1242006 for CVE-2024-28956",
"url": "https://bugzilla.suse.com/1242006"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-28956"
},
{
"cve": "CVE-2024-35826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35826"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix page refcounts for unaligned buffers in __bio_release_pages()\n\nFix an incorrect number of pages being released for buffers that do not\nstart at the beginning of a page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35826",
"url": "https://www.suse.com/security/cve/CVE-2024-35826"
},
{
"category": "external",
"summary": "SUSE Bug 1224610 for CVE-2024-35826",
"url": "https://bugzilla.suse.com/1224610"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-35826"
},
{
"cve": "CVE-2024-35840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35840"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()\n\nsubflow_finish_connect() uses four fields (backup, join_id, thmac, none)\nthat may contain garbage unless OPTION_MPTCP_MPJ_SYNACK has been set\nin mptcp_parse_option()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35840",
"url": "https://www.suse.com/security/cve/CVE-2024-35840"
},
{
"category": "external",
"summary": "SUSE Bug 1224597 for CVE-2024-35840",
"url": "https://bugzilla.suse.com/1224597"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-35840"
},
{
"cve": "CVE-2024-35910",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35910"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: properly terminate timers for kernel sockets\n\nWe had various syzbot reports about tcp timers firing after\nthe corresponding netns has been dismantled.\n\nFortunately Josef Bacik could trigger the issue more often,\nand could test a patch I wrote two years ago.\n\nWhen TCP sockets are closed, we call inet_csk_clear_xmit_timers()\nto \u0027stop\u0027 the timers.\n\ninet_csk_clear_xmit_timers() can be called from any context,\nincluding when socket lock is held.\nThis is the reason it uses sk_stop_timer(), aka del_timer().\nThis means that ongoing timers might finish much later.\n\nFor user sockets, this is fine because each running timer\nholds a reference on the socket, and the user socket holds\na reference on the netns.\n\nFor kernel sockets, we risk that the netns is freed before\ntimer can complete, because kernel sockets do not hold\nreference on the netns.\n\nThis patch adds inet_csk_clear_xmit_timers_sync() function\nthat using sk_stop_timer_sync() to make sure all timers\nare terminated before the kernel socket is released.\nModules using kernel sockets close them in their netns exit()\nhandler.\n\nAlso add sock_not_owned_by_me() helper to get LOCKDEP\nsupport : inet_csk_clear_xmit_timers_sync() must not be called\nwhile socket lock is held.\n\nIt is very possible we can revert in the future commit\n3a58f13a881e (\"net: rds: acquire refcount on TCP sockets\")\nwhich attempted to solve the issue in rds only.\n(net/smc/af_smc.c and net/mptcp/subflow.c have similar code)\n\nWe probably can remove the check_net() tests from\ntcp_out_of_resources() and __tcp_close() in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35910",
"url": "https://www.suse.com/security/cve/CVE-2024-35910"
},
{
"category": "external",
"summary": "SUSE Bug 1224489 for CVE-2024-35910",
"url": "https://bugzilla.suse.com/1224489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-35910"
},
{
"cve": "CVE-2024-38606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38606"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - validate slices count returned by FW\n\nThe function adf_send_admin_tl_start() enables the telemetry (TL)\nfeature on a QAT device by sending the ICP_QAT_FW_TL_START message to\nthe firmware. This triggers the FW to start writing TL data to a DMA\nbuffer in memory and returns an array containing the number of\naccelerators of each type (slices) supported by this HW.\nThe pointer to this array is stored in the adf_tl_hw_data data\nstructure called slice_cnt.\n\nThe array slice_cnt is then used in the function tl_print_dev_data()\nto report in debugfs only statistics about the supported accelerators.\nAn incorrect value of the elements in slice_cnt might lead to an out\nof bounds memory read.\nAt the moment, there isn\u0027t an implementation of FW that returns a wrong\nvalue, but for robustness validate the slice count array returned by FW.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38606",
"url": "https://www.suse.com/security/cve/CVE-2024-38606"
},
{
"category": "external",
"summary": "SUSE Bug 1226871 for CVE-2024-38606",
"url": "https://bugzilla.suse.com/1226871"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-38606"
},
{
"cve": "CVE-2024-41005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetpoll: Fix race condition in netpoll_owner_active\n\nKCSAN detected a race condition in netpoll:\n\n\tBUG: KCSAN: data-race in net_rx_action / netpoll_send_skb\n\twrite (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10:\n\tnet_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)\n\u003csnip\u003e\n\tread to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2:\n\tnetpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393)\n\tnetpoll_send_udp (net/core/netpoll.c:?)\n\u003csnip\u003e\n\tvalue changed: 0x0000000a -\u003e 0xffffffff\n\nThis happens because netpoll_owner_active() needs to check if the\ncurrent CPU is the owner of the lock, touching napi-\u003epoll_owner\nnon atomically. The -\u003epoll_owner field contains the current CPU holding\nthe lock.\n\nUse an atomic read to check if the poll owner is the current CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41005",
"url": "https://www.suse.com/security/cve/CVE-2024-41005"
},
{
"category": "external",
"summary": "SUSE Bug 1227858 for CVE-2024-41005",
"url": "https://bugzilla.suse.com/1227858"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-41005"
},
{
"cve": "CVE-2024-41077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41077"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnull_blk: fix validation of block size\n\nBlock size should be between 512 and PAGE_SIZE and be a power of 2. The current\ncheck does not validate this, so update the check.\n\nWithout this patch, null_blk would Oops due to a null pointer deref when\nloaded with bs=1536 [1].\n\n\n[axboe: remove unnecessary braces and != 0 check]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41077",
"url": "https://www.suse.com/security/cve/CVE-2024-41077"
},
{
"category": "external",
"summary": "SUSE Bug 1228653 for CVE-2024-41077",
"url": "https://bugzilla.suse.com/1228653"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-41077"
},
{
"cve": "CVE-2024-41149",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41149"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: avoid to reuse `hctx` not removed from cpuhp callback list\n\nIf the \u0027hctx\u0027 isn\u0027t removed from cpuhp callback list, we can\u0027t reuse it,\notherwise use-after-free may be triggered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41149",
"url": "https://www.suse.com/security/cve/CVE-2024-41149"
},
{
"category": "external",
"summary": "SUSE Bug 1235698 for CVE-2024-41149",
"url": "https://bugzilla.suse.com/1235698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-41149"
},
{
"cve": "CVE-2024-42307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42307"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential null pointer use in destroy_workqueue in init_cifs error path\n\nDan Carpenter reported a Smack static checker warning:\n fs/smb/client/cifsfs.c:1981 init_cifs()\n error: we previously assumed \u0027serverclose_wq\u0027 could be null (see line 1895)\n\nThe patch which introduced the serverclose workqueue used the wrong\noredering in error paths in init_cifs() for freeing it on errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42307",
"url": "https://www.suse.com/security/cve/CVE-2024-42307"
},
{
"category": "external",
"summary": "SUSE Bug 1229361 for CVE-2024-42307",
"url": "https://bugzilla.suse.com/1229361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-42307"
},
{
"cve": "CVE-2024-43820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43820"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume\n\nrm-raid devices will occasionally trigger the following warning when\nbeing resumed after a table load because DM_RECOVERY_RUNNING is set:\n\nWARNING: CPU: 7 PID: 5660 at drivers/md/dm-raid.c:4105 raid_resume+0xee/0x100 [dm_raid]\n\nThe failing check is:\nWARN_ON_ONCE(test_bit(MD_RECOVERY_RUNNING, \u0026mddev-\u003erecovery));\n\nThis check is designed to make sure that the sync thread isn\u0027t\nregistered, but md_check_recovery can set MD_RECOVERY_RUNNING without\nthe sync_thread ever getting registered. Instead of checking if\nMD_RECOVERY_RUNNING is set, check if sync_thread is non-NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43820",
"url": "https://www.suse.com/security/cve/CVE-2024-43820"
},
{
"category": "external",
"summary": "SUSE Bug 1229311 for CVE-2024-43820",
"url": "https://bugzilla.suse.com/1229311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-43820"
},
{
"cve": "CVE-2024-43869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43869"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix event leak upon exec and file release\n\nThe perf pending task work is never waited upon the matching event\nrelease. In the case of a child event, released via free_event()\ndirectly, this can potentially result in a leaked event, such as in the\nfollowing scenario that doesn\u0027t even require a weak IRQ work\nimplementation to trigger:\n\nschedule()\n prepare_task_switch()\n=======\u003e \u003cNMI\u003e\n perf_event_overflow()\n event-\u003epending_sigtrap = ...\n irq_work_queue(\u0026event-\u003epending_irq)\n\u003c======= \u003c/NMI\u003e\n perf_event_task_sched_out()\n event_sched_out()\n event-\u003epending_sigtrap = 0;\n atomic_long_inc_not_zero(\u0026event-\u003erefcount)\n task_work_add(\u0026event-\u003epending_task)\n finish_lock_switch()\n=======\u003e \u003cIRQ\u003e\n perf_pending_irq()\n //do nothing, rely on pending task work\n\u003c======= \u003c/IRQ\u003e\n\nbegin_new_exec()\n perf_event_exit_task()\n perf_event_exit_event()\n // If is child event\n free_event()\n WARN(atomic_long_cmpxchg(\u0026event-\u003erefcount, 1, 0) != 1)\n // event is leaked\n\nSimilar scenarios can also happen with perf_event_remove_on_exec() or\nsimply against concurrent perf_event_release().\n\nFix this with synchonizing against the possibly remaining pending task\nwork while freeing the event, just like is done with remaining pending\nIRQ work. This means that the pending task callback neither need nor\nshould hold a reference to the event, preventing it from ever beeing\nfreed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43869",
"url": "https://www.suse.com/security/cve/CVE-2024-43869"
},
{
"category": "external",
"summary": "SUSE Bug 1229491 for CVE-2024-43869",
"url": "https://bugzilla.suse.com/1229491"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-43869"
},
{
"cve": "CVE-2024-46713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46713"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/aux: Fix AUX buffer serialization\n\nOle reported that event-\u003emmap_mutex is strictly insufficient to\nserialize the AUX buffer, add a per RB mutex to fully serialize it.\n\nNote that in the lock order comment the perf_event::mmap_mutex order\nwas already wrong, that is, it nesting under mmap_lock is not new with\nthis patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46713",
"url": "https://www.suse.com/security/cve/CVE-2024-46713"
},
{
"category": "external",
"summary": "SUSE Bug 1230581 for CVE-2024-46713",
"url": "https://bugzilla.suse.com/1230581"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-46713"
},
{
"cve": "CVE-2024-46736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46736"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double put of @cfile in smb2_rename_path()\n\nIf smb2_set_path_attr() is called with a valid @cfile and returned\n-EINVAL, we need to call cifs_get_writable_path() again as the\nreference of @cfile was already dropped by previous smb2_compound_op()\ncall.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46736",
"url": "https://www.suse.com/security/cve/CVE-2024-46736"
},
{
"category": "external",
"summary": "SUSE Bug 1230728 for CVE-2024-46736",
"url": "https://bugzilla.suse.com/1230728"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-46736"
},
{
"cve": "CVE-2024-46763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46763"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfou: Fix null-ptr-deref in GRO.\n\nWe observed a null-ptr-deref in fou_gro_receive() while shutting down\na host. [0]\n\nThe NULL pointer is sk-\u003esk_user_data, and the offset 8 is of protocol\nin struct fou.\n\nWhen fou_release() is called due to netns dismantle or explicit tunnel\nteardown, udp_tunnel_sock_release() sets NULL to sk-\u003esk_user_data.\nThen, the tunnel socket is destroyed after a single RCU grace period.\n\nSo, in-flight udp4_gro_receive() could find the socket and execute the\nFOU GRO handler, where sk-\u003esk_user_data could be NULL.\n\nLet\u0027s use rcu_dereference_sk_user_data() in fou_from_sock() and add NULL\nchecks in FOU GRO handlers.\n\n[0]:\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 80000001032f4067 P4D 80000001032f4067 PUD 103240067 PMD 0\nSMP PTI\nCPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.216-204.855.amzn2.x86_64 #1\nHardware name: Amazon EC2 c5.large/, BIOS 1.0 10/16/2017\nRIP: 0010:fou_gro_receive (net/ipv4/fou.c:233) [fou]\nCode: 41 5f c3 cc cc cc cc e8 e7 2e 69 f4 0f 1f 80 00 00 00 00 0f 1f 44 00 00 49 89 f8 41 54 48 89 f7 48 89 d6 49 8b 80 88 02 00 00 \u003c0f\u003e b6 48 08 0f b7 42 4a 66 25 fd fd 80 cc 02 66 89 42 4a 0f b6 42\nRSP: 0018:ffffa330c0003d08 EFLAGS: 00010297\nRAX: 0000000000000000 RBX: ffff93d9e3a6b900 RCX: 0000000000000010\nRDX: ffff93d9e3a6b900 RSI: ffff93d9e3a6b900 RDI: ffff93dac2e24d08\nRBP: ffff93d9e3a6b900 R08: ffff93dacbce6400 R09: 0000000000000002\nR10: 0000000000000000 R11: ffffffffb5f369b0 R12: ffff93dacbce6400\nR13: ffff93dac2e24d08 R14: 0000000000000000 R15: ffffffffb4edd1c0\nFS: 0000000000000000(0000) GS:ffff93daee800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000008 CR3: 0000000102140001 CR4: 00000000007706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cIRQ\u003e\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? no_context (arch/x86/mm/fault.c:752)\n ? exc_page_fault (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 arch/x86/mm/fault.c:1435 arch/x86/mm/fault.c:1483)\n ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:571)\n ? fou_gro_receive (net/ipv4/fou.c:233) [fou]\n udp_gro_receive (include/linux/netdevice.h:2552 net/ipv4/udp_offload.c:559)\n udp4_gro_receive (net/ipv4/udp_offload.c:604)\n inet_gro_receive (net/ipv4/af_inet.c:1549 (discriminator 7))\n dev_gro_receive (net/core/dev.c:6035 (discriminator 4))\n napi_gro_receive (net/core/dev.c:6170)\n ena_clean_rx_irq (drivers/amazon/net/ena/ena_netdev.c:1558) [ena]\n ena_io_poll (drivers/amazon/net/ena/ena_netdev.c:1742) [ena]\n napi_poll (net/core/dev.c:6847)\n net_rx_action (net/core/dev.c:6917)\n __do_softirq (arch/x86/include/asm/jump_label.h:25 include/linux/jump_label.h:200 include/trace/events/irq.h:142 kernel/softirq.c:299)\n asm_call_irq_on_stack (arch/x86/entry/entry_64.S:809)\n\u003c/IRQ\u003e\n do_softirq_own_stack (arch/x86/include/asm/irq_stack.h:27 arch/x86/include/asm/irq_stack.h:77 arch/x86/kernel/irq_64.c:77)\n irq_exit_rcu (kernel/softirq.c:393 kernel/softirq.c:423 kernel/softirq.c:435)\n common_interrupt (arch/x86/kernel/irq.c:239)\n asm_common_interrupt (arch/x86/include/asm/idtentry.h:626)\nRIP: 0010:acpi_idle_do_entry (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 drivers/acpi/processor_idle.c:114 drivers/acpi/processor_idle.c:575)\nCode: 8b 15 d1 3c c4 02 ed c3 cc cc cc cc 65 48 8b 04 25 40 ef 01 00 48 8b 00 a8 08 75 eb 0f 1f 44 00 00 0f 00 2d d5 09 55 00 fb f4 \u003cfa\u003e c3 cc cc cc cc e9 be fc ff ff 66 66 2e 0f 1f 84 00 00 00 00 00\nRSP: 0018:ffffffffb5603e58 EFLAGS: 00000246\nRAX: 0000000000004000 RBX: ffff93dac0929c00 RCX: ffff93daee833900\nRDX: ffff93daee800000 RSI: ffff93d\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46763",
"url": "https://www.suse.com/security/cve/CVE-2024-46763"
},
{
"category": "external",
"summary": "SUSE Bug 1230764 for CVE-2024-46763",
"url": "https://bugzilla.suse.com/1230764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-46763"
},
{
"cve": "CVE-2024-46782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: call nf_unregister_net_hooks() sooner\n\nsyzbot found an use-after-free Read in ila_nf_input [1]\n\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\nthen call nf_unregister_net_hooks().\n\nIt should be done in the reverse way, with a synchronize_rcu().\n\nThis is a good match for a pre_exit() method.\n\n[1]\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\n\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\n __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\n process_backlog+0x662/0x15b0 net/core/dev.c:6108\n __napi_poll+0xcb/0x490 net/core/dev.c:6772\n napi_poll net/core/dev.c:6841 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:6963\n handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\n run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\n smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xbfffffff(buddy)\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\n set_page_owner include/linux/page_owner.h:32 [inline]\n post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\n prep_new_page mm/page_alloc.c:1501 [inline]\n get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\n __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\n __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\n alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\n ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\n __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\n __do_kmalloc_node mm/slub.c:4146 [inline]\n __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\n __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\n bucket_table_alloc lib/rhashtable.c:186 [inline]\n rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\n ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\n ops_ini\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46782",
"url": "https://www.suse.com/security/cve/CVE-2024-46782"
},
{
"category": "external",
"summary": "SUSE Bug 1230769 for CVE-2024-46782",
"url": "https://bugzilla.suse.com/1230769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-46782"
},
{
"cve": "CVE-2024-46796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46796"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double put of @cfile in smb2_set_path_size()\n\nIf smb2_compound_op() is called with a valid @cfile and returned\n-EINVAL, we need to call cifs_get_writable_path() before retrying it\nas the reference of @cfile was already dropped by previous call.\n\nThis fixes the following KASAN splat when running fstests generic/013\nagainst Windows Server 2022:\n\n CIFS: Attempting to mount //w22-fs0/scratch\n run fstests generic/013 at 2024-09-02 19:48:59\n ==================================================================\n BUG: KASAN: slab-use-after-free in detach_if_pending+0xab/0x200\n Write of size 8 at addr ffff88811f1a3730 by task kworker/3:2/176\n\n CPU: 3 UID: 0 PID: 176 Comm: kworker/3:2 Not tainted 6.11.0-rc6 #2\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40\n 04/01/2014\n Workqueue: cifsoplockd cifs_oplock_break [cifs]\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ? detach_if_pending+0xab/0x200\n print_report+0x156/0x4d9\n ? detach_if_pending+0xab/0x200\n ? __virt_addr_valid+0x145/0x300\n ? __phys_addr+0x46/0x90\n ? detach_if_pending+0xab/0x200\n kasan_report+0xda/0x110\n ? detach_if_pending+0xab/0x200\n detach_if_pending+0xab/0x200\n timer_delete+0x96/0xe0\n ? __pfx_timer_delete+0x10/0x10\n ? rcu_is_watching+0x20/0x50\n try_to_grab_pending+0x46/0x3b0\n __cancel_work+0x89/0x1b0\n ? __pfx___cancel_work+0x10/0x10\n ? kasan_save_track+0x14/0x30\n cifs_close_deferred_file+0x110/0x2c0 [cifs]\n ? __pfx_cifs_close_deferred_file+0x10/0x10 [cifs]\n ? __pfx_down_read+0x10/0x10\n cifs_oplock_break+0x4c1/0xa50 [cifs]\n ? __pfx_cifs_oplock_break+0x10/0x10 [cifs]\n ? lock_is_held_type+0x85/0xf0\n ? mark_held_locks+0x1a/0x90\n process_one_work+0x4c6/0x9f0\n ? find_held_lock+0x8a/0xa0\n ? __pfx_process_one_work+0x10/0x10\n ? lock_acquired+0x220/0x550\n ? __list_add_valid_or_report+0x37/0x100\n worker_thread+0x2e4/0x570\n ? __kthread_parkme+0xd1/0xf0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x17f/0x1c0\n ? kthread+0xda/0x1c0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\n Allocated by task 1118:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n cifs_new_fileinfo+0xc8/0x9d0 [cifs]\n cifs_atomic_open+0x467/0x770 [cifs]\n lookup_open.isra.0+0x665/0x8b0\n path_openat+0x4c3/0x1380\n do_filp_open+0x167/0x270\n do_sys_openat2+0x129/0x160\n __x64_sys_creat+0xad/0xe0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 83:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x70\n poison_slab_object+0xe9/0x160\n __kasan_slab_free+0x32/0x50\n kfree+0xf2/0x300\n process_one_work+0x4c6/0x9f0\n worker_thread+0x2e4/0x570\n kthread+0x17f/0x1c0\n ret_from_fork+0x31/0x60\n ret_from_fork_asm+0x1a/0x30\n\n Last potentially related work creation:\n kasan_save_stack+0x30/0x50\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x29/0xe0\n __queue_work+0x5ea/0x760\n queue_work_on+0x6d/0x90\n _cifsFileInfo_put+0x3f6/0x770 [cifs]\n smb2_compound_op+0x911/0x3940 [cifs]\n smb2_set_path_size+0x228/0x270 [cifs]\n cifs_set_file_size+0x197/0x460 [cifs]\n cifs_setattr+0xd9c/0x14b0 [cifs]\n notify_change+0x4e3/0x740\n do_truncate+0xfa/0x180\n vfs_truncate+0x195/0x200\n __x64_sys_truncate+0x109/0x150\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46796",
"url": "https://www.suse.com/security/cve/CVE-2024-46796"
},
{
"category": "external",
"summary": "SUSE Bug 1230832 for CVE-2024-46796",
"url": "https://bugzilla.suse.com/1230832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-46796"
},
{
"cve": "CVE-2024-46865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46865"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfou: fix initialization of grc\n\nThe grc must be initialize first. There can be a condition where if\nfou is NULL, goto out will be executed and grc would be used\nuninitialized.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46865",
"url": "https://www.suse.com/security/cve/CVE-2024-46865"
},
{
"category": "external",
"summary": "SUSE Bug 1231103 for CVE-2024-46865",
"url": "https://bugzilla.suse.com/1231103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-46865"
},
{
"cve": "CVE-2024-47408",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47408"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check smcd_v2_ext_offset when receiving proposal msg\n\nWhen receiving proposal msg in server, the field smcd_v2_ext_offset in\nproposal msg is from the remote client and can not be fully trusted.\nOnce the value of smcd_v2_ext_offset exceed the max value, there has\nthe chance to access wrong address, and crash may happen.\n\nThis patch checks the value of smcd_v2_ext_offset before using it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47408",
"url": "https://www.suse.com/security/cve/CVE-2024-47408"
},
{
"category": "external",
"summary": "SUSE Bug 1235711 for CVE-2024-47408",
"url": "https://bugzilla.suse.com/1235711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-47408"
},
{
"cve": "CVE-2024-47794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Prevent tailcall infinite loop caused by freplace\n\nThere is a potential infinite loop issue that can occur when using a\ncombination of tail calls and freplace.\n\nIn an upcoming selftest, the attach target for entry_freplace of\ntailcall_freplace.c is subprog_tc of tc_bpf2bpf.c, while the tail call in\nentry_freplace leads to entry_tc. This results in an infinite loop:\n\nentry_tc -\u003e subprog_tc -\u003e entry_freplace --tailcall-\u003e entry_tc.\n\nThe problem arises because the tail_call_cnt in entry_freplace resets to\nzero each time entry_freplace is executed, causing the tail call mechanism\nto never terminate, eventually leading to a kernel panic.\n\nTo fix this issue, the solution is twofold:\n\n1. Prevent updating a program extended by an freplace program to a\n prog_array map.\n2. Prevent extending a program that is already part of a prog_array map\n with an freplace program.\n\nThis ensures that:\n\n* If a program or its subprogram has been extended by an freplace program,\n it can no longer be updated to a prog_array map.\n* If a program has been added to a prog_array map, neither it nor its\n subprograms can be extended by an freplace program.\n\nMoreover, an extension program should not be tailcalled. As such, return\n-EINVAL if the program has a type of BPF_PROG_TYPE_EXT when adding it to a\nprog_array map.\n\nAdditionally, fix a minor code style issue by replacing eight spaces with a\ntab for proper formatting.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47794",
"url": "https://www.suse.com/security/cve/CVE-2024-47794"
},
{
"category": "external",
"summary": "SUSE Bug 1235712 for CVE-2024-47794",
"url": "https://bugzilla.suse.com/1235712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-47794"
},
{
"cve": "CVE-2024-49571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49571"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg\n\nWhen receiving proposal msg in server, the field iparea_offset\nand the field ipv6_prefixes_cnt in proposal msg are from the\nremote client and can not be fully trusted. Especially the\nfield iparea_offset, once exceed the max value, there has the\nchance to access wrong address, and crash may happen.\n\nThis patch checks iparea_offset and ipv6_prefixes_cnt before using them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49571",
"url": "https://www.suse.com/security/cve/CVE-2024-49571"
},
{
"category": "external",
"summary": "SUSE Bug 1235733 for CVE-2024-49571",
"url": "https://bugzilla.suse.com/1235733"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-49571"
},
{
"cve": "CVE-2024-49924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: pxafb: Fix possible use after free in pxafb_task()\n\nIn the pxafb_probe function, it calls the pxafb_init_fbinfo function,\nafter which \u0026fbi-\u003etask is associated with pxafb_task. Moreover,\nwithin this pxafb_init_fbinfo function, the pxafb_blank function\nwithin the \u0026pxafb_ops struct is capable of scheduling work.\n\nIf we remove the module which will call pxafb_remove to make cleanup,\nit will call unregister_framebuffer function which can call\ndo_unregister_framebuffer to free fbi-\u003efb through\nput_fb_info(fb_info), while the work mentioned above will be used.\nThe sequence of operations that may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | pxafb_task\npxafb_remove |\nunregister_framebuffer(info) |\ndo_unregister_framebuffer(fb_info) |\nput_fb_info(fb_info) |\n// free fbi-\u003efb | set_ctrlr_state(fbi, state)\n | __pxafb_lcd_power(fbi, 0)\n | fbi-\u003elcd_power(on, \u0026fbi-\u003efb.var)\n | //use fbi-\u003efb\n\nFix it by ensuring that the work is canceled before proceeding\nwith the cleanup in pxafb_remove.\n\nNote that only root user can remove the driver at runtime.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49924",
"url": "https://www.suse.com/security/cve/CVE-2024-49924"
},
{
"category": "external",
"summary": "SUSE Bug 1232364 for CVE-2024-49924",
"url": "https://bugzilla.suse.com/1232364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-49924"
},
{
"cve": "CVE-2024-49940",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49940"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: prevent possible tunnel refcount underflow\n\nWhen a session is created, it sets a backpointer to its tunnel. When\nthe session refcount drops to 0, l2tp_session_free drops the tunnel\nrefcount if session-\u003etunnel is non-NULL. However, session-\u003etunnel is\nset in l2tp_session_create, before the tunnel refcount is incremented\nby l2tp_session_register, which leaves a small window where\nsession-\u003etunnel is non-NULL when the tunnel refcount hasn\u0027t been\nbumped.\n\nMoving the assignment to l2tp_session_register is trivial but\nl2tp_session_create calls l2tp_session_set_header_len which uses\nsession-\u003etunnel to get the tunnel\u0027s encap. Add an encap arg to\nl2tp_session_set_header_len to avoid using session-\u003etunnel.\n\nIf l2tpv3 sessions have colliding IDs, it is possible for\nl2tp_v3_session_get to race with l2tp_session_register and fetch a\nsession which doesn\u0027t yet have session-\u003etunnel set. Add a check for\nthis case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49940",
"url": "https://www.suse.com/security/cve/CVE-2024-49940"
},
{
"category": "external",
"summary": "SUSE Bug 1232812 for CVE-2024-49940",
"url": "https://bugzilla.suse.com/1232812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-49940"
},
{
"cve": "CVE-2024-49994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix integer overflow in BLKSECDISCARD\n\nI independently rediscovered\n\n\tcommit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155\n\tblock: fix overflow in blk_ioctl_discard()\n\nbut for secure erase.\n\nSame problem:\n\n\tuint64_t r[2] = {512, 18446744073709551104ULL};\n\tioctl(fd, BLKSECDISCARD, r);\n\nwill enter near infinite loop inside blkdev_issue_secure_erase():\n\n\ta.out: attempt to access beyond end of device\n\tloop0: rw=5, sector=3399043073, nr_sectors = 1024 limit=2048\n\tbio_check_eod: 3286214 callbacks suppressed",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49994",
"url": "https://www.suse.com/security/cve/CVE-2024-49994"
},
{
"category": "external",
"summary": "SUSE Bug 1237757 for CVE-2024-49994",
"url": "https://bugzilla.suse.com/1237757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-49994"
},
{
"cve": "CVE-2024-50029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50029"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync\n\nThis checks if the ACL connection remains valid as it could be destroyed\nwhile hci_enhanced_setup_sync is pending on cmd_sync leading to the\nfollowing trace:\n\nBUG: KASAN: slab-use-after-free in hci_enhanced_setup_sync+0x91b/0xa60\nRead of size 1 at addr ffff888002328ffd by task kworker/u5:2/37\n\nCPU: 0 UID: 0 PID: 37 Comm: kworker/u5:2 Not tainted 6.11.0-rc6-01300-g810be445d8d6 #7099\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ? hci_enhanced_setup_sync+0x91b/0xa60\n print_report+0x152/0x4c0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n ? __virt_addr_valid+0x1fa/0x420\n ? hci_enhanced_setup_sync+0x91b/0xa60\n kasan_report+0xda/0x1b0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n hci_enhanced_setup_sync+0x91b/0xa60\n ? __pfx_hci_enhanced_setup_sync+0x10/0x10\n ? __pfx___mutex_lock+0x10/0x10\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n ? __pfx_lock_acquire+0x10/0x10\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x167/0x240\n worker_thread+0x5b7/0xf60\n ? __kthread_parkme+0xac/0x1c0\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x293/0x360\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2f/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 34:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n __hci_conn_add+0x187/0x17d0\n hci_connect_sco+0x2e1/0xb90\n sco_sock_connect+0x2a2/0xb80\n __sys_connect+0x227/0x2a0\n __x64_sys_connect+0x6d/0xb0\n do_syscall_64+0x71/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 37:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x101/0x160\n kfree+0xd0/0x250\n device_release+0x9a/0x210\n kobject_put+0x151/0x280\n hci_conn_del+0x448/0xbf0\n hci_abort_conn_sync+0x46f/0x980\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n worker_thread+0x5b7/0xf60\n kthread+0x293/0x360\n ret_from_fork+0x2f/0x70\n ret_from_fork_asm+0x1a/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50029",
"url": "https://www.suse.com/security/cve/CVE-2024-50029"
},
{
"category": "external",
"summary": "SUSE Bug 1231949 for CVE-2024-50029",
"url": "https://bugzilla.suse.com/1231949"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-50029"
},
{
"cve": "CVE-2024-50036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not delay dst_entries_add() in dst_release()\n\ndst_entries_add() uses per-cpu data that might be freed at netns\ndismantle from ip6_route_net_exit() calling dst_entries_destroy()\n\nBefore ip6_route_net_exit() can be called, we release all\nthe dsts associated with this netns, via calls to dst_release(),\nwhich waits an rcu grace period before calling dst_destroy()\n\ndst_entries_add() use in dst_destroy() is racy, because\ndst_entries_destroy() could have been called already.\n\nDecrementing the number of dsts must happen sooner.\n\nNotes:\n\n1) in CONFIG_XFRM case, dst_destroy() can call\n dst_release_immediate(child), this might also cause UAF\n if the child does not have DST_NOCOUNT set.\n IPSEC maintainers might take a look and see how to address this.\n\n2) There is also discussion about removing this count of dst,\n which might happen in future kernels.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50036",
"url": "https://www.suse.com/security/cve/CVE-2024-50036"
},
{
"category": "external",
"summary": "SUSE Bug 1231912 for CVE-2024-50036",
"url": "https://bugzilla.suse.com/1231912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-50036"
},
{
"cve": "CVE-2024-50038",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50038"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xtables: avoid NFPROTO_UNSPEC where needed\n\nsyzbot managed to call xt_cluster match via ebtables:\n\n WARNING: CPU: 0 PID: 11 at net/netfilter/xt_cluster.c:72 xt_cluster_mt+0x196/0x780\n [..]\n ebt_do_table+0x174b/0x2a40\n\nModule registers to NFPROTO_UNSPEC, but it assumes ipv4/ipv6 packet\nprocessing. As this is only useful to restrict locally terminating\nTCP/UDP traffic, register this for ipv4 and ipv6 family only.\n\nPablo points out that this is a general issue, direct users of the\nset/getsockopt interface can call into targets/matches that were only\nintended for use with ip(6)tables.\n\nCheck all UNSPEC matches and targets for similar issues:\n\n- matches and targets are fine except if they assume skb_network_header()\n is valid -- this is only true when called from inet layer: ip(6) stack\n pulls the ip/ipv6 header into linear data area.\n- targets that return XT_CONTINUE or other xtables verdicts must be\n restricted too, they are incompatbile with the ebtables traverser, e.g.\n EBT_CONTINUE is a completely different value than XT_CONTINUE.\n\nMost matches/targets are changed to register for NFPROTO_IPV4/IPV6, as\nthey are provided for use by ip(6)tables.\n\nThe MARK target is also used by arptables, so register for NFPROTO_ARP too.\n\nWhile at it, bail out if connbytes fails to enable the corresponding\nconntrack family.\n\nThis change passes the selftests in iptables.git.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50038",
"url": "https://www.suse.com/security/cve/CVE-2024-50038"
},
{
"category": "external",
"summary": "SUSE Bug 1231910 for CVE-2024-50038",
"url": "https://bugzilla.suse.com/1231910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-50038"
},
{
"cve": "CVE-2024-50056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c\n\nFix potential dereferencing of ERR_PTR() in find_format_by_pix()\nand uvc_v4l2_enum_format().\n\nFix the following smatch errors:\n\ndrivers/usb/gadget/function/uvc_v4l2.c:124 find_format_by_pix()\nerror: \u0027fmtdesc\u0027 dereferencing possible ERR_PTR()\n\ndrivers/usb/gadget/function/uvc_v4l2.c:392 uvc_v4l2_enum_format()\nerror: \u0027fmtdesc\u0027 dereferencing possible ERR_PTR()\n\nAlso, fix similar issue in uvc_v4l2_try_format() for potential\ndereferencing of ERR_PTR().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50056",
"url": "https://www.suse.com/security/cve/CVE-2024-50056"
},
{
"category": "external",
"summary": "SUSE Bug 1232389 for CVE-2024-50056",
"url": "https://bugzilla.suse.com/1232389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-50056"
},
{
"cve": "CVE-2024-50083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50083"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: fix mptcp DSS corruption due to large pmtu xmit\n\nSyzkaller was able to trigger a DSS corruption:\n\n TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 5227 at net/mptcp/protocol.c:695 __mptcp_move_skbs_from_subflow+0x20a9/0x21f0 net/mptcp/protocol.c:695\n Modules linked in:\n CPU: 0 UID: 0 PID: 5227 Comm: syz-executor350 Not tainted 6.11.0-syzkaller-08829-gaf9c191ac2a0 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\n RIP: 0010:__mptcp_move_skbs_from_subflow+0x20a9/0x21f0 net/mptcp/protocol.c:695\n Code: 0f b6 dc 31 ff 89 de e8 b5 dd ea f5 89 d8 48 81 c4 50 01 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 98 da ea f5 90 \u003c0f\u003e 0b 90 e9 47 ff ff ff e8 8a da ea f5 90 0f 0b 90 e9 99 e0 ff ff\n RSP: 0018:ffffc90000006db8 EFLAGS: 00010246\n RAX: ffffffff8ba9df18 RBX: 00000000000055f0 RCX: ffff888030023c00\n RDX: 0000000000000100 RSI: 00000000000081e5 RDI: 00000000000055f0\n RBP: 1ffff110062bf1ae R08: ffffffff8ba9cf12 R09: 1ffff110062bf1b8\n R10: dffffc0000000000 R11: ffffed10062bf1b9 R12: 0000000000000000\n R13: dffffc0000000000 R14: 00000000700cec61 R15: 00000000000081e5\n FS: 000055556679c380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000020287000 CR3: 0000000077892000 CR4: 00000000003506f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cIRQ\u003e\n move_skbs_to_msk net/mptcp/protocol.c:811 [inline]\n mptcp_data_ready+0x29c/0xa90 net/mptcp/protocol.c:854\n subflow_data_ready+0x34a/0x920 net/mptcp/subflow.c:1490\n tcp_data_queue+0x20fd/0x76c0 net/ipv4/tcp_input.c:5283\n tcp_rcv_established+0xfba/0x2020 net/ipv4/tcp_input.c:6237\n tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1915\n tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2350\n ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n __netif_receive_skb_one_core net/core/dev.c:5662 [inline]\n __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5775\n process_backlog+0x662/0x15b0 net/core/dev.c:6107\n __napi_poll+0xcb/0x490 net/core/dev.c:6771\n napi_poll net/core/dev.c:6840 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:6962\n handle_softirqs+0x2c5/0x980 kernel/softirq.c:554\n do_softirq+0x11b/0x1e0 kernel/softirq.c:455\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]\n __dev_queue_xmit+0x1764/0x3e80 net/core/dev.c:4451\n dev_queue_xmit include/linux/netdevice.h:3094 [inline]\n neigh_hh_output include/net/neighbour.h:526 [inline]\n neigh_output include/net/neighbour.h:540 [inline]\n ip_finish_output2+0xd41/0x1390 net/ipv4/ip_output.c:236\n ip_local_out net/ipv4/ip_output.c:130 [inline]\n __ip_queue_xmit+0x118c/0x1b80 net/ipv4/ip_output.c:536\n __tcp_transmit_skb+0x2544/0x3b30 net/ipv4/tcp_output.c:1466\n tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline]\n tcp_mtu_probe net/ipv4/tcp_output.c:2547 [inline]\n tcp_write_xmit+0x641d/0x6bf0 net/ipv4/tcp_output.c:2752\n __tcp_push_pending_frames+0x9b/0x360 net/ipv4/tcp_output.c:3015\n tcp_push_pending_frames include/net/tcp.h:2107 [inline]\n tcp_data_snd_check net/ipv4/tcp_input.c:5714 [inline]\n tcp_rcv_established+0x1026/0x2020 net/ipv4/tcp_input.c:6239\n tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1915\n sk_backlog_rcv include/net/sock.h:1113 [inline]\n __release_sock+0x214/0x350 net/core/sock.c:3072\n release_sock+0x61/0x1f0 net/core/sock.c:3626\n mptcp_push_\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50083",
"url": "https://www.suse.com/security/cve/CVE-2024-50083"
},
{
"category": "external",
"summary": "SUSE Bug 1232493 for CVE-2024-50083",
"url": "https://bugzilla.suse.com/1232493"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-50083"
},
{
"cve": "CVE-2024-50106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50106"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix race between laundromat and free_stateid\n\nThere is a race between laundromat handling of revoked delegations\nand a client sending free_stateid operation. Laundromat thread\nfinds that delegation has expired and needs to be revoked so it\nmarks the delegation stid revoked and it puts it on a reaper list\nbut then it unlock the state lock and the actual delegation revocation\nhappens without the lock. Once the stid is marked revoked a racing\nfree_stateid processing thread does the following (1) it calls\nlist_del_init() which removes it from the reaper list and (2) frees\nthe delegation stid structure. The laundromat thread ends up not\ncalling the revoke_delegation() function for this particular delegation\nbut that means it will no release the lock lease that exists on\nthe file.\n\nNow, a new open for this file comes in and ends up finding that\nlease list isn\u0027t empty and calls nfsd_breaker_owns_lease() which ends\nup trying to derefence a freed delegation stateid. Leading to the\nfollowint use-after-free KASAN warning:\n\nkernel: ==================================================================\nkernel: BUG: KASAN: slab-use-after-free in nfsd_breaker_owns_lease+0x140/0x160 [nfsd]\nkernel: Read of size 8 at addr ffff0000e73cd0c8 by task nfsd/6205\nkernel:\nkernel: CPU: 2 UID: 0 PID: 6205 Comm: nfsd Kdump: loaded Not tainted 6.11.0-rc7+ #9\nkernel: Hardware name: Apple Inc. Apple Virtualization Generic Platform, BIOS 2069.0.0.0.0 08/03/2024\nkernel: Call trace:\nkernel: dump_backtrace+0x98/0x120\nkernel: show_stack+0x1c/0x30\nkernel: dump_stack_lvl+0x80/0xe8\nkernel: print_address_description.constprop.0+0x84/0x390\nkernel: print_report+0xa4/0x268\nkernel: kasan_report+0xb4/0xf8\nkernel: __asan_report_load8_noabort+0x1c/0x28\nkernel: nfsd_breaker_owns_lease+0x140/0x160 [nfsd]\nkernel: nfsd_file_do_acquire+0xb3c/0x11d0 [nfsd]\nkernel: nfsd_file_acquire_opened+0x84/0x110 [nfsd]\nkernel: nfs4_get_vfs_file+0x634/0x958 [nfsd]\nkernel: nfsd4_process_open2+0xa40/0x1a40 [nfsd]\nkernel: nfsd4_open+0xa08/0xe80 [nfsd]\nkernel: nfsd4_proc_compound+0xb8c/0x2130 [nfsd]\nkernel: nfsd_dispatch+0x22c/0x718 [nfsd]\nkernel: svc_process_common+0x8e8/0x1960 [sunrpc]\nkernel: svc_process+0x3d4/0x7e0 [sunrpc]\nkernel: svc_handle_xprt+0x828/0xe10 [sunrpc]\nkernel: svc_recv+0x2cc/0x6a8 [sunrpc]\nkernel: nfsd+0x270/0x400 [nfsd]\nkernel: kthread+0x288/0x310\nkernel: ret_from_fork+0x10/0x20\n\nThis patch proposes a fixed that\u0027s based on adding 2 new additional\nstid\u0027s sc_status values that help coordinate between the laundromat\nand other operations (nfsd4_free_stateid() and nfsd4_delegreturn()).\n\nFirst to make sure, that once the stid is marked revoked, it is not\nremoved by the nfsd4_free_stateid(), the laundromat take a reference\non the stateid. Then, coordinating whether the stid has been put\non the cl_revoked list or we are processing FREE_STATEID and need to\nmake sure to remove it from the list, each check that state and act\naccordingly. If laundromat has added to the cl_revoke list before\nthe arrival of FREE_STATEID, then nfsd4_free_stateid() knows to remove\nit from the list. If nfsd4_free_stateid() finds that operations arrived\nbefore laundromat has placed it on cl_revoke list, it marks the state\nfreed and then laundromat will no longer add it to the list.\n\nAlso, for nfsd4_delegreturn() when looking for the specified stid,\nwe need to access stid that are marked removed or freeable, it means\nthe laundromat has started processing it but hasn\u0027t finished and this\ndelegreturn needs to return nfserr_deleg_revoked and not\nnfserr_bad_stateid. The latter will not trigger a FREE_STATEID and the\nlack of it will leave this stid on the cl_revoked list indefinitely.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50106",
"url": "https://www.suse.com/security/cve/CVE-2024-50106"
},
{
"category": "external",
"summary": "SUSE Bug 1232882 for CVE-2024-50106",
"url": "https://bugzilla.suse.com/1232882"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-50106"
},
{
"cve": "CVE-2024-50126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50126"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: use RCU read-side critical section in taprio_dump()\n\nFix possible use-after-free in \u0027taprio_dump()\u0027 by adding RCU\nread-side critical section there. Never seen on x86 but\nfound on a KASAN-enabled arm64 system when investigating\nhttps://syzkaller.appspot.com/bug?extid=b65e0af58423fc8a73aa:\n\n[T15862] BUG: KASAN: slab-use-after-free in taprio_dump+0xa0c/0xbb0\n[T15862] Read of size 4 at addr ffff0000d4bb88f8 by task repro/15862\n[T15862]\n[T15862] CPU: 0 UID: 0 PID: 15862 Comm: repro Not tainted 6.11.0-rc1-00293-gdefaf1a2113a-dirty #2\n[T15862] Hardware name: QEMU QEMU Virtual Machine, BIOS edk2-20240524-5.fc40 05/24/2024\n[T15862] Call trace:\n[T15862] dump_backtrace+0x20c/0x220\n[T15862] show_stack+0x2c/0x40\n[T15862] dump_stack_lvl+0xf8/0x174\n[T15862] print_report+0x170/0x4d8\n[T15862] kasan_report+0xb8/0x1d4\n[T15862] __asan_report_load4_noabort+0x20/0x2c\n[T15862] taprio_dump+0xa0c/0xbb0\n[T15862] tc_fill_qdisc+0x540/0x1020\n[T15862] qdisc_notify.isra.0+0x330/0x3a0\n[T15862] tc_modify_qdisc+0x7b8/0x1838\n[T15862] rtnetlink_rcv_msg+0x3c8/0xc20\n[T15862] netlink_rcv_skb+0x1f8/0x3d4\n[T15862] rtnetlink_rcv+0x28/0x40\n[T15862] netlink_unicast+0x51c/0x790\n[T15862] netlink_sendmsg+0x79c/0xc20\n[T15862] __sock_sendmsg+0xe0/0x1a0\n[T15862] ____sys_sendmsg+0x6c0/0x840\n[T15862] ___sys_sendmsg+0x1ac/0x1f0\n[T15862] __sys_sendmsg+0x110/0x1d0\n[T15862] __arm64_sys_sendmsg+0x74/0xb0\n[T15862] invoke_syscall+0x88/0x2e0\n[T15862] el0_svc_common.constprop.0+0xe4/0x2a0\n[T15862] do_el0_svc+0x44/0x60\n[T15862] el0_svc+0x50/0x184\n[T15862] el0t_64_sync_handler+0x120/0x12c\n[T15862] el0t_64_sync+0x190/0x194\n[T15862]\n[T15862] Allocated by task 15857:\n[T15862] kasan_save_stack+0x3c/0x70\n[T15862] kasan_save_track+0x20/0x3c\n[T15862] kasan_save_alloc_info+0x40/0x60\n[T15862] __kasan_kmalloc+0xd4/0xe0\n[T15862] __kmalloc_cache_noprof+0x194/0x334\n[T15862] taprio_change+0x45c/0x2fe0\n[T15862] tc_modify_qdisc+0x6a8/0x1838\n[T15862] rtnetlink_rcv_msg+0x3c8/0xc20\n[T15862] netlink_rcv_skb+0x1f8/0x3d4\n[T15862] rtnetlink_rcv+0x28/0x40\n[T15862] netlink_unicast+0x51c/0x790\n[T15862] netlink_sendmsg+0x79c/0xc20\n[T15862] __sock_sendmsg+0xe0/0x1a0\n[T15862] ____sys_sendmsg+0x6c0/0x840\n[T15862] ___sys_sendmsg+0x1ac/0x1f0\n[T15862] __sys_sendmsg+0x110/0x1d0\n[T15862] __arm64_sys_sendmsg+0x74/0xb0\n[T15862] invoke_syscall+0x88/0x2e0\n[T15862] el0_svc_common.constprop.0+0xe4/0x2a0\n[T15862] do_el0_svc+0x44/0x60\n[T15862] el0_svc+0x50/0x184\n[T15862] el0t_64_sync_handler+0x120/0x12c\n[T15862] el0t_64_sync+0x190/0x194\n[T15862]\n[T15862] Freed by task 6192:\n[T15862] kasan_save_stack+0x3c/0x70\n[T15862] kasan_save_track+0x20/0x3c\n[T15862] kasan_save_free_info+0x4c/0x80\n[T15862] poison_slab_object+0x110/0x160\n[T15862] __kasan_slab_free+0x3c/0x74\n[T15862] kfree+0x134/0x3c0\n[T15862] taprio_free_sched_cb+0x18c/0x220\n[T15862] rcu_core+0x920/0x1b7c\n[T15862] rcu_core_si+0x10/0x1c\n[T15862] handle_softirqs+0x2e8/0xd64\n[T15862] __do_softirq+0x14/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50126",
"url": "https://www.suse.com/security/cve/CVE-2024-50126"
},
{
"category": "external",
"summary": "SUSE Bug 1232895 for CVE-2024-50126",
"url": "https://bugzilla.suse.com/1232895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-50126"
},
{
"cve": "CVE-2024-50140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/core: Disable page allocation in task_tick_mm_cid()\n\nWith KASAN and PREEMPT_RT enabled, calling task_work_add() in\ntask_tick_mm_cid() may cause the following splat.\n\n[ 63.696416] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n[ 63.696416] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 610, name: modprobe\n[ 63.696416] preempt_count: 10001, expected: 0\n[ 63.696416] RCU nest depth: 1, expected: 1\n\nThis problem is caused by the following call trace.\n\n sched_tick() [ acquire rq-\u003e__lock ]\n -\u003e task_tick_mm_cid()\n -\u003e task_work_add()\n -\u003e __kasan_record_aux_stack()\n -\u003e kasan_save_stack()\n -\u003e stack_depot_save_flags()\n -\u003e alloc_pages_mpol_noprof()\n -\u003e __alloc_pages_noprof()\n\t -\u003e get_page_from_freelist()\n\t -\u003e rmqueue()\n\t -\u003e rmqueue_pcplist()\n\t -\u003e __rmqueue_pcplist()\n\t -\u003e rmqueue_bulk()\n\t -\u003e rt_spin_lock()\n\nThe rq lock is a raw_spinlock_t. We can\u0027t sleep while holding\nit. IOW, we can\u0027t call alloc_pages() in stack_depot_save_flags().\n\nThe task_tick_mm_cid() function with its task_work_add() call was\nintroduced by commit 223baf9d17f2 (\"sched: Fix performance regression\nintroduced by mm_cid\") in v6.4 kernel.\n\nFortunately, there is a kasan_record_aux_stack_noalloc() variant that\ncalls stack_depot_save_flags() while not allowing it to allocate\nnew pages. To allow task_tick_mm_cid() to use task_work without\npage allocation, a new TWAF_NO_ALLOC flag is added to enable calling\nkasan_record_aux_stack_noalloc() instead of kasan_record_aux_stack()\nif set. The task_tick_mm_cid() function is modified to add this new flag.\n\nThe possible downside is the missing stack trace in a KASAN report due\nto new page allocation required when task_work_add_noallloc() is called\nwhich should be rare.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50140",
"url": "https://www.suse.com/security/cve/CVE-2024-50140"
},
{
"category": "external",
"summary": "SUSE Bug 1233060 for CVE-2024-50140",
"url": "https://bugzilla.suse.com/1233060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-50140"
},
{
"cve": "CVE-2024-50152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50152"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix possible double free in smb2_set_ea()\n\nClang static checker(scan-build) warning:\nfs/smb/client/smb2ops.c:1304:2: Attempt to free released memory.\n 1304 | kfree(ea);\n | ^~~~~~~~~\n\nThere is a double free in such case:\n\u0027ea is initialized to NULL\u0027 -\u003e \u0027first successful memory allocation for\nea\u0027 -\u003e \u0027something failed, goto sea_exit\u0027 -\u003e \u0027first memory release for ea\u0027\n-\u003e \u0027goto replay_again\u0027 -\u003e \u0027second goto sea_exit before allocate memory\nfor ea\u0027 -\u003e \u0027second memory release for ea resulted in double free\u0027.\n\nRe-initialie \u0027ea\u0027 to NULL near to the replay_again label, it can fix this\ndouble free problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50152",
"url": "https://www.suse.com/security/cve/CVE-2024-50152"
},
{
"category": "external",
"summary": "SUSE Bug 1233033 for CVE-2024-50152",
"url": "https://bugzilla.suse.com/1233033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-50152"
},
{
"cve": "CVE-2024-50162",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50162"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: devmap: provide rxq after redirect\n\nrxq contains a pointer to the device from where\nthe redirect happened. Currently, the BPF program\nthat was executed after a redirect via BPF_MAP_TYPE_DEVMAP*\ndoes not have it set.\n\nThis is particularly bad since accessing ingress_ifindex, e.g.\n\nSEC(\"xdp\")\nint prog(struct xdp_md *pkt)\n{\n return bpf_redirect_map(\u0026dev_redirect_map, 0, 0);\n}\n\nSEC(\"xdp/devmap\")\nint prog_after_redirect(struct xdp_md *pkt)\n{\n bpf_printk(\"ifindex %i\", pkt-\u003eingress_ifindex);\n return XDP_PASS;\n}\n\ndepends on access to rxq, so a NULL pointer gets dereferenced:\n\n\u003c1\u003e[ 574.475170] BUG: kernel NULL pointer dereference, address: 0000000000000000\n\u003c1\u003e[ 574.475188] #PF: supervisor read access in kernel mode\n\u003c1\u003e[ 574.475194] #PF: error_code(0x0000) - not-present page\n\u003c6\u003e[ 574.475199] PGD 0 P4D 0\n\u003c4\u003e[ 574.475207] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n\u003c4\u003e[ 574.475217] CPU: 4 UID: 0 PID: 217 Comm: kworker/4:1 Not tainted 6.11.0-rc5-reduced-00859-g780801200300 #23\n\u003c4\u003e[ 574.475226] Hardware name: Intel(R) Client Systems NUC13ANHi7/NUC13ANBi7, BIOS ANRPL357.0026.2023.0314.1458 03/14/2023\n\u003c4\u003e[ 574.475231] Workqueue: mld mld_ifc_work\n\u003c4\u003e[ 574.475247] RIP: 0010:bpf_prog_5e13354d9cf5018a_prog_after_redirect+0x17/0x3c\n\u003c4\u003e[ 574.475257] Code: cc cc cc cc cc cc cc 80 00 00 00 cc cc cc cc cc cc cc cc f3 0f 1e fa 0f 1f 44 00 00 66 90 55 48 89 e5 f3 0f 1e fa 48 8b 57 20 \u003c48\u003e 8b 52 00 8b 92 e0 00 00 00 48 bf f8 a6 d5 c4 5d a0 ff ff be 0b\n\u003c4\u003e[ 574.475263] RSP: 0018:ffffa62440280c98 EFLAGS: 00010206\n\u003c4\u003e[ 574.475269] RAX: ffffa62440280cd8 RBX: 0000000000000001 RCX: 0000000000000000\n\u003c4\u003e[ 574.475274] RDX: 0000000000000000 RSI: ffffa62440549048 RDI: ffffa62440280ce0\n\u003c4\u003e[ 574.475278] RBP: ffffa62440280c98 R08: 0000000000000002 R09: 0000000000000001\n\u003c4\u003e[ 574.475281] R10: ffffa05dc8b98000 R11: ffffa05f577fca40 R12: ffffa05dcab24000\n\u003c4\u003e[ 574.475285] R13: ffffa62440280ce0 R14: ffffa62440549048 R15: ffffa62440549000\n\u003c4\u003e[ 574.475289] FS: 0000000000000000(0000) GS:ffffa05f4f700000(0000) knlGS:0000000000000000\n\u003c4\u003e[ 574.475294] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\u003c4\u003e[ 574.475298] CR2: 0000000000000000 CR3: 000000025522e000 CR4: 0000000000f50ef0\n\u003c4\u003e[ 574.475303] PKRU: 55555554\n\u003c4\u003e[ 574.475306] Call Trace:\n\u003c4\u003e[ 574.475313] \u003cIRQ\u003e\n\u003c4\u003e[ 574.475318] ? __die+0x23/0x70\n\u003c4\u003e[ 574.475329] ? page_fault_oops+0x180/0x4c0\n\u003c4\u003e[ 574.475339] ? skb_pp_cow_data+0x34c/0x490\n\u003c4\u003e[ 574.475346] ? kmem_cache_free+0x257/0x280\n\u003c4\u003e[ 574.475357] ? exc_page_fault+0x67/0x150\n\u003c4\u003e[ 574.475368] ? asm_exc_page_fault+0x26/0x30\n\u003c4\u003e[ 574.475381] ? bpf_prog_5e13354d9cf5018a_prog_after_redirect+0x17/0x3c\n\u003c4\u003e[ 574.475386] bq_xmit_all+0x158/0x420\n\u003c4\u003e[ 574.475397] __dev_flush+0x30/0x90\n\u003c4\u003e[ 574.475407] veth_poll+0x216/0x250 [veth]\n\u003c4\u003e[ 574.475421] __napi_poll+0x28/0x1c0\n\u003c4\u003e[ 574.475430] net_rx_action+0x32d/0x3a0\n\u003c4\u003e[ 574.475441] handle_softirqs+0xcb/0x2c0\n\u003c4\u003e[ 574.475451] do_softirq+0x40/0x60\n\u003c4\u003e[ 574.475458] \u003c/IRQ\u003e\n\u003c4\u003e[ 574.475461] \u003cTASK\u003e\n\u003c4\u003e[ 574.475464] __local_bh_enable_ip+0x66/0x70\n\u003c4\u003e[ 574.475471] __dev_queue_xmit+0x268/0xe40\n\u003c4\u003e[ 574.475480] ? selinux_ip_postroute+0x213/0x420\n\u003c4\u003e[ 574.475491] ? alloc_skb_with_frags+0x4a/0x1d0\n\u003c4\u003e[ 574.475502] ip6_finish_output2+0x2be/0x640\n\u003c4\u003e[ 574.475512] ? nf_hook_slow+0x42/0xf0\n\u003c4\u003e[ 574.475521] ip6_finish_output+0x194/0x300\n\u003c4\u003e[ 574.475529] ? __pfx_ip6_finish_output+0x10/0x10\n\u003c4\u003e[ 574.475538] mld_sendpack+0x17c/0x240\n\u003c4\u003e[ 574.475548] mld_ifc_work+0x192/0x410\n\u003c4\u003e[ 574.475557] process_one_work+0x15d/0x380\n\u003c4\u003e[ 574.475566] worker_thread+0x29d/0x3a0\n\u003c4\u003e[ 574.475573] ? __pfx_worker_thread+0x10/0x10\n\u003c4\u003e[ 574.475580] ? __pfx_worker_thread+0x10/0x10\n\u003c4\u003e[ 574.475587] kthread+0xcd/0x100\n\u003c4\u003e[ 574.475597] ? __pfx_kthread+0x10/0x10\n\u003c4\u003e[ 574.475606] ret_from_fork+0x31/0x50\n\u003c4\u003e[ 574.475615] ? __pfx_kthread+0x10/0x10\n\u003c4\u003e[ 574.475623] ret_from_fork_asm+0x1a/0x\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50162",
"url": "https://www.suse.com/security/cve/CVE-2024-50162"
},
{
"category": "external",
"summary": "SUSE Bug 1233075 for CVE-2024-50162",
"url": "https://bugzilla.suse.com/1233075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-50162"
},
{
"cve": "CVE-2024-50163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50163"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Make sure internal and UAPI bpf_redirect flags don\u0027t overlap\n\nThe bpf_redirect_info is shared between the SKB and XDP redirect paths,\nand the two paths use the same numeric flag values in the ri-\u003eflags\nfield (specifically, BPF_F_BROADCAST == BPF_F_NEXTHOP). This means that\nif skb bpf_redirect_neigh() is used with a non-NULL params argument and,\nsubsequently, an XDP redirect is performed using the same\nbpf_redirect_info struct, the XDP path will get confused and end up\ncrashing, which syzbot managed to trigger.\n\nWith the stack-allocated bpf_redirect_info, the structure is no longer\nshared between the SKB and XDP paths, so the crash doesn\u0027t happen\nanymore. However, different code paths using identically-numbered flag\nvalues in the same struct field still seems like a bit of a mess, so\nthis patch cleans that up by moving the flag definitions together and\nredefining the three flags in BPF_F_REDIRECT_INTERNAL to not overlap\nwith the flags used for XDP. It also adds a BUILD_BUG_ON() check to make\nsure the overlap is not re-introduced by mistake.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50163",
"url": "https://www.suse.com/security/cve/CVE-2024-50163"
},
{
"category": "external",
"summary": "SUSE Bug 1233098 for CVE-2024-50163",
"url": "https://bugzilla.suse.com/1233098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-50163"
},
{
"cve": "CVE-2024-50223",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50223"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/numa: Fix the potential null pointer dereference in task_numa_work()\n\nWhen running stress-ng-vm-segv test, we found a null pointer dereference\nerror in task_numa_work(). Here is the backtrace:\n\n [323676.066985] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020\n ......\n [323676.067108] CPU: 35 PID: 2694524 Comm: stress-ng-vm-se\n ......\n [323676.067113] pstate: 23401009 (nzCv daif +PAN -UAO +TCO +DIT +SSBS BTYPE=--)\n [323676.067115] pc : vma_migratable+0x1c/0xd0\n [323676.067122] lr : task_numa_work+0x1ec/0x4e0\n [323676.067127] sp : ffff8000ada73d20\n [323676.067128] x29: ffff8000ada73d20 x28: 0000000000000000 x27: 000000003e89f010\n [323676.067130] x26: 0000000000080000 x25: ffff800081b5c0d8 x24: ffff800081b27000\n [323676.067133] x23: 0000000000010000 x22: 0000000104d18cc0 x21: ffff0009f7158000\n [323676.067135] x20: 0000000000000000 x19: 0000000000000000 x18: ffff8000ada73db8\n [323676.067138] x17: 0001400000000000 x16: ffff800080df40b0 x15: 0000000000000035\n [323676.067140] x14: ffff8000ada73cc8 x13: 1fffe0017cc72001 x12: ffff8000ada73cc8\n [323676.067142] x11: ffff80008001160c x10: ffff000be639000c x9 : ffff8000800f4ba4\n [323676.067145] x8 : ffff000810375000 x7 : ffff8000ada73974 x6 : 0000000000000001\n [323676.067147] x5 : 0068000b33e26707 x4 : 0000000000000001 x3 : ffff0009f7158000\n [323676.067149] x2 : 0000000000000041 x1 : 0000000000004400 x0 : 0000000000000000\n [323676.067152] Call trace:\n [323676.067153] vma_migratable+0x1c/0xd0\n [323676.067155] task_numa_work+0x1ec/0x4e0\n [323676.067157] task_work_run+0x78/0xd8\n [323676.067161] do_notify_resume+0x1ec/0x290\n [323676.067163] el0_svc+0x150/0x160\n [323676.067167] el0t_64_sync_handler+0xf8/0x128\n [323676.067170] el0t_64_sync+0x17c/0x180\n [323676.067173] Code: d2888001 910003fd f9000bf3 aa0003f3 (f9401000)\n [323676.067177] SMP: stopping secondary CPUs\n [323676.070184] Starting crashdump kernel...\n\nstress-ng-vm-segv in stress-ng is used to stress test the SIGSEGV error\nhandling function of the system, which tries to cause a SIGSEGV error on\nreturn from unmapping the whole address space of the child process.\n\nNormally this program will not cause kernel crashes. But before the\nmunmap system call returns to user mode, a potential task_numa_work()\nfor numa balancing could be added and executed. In this scenario, since the\nchild process has no vma after munmap, the vma_next() in task_numa_work()\nwill return a null pointer even if the vma iterator restarts from 0.\n\nRecheck the vma pointer before dereferencing it in task_numa_work().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50223",
"url": "https://www.suse.com/security/cve/CVE-2024-50223"
},
{
"category": "external",
"summary": "SUSE Bug 1233192 for CVE-2024-50223",
"url": "https://bugzilla.suse.com/1233192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-50223"
},
{
"cve": "CVE-2024-50290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50290"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx24116: prevent overflows on SNR calculus\n\nas reported by Coverity, if reading SNR registers fail, a negative\nnumber will be returned, causing an underflow when reading SNR\nregisters.\n\nPrevent that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50290",
"url": "https://www.suse.com/security/cve/CVE-2024-50290"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233479 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "external",
"summary": "SUSE Bug 1233681 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2024-50290"
},
{
"cve": "CVE-2024-50294",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50294"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix missing locking causing hanging calls\n\nIf a call gets aborted (e.g. because kafs saw a signal) between it being\nqueued for connection and the I/O thread picking up the call, the abort\nwill be prioritised over the connection and it will be removed from\nlocal-\u003enew_client_calls by rxrpc_disconnect_client_call() without a lock\nbeing held. This may cause other calls on the list to disappear if a race\noccurs.\n\nFix this by taking the client_call_lock when removing a call from whatever\nlist its -\u003ewait_link happens to be on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50294",
"url": "https://www.suse.com/security/cve/CVE-2024-50294"
},
{
"category": "external",
"summary": "SUSE Bug 1233483 for CVE-2024-50294",
"url": "https://bugzilla.suse.com/1233483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-50294"
},
{
"cve": "CVE-2024-52559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-52559"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()\n\nThe \"submit-\u003ecmd[i].size\" and \"submit-\u003ecmd[i].offset\" variables are u32\nvalues that come from the user via the submit_lookup_cmds() function.\nThis addition could lead to an integer wrapping bug so use size_add()\nto prevent that.\n\nPatchwork: https://patchwork.freedesktop.org/patch/624696/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-52559",
"url": "https://www.suse.com/security/cve/CVE-2024-52559"
},
{
"category": "external",
"summary": "SUSE Bug 1238507 for CVE-2024-52559",
"url": "https://bugzilla.suse.com/1238507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-52559"
},
{
"cve": "CVE-2024-53057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT\n\nIn qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed\nto be either root or ingress. This assumption is bogus since it\u0027s valid\nto create egress qdiscs with major handle ffff:\nBudimir Markovic found that for qdiscs like DRR that maintain an active\nclass list, it will cause a UAF with a dangling class pointer.\n\nIn 066a3b5b2346, the concern was to avoid iterating over the ingress\nqdisc since its parent is itself. The proper fix is to stop when parent\nTC_H_ROOT is reached because the only way to retrieve ingress is when a\nhierarchy which does not contain a ffff: major handle call into\nqdisc_lookup with TC_H_MAJ(TC_H_ROOT).\n\nIn the scenario where major ffff: is an egress qdisc in any of the tree\nlevels, the updates will also propagate to TC_H_ROOT, which then the\niteration must stop.\n\n\n net/sched/sch_api.c | 2 +-\n 1 file changed, 1 insertion(+), 1 deletion(-)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53057",
"url": "https://www.suse.com/security/cve/CVE-2024-53057"
},
{
"category": "external",
"summary": "SUSE Bug 1233551 for CVE-2024-53057",
"url": "https://bugzilla.suse.com/1233551"
},
{
"category": "external",
"summary": "SUSE Bug 1245816 for CVE-2024-53057",
"url": "https://bugzilla.suse.com/1245816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2024-53057"
},
{
"cve": "CVE-2024-53063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvbdev: prevent the risk of out of memory access\n\nThe dvbdev contains a static variable used to store dvb minors.\n\nThe behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set\nor not. When not set, dvb_register_device() won\u0027t check for\nboundaries, as it will rely that a previous call to\ndvb_register_adapter() would already be enforcing it.\n\nOn a similar way, dvb_device_open() uses the assumption\nthat the register functions already did the needed checks.\n\nThis can be fragile if some device ends using different\ncalls. This also generate warnings on static check analysers\nlike Coverity.\n\nSo, add explicit guards to prevent potential risk of OOM issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53063",
"url": "https://www.suse.com/security/cve/CVE-2024-53063"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233557 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "external",
"summary": "SUSE Bug 1233619 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233619"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2024-53063"
},
{
"cve": "CVE-2024-53124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53124"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix data-races around sk-\u003esk_forward_alloc\n\nSyzkaller reported this warning:\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 16 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x1c5/0x1e0\n Modules linked in:\n CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.12.0-rc5 #26\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n RIP: 0010:inet_sock_destruct+0x1c5/0x1e0\n Code: 24 12 4c 89 e2 5b 48 c7 c7 98 ec bb 82 41 5c e9 d1 18 17 ff 4c 89 e6 5b 48 c7 c7 d0 ec bb 82 41 5c e9 bf 18 17 ff 0f 0b eb 83 \u003c0f\u003e 0b eb 97 0f 0b eb 87 0f 0b e9 68 ff ff ff 66 66 2e 0f 1f 84 00\n RSP: 0018:ffffc9000008bd90 EFLAGS: 00010206\n RAX: 0000000000000300 RBX: ffff88810b172a90 RCX: 0000000000000007\n RDX: 0000000000000002 RSI: 0000000000000300 RDI: ffff88810b172a00\n RBP: ffff88810b172a00 R08: ffff888104273c00 R09: 0000000000100007\n R10: 0000000000020000 R11: 0000000000000006 R12: ffff88810b172a00\n R13: 0000000000000004 R14: 0000000000000000 R15: ffff888237c31f78\n FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ffc63fecac8 CR3: 000000000342e000 CR4: 00000000000006f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0x88/0x130\n ? inet_sock_destruct+0x1c5/0x1e0\n ? report_bug+0x18e/0x1a0\n ? handle_bug+0x53/0x90\n ? exc_invalid_op+0x18/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? inet_sock_destruct+0x1c5/0x1e0\n __sk_destruct+0x2a/0x200\n rcu_do_batch+0x1aa/0x530\n ? rcu_do_batch+0x13b/0x530\n rcu_core+0x159/0x2f0\n handle_softirqs+0xd3/0x2b0\n ? __pfx_smpboot_thread_fn+0x10/0x10\n run_ksoftirqd+0x25/0x30\n smpboot_thread_fn+0xdd/0x1d0\n kthread+0xd3/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n\nIts possible that two threads call tcp_v6_do_rcv()/sk_forward_alloc_add()\nconcurrently when sk-\u003esk_state == TCP_LISTEN with sk-\u003esk_lock unlocked,\nwhich triggers a data-race around sk-\u003esk_forward_alloc:\ntcp_v6_rcv\n tcp_v6_do_rcv\n skb_clone_and_charge_r\n sk_rmem_schedule\n __sk_mem_schedule\n sk_forward_alloc_add()\n skb_set_owner_r\n sk_mem_charge\n sk_forward_alloc_add()\n __kfree_skb\n skb_release_all\n skb_release_head_state\n sock_rfree\n sk_mem_uncharge\n sk_forward_alloc_add()\n sk_mem_reclaim\n // set local var reclaimable\n __sk_mem_reclaim\n sk_forward_alloc_add()\n\nIn this syzkaller testcase, two threads call\ntcp_v6_do_rcv() with skb-\u003etruesize=768, the sk_forward_alloc changes like\nthis:\n (cpu 1) | (cpu 2) | sk_forward_alloc\n ... | ... | 0\n __sk_mem_schedule() | | +4096 = 4096\n | __sk_mem_schedule() | +4096 = 8192\n sk_mem_charge() | | -768 = 7424\n | sk_mem_charge() | -768 = 6656\n ... | ... |\n sk_mem_uncharge() | | +768 = 7424\n reclaimable=7424 | |\n | sk_mem_uncharge() | +768 = 8192\n | reclaimable=8192 |\n __sk_mem_reclaim() | | -4096 = 4096\n | __sk_mem_reclaim() | -8192 = -4096 != 0\n\nThe skb_clone_and_charge_r() should not be called in tcp_v6_do_rcv() when\nsk-\u003esk_state is TCP_LISTEN, it happens later in tcp_v6_syn_recv_sock().\nFix the same issue in dccp_v6_do_rcv().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53124",
"url": "https://www.suse.com/security/cve/CVE-2024-53124"
},
{
"category": "external",
"summary": "SUSE Bug 1234074 for CVE-2024-53124",
"url": "https://bugzilla.suse.com/1234074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-53124"
},
{
"cve": "CVE-2024-53135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53135"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN\n\nHide KVM\u0027s pt_mode module param behind CONFIG_BROKEN, i.e. disable support\nfor virtualizing Intel PT via guest/host mode unless BROKEN=y. There are\nmyriad bugs in the implementation, some of which are fatal to the guest,\nand others which put the stability and health of the host at risk.\n\nFor guest fatalities, the most glaring issue is that KVM fails to ensure\ntracing is disabled, and *stays* disabled prior to VM-Enter, which is\nnecessary as hardware disallows loading (the guest\u0027s) RTIT_CTL if tracing\nis enabled (enforced via a VMX consistency check). Per the SDM:\n\n If the logical processor is operating with Intel PT enabled (if\n IA32_RTIT_CTL.TraceEn = 1) at the time of VM entry, the \"load\n IA32_RTIT_CTL\" VM-entry control must be 0.\n\nOn the host side, KVM doesn\u0027t validate the guest CPUID configuration\nprovided by userspace, and even worse, uses the guest configuration to\ndecide what MSRs to save/load at VM-Enter and VM-Exit. E.g. configuring\nguest CPUID to enumerate more address ranges than are supported in hardware\nwill result in KVM trying to passthrough, save, and load non-existent MSRs,\nwhich generates a variety of WARNs, ToPA ERRORs in the host, a potential\ndeadlock, etc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53135",
"url": "https://www.suse.com/security/cve/CVE-2024-53135"
},
{
"category": "external",
"summary": "SUSE Bug 1234154 for CVE-2024-53135",
"url": "https://bugzilla.suse.com/1234154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-53135"
},
{
"cve": "CVE-2024-53139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53139"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: fix possible UAF in sctp_v6_available()\n\nA lockdep report [1] with CONFIG_PROVE_RCU_LIST=y hints\nthat sctp_v6_available() is calling dev_get_by_index_rcu()\nand ipv6_chk_addr() without holding rcu.\n\n[1]\n =============================\n WARNING: suspicious RCU usage\n 6.12.0-rc5-virtme #1216 Tainted: G W\n -----------------------------\n net/core/dev.c:876 RCU-list traversed in non-reader section!!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by sctp_hello/31495:\n #0: ffff9f1ebbdb7418 (sk_lock-AF_INET6){+.+.}-{0:0}, at: sctp_bind (./arch/x86/include/asm/jump_label.h:27 net/sctp/socket.c:315) sctp\n\nstack backtrace:\n CPU: 7 UID: 0 PID: 31495 Comm: sctp_hello Tainted: G W 6.12.0-rc5-virtme #1216\n Tainted: [W]=WARN\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:123)\n lockdep_rcu_suspicious (kernel/locking/lockdep.c:6822)\n dev_get_by_index_rcu (net/core/dev.c:876 (discriminator 7))\n sctp_v6_available (net/sctp/ipv6.c:701) sctp\n sctp_do_bind (net/sctp/socket.c:400 (discriminator 1)) sctp\n sctp_bind (net/sctp/socket.c:320) sctp\n inet6_bind_sk (net/ipv6/af_inet6.c:465)\n ? security_socket_bind (security/security.c:4581 (discriminator 1))\n __sys_bind (net/socket.c:1848 net/socket.c:1869)\n ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340)\n ? do_user_addr_fault (./arch/x86/include/asm/preempt.h:84 (discriminator 13) ./include/linux/rcupdate.h:98 (discriminator 13) ./include/linux/rcupdate.h:882 (discriminator 13) ./include/linux/mm.h:729 (discriminator 13) arch/x86/mm/fault.c:1340 (discriminator 13))\n __x64_sys_bind (net/socket.c:1877 (discriminator 1) net/socket.c:1875 (discriminator 1) net/socket.c:1875 (discriminator 1))\n do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n RIP: 0033:0x7f59b934a1e7\n Code: 44 00 00 48 8b 15 39 8c 0c 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 31 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 09 8c 0c 00 f7 d8 64 89 01 48\nAll code\n========\n 0:\t44 00 00 \tadd %r8b,(%rax)\n 3:\t48 8b 15 39 8c 0c 00 \tmov 0xc8c39(%rip),%rdx # 0xc8c43\n a:\tf7 d8 \tneg %eax\n c:\t64 89 02 \tmov %eax,%fs:(%rdx)\n f:\tb8 ff ff ff ff \tmov $0xffffffff,%eax\n 14:\teb bd \tjmp 0xffffffffffffffd3\n 16:\t66 2e 0f 1f 84 00 00 \tcs nopw 0x0(%rax,%rax,1)\n 1d:\t00 00 00\n 20:\t0f 1f 00 \tnopl (%rax)\n 23:\tb8 31 00 00 00 \tmov $0x31,%eax\n 28:\t0f 05 \tsyscall\n 2a:*\t48 3d 01 f0 ff ff \tcmp $0xfffffffffffff001,%rax\t\t\u003c-- trapping instruction\n 30:\t73 01 \tjae 0x33\n 32:\tc3 \tret\n 33:\t48 8b 0d 09 8c 0c 00 \tmov 0xc8c09(%rip),%rcx # 0xc8c43\n 3a:\tf7 d8 \tneg %eax\n 3c:\t64 89 01 \tmov %eax,%fs:(%rcx)\n 3f:\t48 \trex.W\n\nCode starting with the faulting instruction\n===========================================\n 0:\t48 3d 01 f0 ff ff \tcmp $0xfffffffffffff001,%rax\n 6:\t73 01 \tjae 0x9\n 8:\tc3 \tret\n 9:\t48 8b 0d 09 8c 0c 00 \tmov 0xc8c09(%rip),%rcx # 0xc8c19\n 10:\tf7 d8 \tneg %eax\n 12:\t64 89 01 \tmov %eax,%fs:(%rcx)\n 15:\t48 \trex.W\n RSP: 002b:00007ffe2d0ad398 EFLAGS: 00000202 ORIG_RAX: 0000000000000031\n RAX: ffffffffffffffda RBX: 00007ffe2d0ad3d0 RCX: 00007f59b934a1e7\n RDX: 000000000000001c RSI: 00007ffe2d0ad3d0 RDI: 0000000000000005\n RBP: 0000000000000005 R08: 1999999999999999 R09: 0000000000000000\n R10: 00007f59b9253298 R11: 000000000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53139",
"url": "https://www.suse.com/security/cve/CVE-2024-53139"
},
{
"category": "external",
"summary": "SUSE Bug 1234157 for CVE-2024-53139",
"url": "https://bugzilla.suse.com/1234157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-53139"
},
{
"cve": "CVE-2024-53140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: terminate outstanding dump on socket close\n\nNetlink supports iterative dumping of data. It provides the families\nthe following ops:\n - start - (optional) kicks off the dumping process\n - dump - actual dump helper, keeps getting called until it returns 0\n - done - (optional) pairs with .start, can be used for cleanup\nThe whole process is asynchronous and the repeated calls to .dump\ndon\u0027t actually happen in a tight loop, but rather are triggered\nin response to recvmsg() on the socket.\n\nThis gives the user full control over the dump, but also means that\nthe user can close the socket without getting to the end of the dump.\nTo make sure .start is always paired with .done we check if there\nis an ongoing dump before freeing the socket, and if so call .done.\n\nThe complication is that sockets can get freed from BH and .done\nis allowed to sleep. So we use a workqueue to defer the call, when\nneeded.\n\nUnfortunately this does not work correctly. What we defer is not\nthe cleanup but rather releasing a reference on the socket.\nWe have no guarantee that we own the last reference, if someone\nelse holds the socket they may release it in BH and we\u0027re back\nto square one.\n\nThe whole dance, however, appears to be unnecessary. Only the user\ncan interact with dumps, so we can clean up when socket is closed.\nAnd close always happens in process context. Some async code may\nstill access the socket after close, queue notification skbs to it etc.\nbut no dumps can start, end or otherwise make progress.\n\nDelete the workqueue and flush the dump state directly from the release\nhandler. Note that further cleanup is possible in -next, for instance\nwe now always call .done before releasing the main module reference,\nso dump doesn\u0027t have to take a reference of its own.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53140",
"url": "https://www.suse.com/security/cve/CVE-2024-53140"
},
{
"category": "external",
"summary": "SUSE Bug 1234222 for CVE-2024-53140",
"url": "https://bugzilla.suse.com/1234222"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-53140"
},
{
"cve": "CVE-2024-53163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53163"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat/qat_420xx - fix off by one in uof_get_name()\n\nThis is called from uof_get_name_420xx() where \"num_objs\" is the\nARRAY_SIZE() of fw_objs[]. The \u003e needs to be \u003e= to prevent an out of\nbounds access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53163",
"url": "https://www.suse.com/security/cve/CVE-2024-53163"
},
{
"category": "external",
"summary": "SUSE Bug 1234828 for CVE-2024-53163",
"url": "https://bugzilla.suse.com/1234828"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-53163"
},
{
"cve": "CVE-2024-53176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53176"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: During unmount, ensure all cached dir instances drop their dentry\n\nThe unmount process (cifs_kill_sb() calling close_all_cached_dirs()) can\nrace with various cached directory operations, which ultimately results\nin dentries not being dropped and these kernel BUGs:\n\nBUG: Dentry ffff88814f37e358{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nVFS: Busy inodes after unmount of cifs (cifs)\n------------[ cut here ]------------\nkernel BUG at fs/super.c:661!\n\nThis happens when a cfid is in the process of being cleaned up when, and\nhas been removed from the cfids-\u003eentries list, including:\n\n- Receiving a lease break from the server\n- Server reconnection triggers invalidate_all_cached_dirs(), which\n removes all the cfids from the list\n- The laundromat thread decides to expire an old cfid.\n\nTo solve these problems, dropping the dentry is done in queued work done\nin a newly-added cfid_put_wq workqueue, and close_all_cached_dirs()\nflushes that workqueue after it drops all the dentries of which it\u0027s\naware. This is a global workqueue (rather than scoped to a mount), but\nthe queued work is minimal.\n\nThe final cleanup work for cleaning up a cfid is performed via work\nqueued in the serverclose_wq workqueue; this is done separate from\ndropping the dentries so that close_all_cached_dirs() doesn\u0027t block on\nany server operations.\n\nBoth of these queued works expect to invoked with a cfid reference and\na tcon reference to avoid those objects from being freed while the work\nis ongoing.\n\nWhile we\u0027re here, add proper locking to close_all_cached_dirs(), and\nlocking around the freeing of cfid-\u003edentry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53176",
"url": "https://www.suse.com/security/cve/CVE-2024-53176"
},
{
"category": "external",
"summary": "SUSE Bug 1234894 for CVE-2024-53176",
"url": "https://bugzilla.suse.com/1234894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-53176"
},
{
"cve": "CVE-2024-53177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: prevent use-after-free due to open_cached_dir error paths\n\nIf open_cached_dir() encounters an error parsing the lease from the\nserver, the error handling may race with receiving a lease break,\nresulting in open_cached_dir() freeing the cfid while the queued work is\npending.\n\nUpdate open_cached_dir() to drop refs rather than directly freeing the\ncfid.\n\nHave cached_dir_lease_break(), cfids_laundromat_worker(), and\ninvalidate_all_cached_dirs() clear has_lease immediately while still\nholding cfids-\u003ecfid_list_lock, and then use this to also simplify the\nreference counting in cfids_laundromat_worker() and\ninvalidate_all_cached_dirs().\n\nFixes this KASAN splat (which manually injects an error and lease break\nin open_cached_dir()):\n\n==================================================================\nBUG: KASAN: slab-use-after-free in smb2_cached_lease_break+0x27/0xb0\nRead of size 8 at addr ffff88811cc24c10 by task kworker/3:1/65\n\nCPU: 3 UID: 0 PID: 65 Comm: kworker/3:1 Not tainted 6.12.0-rc6-g255cf264e6e5-dirty #87\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nWorkqueue: cifsiod smb2_cached_lease_break\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x77/0xb0\n print_report+0xce/0x660\n kasan_report+0xd3/0x110\n smb2_cached_lease_break+0x27/0xb0\n process_one_work+0x50a/0xc50\n worker_thread+0x2ba/0x530\n kthread+0x17c/0x1c0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n open_cached_dir+0xa7d/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x51/0x70\n kfree+0x174/0x520\n open_cached_dir+0x97f/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nLast potentially related work creation:\n kasan_save_stack+0x33/0x60\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x32/0x100\n __queue_work+0x5c9/0x870\n queue_work_on+0x82/0x90\n open_cached_dir+0x1369/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe buggy address belongs to the object at ffff88811cc24c00\n which belongs to the cache kmalloc-1k of size 1024\nThe buggy address is located 16 bytes inside of\n freed 1024-byte region [ffff88811cc24c00, ffff88811cc25000)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53177",
"url": "https://www.suse.com/security/cve/CVE-2024-53177"
},
{
"category": "external",
"summary": "SUSE Bug 1234896 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "external",
"summary": "SUSE Bug 1235103 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1235103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2024-53177"
},
{
"cve": "CVE-2024-53178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53178"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: Don\u0027t leak cfid when reconnect races with open_cached_dir\n\nopen_cached_dir() may either race with the tcon reconnection even before\ncompound_send_recv() or directly trigger a reconnection via\nSMB2_open_init() or SMB_query_info_init().\n\nThe reconnection process invokes invalidate_all_cached_dirs() via\ncifs_mark_open_files_invalid(), which removes all cfids from the\ncfids-\u003eentries list but doesn\u0027t drop a ref if has_lease isn\u0027t true. This\nresults in the currently-being-constructed cfid not being on the list,\nbut still having a refcount of 2. It leaks if returned from\nopen_cached_dir().\n\nFix this by setting cfid-\u003ehas_lease when the ref is actually taken; the\ncfid will not be used by other threads until it has a valid time.\n\nAddresses these kmemleaks:\n\nunreferenced object 0xffff8881090c4000 (size 1024):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 32 bytes):\n 00 01 00 00 00 00 ad de 22 01 00 00 00 00 ad de ........\".......\n 00 ca 45 22 81 88 ff ff f8 dc 4f 04 81 88 ff ff ..E\"......O.....\n backtrace (crc 6f58c20f):\n [\u003cffffffff8b895a1e\u003e] __kmalloc_cache_noprof+0x2be/0x350\n [\u003cffffffff8bda06e3\u003e] open_cached_dir+0x993/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\nunreferenced object 0xffff8881044fdcf8 (size 8):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 8 bytes):\n 00 cc cc cc cc cc cc cc ........\n backtrace (crc 10c106a9):\n [\u003cffffffff8b89a3d3\u003e] __kmalloc_node_track_caller_noprof+0x363/0x480\n [\u003cffffffff8b7d7256\u003e] kstrdup+0x36/0x60\n [\u003cffffffff8bda0700\u003e] open_cached_dir+0x9b0/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAnd addresses these BUG splats when unmounting the SMB filesystem:\n\nBUG: Dentry ffff888140590ba0{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nWARNING: CPU: 3 PID: 3433 at fs/dcache.c:1536 umount_check+0xd0/0x100\nModules linked in:\nCPU: 3 UID: 0 PID: 3433 Comm: bash Not tainted 6.12.0-rc4-g850925a8133c-dirty #49\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nRIP: 0010:umount_check+0xd0/0x100\nCode: 8d 7c 24 40 e8 31 5a f4 ff 49 8b 54 24 40 41 56 49 89 e9 45 89 e8 48 89 d9 41 57 48 89 de 48 c7 c7 80 e7 db ac e8 f0 72 9a ff \u003c0f\u003e 0b 58 31 c0 5a 5b 5d 41 5c 41 5d 41 5e 41 5f e9 2b e5 5d 01 41\nRSP: 0018:ffff88811cc27978 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888140590ba0 RCX: ffffffffaaf20bae\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881f6fb6f40\nRBP: ffff8881462ec000 R08: 0000000000000001 R09: ffffed1023984ee3\nR10: ffff88811cc2771f R11: 00000000016cfcc0 R12: ffff888134383e08\nR13: 0000000000000002 R14: ffff8881462ec668 R15: ffffffffaceab4c0\nFS: 00007f23bfa98740(0000) GS:ffff8881f6f80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556de4a6f808 CR3: 0000000123c80000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n d_walk+0x6a/0x530\n shrink_dcache_for_umount+0x6a/0x200\n generic_shutdown_super+0x52/0x2a0\n kill_anon_super+0x22/0x40\n cifs_kill_sb+0x159/0x1e0\n deactivate_locked_super+0x66/0xe0\n cleanup_mnt+0x140/0x210\n task_work_run+0xfb/0x170\n syscall_exit_to_user_mode+0x29f/0x2b0\n do_syscall_64+0xa1/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f23bfb93ae7\nCode: ff ff ff ff c3 66 0f 1f 44 00 00 48 8b 0d 11 93 0d 00 f7 d8 64 89 01 b8 ff ff ff ff eb bf 0f 1f 44 00 00 b8 50 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d e9 92 0d 00 f7 d8 64 89 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53178",
"url": "https://www.suse.com/security/cve/CVE-2024-53178"
},
{
"category": "external",
"summary": "SUSE Bug 1234895 for CVE-2024-53178",
"url": "https://bugzilla.suse.com/1234895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-53178"
},
{
"cve": "CVE-2024-53680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()\n\nUnder certain kernel configurations when building with Clang/LLVM, the\ncompiler does not generate a return or jump as the terminator\ninstruction for ip_vs_protocol_init(), triggering the following objtool\nwarning during build time:\n\n vmlinux.o: warning: objtool: ip_vs_protocol_init() falls through to next function __initstub__kmod_ip_vs_rr__935_123_ip_vs_rr_init6()\n\nAt runtime, this either causes an oops when trying to load the ipvs\nmodule or a boot-time panic if ipvs is built-in. This same issue has\nbeen reported by the Intel kernel test robot previously.\n\nDigging deeper into both LLVM and the kernel code reveals this to be a\nundefined behavior problem. ip_vs_protocol_init() uses a on-stack buffer\nof 64 chars to store the registered protocol names and leaves it\nuninitialized after definition. The function calls strnlen() when\nconcatenating protocol names into the buffer. With CONFIG_FORTIFY_SOURCE\nstrnlen() performs an extra step to check whether the last byte of the\ninput char buffer is a null character (commit 3009f891bb9f (\"fortify:\nAllow strlen() and strnlen() to pass compile-time known lengths\")).\nThis, together with possibly other configurations, cause the following\nIR to be generated:\n\n define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #5 section \".init.text\" align 16 !kcfi_type !29 {\n %1 = alloca [64 x i8], align 16\n ...\n\n 14: ; preds = %11\n %15 = getelementptr inbounds i8, ptr %1, i64 63\n %16 = load i8, ptr %15, align 1\n %17 = tail call i1 @llvm.is.constant.i8(i8 %16)\n %18 = icmp eq i8 %16, 0\n %19 = select i1 %17, i1 %18, i1 false\n br i1 %19, label %20, label %23\n\n 20: ; preds = %14\n %21 = call i64 @strlen(ptr noundef nonnull dereferenceable(1) %1) #23\n ...\n\n 23: ; preds = %14, %11, %20\n %24 = call i64 @strnlen(ptr noundef nonnull dereferenceable(1) %1, i64 noundef 64) #24\n ...\n }\n\nThe above code calculates the address of the last char in the buffer\n(value %15) and then loads from it (value %16). Because the buffer is\nnever initialized, the LLVM GVN pass marks value %16 as undefined:\n\n %13 = getelementptr inbounds i8, ptr %1, i64 63\n br i1 undef, label %14, label %17\n\nThis gives later passes (SCCP, in particular) more DCE opportunities by\npropagating the undef value further, and eventually removes everything\nafter the load on the uninitialized stack location:\n\n define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #0 section \".init.text\" align 16 !kcfi_type !11 {\n %1 = alloca [64 x i8], align 16\n ...\n\n 12: ; preds = %11\n %13 = getelementptr inbounds i8, ptr %1, i64 63\n unreachable\n }\n\nIn this way, the generated native code will just fall through to the\nnext function, as LLVM does not generate any code for the unreachable IR\ninstruction and leaves the function without a terminator.\n\nZero the on-stack buffer to avoid this possible UB.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53680",
"url": "https://www.suse.com/security/cve/CVE-2024-53680"
},
{
"category": "external",
"summary": "SUSE Bug 1235715 for CVE-2024-53680",
"url": "https://bugzilla.suse.com/1235715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-53680"
},
{
"cve": "CVE-2024-54458",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-54458"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: bsg: Set bsg_queue to NULL after removal\n\nCurrently, this does not cause any issues, but I believe it is necessary to\nset bsg_queue to NULL after removing it to prevent potential use-after-free\n(UAF) access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-54458",
"url": "https://www.suse.com/security/cve/CVE-2024-54458"
},
{
"category": "external",
"summary": "SUSE Bug 1238992 for CVE-2024-54458",
"url": "https://bugzilla.suse.com/1238992"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-54458"
},
{
"cve": "CVE-2024-54683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-54683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: IDLETIMER: Fix for possible ABBA deadlock\n\nDeletion of the last rule referencing a given idletimer may happen at\nthe same time as a read of its file in sysfs:\n\n| ======================================================\n| WARNING: possible circular locking dependency detected\n| 6.12.0-rc7-01692-g5e9a28f41134-dirty #594 Not tainted\n| ------------------------------------------------------\n| iptables/3303 is trying to acquire lock:\n| ffff8881057e04b8 (kn-\u003eactive#48){++++}-{0:0}, at: __kernfs_remove+0x20\n|\n| but task is already holding lock:\n| ffffffffa0249068 (list_mutex){+.+.}-{3:3}, at: idletimer_tg_destroy_v]\n|\n| which lock already depends on the new lock.\n\nA simple reproducer is:\n\n| #!/bin/bash\n|\n| while true; do\n| iptables -A INPUT -i foo -j IDLETIMER --timeout 10 --label \"testme\"\n| iptables -D INPUT -i foo -j IDLETIMER --timeout 10 --label \"testme\"\n| done \u0026\n| while true; do\n| cat /sys/class/xt_idletimer/timers/testme \u003e/dev/null\n| done\n\nAvoid this by freeing list_mutex right after deleting the element from\nthe list, then continuing with the teardown.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-54683",
"url": "https://www.suse.com/security/cve/CVE-2024-54683"
},
{
"category": "external",
"summary": "SUSE Bug 1235729 for CVE-2024-54683",
"url": "https://bugzilla.suse.com/1235729"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-54683"
},
{
"cve": "CVE-2024-56638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_inner: incorrect percpu area handling under softirq\n\nSoftirq can interrupt ongoing packet from process context that is\nwalking over the percpu area that contains inner header offsets.\n\nDisable bh and perform three checks before restoring the percpu inner\nheader offsets to validate that the percpu area is valid for this\nskbuff:\n\n1) If the NFT_PKTINFO_INNER_FULL flag is set on, then this skbuff\n has already been parsed before for inner header fetching to\n register.\n\n2) Validate that the percpu area refers to this skbuff using the\n skbuff pointer as a cookie. If there is a cookie mismatch, then\n this skbuff needs to be parsed again.\n\n3) Finally, validate if the percpu area refers to this tunnel type.\n\nOnly after these three checks the percpu area is restored to a on-stack\ncopy and bh is enabled again.\n\nAfter inner header fetching, the on-stack copy is stored back to the\npercpu area.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56638",
"url": "https://www.suse.com/security/cve/CVE-2024-56638"
},
{
"category": "external",
"summary": "SUSE Bug 1235524 for CVE-2024-56638",
"url": "https://bugzilla.suse.com/1235524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-56638"
},
{
"cve": "CVE-2024-56640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix LGR and link use-after-free issue\n\nWe encountered a LGR/link use-after-free issue, which manifested as\nthe LGR/link refcnt reaching 0 early and entering the clear process,\nmaking resource access unsafe.\n\n refcount_t: addition on 0; use-after-free.\n WARNING: CPU: 14 PID: 107447 at lib/refcount.c:25 refcount_warn_saturate+0x9c/0x140\n Workqueue: events smc_lgr_terminate_work [smc]\n Call trace:\n refcount_warn_saturate+0x9c/0x140\n __smc_lgr_terminate.part.45+0x2a8/0x370 [smc]\n smc_lgr_terminate_work+0x28/0x30 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nor\n\n refcount_t: underflow; use-after-free.\n WARNING: CPU: 6 PID: 93140 at lib/refcount.c:28 refcount_warn_saturate+0xf0/0x140\n Workqueue: smc_hs_wq smc_listen_work [smc]\n Call trace:\n refcount_warn_saturate+0xf0/0x140\n smcr_link_put+0x1cc/0x1d8 [smc]\n smc_conn_free+0x110/0x1b0 [smc]\n smc_conn_abort+0x50/0x60 [smc]\n smc_listen_find_device+0x75c/0x790 [smc]\n smc_listen_work+0x368/0x8a0 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nIt is caused by repeated release of LGR/link refcnt. One suspect is that\nsmc_conn_free() is called repeatedly because some smc_conn_free() from\nserver listening path are not protected by sock lock.\n\ne.g.\n\nCalls under socklock | smc_listen_work\n-------------------------------------------------------\nlock_sock(sk) | smc_conn_abort\nsmc_conn_free | \\- smc_conn_free\n\\- smcr_link_put | \\- smcr_link_put (duplicated)\nrelease_sock(sk)\n\nSo here add sock lock protection in smc_listen_work() path, making it\nexclusive with other connection operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56640",
"url": "https://www.suse.com/security/cve/CVE-2024-56640"
},
{
"category": "external",
"summary": "SUSE Bug 1235436 for CVE-2024-56640",
"url": "https://bugzilla.suse.com/1235436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-56640"
},
{
"cve": "CVE-2024-56641",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56641"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: initialize close_work early to avoid warning\n\nWe encountered a warning that close_work was canceled before\ninitialization.\n\n WARNING: CPU: 7 PID: 111103 at kernel/workqueue.c:3047 __flush_work+0x19e/0x1b0\n Workqueue: events smc_lgr_terminate_work [smc]\n RIP: 0010:__flush_work+0x19e/0x1b0\n Call Trace:\n ? __wake_up_common+0x7a/0x190\n ? work_busy+0x80/0x80\n __cancel_work_timer+0xe3/0x160\n smc_close_cancel_work+0x1a/0x70 [smc]\n smc_close_active_abort+0x207/0x360 [smc]\n __smc_lgr_terminate.part.38+0xc8/0x180 [smc]\n process_one_work+0x19e/0x340\n worker_thread+0x30/0x370\n ? process_one_work+0x340/0x340\n kthread+0x117/0x130\n ? __kthread_cancel_work+0x50/0x50\n ret_from_fork+0x22/0x30\n\nThis is because when smc_close_cancel_work is triggered, e.g. the RDMA\ndriver is rmmod and the LGR is terminated, the conn-\u003eclose_work is\nflushed before initialization, resulting in WARN_ON(!work-\u003efunc).\n\n__smc_lgr_terminate | smc_connect_{rdma|ism}\n-------------------------------------------------------------\n | smc_conn_create\n\t\t\t\t| \\- smc_lgr_register_conn\nfor conn in lgr-\u003econns_all |\n\\- smc_conn_kill |\n \\- smc_close_active_abort |\n \\- smc_close_cancel_work |\n \\- cancel_work_sync |\n \\- __flush_work |\n\t (close_work) |\n\t | smc_close_init\n\t | \\- INIT_WORK(\u0026close_work)\n\nSo fix this by initializing close_work before establishing the\nconnection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56641",
"url": "https://www.suse.com/security/cve/CVE-2024-56641"
},
{
"category": "external",
"summary": "SUSE Bug 1235526 for CVE-2024-56641",
"url": "https://bugzilla.suse.com/1235526"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-56641"
},
{
"cve": "CVE-2024-56702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Mark raw_tp arguments with PTR_MAYBE_NULL\n\nArguments to a raw tracepoint are tagged as trusted, which carries the\nsemantics that the pointer will be non-NULL. However, in certain cases,\na raw tracepoint argument may end up being NULL. More context about this\nissue is available in [0].\n\nThus, there is a discrepancy between the reality, that raw_tp arguments\ncan actually be NULL, and the verifier\u0027s knowledge, that they are never\nNULL, causing explicit NULL checks to be deleted, and accesses to such\npointers potentially crashing the kernel.\n\nTo fix this, mark raw_tp arguments as PTR_MAYBE_NULL, and then special\ncase the dereference and pointer arithmetic to permit it, and allow\npassing them into helpers/kfuncs; these exceptions are made for raw_tp\nprograms only. Ensure that we don\u0027t do this when ref_obj_id \u003e 0, as in\nthat case this is an acquired object and doesn\u0027t need such adjustment.\n\nThe reason we do mask_raw_tp_trusted_reg logic is because other will\nrecheck in places whether the register is a trusted_reg, and then\nconsider our register as untrusted when detecting the presence of the\nPTR_MAYBE_NULL flag.\n\nTo allow safe dereference, we enable PROBE_MEM marking when we see loads\ninto trusted pointers with PTR_MAYBE_NULL.\n\nWhile trusted raw_tp arguments can also be passed into helpers or kfuncs\nwhere such broken assumption may cause issues, a future patch set will\ntackle their case separately, as PTR_TO_BTF_ID (without PTR_TRUSTED) can\nalready be passed into helpers and causes similar problems. Thus, they\nare left alone for now.\n\nIt is possible that these checks also permit passing non-raw_tp args\nthat are trusted PTR_TO_BTF_ID with null marking. In such a case,\nallowing dereference when pointer is NULL expands allowed behavior, so\nwon\u0027t regress existing programs, and the case of passing these into\nhelpers is the same as above and will be dealt with later.\n\nAlso update the failure case in tp_btf_nullable selftest to capture the\nnew behavior, as the verifier will no longer cause an error when\ndirectly dereference a raw tracepoint argument marked as __nullable.\n\n [0]: https://lore.kernel.org/bpf/ZrCZS6nisraEqehw@jlelli-thinkpadt14gen4.remote.csb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56702",
"url": "https://www.suse.com/security/cve/CVE-2024-56702"
},
{
"category": "external",
"summary": "SUSE Bug 1235501 for CVE-2024-56702",
"url": "https://bugzilla.suse.com/1235501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-56702"
},
{
"cve": "CVE-2024-56703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix soft lockups in fib6_select_path under high next hop churn\n\nSoft lockups have been observed on a cluster of Linux-based edge routers\nlocated in a highly dynamic environment. Using the `bird` service, these\nrouters continuously update BGP-advertised routes due to frequently\nchanging nexthop destinations, while also managing significant IPv6\ntraffic. The lockups occur during the traversal of the multipath\ncircular linked-list in the `fib6_select_path` function, particularly\nwhile iterating through the siblings in the list. The issue typically\narises when the nodes of the linked list are unexpectedly deleted\nconcurrently on a different core\u2014indicated by their \u0027next\u0027 and\n\u0027previous\u0027 elements pointing back to the node itself and their reference\ncount dropping to zero. This results in an infinite loop, leading to a\nsoft lockup that triggers a system panic via the watchdog timer.\n\nApply RCU primitives in the problematic code sections to resolve the\nissue. Where necessary, update the references to fib6_siblings to\nannotate or use the RCU APIs.\n\nInclude a test script that reproduces the issue. The script\nperiodically updates the routing table while generating a heavy load\nof outgoing IPv6 traffic through multiple iperf3 clients. It\nconsistently induces infinite soft lockups within a couple of minutes.\n\nKernel log:\n\n 0 [ffffbd13003e8d30] machine_kexec at ffffffff8ceaf3eb\n 1 [ffffbd13003e8d90] __crash_kexec at ffffffff8d0120e3\n 2 [ffffbd13003e8e58] panic at ffffffff8cef65d4\n 3 [ffffbd13003e8ed8] watchdog_timer_fn at ffffffff8d05cb03\n 4 [ffffbd13003e8f08] __hrtimer_run_queues at ffffffff8cfec62f\n 5 [ffffbd13003e8f70] hrtimer_interrupt at ffffffff8cfed756\n 6 [ffffbd13003e8fd0] __sysvec_apic_timer_interrupt at ffffffff8cea01af\n 7 [ffffbd13003e8ff0] sysvec_apic_timer_interrupt at ffffffff8df1b83d\n-- \u003cIRQ stack\u003e --\n 8 [ffffbd13003d3708] asm_sysvec_apic_timer_interrupt at ffffffff8e000ecb\n [exception RIP: fib6_select_path+299]\n RIP: ffffffff8ddafe7b RSP: ffffbd13003d37b8 RFLAGS: 00000287\n RAX: ffff975850b43600 RBX: ffff975850b40200 RCX: 0000000000000000\n RDX: 000000003fffffff RSI: 0000000051d383e4 RDI: ffff975850b43618\n RBP: ffffbd13003d3800 R8: 0000000000000000 R9: ffff975850b40200\n R10: 0000000000000000 R11: 0000000000000000 R12: ffffbd13003d3830\n R13: ffff975850b436a8 R14: ffff975850b43600 R15: 0000000000000007\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n 9 [ffffbd13003d3808] ip6_pol_route at ffffffff8ddb030c\n10 [ffffbd13003d3888] ip6_pol_route_input at ffffffff8ddb068c\n11 [ffffbd13003d3898] fib6_rule_lookup at ffffffff8ddf02b5\n12 [ffffbd13003d3928] ip6_route_input at ffffffff8ddb0f47\n13 [ffffbd13003d3a18] ip6_rcv_finish_core.constprop.0 at ffffffff8dd950d0\n14 [ffffbd13003d3a30] ip6_list_rcv_finish.constprop.0 at ffffffff8dd96274\n15 [ffffbd13003d3a98] ip6_sublist_rcv at ffffffff8dd96474\n16 [ffffbd13003d3af8] ipv6_list_rcv at ffffffff8dd96615\n17 [ffffbd13003d3b60] __netif_receive_skb_list_core at ffffffff8dc16fec\n18 [ffffbd13003d3be0] netif_receive_skb_list_internal at ffffffff8dc176b3\n19 [ffffbd13003d3c50] napi_gro_receive at ffffffff8dc565b9\n20 [ffffbd13003d3c80] ice_receive_skb at ffffffffc087e4f5 [ice]\n21 [ffffbd13003d3c90] ice_clean_rx_irq at ffffffffc0881b80 [ice]\n22 [ffffbd13003d3d20] ice_napi_poll at ffffffffc088232f [ice]\n23 [ffffbd13003d3d80] __napi_poll at ffffffff8dc18000\n24 [ffffbd13003d3db8] net_rx_action at ffffffff8dc18581\n25 [ffffbd13003d3e40] __do_softirq at ffffffff8df352e9\n26 [ffffbd13003d3eb0] run_ksoftirqd at ffffffff8ceffe47\n27 [ffffbd13003d3ec0] smpboot_thread_fn at ffffffff8cf36a30\n28 [ffffbd13003d3ee8] kthread at ffffffff8cf2b39f\n29 [ffffbd13003d3f28] ret_from_fork at ffffffff8ce5fa64\n30 [ffffbd13003d3f50] ret_from_fork_asm at ffffffff8ce03cbb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56703",
"url": "https://www.suse.com/security/cve/CVE-2024-56703"
},
{
"category": "external",
"summary": "SUSE Bug 1235455 for CVE-2024-56703",
"url": "https://bugzilla.suse.com/1235455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-56703"
},
{
"cve": "CVE-2024-56718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: protect link down work from execute after lgr freed\n\nlink down work may be scheduled before lgr freed but execute\nafter lgr freed, which may result in crash. So it is need to\nhold a reference before shedule link down work, and put the\nreference after work executed or canceled.\n\nThe relevant crash call stack as follows:\n list_del corruption. prev-\u003enext should be ffffb638c9c0fe20,\n but was 0000000000000000\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:51!\n invalid opcode: 0000 [#1] SMP NOPTI\n CPU: 6 PID: 978112 Comm: kworker/6:119 Kdump: loaded Tainted: G #1\n Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 2221b89 04/01/2014\n Workqueue: events smc_link_down_work [smc]\n RIP: 0010:__list_del_entry_valid.cold+0x31/0x47\n RSP: 0018:ffffb638c9c0fdd8 EFLAGS: 00010086\n RAX: 0000000000000054 RBX: ffff942fb75e5128 RCX: 0000000000000000\n RDX: ffff943520930aa0 RSI: ffff94352091fc80 RDI: ffff94352091fc80\n RBP: 0000000000000000 R08: 0000000000000000 R09: ffffb638c9c0fc38\n R10: ffffb638c9c0fc30 R11: ffffffffa015eb28 R12: 0000000000000002\n R13: ffffb638c9c0fe20 R14: 0000000000000001 R15: ffff942f9cd051c0\n FS: 0000000000000000(0000) GS:ffff943520900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f4f25214000 CR3: 000000025fbae004 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n rwsem_down_write_slowpath+0x17e/0x470\n smc_link_down_work+0x3c/0x60 [smc]\n process_one_work+0x1ac/0x350\n worker_thread+0x49/0x2f0\n ? rescuer_thread+0x360/0x360\n kthread+0x118/0x140\n ? __kthread_bind_mask+0x60/0x60\n ret_from_fork+0x1f/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56718",
"url": "https://www.suse.com/security/cve/CVE-2024-56718"
},
{
"category": "external",
"summary": "SUSE Bug 1235589 for CVE-2024-56718",
"url": "https://bugzilla.suse.com/1235589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-56718"
},
{
"cve": "CVE-2024-56719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: fix TSO DMA API usage causing oops\n\nCommit 66600fac7a98 (\"net: stmmac: TSO: Fix unbalanced DMA map/unmap\nfor non-paged SKB data\") moved the assignment of tx_skbuff_dma[]\u0027s\nmembers to be later in stmmac_tso_xmit().\n\nThe buf (dma cookie) and len stored in this structure are passed to\ndma_unmap_single() by stmmac_tx_clean(). The DMA API requires that\nthe dma cookie passed to dma_unmap_single() is the same as the value\nreturned from dma_map_single(). However, by moving the assignment\nlater, this is not the case when priv-\u003edma_cap.addr64 \u003e 32 as \"des\"\nis offset by proto_hdr_len.\n\nThis causes problems such as:\n\n dwc-eth-dwmac 2490000.ethernet eth0: Tx DMA map failed\n\nand with DMA_API_DEBUG enabled:\n\n DMA-API: dwc-eth-dwmac 2490000.ethernet: device driver tries to +free DMA memory it has not allocated [device address=0x000000ffffcf65c0] [size=66 bytes]\n\nFix this by maintaining \"des\" as the original DMA cookie, and use\ntso_des to pass the offset DMA cookie to stmmac_tso_allocator().\n\nFull details of the crashes can be found at:\nhttps://lore.kernel.org/all/d8112193-0386-4e14-b516-37c2d838171a@nvidia.com/\nhttps://lore.kernel.org/all/klkzp5yn5kq5efgtrow6wbvnc46bcqfxs65nz3qy77ujr5turc@bwwhelz2l4dw/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56719",
"url": "https://www.suse.com/security/cve/CVE-2024-56719"
},
{
"category": "external",
"summary": "SUSE Bug 1235591 for CVE-2024-56719",
"url": "https://bugzilla.suse.com/1235591"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-56719"
},
{
"cve": "CVE-2024-56751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56751"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: release nexthop on device removal\n\nThe CI is hitting some aperiodic hangup at device removal time in the\npmtu.sh self-test:\n\nunregister_netdevice: waiting for veth_A-R1 to become free. Usage count = 6\nref_tracker: veth_A-R1@ffff888013df15d8 has 1/5 users at\n\tdst_init+0x84/0x4a0\n\tdst_alloc+0x97/0x150\n\tip6_dst_alloc+0x23/0x90\n\tip6_rt_pcpu_alloc+0x1e6/0x520\n\tip6_pol_route+0x56f/0x840\n\tfib6_rule_lookup+0x334/0x630\n\tip6_route_output_flags+0x259/0x480\n\tip6_dst_lookup_tail.constprop.0+0x5c2/0x940\n\tip6_dst_lookup_flow+0x88/0x190\n\tudp_tunnel6_dst_lookup+0x2a7/0x4c0\n\tvxlan_xmit_one+0xbde/0x4a50 [vxlan]\n\tvxlan_xmit+0x9ad/0xf20 [vxlan]\n\tdev_hard_start_xmit+0x10e/0x360\n\t__dev_queue_xmit+0xf95/0x18c0\n\tarp_solicit+0x4a2/0xe00\n\tneigh_probe+0xaa/0xf0\n\nWhile the first suspect is the dst_cache, explicitly tracking the dst\nowing the last device reference via probes proved such dst is held by\nthe nexthop in the originating fib6_info.\n\nSimilar to commit f5b51fe804ec (\"ipv6: route: purge exception on\nremoval\"), we need to explicitly release the originating fib info when\ndisconnecting a to-be-removed device from a live ipv6 dst: move the\nfib6_info cleanup into ip6_dst_ifdown().\n\nTested running:\n\n./pmtu.sh cleanup_ipv6_exception\n\nin a tight loop for more than 400 iterations with no spat, running an\nunpatched kernel I observed a splat every ~10 iterations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56751",
"url": "https://www.suse.com/security/cve/CVE-2024-56751"
},
{
"category": "external",
"summary": "SUSE Bug 1234936 for CVE-2024-56751",
"url": "https://bugzilla.suse.com/1234936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-56751"
},
{
"cve": "CVE-2024-56758",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56758"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: check folio mapping after unlock in relocate_one_folio()\n\nWhen we call btrfs_read_folio() to bring a folio uptodate, we unlock the\nfolio. The result of that is that a different thread can modify the\nmapping (like remove it with invalidate) before we call folio_lock().\nThis results in an invalid page and we need to try again.\n\nIn particular, if we are relocating concurrently with aborting a\ntransaction, this can result in a crash like the following:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP\n CPU: 76 PID: 1411631 Comm: kworker/u322:5\n Workqueue: events_unbound btrfs_reclaim_bgs_work\n RIP: 0010:set_page_extent_mapped+0x20/0xb0\n RSP: 0018:ffffc900516a7be8 EFLAGS: 00010246\n RAX: ffffea009e851d08 RBX: ffffea009e0b1880 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffffc900516a7b90 RDI: ffffea009e0b1880\n RBP: 0000000003573000 R08: 0000000000000001 R09: ffff88c07fd2f3f0\n R10: 0000000000000000 R11: 0000194754b575be R12: 0000000003572000\n R13: 0000000003572fff R14: 0000000000100cca R15: 0000000005582fff\n FS: 0000000000000000(0000) GS:ffff88c07fd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 000000407d00f002 CR4: 00000000007706f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x78/0xc0\n ? page_fault_oops+0x2a8/0x3a0\n ? __switch_to+0x133/0x530\n ? wq_worker_running+0xa/0x40\n ? exc_page_fault+0x63/0x130\n ? asm_exc_page_fault+0x22/0x30\n ? set_page_extent_mapped+0x20/0xb0\n relocate_file_extent_cluster+0x1a7/0x940\n relocate_data_extent+0xaf/0x120\n relocate_block_group+0x20f/0x480\n btrfs_relocate_block_group+0x152/0x320\n btrfs_relocate_chunk+0x3d/0x120\n btrfs_reclaim_bgs_work+0x2ae/0x4e0\n process_scheduled_works+0x184/0x370\n worker_thread+0xc6/0x3e0\n ? blk_add_timer+0xb0/0xb0\n kthread+0xae/0xe0\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork+0x2f/0x40\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n\nThis occurs because cleanup_one_transaction() calls\ndestroy_delalloc_inodes() which calls invalidate_inode_pages2() which\ntakes the folio_lock before setting mapping to NULL. We fail to check\nthis, and subsequently call set_extent_mapping(), which assumes that\nmapping != NULL (in fact it asserts that in debug mode)\n\nNote that the \"fixes\" patch here is not the one that introduced the\nrace (the very first iteration of this code from 2009) but a more recent\nchange that made this particular crash happen in practice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56758",
"url": "https://www.suse.com/security/cve/CVE-2024-56758"
},
{
"category": "external",
"summary": "SUSE Bug 1235621 for CVE-2024-56758",
"url": "https://bugzilla.suse.com/1235621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-56758"
},
{
"cve": "CVE-2024-56770",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56770"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: netem: account for backlog updates from child qdisc\n\nIn general, \u0027qlen\u0027 of any classful qdisc should keep track of the\nnumber of packets that the qdisc itself and all of its children holds.\nIn case of netem, \u0027qlen\u0027 only accounts for the packets in its internal\ntfifo. When netem is used with a child qdisc, the child qdisc can use\n\u0027qdisc_tree_reduce_backlog\u0027 to inform its parent, netem, about created\nor dropped SKBs. This function updates \u0027qlen\u0027 and the backlog statistics\nof netem, but netem does not account for changes made by a child qdisc.\n\u0027qlen\u0027 then indicates the wrong number of packets in the tfifo.\nIf a child qdisc creates new SKBs during enqueue and informs its parent\nabout this, netem\u0027s \u0027qlen\u0027 value is increased. When netem dequeues the\nnewly created SKBs from the child, the \u0027qlen\u0027 in netem is not updated.\nIf \u0027qlen\u0027 reaches the configured sch-\u003elimit, the enqueue function stops\nworking, even though the tfifo is not full.\n\nReproduce the bug:\nEnsure that the sender machine has GSO enabled. Configure netem as root\nqdisc and tbf as its child on the outgoing interface of the machine\nas follows:\n$ tc qdisc add dev \u003coif\u003e root handle 1: netem delay 100ms limit 100\n$ tc qdisc add dev \u003coif\u003e parent 1:0 tbf rate 50Mbit burst 1542 latency 50ms\n\nSend bulk TCP traffic out via this interface, e.g., by running an iPerf3\nclient on the machine. Check the qdisc statistics:\n$ tc -s qdisc show dev \u003coif\u003e\n\nStatistics after 10s of iPerf3 TCP test before the fix (note that\nnetem\u0027s backlog \u003e limit, netem stopped accepting packets):\nqdisc netem 1: root refcnt 2 limit 1000 delay 100ms\n Sent 2767766 bytes 1848 pkt (dropped 652, overlimits 0 requeues 0)\n backlog 4294528236b 1155p requeues 0\nqdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms\n Sent 2767766 bytes 1848 pkt (dropped 327, overlimits 7601 requeues 0)\n backlog 0b 0p requeues 0\n\nStatistics after the fix:\nqdisc netem 1: root refcnt 2 limit 1000 delay 100ms\n Sent 37766372 bytes 24974 pkt (dropped 9, overlimits 0 requeues 0)\n backlog 0b 0p requeues 0\nqdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms\n Sent 37766372 bytes 24974 pkt (dropped 327, overlimits 96017 requeues 0)\n backlog 0b 0p requeues 0\n\ntbf segments the GSO SKBs (tbf_segment) and updates the netem\u0027s \u0027qlen\u0027.\nThe interface fully stops transferring packets and \"locks\". In this case,\nthe child qdisc and tfifo are empty, but \u0027qlen\u0027 indicates the tfifo is at\nits limit and no more packets are accepted.\n\nThis patch adds a counter for the entries in the tfifo. Netem\u0027s \u0027qlen\u0027 is\nonly decreased when a packet is returned by its dequeue function, and not\nduring enqueuing into the child qdisc. External updates to \u0027qlen\u0027 are thus\naccounted for and only the behavior of the backlog statistics changes. As\nin other qdiscs, \u0027qlen\u0027 then keeps track of how many packets are held in\nnetem and all of its children. As before, sch-\u003elimit remains as the\nmaximum number of packets in the tfifo. The same applies to netem\u0027s\nbacklog statistics.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56770",
"url": "https://www.suse.com/security/cve/CVE-2024-56770"
},
{
"category": "external",
"summary": "SUSE Bug 1235637 for CVE-2024-56770",
"url": "https://bugzilla.suse.com/1235637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-56770"
},
{
"cve": "CVE-2024-57807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57807"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: megaraid_sas: Fix for a potential deadlock\n\nThis fixes a \u0027possible circular locking dependency detected\u0027 warning\n CPU0 CPU1\n ---- ----\n lock(\u0026instance-\u003ereset_mutex);\n lock(\u0026shost-\u003escan_mutex);\n lock(\u0026instance-\u003ereset_mutex);\n lock(\u0026shost-\u003escan_mutex);\n\nFix this by temporarily releasing the reset_mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57807",
"url": "https://www.suse.com/security/cve/CVE-2024-57807"
},
{
"category": "external",
"summary": "SUSE Bug 1235761 for CVE-2024-57807",
"url": "https://bugzilla.suse.com/1235761"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-57807"
},
{
"cve": "CVE-2024-57834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57834"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread\n\nsyzbot report a null-ptr-deref in vidtv_mux_stop_thread. [1]\n\nIf dvb-\u003emux is not initialized successfully by vidtv_mux_init() in the\nvidtv_start_streaming(), it will trigger null pointer dereference about mux\nin vidtv_mux_stop_thread().\n\nAdjust the timing of streaming initialization and check it before\nstopping it.\n\n[1]\nKASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f]\nCPU: 0 UID: 0 PID: 5842 Comm: syz-executor248 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:vidtv_mux_stop_thread+0x26/0x80 drivers/media/test-drivers/vidtv/vidtv_mux.c:471\nCode: 90 90 90 90 66 0f 1f 00 55 53 48 89 fb e8 82 2e c8 f9 48 8d bb 28 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c0f\u003e b6 04 02 84 c0 74 02 7e 3b 0f b6 ab 28 01 00 00 31 ff 89 ee e8\nRSP: 0018:ffffc90003f2faa8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff87cfb125\nRDX: 0000000000000025 RSI: ffffffff87d120ce RDI: 0000000000000128\nRBP: ffff888029b8d220 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000003 R12: ffff888029b8d188\nR13: ffffffff8f590aa0 R14: ffffc9000581c5c8 R15: ffff888029a17710\nFS: 00007f7eef5156c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f7eef5e635c CR3: 0000000076ca6000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vidtv_stop_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:209 [inline]\n vidtv_stop_feed+0x151/0x250 drivers/media/test-drivers/vidtv/vidtv_bridge.c:252\n dmx_section_feed_stop_filtering+0x90/0x160 drivers/media/dvb-core/dvb_demux.c:1000\n dvb_dmxdev_feed_stop.isra.0+0x1ee/0x270 drivers/media/dvb-core/dmxdev.c:486\n dvb_dmxdev_filter_stop+0x22a/0x3a0 drivers/media/dvb-core/dmxdev.c:559\n dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline]\n dvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246\n __fput+0x3f8/0xb60 fs/file_table.c:450\n task_work_run+0x14e/0x250 kernel/task_work.c:239\n get_signal+0x1d3/0x2610 kernel/signal.c:2790\n arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337\n exit_to_user_mode_loop kernel/entry/common.c:111 [inline]\n exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218\n do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57834",
"url": "https://www.suse.com/security/cve/CVE-2024-57834"
},
{
"category": "external",
"summary": "SUSE Bug 1238993 for CVE-2024-57834",
"url": "https://bugzilla.suse.com/1238993"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-57834"
},
{
"cve": "CVE-2024-57900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57900"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: serialize calls to nf_register_net_hooks()\n\nsyzbot found a race in ila_add_mapping() [1]\n\ncommit 031ae72825ce (\"ila: call nf_unregister_net_hooks() sooner\")\nattempted to fix a similar issue.\n\nLooking at the syzbot repro, we have concurrent ILA_CMD_ADD commands.\n\nAdd a mutex to make sure at most one thread is calling nf_register_net_hooks().\n\n[1]\n BUG: KASAN: slab-use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: slab-use-after-free in __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604\nRead of size 4 at addr ffff888028f40008 by task dhcpcd/5501\n\nCPU: 1 UID: 0 PID: 5501 Comm: dhcpcd Not tainted 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:489\n kasan_report+0xd9/0x110 mm/kasan/report.c:602\n rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:127 [inline]\n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n ila_nf_input+0x1ee/0x620 net/ipv6/ila/ila_xlat.c:185\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xbb/0x200 net/netfilter/core.c:626\n nf_hook.constprop.0+0x42e/0x750 include/linux/netfilter.h:269\n NF_HOOK include/linux/netfilter.h:312 [inline]\n ipv6_rcv+0xa4/0x680 net/ipv6/ip6_input.c:309\n __netif_receive_skb_one_core+0x12e/0x1e0 net/core/dev.c:5672\n __netif_receive_skb+0x1d/0x160 net/core/dev.c:5785\n process_backlog+0x443/0x15f0 net/core/dev.c:6117\n __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:6883\n napi_poll net/core/dev.c:6952 [inline]\n net_rx_action+0xa94/0x1010 net/core/dev.c:7074\n handle_softirqs+0x213/0x8f0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0x109/0x170 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57900",
"url": "https://www.suse.com/security/cve/CVE-2024-57900"
},
{
"category": "external",
"summary": "SUSE Bug 1235973 for CVE-2024-57900",
"url": "https://bugzilla.suse.com/1235973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-57900"
},
{
"cve": "CVE-2024-57924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: relax assertions on failure to encode file handles\n\nEncoding file handles is usually performed by a filesystem \u003eencode_fh()\nmethod that may fail for various reasons.\n\nThe legacy users of exportfs_encode_fh(), namely, nfsd and\nname_to_handle_at(2) syscall are ready to cope with the possibility\nof failure to encode a file handle.\n\nThere are a few other users of exportfs_encode_{fh,fid}() that\ncurrently have a WARN_ON() assertion when -\u003eencode_fh() fails.\nRelax those assertions because they are wrong.\n\nThe second linked bug report states commit 16aac5ad1fa9 (\"ovl: support\nencoding non-decodable file handles\") in v6.6 as the regressing commit,\nbut this is not accurate.\n\nThe aforementioned commit only increases the chances of the assertion\nand allows triggering the assertion with the reproducer using overlayfs,\ninotify and drop_caches.\n\nTriggering this assertion was always possible with other filesystems and\nother reasons of -\u003eencode_fh() failures and more particularly, it was\nalso possible with the exact same reproducer using overlayfs that is\nmounted with options index=on,nfs_export=on also on kernels \u003c v6.6.\nTherefore, I am not listing the aforementioned commit as a Fixes commit.\n\nBackport hint: this patch will have a trivial conflict applying to\nv6.6.y, and other trivial conflicts applying to stable kernels \u003c v6.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57924",
"url": "https://www.suse.com/security/cve/CVE-2024-57924"
},
{
"category": "external",
"summary": "SUSE Bug 1236086 for CVE-2024-57924",
"url": "https://bugzilla.suse.com/1236086"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-57924"
},
{
"cve": "CVE-2024-57947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_set_pipapo: fix initial map fill\n\nThe initial buffer has to be inited to all-ones, but it must restrict\nit to the size of the first field, not the total field size.\n\nAfter each round in the map search step, the result and the fill map\nare swapped, so if we have a set where f-\u003ebsize of the first element\nis smaller than m-\u003ebsize_max, those one-bits are leaked into future\nrounds result map.\n\nThis makes pipapo find an incorrect matching results for sets where\nfirst field size is not the largest.\n\nFollowup patch adds a test case to nft_concat_range.sh selftest script.\n\nThanks to Stefano Brivio for pointing out that we need to zero out\nthe remainder explicitly, only correcting memset() argument isn\u0027t enough.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57947",
"url": "https://www.suse.com/security/cve/CVE-2024-57947"
},
{
"category": "external",
"summary": "SUSE Bug 1236333 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "external",
"summary": "SUSE Bug 1245799 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1245799"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2024-57947"
},
{
"cve": "CVE-2024-57973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57973"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrdma/cxgb4: Prevent potential integer overflow on 32bit\n\nThe \"gl-\u003etot_len\" variable is controlled by the user. It comes from\nprocess_responses(). On 32bit systems, the \"gl-\u003etot_len + sizeof(struct\ncpl_pass_accept_req) + sizeof(struct rss_header)\" addition could have an\ninteger wrapping bug. Use size_add() to prevent this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57973",
"url": "https://www.suse.com/security/cve/CVE-2024-57973"
},
{
"category": "external",
"summary": "SUSE Bug 1238531 for CVE-2024-57973",
"url": "https://bugzilla.suse.com/1238531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-57973"
},
{
"cve": "CVE-2024-57974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudp: Deal with race between UDP socket address change and rehash\n\nIf a UDP socket changes its local address while it\u0027s receiving\ndatagrams, as a result of connect(), there is a period during which\na lookup operation might fail to find it, after the address is changed\nbut before the secondary hash (port and address) and the four-tuple\nhash (local and remote ports and addresses) are updated.\n\nSecondary hash chains were introduced by commit 30fff9231fad (\"udp:\nbind() optimisation\") and, as a result, a rehash operation became\nneeded to make a bound socket reachable again after a connect().\n\nThis operation was introduced by commit 719f835853a9 (\"udp: add\nrehash on connect()\") which isn\u0027t however a complete fix: the\nsocket will be found once the rehashing completes, but not while\nit\u0027s pending.\n\nThis is noticeable with a socat(1) server in UDP4-LISTEN mode, and a\nclient sending datagrams to it. After the server receives the first\ndatagram (cf. _xioopen_ipdgram_listen()), it issues a connect() to\nthe address of the sender, in order to set up a directed flow.\n\nNow, if the client, running on a different CPU thread, happens to\nsend a (subsequent) datagram while the server\u0027s socket changes its\naddress, but is not rehashed yet, this will result in a failed\nlookup and a port unreachable error delivered to the client, as\napparent from the following reproducer:\n\n LEN=$(($(cat /proc/sys/net/core/wmem_default) / 4))\n dd if=/dev/urandom bs=1 count=${LEN} of=tmp.in\n\n while :; do\n \ttaskset -c 1 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,trunc \u0026\n \tsleep 0.1 || sleep 1\n \ttaskset -c 2 socat OPEN:tmp.in UDP4:localhost:1337,shut-null\n \twait\n done\n\nwhere the client will eventually get ECONNREFUSED on a write()\n(typically the second or third one of a given iteration):\n\n 2024/11/13 21:28:23 socat[46901] E write(6, 0x556db2e3c000, 8192): Connection refused\n\nThis issue was first observed as a seldom failure in Podman\u0027s tests\nchecking UDP functionality while using pasta(1) to connect the\ncontainer\u0027s network namespace, which leads us to a reproducer with\nthe lookup error resulting in an ICMP packet on a tap device:\n\n LOCAL_ADDR=\"$(ip -j -4 addr show|jq -rM \u0027.[] | .addr_info[0] | select(.scope == \"global\").local\u0027)\"\n\n while :; do\n \t./pasta --config-net -p pasta.pcap -u 1337 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,trunc \u0026\n \tsleep 0.2 || sleep 1\n \tsocat OPEN:tmp.in UDP4:${LOCAL_ADDR}:1337,shut-null\n \twait\n \tcmp tmp.in tmp.out\n done\n\nOnce this fails:\n\n tmp.in tmp.out differ: char 8193, line 29\n\nwe can finally have a look at what\u0027s going on:\n\n $ tshark -r pasta.pcap\n 1 0.000000 :: ? ff02::16 ICMPv6 110 Multicast Listener Report Message v2\n 2 0.168690 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 3 0.168767 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 4 0.168806 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 5 0.168827 c6:47:05:8d:dc:04 ? Broadcast ARP 42 Who has 88.198.0.161? Tell 88.198.0.164\n 6 0.168851 9a:55:9a:55:9a:55 ? c6:47:05:8d:dc:04 ARP 42 88.198.0.161 is at 9a:55:9a:55:9a:55\n 7 0.168875 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 8 0.168896 88.198.0.164 ? 88.198.0.161 ICMP 590 Destination unreachable (Port unreachable)\n 9 0.168926 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 10 0.168959 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 11 0.168989 88.198.0.161 ? 88.198.0.164 UDP 4138 60260 ? 1337 Len=4096\n 12 0.169010 88.198.0.161 ? 88.198.0.164 UDP 42 60260 ? 1337 Len=0\n\nOn the third datagram received, the network namespace of the container\ninitiates an ARP lookup to deliver the ICMP message.\n\nIn another variant of this reproducer, starting the client with:\n\n strace -f pasta --config-net -u 1337 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,tru\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57974",
"url": "https://www.suse.com/security/cve/CVE-2024-57974"
},
{
"category": "external",
"summary": "SUSE Bug 1238532 for CVE-2024-57974",
"url": "https://bugzilla.suse.com/1238532"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-57974"
},
{
"cve": "CVE-2024-57978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Fix potential error pointer dereference in detach_pm()\n\nThe proble is on the first line:\n\n\tif (jpeg-\u003epd_dev[i] \u0026\u0026 !pm_runtime_suspended(jpeg-\u003epd_dev[i]))\n\nIf jpeg-\u003epd_dev[i] is an error pointer, then passing it to\npm_runtime_suspended() will lead to an Oops. The other conditions\ncheck for both error pointers and NULL, but it would be more clear to\nuse the IS_ERR_OR_NULL() check for that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57978",
"url": "https://www.suse.com/security/cve/CVE-2024-57978"
},
{
"category": "external",
"summary": "SUSE Bug 1238523 for CVE-2024-57978",
"url": "https://bugzilla.suse.com/1238523"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-57978"
},
{
"cve": "CVE-2024-57979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57979"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npps: Fix a use-after-free\n\nOn a board running ntpd and gpsd, I\u0027m seeing a consistent use-after-free\nin sys_exit() from gpsd when rebooting:\n\n pps pps1: removed\n ------------[ cut here ]------------\n kobject: \u0027(null)\u0027 (00000000db4bec24): is not initialized, yet kobject_put() is being called.\n WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150\n CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1\n Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : kobject_put+0x120/0x150\n lr : kobject_put+0x120/0x150\n sp : ffffffc0803d3ae0\n x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001\n x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440\n x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600\n x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20\n x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000\n x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n kobject_put+0x120/0x150\n cdev_put+0x20/0x3c\n __fput+0x2c4/0x2d8\n ____fput+0x1c/0x38\n task_work_run+0x70/0xfc\n do_exit+0x2a0/0x924\n do_group_exit+0x34/0x90\n get_signal+0x7fc/0x8c0\n do_signal+0x128/0x13b4\n do_notify_resume+0xdc/0x160\n el0_svc+0xd4/0xf8\n el0t_64_sync_handler+0x140/0x14c\n el0t_64_sync+0x190/0x194\n ---[ end trace 0000000000000000 ]---\n\n...followed by more symptoms of corruption, with similar stacks:\n\n refcount_t: underflow; use-after-free.\n kernel BUG at lib/list_debug.c:62!\n Kernel panic - not syncing: Oops - BUG: Fatal exception\n\nThis happens because pps_device_destruct() frees the pps_device with the\nembedded cdev immediately after calling cdev_del(), but, as the comment\nabove cdev_del() notes, fops for previously opened cdevs are still\ncallable even after cdev_del() returns. I think this bug has always\nbeen there: I can\u0027t explain why it suddenly started happening every time\nI reboot this particular board.\n\nIn commit d953e0e837e6 (\"pps: Fix a use-after free bug when\nunregistering a source.\"), George Spelvin suggested removing the\nembedded cdev. That seems like the simplest way to fix this, so I\u0027ve\nimplemented his suggestion, using __register_chrdev() with pps_idr\nbecoming the source of truth for which minor corresponds to which\ndevice.\n\nBut now that pps_idr defines userspace visibility instead of cdev_add(),\nwe need to be sure the pps-\u003edev refcount can\u0027t reach zero while\nuserspace can still find it again. So, the idr_remove() call moves to\npps_unregister_cdev(), and pps_idr now holds a reference to pps-\u003edev.\n\n pps_core: source serial1 got cdev (251:1)\n \u003c...\u003e\n pps pps1: removed\n pps_core: unregistering pps1\n pps_core: deallocating pps1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57979",
"url": "https://www.suse.com/security/cve/CVE-2024-57979"
},
{
"category": "external",
"summary": "SUSE Bug 1238521 for CVE-2024-57979",
"url": "https://bugzilla.suse.com/1238521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-57979"
},
{
"cve": "CVE-2024-57980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix double free in error path\n\nIf the uvc_status_init() function fails to allocate the int_urb, it will\nfree the dev-\u003estatus pointer but doesn\u0027t reset the pointer to NULL. This\nresults in the kfree() call in uvc_status_cleanup() trying to\ndouble-free the memory. Fix it by resetting the dev-\u003estatus pointer to\nNULL after freeing it.\n\nReviewed by: Ricardo Ribalda \u003cribalda@chromium.org\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57980",
"url": "https://www.suse.com/security/cve/CVE-2024-57980"
},
{
"category": "external",
"summary": "SUSE Bug 1237911 for CVE-2024-57980",
"url": "https://bugzilla.suse.com/1237911"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-57980"
},
{
"cve": "CVE-2024-57981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Fix NULL pointer dereference on certain command aborts\n\nIf a command is queued to the final usable TRB of a ring segment, the\nenqueue pointer is advanced to the subsequent link TRB and no further.\nIf the command is later aborted, when the abort completion is handled\nthe dequeue pointer is advanced to the first TRB of the next segment.\n\nIf no further commands are queued, xhci_handle_stopped_cmd_ring() sees\nthe ring pointers unequal and assumes that there is a pending command,\nso it calls xhci_mod_cmd_timer() which crashes if cur_cmd was NULL.\n\nDon\u0027t attempt timer setup if cur_cmd is NULL. The subsequent doorbell\nring likely is unnecessary too, but it\u0027s harmless. Leave it alone.\n\nThis is probably Bug 219532, but no confirmation has been received.\n\nThe issue has been independently reproduced and confirmed fixed using\na USB MCU programmed to NAK the Status stage of SET_ADDRESS forever.\nEverything continued working normally after several prevented crashes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57981",
"url": "https://www.suse.com/security/cve/CVE-2024-57981"
},
{
"category": "external",
"summary": "SUSE Bug 1237912 for CVE-2024-57981",
"url": "https://bugzilla.suse.com/1237912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-57981"
},
{
"cve": "CVE-2024-57986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57986"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: Fix assumption that Resolution Multipliers must be in Logical Collections\n\nA report in 2019 by the syzbot fuzzer was found to be connected to two\nerrors in the HID core associated with Resolution Multipliers. One of\nthe errors was fixed by commit ea427a222d8b (\"HID: core: Fix deadloop\nin hid_apply_multiplier.\"), but the other has not been fixed.\n\nThis error arises because hid_apply_multipler() assumes that every\nResolution Multiplier control is contained in a Logical Collection,\ni.e., there\u0027s no way the routine can ever set multiplier_collection to\nNULL. This is in spite of the fact that the function starts with a\nbig comment saying:\n\n\t * \"The Resolution Multiplier control must be contained in the same\n\t * Logical Collection as the control(s) to which it is to be applied.\n\t ...\n\t * If no Logical Collection is\n\t * defined, the Resolution Multiplier is associated with all\n\t * controls in the report.\"\n\t * HID Usage Table, v1.12, Section 4.3.1, p30\n\t *\n\t * Thus, search from the current collection upwards until we find a\n\t * logical collection...\n\nThe comment and the code overlook the possibility that none of the\ncollections found may be a Logical Collection.\n\nThe fix is to set the multiplier_collection pointer to NULL if the\ncollection found isn\u0027t a Logical Collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57986",
"url": "https://www.suse.com/security/cve/CVE-2024-57986"
},
{
"category": "external",
"summary": "SUSE Bug 1237907 for CVE-2024-57986",
"url": "https://bugzilla.suse.com/1237907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-57986"
},
{
"cve": "CVE-2024-57990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57990"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925: fix off by one in mt7925_load_clc()\n\nThis comparison should be \u003e= instead of \u003e to prevent an out of bounds\nread and write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57990",
"url": "https://www.suse.com/security/cve/CVE-2024-57990"
},
{
"category": "external",
"summary": "SUSE Bug 1237900 for CVE-2024-57990",
"url": "https://bugzilla.suse.com/1237900"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-57990"
},
{
"cve": "CVE-2024-57993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check\n\nsyzbot has found a type mismatch between a USB pipe and the transfer\nendpoint, which is triggered by the hid-thrustmaster driver[1].\nThere is a number of similar, already fixed issues [2].\nIn this case as in others, implementing check for endpoint type fixes the issue.\n\n[1] https://syzkaller.appspot.com/bug?extid=040e8b3db6a96908d470\n[2] https://syzkaller.appspot.com/bug?extid=348331f63b034f89b622",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57993",
"url": "https://www.suse.com/security/cve/CVE-2024-57993"
},
{
"category": "external",
"summary": "SUSE Bug 1237894 for CVE-2024-57993",
"url": "https://bugzilla.suse.com/1237894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-57993"
},
{
"cve": "CVE-2024-57994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()\n\nJakub added a lockdep_assert_no_hardirq() check in __page_pool_put_page()\nto increase test coverage.\n\nsyzbot found a splat caused by hard irq blocking in\nptr_ring_resize_multiple() [1]\n\nAs current users of ptr_ring_resize_multiple() do not require\nhard irqs being masked, replace it to only block BH.\n\nRename helpers to better reflect they are safe against BH only.\n\n- ptr_ring_resize_multiple() to ptr_ring_resize_multiple_bh()\n- skb_array_resize_multiple() to skb_array_resize_multiple_bh()\n\n[1]\n\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 __page_pool_put_page net/core/page_pool.c:709 [inline]\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nModules linked in:\nCPU: 1 UID: 0 PID: 9150 Comm: syz.1.1052 Not tainted 6.11.0-rc3-syzkaller-00202-gf8669d7b5f5d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:__page_pool_put_page net/core/page_pool.c:709 [inline]\nRIP: 0010:page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nCode: 74 0e e8 7c aa fb f7 eb 43 e8 75 aa fb f7 eb 3c 65 8b 1d 38 a8 6a 76 31 ff 89 de e8 a3 ae fb f7 85 db 74 0b e8 5a aa fb f7 90 \u003c0f\u003e 0b 90 eb 1d 65 8b 1d 15 a8 6a 76 31 ff 89 de e8 84 ae fb f7 85\nRSP: 0018:ffffc9000bda6b58 EFLAGS: 00010083\nRAX: ffffffff8997e523 RBX: 0000000000000000 RCX: 0000000000040000\nRDX: ffffc9000fbd0000 RSI: 0000000000001842 RDI: 0000000000001843\nRBP: 0000000000000000 R08: ffffffff8997df2c R09: 1ffffd40003a000d\nR10: dffffc0000000000 R11: fffff940003a000e R12: ffffea0001d00040\nR13: ffff88802e8a4000 R14: dffffc0000000000 R15: 00000000ffffffff\nFS: 00007fb7aaf716c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fa15a0d4b72 CR3: 00000000561b0000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n tun_ptr_free drivers/net/tun.c:617 [inline]\n __ptr_ring_swap_queue include/linux/ptr_ring.h:571 [inline]\n ptr_ring_resize_multiple_noprof include/linux/ptr_ring.h:643 [inline]\n tun_queue_resize drivers/net/tun.c:3694 [inline]\n tun_device_event+0xaaf/0x1080 drivers/net/tun.c:3714\n notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93\n call_netdevice_notifiers_extack net/core/dev.c:2032 [inline]\n call_netdevice_notifiers net/core/dev.c:2046 [inline]\n dev_change_tx_queue_len+0x158/0x2a0 net/core/dev.c:9024\n do_setlink+0xff6/0x41f0 net/core/rtnetlink.c:2923\n rtnl_setlink+0x40d/0x5a0 net/core/rtnetlink.c:3201\n rtnetlink_rcv_msg+0x73f/0xcf0 net/core/rtnetlink.c:6647\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2550",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57994",
"url": "https://www.suse.com/security/cve/CVE-2024-57994"
},
{
"category": "external",
"summary": "SUSE Bug 1237901 for CVE-2024-57994",
"url": "https://bugzilla.suse.com/1237901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-57994"
},
{
"cve": "CVE-2024-57996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: don\u0027t allow 1 packet limit\n\nThe current implementation does not work correctly with a limit of\n1. iproute2 actually checks for this and this patch adds the check in\nkernel as well.\n\nThis fixes the following syzkaller reported crash:\n\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:210:6\nindex 65535 is out of range for type \u0027struct sfq_head[128]\u0027\nCPU: 0 PID: 2569 Comm: syz-executor101 Not tainted 5.10.0-smp-DEV #1\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n __dump_stack lib/dump_stack.c:79 [inline]\n dump_stack+0x125/0x19f lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:148 [inline]\n __ubsan_handle_out_of_bounds+0xed/0x120 lib/ubsan.c:347\n sfq_link net/sched/sch_sfq.c:210 [inline]\n sfq_dec+0x528/0x600 net/sched/sch_sfq.c:238\n sfq_dequeue+0x39b/0x9d0 net/sched/sch_sfq.c:500\n sfq_reset+0x13/0x50 net/sched/sch_sfq.c:525\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n tbf_reset+0x3d/0x100 net/sched/sch_tbf.c:319\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n dev_reset_queue+0x8c/0x140 net/sched/sch_generic.c:1296\n netdev_for_each_tx_queue include/linux/netdevice.h:2350 [inline]\n dev_deactivate_many+0x6dc/0xc20 net/sched/sch_generic.c:1362\n __dev_close_many+0x214/0x350 net/core/dev.c:1468\n dev_close_many+0x207/0x510 net/core/dev.c:1506\n unregister_netdevice_many+0x40f/0x16b0 net/core/dev.c:10738\n unregister_netdevice_queue+0x2be/0x310 net/core/dev.c:10695\n unregister_netdevice include/linux/netdevice.h:2893 [inline]\n __tun_detach+0x6b6/0x1600 drivers/net/tun.c:689\n tun_detach drivers/net/tun.c:705 [inline]\n tun_chr_close+0x104/0x1b0 drivers/net/tun.c:3640\n __fput+0x203/0x840 fs/file_table.c:280\n task_work_run+0x129/0x1b0 kernel/task_work.c:185\n exit_task_work include/linux/task_work.h:33 [inline]\n do_exit+0x5ce/0x2200 kernel/exit.c:931\n do_group_exit+0x144/0x310 kernel/exit.c:1046\n __do_sys_exit_group kernel/exit.c:1057 [inline]\n __se_sys_exit_group kernel/exit.c:1055 [inline]\n __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1055\n do_syscall_64+0x6c/0xd0\n entry_SYSCALL_64_after_hwframe+0x61/0xcb\nRIP: 0033:0x7fe5e7b52479\nCode: Unable to access opcode bytes at RIP 0x7fe5e7b5244f.\nRSP: 002b:00007ffd3c800398 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe5e7b52479\nRDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000\nRBP: 00007fe5e7bcd2d0 R08: ffffffffffffffb8 R09: 0000000000000014\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5e7bcd2d0\nR13: 0000000000000000 R14: 00007fe5e7bcdd20 R15: 00007fe5e7b24270\n\nThe crash can be also be reproduced with the following (with a tc\nrecompiled to allow for sfq limits of 1):\n\ntc qdisc add dev dummy0 handle 1: root tbf rate 1Kbit burst 100b lat 1s\n../iproute2-6.9.0/tc/tc qdisc add dev dummy0 handle 2: parent 1:10 sfq limit 1\nifconfig dummy0 up\nping -I dummy0 -f -c2 -W0.1 8.8.8.8\nsleep 1\n\nScenario that triggers the crash:\n\n* the first packet is sent and queued in TBF and SFQ; qdisc qlen is 1\n\n* TBF dequeues: it peeks from SFQ which moves the packet to the\n gso_skb list and keeps qdisc qlen set to 1. TBF is out of tokens so\n it schedules itself for later.\n\n* the second packet is sent and TBF tries to queues it to SFQ. qdisc\n qlen is now 2 and because the SFQ limit is 1 the packet is dropped\n by SFQ. At this point qlen is 1, and all of the SFQ slots are empty,\n however q-\u003etail is not NULL.\n\nAt this point, assuming no more packets are queued, when sch_dequeue\nruns again it will decrement the qlen for the current empty slot\ncausing an underflow and the subsequent out of bounds access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57996",
"url": "https://www.suse.com/security/cve/CVE-2024-57996"
},
{
"category": "external",
"summary": "SUSE Bug 1239076 for CVE-2024-57996",
"url": "https://bugzilla.suse.com/1239076"
},
{
"category": "external",
"summary": "SUSE Bug 1239077 for CVE-2024-57996",
"url": "https://bugzilla.suse.com/1239077"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2024-57996"
},
{
"cve": "CVE-2024-57997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57997"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wcn36xx: fix channel survey memory allocation size\n\nKASAN reported a memory allocation issue in wcn-\u003echan_survey\ndue to incorrect size calculation.\nThis commit uses kcalloc to allocate memory for wcn-\u003echan_survey,\nensuring proper initialization and preventing the use of uninitialized\nvalues when there are no frames on the channel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57997",
"url": "https://www.suse.com/security/cve/CVE-2024-57997"
},
{
"category": "external",
"summary": "SUSE Bug 1238529 for CVE-2024-57997",
"url": "https://bugzilla.suse.com/1238529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-57997"
},
{
"cve": "CVE-2024-57998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57998"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nOPP: add index check to assert to avoid buffer overflow in _read_freq()\n\nPass the freq index to the assert function to make sure\nwe do not read a freq out of the opp-\u003erates[] table when called\nfrom the indexed variants:\ndev_pm_opp_find_freq_exact_indexed() or\ndev_pm_opp_find_freq_ceil/floor_indexed().\n\nAdd a secondary parameter to the assert function, unused\nfor assert_single_clk() then add assert_clk_index() which\nwill check for the clock index when called from the _indexed()\nfind functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57998",
"url": "https://www.suse.com/security/cve/CVE-2024-57998"
},
{
"category": "external",
"summary": "SUSE Bug 1238527 for CVE-2024-57998",
"url": "https://bugzilla.suse.com/1238527"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-57998"
},
{
"cve": "CVE-2024-57999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57999"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW\n\nPower Hypervisor can possibily allocate MMIO window intersecting with\nDynamic DMA Window (DDW) range, which is over 32-bit addressing.\n\nThese MMIO pages needs to be marked as reserved so that IOMMU doesn\u0027t map\nDMA buffers in this range.\n\nThe current code is not marking these pages correctly which is resulting\nin LPAR to OOPS while booting. The stack is at below\n\nBUG: Unable to handle kernel data access on read at 0xc00800005cd40000\nFaulting instruction address: 0xc00000000005cdac\nOops: Kernel access of bad area, sig: 11 [#1]\nLE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries\nModules linked in: af_packet rfkill ibmveth(X) lpfc(+) nvmet_fc nvmet nvme_keyring crct10dif_vpmsum nvme_fc nvme_fabrics nvme_core be2net(+) nvme_auth rtc_generic nfsd auth_rpcgss nfs_acl lockd grace sunrpc fuse configfs ip_tables x_tables xfs libcrc32c dm_service_time ibmvfc(X) scsi_transport_fc vmx_crypto gf128mul crc32c_vpmsum dm_mirror dm_region_hash dm_log dm_multipath dm_mod sd_mod scsi_dh_emc scsi_dh_rdac scsi_dh_alua t10_pi crc64_rocksoft_generic crc64_rocksoft sg crc64 scsi_mod\nSupported: Yes, External\nCPU: 8 PID: 241 Comm: kworker/8:1 Kdump: loaded Not tainted 6.4.0-150600.23.14-default #1 SLE15-SP6 b44ee71c81261b9e4bab5e0cde1f2ed891d5359b\nHardware name: IBM,9080-M9S POWER9 (raw) 0x4e2103 0xf000005 of:IBM,FW950.B0 (VH950_149) hv:phyp pSeries\nWorkqueue: events work_for_cpu_fn\nNIP: c00000000005cdac LR: c00000000005e830 CTR: 0000000000000000\nREGS: c00001400c9ff770 TRAP: 0300 Not tainted (6.4.0-150600.23.14-default)\nMSR: 800000000280b033 \u003cSF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE\u003e CR: 24228448 XER: 00000001\nCFAR: c00000000005cdd4 DAR: c00800005cd40000 DSISR: 40000000 IRQMASK: 0\nGPR00: c00000000005e830 c00001400c9ffa10 c000000001987d00 c00001400c4fe800\nGPR04: 0000080000000000 0000000000000001 0000000004000000 0000000000800000\nGPR08: 0000000004000000 0000000000000001 c00800005cd40000 ffffffffffffffff\nGPR12: 0000000084228882 c00000000a4c4f00 0000000000000010 0000080000000000\nGPR16: c00001400c4fe800 0000000004000000 0800000000000000 c00000006088b800\nGPR20: c00001401a7be980 c00001400eff3800 c000000002a2da68 000000000000002b\nGPR24: c0000000026793a8 c000000002679368 000000000000002a c0000000026793c8\nGPR28: 000008007effffff 0000080000000000 0000000000800000 c00001400c4fe800\nNIP [c00000000005cdac] iommu_table_reserve_pages+0xac/0x100\nLR [c00000000005e830] iommu_init_table+0x80/0x1e0\nCall Trace:\n[c00001400c9ffa10] [c00000000005e810] iommu_init_table+0x60/0x1e0 (unreliable)\n[c00001400c9ffa90] [c00000000010356c] iommu_bypass_supported_pSeriesLP+0x9cc/0xe40\n[c00001400c9ffc30] [c00000000005c300] dma_iommu_dma_supported+0xf0/0x230\n[c00001400c9ffcb0] [c00000000024b0c4] dma_supported+0x44/0x90\n[c00001400c9ffcd0] [c00000000024b14c] dma_set_mask+0x3c/0x80\n[c00001400c9ffd00] [c0080000555b715c] be_probe+0xc4/0xb90 [be2net]\n[c00001400c9ffdc0] [c000000000986f3c] local_pci_probe+0x6c/0x110\n[c00001400c9ffe40] [c000000000188f28] work_for_cpu_fn+0x38/0x60\n[c00001400c9ffe70] [c00000000018e454] process_one_work+0x314/0x620\n[c00001400c9fff10] [c00000000018f280] worker_thread+0x2b0/0x620\n[c00001400c9fff90] [c00000000019bb18] kthread+0x148/0x150\n[c00001400c9fffe0] [c00000000000ded8] start_kernel_thread+0x14/0x18\n\nThere are 2 issues in the code\n\n1. The index is \"int\" while the address is \"unsigned long\". This results in\n negative value when setting the bitmap.\n\n2. The DMA offset is page shifted but the MMIO range is used as-is (64-bit\n address). MMIO address needs to be page shifted as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57999",
"url": "https://www.suse.com/security/cve/CVE-2024-57999"
},
{
"category": "external",
"summary": "SUSE Bug 1238526 for CVE-2024-57999",
"url": "https://bugzilla.suse.com/1238526"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-57999"
},
{
"cve": "CVE-2024-58001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58001"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: handle a symlink read error correctly\n\nPatch series \"Convert ocfs2 to use folios\".\n\nMark did a conversion of ocfs2 to use folios and sent it to me as a\ngiant patch for review ;-)\n\nSo I\u0027ve redone it as individual patches, and credited Mark for the patches\nwhere his code is substantially the same. It\u0027s not a bad way to do it;\nhis patch had some bugs and my patches had some bugs. Hopefully all our\nbugs were different from each other. And hopefully Mark likes all the\nchanges I made to his code!\n\n\nThis patch (of 23):\n\nIf we can\u0027t read the buffer, be sure to unlock the page before returning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58001",
"url": "https://www.suse.com/security/cve/CVE-2024-58001"
},
{
"category": "external",
"summary": "SUSE Bug 1239079 for CVE-2024-58001",
"url": "https://bugzilla.suse.com/1239079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "low"
}
],
"title": "CVE-2024-58001"
},
{
"cve": "CVE-2024-58002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58002"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Remove dangling pointers\n\nWhen an async control is written, we copy a pointer to the file handle\nthat started the operation. That pointer will be used when the device is\ndone. Which could be anytime in the future.\n\nIf the user closes that file descriptor, its structure will be freed,\nand there will be one dangling pointer per pending async control, that\nthe driver will try to use.\n\nClean all the dangling pointers during release().\n\nTo avoid adding a performance penalty in the most common case (no async\noperation), a counter has been introduced with some logic to make sure\nthat it is properly handled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58002",
"url": "https://www.suse.com/security/cve/CVE-2024-58002"
},
{
"category": "external",
"summary": "SUSE Bug 1238503 for CVE-2024-58002",
"url": "https://bugzilla.suse.com/1238503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58002"
},
{
"cve": "CVE-2024-58005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Change to kvalloc() in eventlog/acpi.c\n\nThe following failure was reported on HPE ProLiant D320:\n\n[ 10.693310][ T1] tpm_tis STM0925:00: 2.0 TPM (device-id 0x3, rev-id 0)\n[ 10.848132][ T1] ------------[ cut here ]------------\n[ 10.853559][ T1] WARNING: CPU: 59 PID: 1 at mm/page_alloc.c:4727 __alloc_pages_noprof+0x2ca/0x330\n[ 10.862827][ T1] Modules linked in:\n[ 10.866671][ T1] CPU: 59 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-lp155.2.g52785e2-default #1 openSUSE Tumbleweed (unreleased) 588cd98293a7c9eba9013378d807364c088c9375\n[ 10.882741][ T1] Hardware name: HPE ProLiant DL320 Gen12/ProLiant DL320 Gen12, BIOS 1.20 10/28/2024\n[ 10.892170][ T1] RIP: 0010:__alloc_pages_noprof+0x2ca/0x330\n[ 10.898103][ T1] Code: 24 08 e9 4a fe ff ff e8 34 36 fa ff e9 88 fe ff ff 83 fe 0a 0f 86 b3 fd ff ff 80 3d 01 e7 ce 01 00 75 09 c6 05 f8 e6 ce 01 01 \u003c0f\u003e 0b 45 31 ff e9 e5 fe ff ff f7 c2 00 00 08 00 75 42 89 d9 80 e1\n[ 10.917750][ T1] RSP: 0000:ffffb7cf40077980 EFLAGS: 00010246\n[ 10.923777][ T1] RAX: 0000000000000000 RBX: 0000000000040cc0 RCX: 0000000000000000\n[ 10.931727][ T1] RDX: 0000000000000000 RSI: 000000000000000c RDI: 0000000000040cc0\n\nThe above transcript shows that ACPI pointed a 16 MiB buffer for the log\nevents because RSI maps to the \u0027order\u0027 parameter of __alloc_pages_noprof().\nAddress the bug by moving from devm_kmalloc() to devm_add_action() and\nkvmalloc() and devm_add_action().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58005",
"url": "https://www.suse.com/security/cve/CVE-2024-58005"
},
{
"category": "external",
"summary": "SUSE Bug 1237873 for CVE-2024-58005",
"url": "https://bugzilla.suse.com/1237873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58005"
},
{
"cve": "CVE-2024-58006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58006"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()\n\nIn commit 4284c88fff0e (\"PCI: designware-ep: Allow pci_epc_set_bar() update\ninbound map address\") set_bar() was modified to support dynamically\nchanging the backing physical address of a BAR that was already configured.\n\nThis means that set_bar() can be called twice, without ever calling\nclear_bar() (as calling clear_bar() would clear the BAR\u0027s PCI address\nassigned by the host).\n\nThis can only be done if the new BAR size/flags does not differ from the\nexisting BAR configuration. Add these missing checks.\n\nIf we allow set_bar() to set e.g. a new BAR size that differs from the\nexisting BAR size, the new address translation range will be smaller than\nthe BAR size already determined by the host, which would mean that a read\npast the new BAR size would pass the iATU untranslated, which could allow\nthe host to read memory not belonging to the new struct pci_epf_bar.\n\nWhile at it, add comments which clarifies the support for dynamically\nchanging the physical address of a BAR. (Which was also missing.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58006",
"url": "https://www.suse.com/security/cve/CVE-2024-58006"
},
{
"category": "external",
"summary": "SUSE Bug 1238772 for CVE-2024-58006",
"url": "https://bugzilla.suse.com/1238772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58006"
},
{
"cve": "CVE-2024-58007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58007"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: socinfo: Avoid out of bounds read of serial number\n\nOn MSM8916 devices, the serial number exposed in sysfs is constant and does\nnot change across individual devices. It\u0027s always:\n\n db410c:/sys/devices/soc0$ cat serial_number\n 2644893864\n\nThe firmware used on MSM8916 exposes SOCINFO_VERSION(0, 8), which does not\nhave support for the serial_num field in the socinfo struct. There is an\nexisting check to avoid exposing the serial number in that case, but it\u0027s\nnot correct: When checking the item_size returned by SMEM, we need to make\nsure the *end* of the serial_num is within bounds, instead of comparing\nwith the *start* offset. The serial_number currently exposed on MSM8916\ndevices is just an out of bounds read of whatever comes after the socinfo\nstruct in SMEM.\n\nFix this by changing offsetof() to offsetofend(), so that the size of the\nfield is also taken into account.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58007",
"url": "https://www.suse.com/security/cve/CVE-2024-58007"
},
{
"category": "external",
"summary": "SUSE Bug 1238511 for CVE-2024-58007",
"url": "https://bugzilla.suse.com/1238511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58007"
},
{
"cve": "CVE-2024-58009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc\n\nA NULL sock pointer is passed into l2cap_sock_alloc() when it is called\nfrom l2cap_sock_new_connection_cb() and the error handling paths should\nalso be aware of it.\n\nSeemingly a more elegant solution would be to swap bt_sock_alloc() and\nl2cap_chan_create() calls since they are not interdependent to that moment\nbut then l2cap_chan_create() adds the soon to be deallocated and still\ndummy-initialized channel to the global list accessible by many L2CAP\npaths. The channel would be removed from the list in short period of time\nbut be a bit more straight-forward here and just check for NULL instead of\nchanging the order of function calls.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58009",
"url": "https://www.suse.com/security/cve/CVE-2024-58009"
},
{
"category": "external",
"summary": "SUSE Bug 1238760 for CVE-2024-58009",
"url": "https://bugzilla.suse.com/1238760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58009"
},
{
"cve": "CVE-2024-58011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58011"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: int3472: Check for adev == NULL\n\nNot all devices have an ACPI companion fwnode, so adev might be NULL. This\ncan e.g. (theoretically) happen when a user manually binds one of\nthe int3472 drivers to another i2c/platform device through sysfs.\n\nAdd a check for adev not being set and return -ENODEV in that case to\navoid a possible NULL pointer deref in skl_int3472_get_acpi_buffer().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58011",
"url": "https://www.suse.com/security/cve/CVE-2024-58011"
},
{
"category": "external",
"summary": "SUSE Bug 1239080 for CVE-2024-58011",
"url": "https://bugzilla.suse.com/1239080"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58011"
},
{
"cve": "CVE-2024-58012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58012"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params\n\nEach cpu DAI should associate with a widget. However, the topology might\nnot create the right number of DAI widgets for aggregated amps. And it\nwill cause NULL pointer deference.\nCheck that the DAI widget associated with the CPU DAI is valid to prevent\nNULL pointer deference due to missing DAI widgets in topologies with\naggregated amps.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58012",
"url": "https://www.suse.com/security/cve/CVE-2024-58012"
},
{
"category": "external",
"summary": "SUSE Bug 1239104 for CVE-2024-58012",
"url": "https://bugzilla.suse.com/1239104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58012"
},
{
"cve": "CVE-2024-58013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync\n\nThis fixes the following crash:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543\nRead of size 8 at addr ffff88814128f898 by task kworker/u9:4/5961\n\nCPU: 1 UID: 0 PID: 5961 Comm: kworker/u9:4 Not tainted 6.12.0-syzkaller-10684-gf1cd565ce577 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543\n hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nAllocated by task 16026:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4314\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n mgmt_pending_new+0x65/0x250 net/bluetooth/mgmt_util.c:269\n mgmt_pending_add+0x36/0x120 net/bluetooth/mgmt_util.c:296\n remove_adv_monitor+0x102/0x1b0 net/bluetooth/mgmt.c:5568\n hci_mgmt_cmd+0xc47/0x11d0 net/bluetooth/hci_sock.c:1712\n hci_sock_sendmsg+0x7b8/0x11c0 net/bluetooth/hci_sock.c:1832\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:726\n sock_write_iter+0x2d7/0x3f0 net/socket.c:1147\n new_sync_write fs/read_write.c:586 [inline]\n vfs_write+0xaeb/0xd30 fs/read_write.c:679\n ksys_write+0x18f/0x2b0 fs/read_write.c:731\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 16022:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2338 [inline]\n slab_free mm/slub.c:4598 [inline]\n kfree+0x196/0x420 mm/slub.c:4746\n mgmt_pending_foreach+0xd1/0x130 net/bluetooth/mgmt_util.c:259\n __mgmt_power_off+0x183/0x430 net/bluetooth/mgmt.c:9550\n hci_dev_close_sync+0x6c4/0x11c0 net/bluetooth/hci_sync.c:5208\n hci_dev_do_close net/bluetooth/hci_core.c:483 [inline]\n hci_dev_close+0x112/0x210 net/bluetooth/hci_core.c:508\n sock_do_ioctl+0x158/0x460 net/socket.c:1209\n sock_ioctl+0x626/0x8e0 net/socket.c:1328\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58013",
"url": "https://www.suse.com/security/cve/CVE-2024-58013"
},
{
"category": "external",
"summary": "SUSE Bug 1239095 for CVE-2024-58013",
"url": "https://bugzilla.suse.com/1239095"
},
{
"category": "external",
"summary": "SUSE Bug 1239096 for CVE-2024-58013",
"url": "https://bugzilla.suse.com/1239096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2024-58013"
},
{
"cve": "CVE-2024-58014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58014"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()\n\nIn \u0027wlc_phy_iqcal_gainparams_nphy()\u0027, add gain range check to WARN()\ninstead of possible out-of-bounds \u0027tbl_iqcal_gainparams_nphy\u0027 access.\nCompile tested only.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58014",
"url": "https://www.suse.com/security/cve/CVE-2024-58014"
},
{
"category": "external",
"summary": "SUSE Bug 1239109 for CVE-2024-58014",
"url": "https://bugzilla.suse.com/1239109"
},
{
"category": "external",
"summary": "SUSE Bug 1239110 for CVE-2024-58014",
"url": "https://bugzilla.suse.com/1239110"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2024-58014"
},
{
"cve": "CVE-2024-58017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58017"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nprintk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX\n\nShifting 1 \u003c\u003c 31 on a 32-bit int causes signed integer overflow, which\nleads to undefined behavior. To prevent this, cast 1 to u32 before\nperforming the shift, ensuring well-defined behavior.\n\nThis change explicitly avoids any potential overflow by ensuring that\nthe shift occurs on an unsigned 32-bit integer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58017",
"url": "https://www.suse.com/security/cve/CVE-2024-58017"
},
{
"category": "external",
"summary": "SUSE Bug 1239112 for CVE-2024-58017",
"url": "https://bugzilla.suse.com/1239112"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58017"
},
{
"cve": "CVE-2024-58018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58018"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvkm: correctly calculate the available space of the GSP cmdq buffer\n\nr535_gsp_cmdq_push() waits for the available page in the GSP cmdq\nbuffer when handling a large RPC request. When it sees at least one\navailable page in the cmdq, it quits the waiting with the amount of\nfree buffer pages in the queue.\n\nUnfortunately, it always takes the [write pointer, buf_size) as\navailable buffer pages before rolling back and wrongly calculates the\nsize of the data should be copied. Thus, it can overwrite the RPC\nrequest that GSP is currently reading, which causes GSP hang due\nto corrupted RPC request:\n\n[ 549.209389] ------------[ cut here ]------------\n[ 549.214010] WARNING: CPU: 8 PID: 6314 at drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c:116 r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.225678] Modules linked in: nvkm(E+) gsp_log(E) snd_seq_dummy(E) snd_hrtimer(E) snd_seq(E) snd_timer(E) snd_seq_device(E) snd(E) soundcore(E) rfkill(E) qrtr(E) vfat(E) fat(E) ipmi_ssif(E) amd_atl(E) intel_rapl_msr(E) intel_rapl_common(E) mlx5_ib(E) amd64_edac(E) edac_mce_amd(E) kvm_amd(E) ib_uverbs(E) kvm(E) ib_core(E) acpi_ipmi(E) ipmi_si(E) mxm_wmi(E) ipmi_devintf(E) rapl(E) i2c_piix4(E) wmi_bmof(E) joydev(E) ptdma(E) acpi_cpufreq(E) k10temp(E) pcspkr(E) ipmi_msghandler(E) xfs(E) libcrc32c(E) ast(E) i2c_algo_bit(E) crct10dif_pclmul(E) drm_shmem_helper(E) nvme_tcp(E) crc32_pclmul(E) ahci(E) drm_kms_helper(E) libahci(E) nvme_fabrics(E) crc32c_intel(E) nvme(E) cdc_ether(E) mlx5_core(E) nvme_core(E) usbnet(E) drm(E) libata(E) ccp(E) ghash_clmulni_intel(E) mii(E) t10_pi(E) mlxfw(E) sp5100_tco(E) psample(E) pci_hyperv_intf(E) wmi(E) dm_multipath(E) sunrpc(E) dm_mirror(E) dm_region_hash(E) dm_log(E) dm_mod(E) be2iscsi(E) bnx2i(E) cnic(E) uio(E) cxgb4i(E) cxgb4(E) tls(E) libcxgbi(E) libcxgb(E) qla4xxx(E)\n[ 549.225752] iscsi_boot_sysfs(E) iscsi_tcp(E) libiscsi_tcp(E) libiscsi(E) scsi_transport_iscsi(E) fuse(E) [last unloaded: gsp_log(E)]\n[ 549.326293] CPU: 8 PID: 6314 Comm: insmod Tainted: G E 6.9.0-rc6+ #1\n[ 549.334039] Hardware name: ASRockRack 1U1G-MILAN/N/ROMED8-NL, BIOS L3.12E 09/06/2022\n[ 549.341781] RIP: 0010:r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.347343] Code: 08 00 00 89 da c1 e2 0c 48 8d ac 11 00 10 00 00 48 8b 0c 24 48 85 c9 74 1f c1 e0 0c 4c 8d 6d 30 83 e8 30 89 01 e9 68 ff ff ff \u003c0f\u003e 0b 49 c7 c5 92 ff ff ff e9 5a ff ff ff ba ff ff ff ff be c0 0c\n[ 549.366090] RSP: 0018:ffffacbccaaeb7d0 EFLAGS: 00010246\n[ 549.371315] RAX: 0000000000000000 RBX: 0000000000000012 RCX: 0000000000923e28\n[ 549.378451] RDX: 0000000000000000 RSI: 0000000055555554 RDI: ffffacbccaaeb730\n[ 549.385590] RBP: 0000000000000001 R08: ffff8bd14d235f70 R09: ffff8bd14d235f70\n[ 549.392721] R10: 0000000000000002 R11: ffff8bd14d233864 R12: 0000000000000020\n[ 549.399854] R13: ffffacbccaaeb818 R14: 0000000000000020 R15: ffff8bb298c67000\n[ 549.406988] FS: 00007f5179244740(0000) GS:ffff8bd14d200000(0000) knlGS:0000000000000000\n[ 549.415076] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 549.420829] CR2: 00007fa844000010 CR3: 00000001567dc005 CR4: 0000000000770ef0\n[ 549.427963] PKRU: 55555554\n[ 549.430672] Call Trace:\n[ 549.433126] \u003cTASK\u003e\n[ 549.435233] ? __warn+0x7f/0x130\n[ 549.438473] ? r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.443426] ? report_bug+0x18a/0x1a0\n[ 549.447098] ? handle_bug+0x3c/0x70\n[ 549.450589] ? exc_invalid_op+0x14/0x70\n[ 549.454430] ? asm_exc_invalid_op+0x16/0x20\n[ 549.458619] ? r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.463565] r535_gsp_msg_recv+0x46/0x230 [nvkm]\n[ 549.468257] r535_gsp_rpc_push+0x106/0x160 [nvkm]\n[ 549.473033] r535_gsp_rpc_rm_ctrl_push+0x40/0x130 [nvkm]\n[ 549.478422] nvidia_grid_init_vgpu_types+0xbc/0xe0 [nvkm]\n[ 549.483899] nvidia_grid_init+0xb1/0xd0 [nvkm]\n[ 549.488420] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 549.493213] nvkm_device_pci_probe+0x305/0x420 [nvkm]\n[ 549.498338] local_pci_probe+0x46/\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58018",
"url": "https://www.suse.com/security/cve/CVE-2024-58018"
},
{
"category": "external",
"summary": "SUSE Bug 1238990 for CVE-2024-58018",
"url": "https://bugzilla.suse.com/1238990"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58018"
},
{
"cve": "CVE-2024-58019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvkm/gsp: correctly advance the read pointer of GSP message queue\n\nA GSP event message consists three parts: message header, RPC header,\nmessage body. GSP calculates the number of pages to write from the\ntotal size of a GSP message. This behavior can be observed from the\nmovement of the write pointer.\n\nHowever, nvkm takes only the size of RPC header and message body as\nthe message size when advancing the read pointer. When handling a\ntwo-page GSP message in the non rollback case, It wrongly takes the\nmessage body of the previous message as the message header of the next\nmessage. As the \"message length\" tends to be zero, in the calculation of\nsize needs to be copied (0 - size of (message header)), the size needs to\nbe copied will be \"0xffffffxx\". It also triggers a kernel panic due to a\nNULL pointer error.\n\n[ 547.614102] msg: 00000f90: ff ff ff ff ff ff ff ff 40 d7 18 fb 8b 00 00 00 ........@.......\n[ 547.622533] msg: 00000fa0: 00 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 ................\n[ 547.630965] msg: 00000fb0: ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ................\n[ 547.639397] msg: 00000fc0: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................\n[ 547.647832] nvkm 0000:c1:00.0: gsp: peek msg rpc fn:0 len:0x0/0xffffffffffffffe0\n[ 547.655225] nvkm 0000:c1:00.0: gsp: get msg rpc fn:0 len:0x0/0xffffffffffffffe0\n[ 547.662532] BUG: kernel NULL pointer dereference, address: 0000000000000020\n[ 547.669485] #PF: supervisor read access in kernel mode\n[ 547.674624] #PF: error_code(0x0000) - not-present page\n[ 547.679755] PGD 0 P4D 0\n[ 547.682294] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 547.686643] CPU: 22 PID: 322 Comm: kworker/22:1 Tainted: G E 6.9.0-rc6+ #1\n[ 547.694893] Hardware name: ASRockRack 1U1G-MILAN/N/ROMED8-NL, BIOS L3.12E 09/06/2022\n[ 547.702626] Workqueue: events r535_gsp_msgq_work [nvkm]\n[ 547.707921] RIP: 0010:r535_gsp_msg_recv+0x87/0x230 [nvkm]\n[ 547.713375] Code: 00 8b 70 08 48 89 e1 31 d2 4c 89 f7 e8 12 f5 ff ff 48 89 c5 48 85 c0 0f 84 cf 00 00 00 48 81 fd 00 f0 ff ff 0f 87 c4 00 00 00 \u003c8b\u003e 55 10 41 8b 46 30 85 d2 0f 85 f6 00 00 00 83 f8 04 76 10 ba 05\n[ 547.732119] RSP: 0018:ffffabe440f87e10 EFLAGS: 00010203\n[ 547.737335] RAX: 0000000000000010 RBX: 0000000000000008 RCX: 000000000000003f\n[ 547.744461] RDX: 0000000000000000 RSI: ffffabe4480a8030 RDI: 0000000000000010\n[ 547.751585] RBP: 0000000000000010 R08: 0000000000000000 R09: ffffabe440f87bb0\n[ 547.758707] R10: ffffabe440f87dc8 R11: 0000000000000010 R12: 0000000000000000\n[ 547.765834] R13: 0000000000000000 R14: ffff9351df1e5000 R15: 0000000000000000\n[ 547.772958] FS: 0000000000000000(0000) GS:ffff93708eb00000(0000) knlGS:0000000000000000\n[ 547.781035] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 547.786771] CR2: 0000000000000020 CR3: 00000003cc220002 CR4: 0000000000770ef0\n[ 547.793896] PKRU: 55555554\n[ 547.796600] Call Trace:\n[ 547.799046] \u003cTASK\u003e\n[ 547.801152] ? __die+0x20/0x70\n[ 547.804211] ? page_fault_oops+0x75/0x170\n[ 547.808221] ? print_hex_dump+0x100/0x160\n[ 547.812226] ? exc_page_fault+0x64/0x150\n[ 547.816152] ? asm_exc_page_fault+0x22/0x30\n[ 547.820341] ? r535_gsp_msg_recv+0x87/0x230 [nvkm]\n[ 547.825184] r535_gsp_msgq_work+0x42/0x50 [nvkm]\n[ 547.829845] process_one_work+0x196/0x3d0\n[ 547.833861] worker_thread+0x2fc/0x410\n[ 547.837613] ? __pfx_worker_thread+0x10/0x10\n[ 547.841885] kthread+0xdf/0x110\n[ 547.845031] ? __pfx_kthread+0x10/0x10\n[ 547.848775] ret_from_fork+0x30/0x50\n[ 547.852354] ? __pfx_kthread+0x10/0x10\n[ 547.856097] ret_from_fork_asm+0x1a/0x30\n[ 547.860019] \u003c/TASK\u003e\n[ 547.862208] Modules linked in: nvkm(E) gsp_log(E) snd_seq_dummy(E) snd_hrtimer(E) snd_seq(E) snd_timer(E) snd_seq_device(E) snd(E) soundcore(E) rfkill(E) qrtr(E) vfat(E) fat(E) ipmi_ssif(E) amd_atl(E) intel_rapl_msr(E) intel_rapl_common(E) amd64_edac(E) mlx5_ib(E) edac_mce_amd(E) kvm_amd\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58019",
"url": "https://www.suse.com/security/cve/CVE-2024-58019"
},
{
"category": "external",
"summary": "SUSE Bug 1238997 for CVE-2024-58019",
"url": "https://bugzilla.suse.com/1238997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58019"
},
{
"cve": "CVE-2024-58020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: multitouch: Add NULL check in mt_input_configured\n\ndevm_kasprintf() can return a NULL pointer on failure,but this\nreturned value in mt_input_configured() is not checked.\nAdd NULL check in mt_input_configured(), to handle kernel NULL\npointer dereference error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58020",
"url": "https://www.suse.com/security/cve/CVE-2024-58020"
},
{
"category": "external",
"summary": "SUSE Bug 1239346 for CVE-2024-58020",
"url": "https://bugzilla.suse.com/1239346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58020"
},
{
"cve": "CVE-2024-58034",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58034"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()\n\nAs of_find_node_by_name() release the reference of the argument device\nnode, tegra_emc_find_node_by_ram_code() releases some device nodes while\nstill in use, resulting in possible UAFs. According to the bindings and\nthe in-tree DTS files, the \"emc-tables\" node is always device\u0027s child\nnode with the property \"nvidia,use-ram-code\", and the \"lpddr2\" node is a\nchild of the \"emc-tables\" node. Thus utilize the\nfor_each_child_of_node() macro and of_get_child_by_name() instead of\nof_find_node_by_name() to simplify the code.\n\nThis bug was found by an experimental verification tool that I am\ndeveloping.\n\n[krzysztof: applied v1, adjust the commit msg to incorporate v2 parts]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58034",
"url": "https://www.suse.com/security/cve/CVE-2024-58034"
},
{
"category": "external",
"summary": "SUSE Bug 1238773 for CVE-2024-58034",
"url": "https://bugzilla.suse.com/1238773"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58034"
},
{
"cve": "CVE-2024-58051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi: ipmb: Add check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this\nreturned value is not checked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58051",
"url": "https://www.suse.com/security/cve/CVE-2024-58051"
},
{
"category": "external",
"summary": "SUSE Bug 1238963 for CVE-2024-58051",
"url": "https://bugzilla.suse.com/1238963"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58051"
},
{
"cve": "CVE-2024-58052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table\n\nThe function atomctrl_get_smc_sclk_range_table() does not check the return\nvalue of smu_atom_get_data_table(). If smu_atom_get_data_table() fails to\nretrieve SMU_Info table, it returns NULL which is later dereferenced.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\nIn practice this should never happen as this code only gets called\non polaris chips and the vbios data table will always be present on\nthose chips.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58052",
"url": "https://www.suse.com/security/cve/CVE-2024-58052"
},
{
"category": "external",
"summary": "SUSE Bug 1238986 for CVE-2024-58052",
"url": "https://bugzilla.suse.com/1238986"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58052"
},
{
"cve": "CVE-2024-58054",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58054"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: media: max96712: fix kernel oops when removing module\n\nThe following kernel oops is thrown when trying to remove the max96712\nmodule:\n\nUnable to handle kernel paging request at virtual address 00007375746174db\nMem abort info:\n ESR = 0x0000000096000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=000000010af89000\n[00007375746174db] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 0000000096000004 [#1] PREEMPT SMP\nModules linked in: crct10dif_ce polyval_ce mxc_jpeg_encdec flexcan\n snd_soc_fsl_sai snd_soc_fsl_asoc_card snd_soc_fsl_micfil dwc_mipi_csi2\n imx_csi_formatter polyval_generic v4l2_jpeg imx_pcm_dma can_dev\n snd_soc_imx_audmux snd_soc_wm8962 snd_soc_imx_card snd_soc_fsl_utils\n max96712(C-) rpmsg_ctrl rpmsg_char pwm_fan fuse\n [last unloaded: imx8_isi]\nCPU: 0 UID: 0 PID: 754 Comm: rmmod\n\t Tainted: G C 6.12.0-rc6-06364-g327fec852c31 #17\nTainted: [C]=CRAP\nHardware name: NXP i.MX95 19X19 board (DT)\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : led_put+0x1c/0x40\nlr : v4l2_subdev_put_privacy_led+0x48/0x58\nsp : ffff80008699bbb0\nx29: ffff80008699bbb0 x28: ffff00008ac233c0 x27: 0000000000000000\nx26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\nx23: ffff000080cf1170 x22: ffff00008b53bd00 x21: ffff8000822ad1c8\nx20: ffff000080ff5c00 x19: ffff00008b53be40 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000004 x13: ffff0000800f8010 x12: 0000000000000000\nx11: ffff000082acf5c0 x10: ffff000082acf478 x9 : ffff0000800f8010\nx8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff6364626d\nx5 : 8080808000000000 x4 : 0000000000000020 x3 : 00000000553a3dc1\nx2 : ffff00008ac233c0 x1 : ffff00008ac233c0 x0 : ff00737574617473\nCall trace:\n led_put+0x1c/0x40\n v4l2_subdev_put_privacy_led+0x48/0x58\n v4l2_async_unregister_subdev+0x2c/0x1a4\n max96712_remove+0x1c/0x38 [max96712]\n i2c_device_remove+0x2c/0x9c\n device_remove+0x4c/0x80\n device_release_driver_internal+0x1cc/0x228\n driver_detach+0x4c/0x98\n bus_remove_driver+0x6c/0xbc\n driver_unregister+0x30/0x60\n i2c_del_driver+0x54/0x64\n max96712_i2c_driver_exit+0x18/0x1d0 [max96712]\n __arm64_sys_delete_module+0x1a4/0x290\n invoke_syscall+0x48/0x10c\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0xd8\n el0t_64_sync_handler+0x120/0x12c\n el0t_64_sync+0x190/0x194\nCode: f9000bf3 aa0003f3 f9402800 f9402000 (f9403400)\n---[ end trace 0000000000000000 ]---\n\nThis happens because in v4l2_i2c_subdev_init(), the i2c_set_cliendata()\nis called again and the data is overwritten to point to sd, instead of\npriv. So, in remove(), the wrong pointer is passed to\nv4l2_async_unregister_subdev(), leading to a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58054",
"url": "https://www.suse.com/security/cve/CVE-2024-58054"
},
{
"category": "external",
"summary": "SUSE Bug 1238975 for CVE-2024-58054",
"url": "https://bugzilla.suse.com/1238975"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58054"
},
{
"cve": "CVE-2024-58055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_tcm: Don\u0027t free command immediately\n\nDon\u0027t prematurely free the command. Wait for the status completion of\nthe sense status. It can be freed then. Otherwise we will double-free\nthe command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58055",
"url": "https://www.suse.com/security/cve/CVE-2024-58055"
},
{
"category": "external",
"summary": "SUSE Bug 1238959 for CVE-2024-58055",
"url": "https://bugzilla.suse.com/1238959"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58055"
},
{
"cve": "CVE-2024-58056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: core: Fix ida_free call while not allocated\n\nIn the rproc_alloc() function, on error, put_device(\u0026rproc-\u003edev) is\ncalled, leading to the call of the rproc_type_release() function.\nAn error can occurs before ida_alloc is called.\n\nIn such case in rproc_type_release(), the condition (rproc-\u003eindex \u003e= 0) is\ntrue as rproc-\u003eindex has been initialized to 0.\nida_free() is called reporting a warning:\n[ 4.181906] WARNING: CPU: 1 PID: 24 at lib/idr.c:525 ida_free+0x100/0x164\n[ 4.186378] stm32-display-dsi 5a000000.dsi: Fixed dependency cycle(s) with /soc/dsi@5a000000/panel@0\n[ 4.188854] ida_free called for id=0 which is not allocated.\n[ 4.198256] mipi-dsi 5a000000.dsi.0: Fixed dependency cycle(s) with /soc/dsi@5a000000\n[ 4.203556] Modules linked in: panel_orisetech_otm8009a dw_mipi_dsi_stm(+) gpu_sched dw_mipi_dsi stm32_rproc stm32_crc32 stm32_ipcc(+) optee(+)\n[ 4.224307] CPU: 1 UID: 0 PID: 24 Comm: kworker/u10:0 Not tainted 6.12.0 #442\n[ 4.231481] Hardware name: STM32 (Device Tree Support)\n[ 4.236627] Workqueue: events_unbound deferred_probe_work_func\n[ 4.242504] Call trace:\n[ 4.242522] unwind_backtrace from show_stack+0x10/0x14\n[ 4.250218] show_stack from dump_stack_lvl+0x50/0x64\n[ 4.255274] dump_stack_lvl from __warn+0x80/0x12c\n[ 4.260134] __warn from warn_slowpath_fmt+0x114/0x188\n[ 4.265199] warn_slowpath_fmt from ida_free+0x100/0x164\n[ 4.270565] ida_free from rproc_type_release+0x38/0x60\n[ 4.275832] rproc_type_release from device_release+0x30/0xa0\n[ 4.281601] device_release from kobject_put+0xc4/0x294\n[ 4.286762] kobject_put from rproc_alloc.part.0+0x208/0x28c\n[ 4.292430] rproc_alloc.part.0 from devm_rproc_alloc+0x80/0xc4\n[ 4.298393] devm_rproc_alloc from stm32_rproc_probe+0xd0/0x844 [stm32_rproc]\n[ 4.305575] stm32_rproc_probe [stm32_rproc] from platform_probe+0x5c/0xbc\n\nCalling ida_alloc earlier in rproc_alloc ensures that the rproc-\u003eindex is\nproperly set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58056",
"url": "https://www.suse.com/security/cve/CVE-2024-58056"
},
{
"category": "external",
"summary": "SUSE Bug 1238981 for CVE-2024-58056",
"url": "https://bugzilla.suse.com/1238981"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58056"
},
{
"cve": "CVE-2024-58057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: convert workqueues to unbound\n\nWhen a workqueue is created with `WQ_UNBOUND`, its work items are\nserved by special worker-pools, whose host workers are not bound to\nany specific CPU. In the default configuration (i.e. when\n`queue_delayed_work` and friends do not specify which CPU to run the\nwork item on), `WQ_UNBOUND` allows the work item to be executed on any\nCPU in the same node of the CPU it was enqueued on. While this\nsolution potentially sacrifices locality, it avoids contention with\nother processes that might dominate the CPU time of the processor the\nwork item was scheduled on.\n\nThis is not just a theoretical problem: in a particular scenario\nmisconfigured process was hogging most of the time from CPU0, leaving\nless than 0.5% of its CPU time to the kworker. The IDPF workqueues\nthat were using the kworker on CPU0 suffered large completion delays\nas a result, causing performance degradation, timeouts and eventual\nsystem crash.\n\n\n* I have also run a manual test to gauge the performance\n improvement. The test consists of an antagonist process\n (`./stress --cpu 2`) consuming as much of CPU 0 as possible. This\n process is run under `taskset 01` to bind it to CPU0, and its\n priority is changed with `chrt -pQ 9900 10000 ${pid}` and\n `renice -n -20 ${pid}` after start.\n\n Then, the IDPF driver is forced to prefer CPU0 by editing all calls\n to `queue_delayed_work`, `mod_delayed_work`, etc... to use CPU 0.\n\n Finally, `ktraces` for the workqueue events are collected.\n\n Without the current patch, the antagonist process can force\n arbitrary delays between `workqueue_queue_work` and\n `workqueue_execute_start`, that in my tests were as high as\n `30ms`. With the current patch applied, the workqueue can be\n migrated to another unloaded CPU in the same node, and, keeping\n everything else equal, the maximum delay I could see was `6us`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58057",
"url": "https://www.suse.com/security/cve/CVE-2024-58057"
},
{
"category": "external",
"summary": "SUSE Bug 1238969 for CVE-2024-58057",
"url": "https://bugzilla.suse.com/1238969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58057"
},
{
"cve": "CVE-2024-58058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: skip dumping tnc tree when zroot is null\n\nClearing slab cache will free all znode in memory and make\nc-\u003ezroot.znode = NULL, then dumping tnc tree will access\nc-\u003ezroot.znode which cause null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58058",
"url": "https://www.suse.com/security/cve/CVE-2024-58058"
},
{
"category": "external",
"summary": "SUSE Bug 1238979 for CVE-2024-58058",
"url": "https://bugzilla.suse.com/1238979"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58058"
},
{
"cve": "CVE-2024-58061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: prohibit deactivating all links\n\nIn the internal API this calls this is a WARN_ON, but that\nshould remain since internally we want to know about bugs\nthat may cause this. Prevent deactivating all links in the\ndebugfs write directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58061",
"url": "https://www.suse.com/security/cve/CVE-2024-58061"
},
{
"category": "external",
"summary": "SUSE Bug 1238973 for CVE-2024-58061",
"url": "https://bugzilla.suse.com/1238973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58061"
},
{
"cve": "CVE-2024-58063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: fix memory leaks and invalid access at probe error path\n\nDeinitialize at reverse order when probe fails.\n\nWhen init_sw_vars fails, rtl_deinit_core should not be called, specially\nnow that it destroys the rtl_wq workqueue.\n\nAnd call rtl_pci_deinit and deinit_sw_vars, otherwise, memory will be\nleaked.\n\nRemove pci_set_drvdata call as it will already be cleaned up by the core\ndriver code and could lead to memory leaks too. cf. commit 8d450935ae7f\n(\"wireless: rtlwifi: remove unnecessary pci_set_drvdata()\") and\ncommit 3d86b93064c7 (\"rtlwifi: Fix PCI probe error path orphaned memory\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58063",
"url": "https://www.suse.com/security/cve/CVE-2024-58063"
},
{
"category": "external",
"summary": "SUSE Bug 1238984 for CVE-2024-58063",
"url": "https://bugzilla.suse.com/1238984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58063"
},
{
"cve": "CVE-2024-58068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58068"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nOPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized\n\nIf a driver calls dev_pm_opp_find_bw_ceil/floor() the retrieve bandwidth\nfrom the OPP table but the bandwidth table was not created because the\ninterconnect properties were missing in the OPP consumer node, the\nkernel will crash with:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000004\n...\npc : _read_bw+0x8/0x10\nlr : _opp_table_find_key+0x9c/0x174\n...\nCall trace:\n _read_bw+0x8/0x10 (P)\n _opp_table_find_key+0x9c/0x174 (L)\n _find_key+0x98/0x168\n dev_pm_opp_find_bw_ceil+0x50/0x88\n...\n\nIn order to fix the crash, create an assert function to check\nif the bandwidth table was created before trying to get a\nbandwidth with _read_bw().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58068",
"url": "https://www.suse.com/security/cve/CVE-2024-58068"
},
{
"category": "external",
"summary": "SUSE Bug 1238961 for CVE-2024-58068",
"url": "https://bugzilla.suse.com/1238961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58068"
},
{
"cve": "CVE-2024-58069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58069"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read\n\nThe nvmem interface supports variable buffer sizes, while the regmap\ninterface operates with fixed-size storage. If an nvmem client uses a\nbuffer size less than 4 bytes, regmap_read will write out of bounds\nas it expects the buffer to point at an unsigned int.\n\nFix this by using an intermediary unsigned int to hold the value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58069",
"url": "https://www.suse.com/security/cve/CVE-2024-58069"
},
{
"category": "external",
"summary": "SUSE Bug 1238978 for CVE-2024-58069",
"url": "https://bugzilla.suse.com/1238978"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58069"
},
{
"cve": "CVE-2024-58070",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58070"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT\n\nIn PREEMPT_RT, kmalloc(GFP_ATOMIC) is still not safe in non preemptible\ncontext. bpf_mem_alloc must be used in PREEMPT_RT. This patch is\nto enforce bpf_mem_alloc in the bpf_local_storage when CONFIG_PREEMPT_RT\nis enabled.\n\n[ 35.118559] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n[ 35.118566] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1832, name: test_progs\n[ 35.118569] preempt_count: 1, expected: 0\n[ 35.118571] RCU nest depth: 1, expected: 1\n[ 35.118577] INFO: lockdep is turned off.\n ...\n[ 35.118647] __might_resched+0x433/0x5b0\n[ 35.118677] rt_spin_lock+0xc3/0x290\n[ 35.118700] ___slab_alloc+0x72/0xc40\n[ 35.118723] __kmalloc_noprof+0x13f/0x4e0\n[ 35.118732] bpf_map_kzalloc+0xe5/0x220\n[ 35.118740] bpf_selem_alloc+0x1d2/0x7b0\n[ 35.118755] bpf_local_storage_update+0x2fa/0x8b0\n[ 35.118784] bpf_sk_storage_get_tracing+0x15a/0x1d0\n[ 35.118791] bpf_prog_9a118d86fca78ebb_trace_inet_sock_set_state+0x44/0x66\n[ 35.118795] bpf_trace_run3+0x222/0x400\n[ 35.118820] __bpf_trace_inet_sock_set_state+0x11/0x20\n[ 35.118824] trace_inet_sock_set_state+0x112/0x130\n[ 35.118830] inet_sk_state_store+0x41/0x90\n[ 35.118836] tcp_set_state+0x3b3/0x640\n\nThere is no need to adjust the gfp_flags passing to the\nbpf_mem_cache_alloc_flags() which only honors the GFP_KERNEL.\nThe verifier has ensured GFP_KERNEL is passed only in sleepable context.\n\nIt has been an old issue since the first introduction of the\nbpf_local_storage ~5 years ago, so this patch targets the bpf-next.\n\nbpf_mem_alloc is needed to solve it, so the Fixes tag is set\nto the commit when bpf_mem_alloc was first used in the bpf_local_storage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58070",
"url": "https://www.suse.com/security/cve/CVE-2024-58070"
},
{
"category": "external",
"summary": "SUSE Bug 1238983 for CVE-2024-58070",
"url": "https://bugzilla.suse.com/1238983"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58070"
},
{
"cve": "CVE-2024-58071",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58071"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nteam: prevent adding a device which is already a team device lower\n\nPrevent adding a device which is already a team device lower,\ne.g. adding veth0 if vlan1 was already added and veth0 is a lower of\nvlan1.\n\nThis is not useful in practice and can lead to recursive locking:\n\n$ ip link add veth0 type veth peer name veth1\n$ ip link set veth0 up\n$ ip link set veth1 up\n$ ip link add link veth0 name veth0.1 type vlan protocol 802.1Q id 1\n$ ip link add team0 type team\n$ ip link set veth0.1 down\n$ ip link set veth0.1 master team0\nteam0: Port device veth0.1 added\n$ ip link set veth0 down\n$ ip link set veth0 master team0\n\n============================================\nWARNING: possible recursive locking detected\n6.13.0-rc2-virtme-00441-ga14a429069bb #46 Not tainted\n--------------------------------------------\nip/7684 is trying to acquire lock:\nffff888016848e00 (team-\u003eteam_lock_key){+.+.}-{4:4}, at: team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n\nbut task is already holding lock:\nffff888016848e00 (team-\u003eteam_lock_key){+.+.}-{4:4}, at: team_add_slave (drivers/net/team/team_core.c:1147 drivers/net/team/team_core.c:1977)\n\nother info that might help us debug this:\nPossible unsafe locking scenario:\n\nCPU0\n----\nlock(team-\u003eteam_lock_key);\nlock(team-\u003eteam_lock_key);\n\n*** DEADLOCK ***\n\nMay be due to missing lock nesting notation\n\n2 locks held by ip/7684:\n\nstack backtrace:\nCPU: 3 UID: 0 PID: 7684 Comm: ip Not tainted 6.13.0-rc2-virtme-00441-ga14a429069bb #46\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl (lib/dump_stack.c:122)\nprint_deadlock_bug.cold (kernel/locking/lockdep.c:3040)\n__lock_acquire (kernel/locking/lockdep.c:3893 kernel/locking/lockdep.c:5226)\n? netlink_broadcast_filtered (net/netlink/af_netlink.c:1548)\nlock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 2))\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n? lock_acquire (kernel/locking/lockdep.c:5822)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n__mutex_lock (kernel/locking/mutex.c:587 kernel/locking/mutex.c:735)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n? fib_sync_up (net/ipv4/fib_semantics.c:2167)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\nteam_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\nnotifier_call_chain (kernel/notifier.c:85)\ncall_netdevice_notifiers_info (net/core/dev.c:1996)\n__dev_notify_flags (net/core/dev.c:8993)\n? __dev_change_flags (net/core/dev.c:8975)\ndev_change_flags (net/core/dev.c:9027)\nvlan_device_event (net/8021q/vlan.c:85 net/8021q/vlan.c:470)\n? br_device_event (net/bridge/br.c:143)\nnotifier_call_chain (kernel/notifier.c:85)\ncall_netdevice_notifiers_info (net/core/dev.c:1996)\ndev_open (net/core/dev.c:1519 net/core/dev.c:1505)\nteam_add_slave (drivers/net/team/team_core.c:1219 drivers/net/team/team_core.c:1977)\n? __pfx_team_add_slave (drivers/net/team/team_core.c:1972)\ndo_set_master (net/core/rtnetlink.c:2917)\ndo_setlink.isra.0 (net/core/rtnetlink.c:3117)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58071",
"url": "https://www.suse.com/security/cve/CVE-2024-58071"
},
{
"category": "external",
"summary": "SUSE Bug 1238970 for CVE-2024-58071",
"url": "https://bugzilla.suse.com/1238970"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58071"
},
{
"cve": "CVE-2024-58072",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58072"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: remove unused check_buddy_priv\n\nCommit 2461c7d60f9f (\"rtlwifi: Update header file\") introduced a global\nlist of private data structures.\n\nLater on, commit 26634c4b1868 (\"rtlwifi Modify existing bits to match\nvendor version 2013.02.07\") started adding the private data to that list at\nprobe time and added a hook, check_buddy_priv to find the private data from\na similar device.\n\nHowever, that function was never used.\n\nBesides, though there is a lock for that list, it is never used. And when\nthe probe fails, the private data is never removed from the list. This\nwould cause a second probe to access freed memory.\n\nRemove the unused hook, structures and members, which will prevent the\npotential race condition on the list and its corruption during a second\nprobe when probe fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58072",
"url": "https://www.suse.com/security/cve/CVE-2024-58072"
},
{
"category": "external",
"summary": "SUSE Bug 1238964 for CVE-2024-58072",
"url": "https://bugzilla.suse.com/1238964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58072"
},
{
"cve": "CVE-2024-58076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: gcc-sm6350: Add missing parent_map for two clocks\n\nIf a clk_rcg2 has a parent, it should also have parent_map defined,\notherwise we\u0027ll get a NULL pointer dereference when calling clk_set_rate\nlike the following:\n\n [ 3.388105] Call trace:\n [ 3.390664] qcom_find_src_index+0x3c/0x70 (P)\n [ 3.395301] qcom_find_src_index+0x1c/0x70 (L)\n [ 3.399934] _freq_tbl_determine_rate+0x48/0x100\n [ 3.404753] clk_rcg2_determine_rate+0x1c/0x28\n [ 3.409387] clk_core_determine_round_nolock+0x58/0xe4\n [ 3.421414] clk_core_round_rate_nolock+0x48/0xfc\n [ 3.432974] clk_core_round_rate_nolock+0xd0/0xfc\n [ 3.444483] clk_core_set_rate_nolock+0x8c/0x300\n [ 3.455886] clk_set_rate+0x38/0x14c\n\nAdd the parent_map property for two clocks where it\u0027s missing and also\nun-inline the parent_data as well to keep the matching parent_map and\nparent_data together.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58076",
"url": "https://www.suse.com/security/cve/CVE-2024-58076"
},
{
"category": "external",
"summary": "SUSE Bug 1239037 for CVE-2024-58076",
"url": "https://bugzilla.suse.com/1239037"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58076"
},
{
"cve": "CVE-2024-58078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors\n\nmisc_minor_alloc was allocating id using ida for minor only in case of\nMISC_DYNAMIC_MINOR but misc_minor_free was always freeing ids\nusing ida_free causing a mismatch and following warn:\n\u003e \u003e WARNING: CPU: 0 PID: 159 at lib/idr.c:525 ida_free+0x3e0/0x41f\n\u003e \u003e ida_free called for id=127 which is not allocated.\n\u003e \u003e \u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\n...\n\u003e \u003e [\u003c60941eb4\u003e] ida_free+0x3e0/0x41f\n\u003e \u003e [\u003c605ac993\u003e] misc_minor_free+0x3e/0xbc\n\u003e \u003e [\u003c605acb82\u003e] misc_deregister+0x171/0x1b3\n\nmisc_minor_alloc is changed to allocate id from ida for all minors\nfalling in the range of dynamic/ misc dynamic minors",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58078",
"url": "https://www.suse.com/security/cve/CVE-2024-58078"
},
{
"category": "external",
"summary": "SUSE Bug 1239034 for CVE-2024-58078",
"url": "https://bugzilla.suse.com/1239034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58078"
},
{
"cve": "CVE-2024-58079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix crash during unbind if gpio unit is in use\n\nWe used the wrong device for the device managed functions. We used the\nusb device, when we should be using the interface device.\n\nIf we unbind the driver from the usb interface, the cleanup functions\nare never called. In our case, the IRQ is never disabled.\n\nIf an IRQ is triggered, it will try to access memory sections that are\nalready free, causing an OOPS.\n\nWe cannot use the function devm_request_threaded_irq here. The devm_*\nclean functions may be called after the main structure is released by\nuvc_delete.\n\nLuckily this bug has small impact, as it is only affected by devices\nwith gpio units and the user has to unbind the device, a disconnect will\nnot trigger this error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58079",
"url": "https://www.suse.com/security/cve/CVE-2024-58079"
},
{
"category": "external",
"summary": "SUSE Bug 1239029 for CVE-2024-58079",
"url": "https://bugzilla.suse.com/1239029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58079"
},
{
"cve": "CVE-2024-58080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: dispcc-sm6350: Add missing parent_map for a clock\n\nIf a clk_rcg2 has a parent, it should also have parent_map defined,\notherwise we\u0027ll get a NULL pointer dereference when calling clk_set_rate\nlike the following:\n\n [ 3.388105] Call trace:\n [ 3.390664] qcom_find_src_index+0x3c/0x70 (P)\n [ 3.395301] qcom_find_src_index+0x1c/0x70 (L)\n [ 3.399934] _freq_tbl_determine_rate+0x48/0x100\n [ 3.404753] clk_rcg2_determine_rate+0x1c/0x28\n [ 3.409387] clk_core_determine_round_nolock+0x58/0xe4\n [ 3.421414] clk_core_round_rate_nolock+0x48/0xfc\n [ 3.432974] clk_core_round_rate_nolock+0xd0/0xfc\n [ 3.444483] clk_core_set_rate_nolock+0x8c/0x300\n [ 3.455886] clk_set_rate+0x38/0x14c\n\nAdd the parent_map property for the clock where it\u0027s missing and also\nun-inline the parent_data as well to keep the matching parent_map and\nparent_data together.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58080",
"url": "https://www.suse.com/security/cve/CVE-2024-58080"
},
{
"category": "external",
"summary": "SUSE Bug 1239027 for CVE-2024-58080",
"url": "https://bugzilla.suse.com/1239027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58080"
},
{
"cve": "CVE-2024-58083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58083"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Explicitly verify target vCPU is online in kvm_get_vcpu()\n\nExplicitly verify the target vCPU is fully online _prior_ to clamping the\nindex in kvm_get_vcpu(). If the index is \"bad\", the nospec clamping will\ngenerate \u00270\u0027, i.e. KVM will return vCPU0 instead of NULL.\n\nIn practice, the bug is unlikely to cause problems, as it will only come\ninto play if userspace or the guest is buggy or misbehaving, e.g. KVM may\nsend interrupts to vCPU0 instead of dropping them on the floor.\n\nHowever, returning vCPU0 when it shouldn\u0027t exist per online_vcpus is\nproblematic now that KVM uses an xarray for the vCPUs array, as KVM needs\nto insert into the xarray before publishing the vCPU to userspace (see\ncommit c5b077549136 (\"KVM: Convert the kvm-\u003evcpus array to a xarray\")),\ni.e. before vCPU creation is guaranteed to succeed.\n\nAs a result, incorrectly providing access to vCPU0 will trigger a\nuse-after-free if vCPU0 is dereferenced and kvm_vm_ioctl_create_vcpu()\nbails out of vCPU creation due to an error and frees vCPU0. Commit\nafb2acb2e3a3 (\"KVM: Fix vcpu_array[0] races\") papered over that issue, but\nin doing so introduced an unsolvable teardown conundrum. Preventing\naccesses to vCPU0 before it\u0027s fully online will allow reverting commit\nafb2acb2e3a3, without re-introducing the vcpu_array[0] UAF race.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58083",
"url": "https://www.suse.com/security/cve/CVE-2024-58083"
},
{
"category": "external",
"summary": "SUSE Bug 1239036 for CVE-2024-58083",
"url": "https://bugzilla.suse.com/1239036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58083"
},
{
"cve": "CVE-2024-58085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntomoyo: don\u0027t emit warning in tomoyo_write_control()\n\nsyzbot is reporting too large allocation warning at tomoyo_write_control(),\nfor one can write a very very long line without new line character. To fix\nthis warning, I use __GFP_NOWARN rather than checking for KMALLOC_MAX_SIZE,\nfor practically a valid line should be always shorter than 32KB where the\n\"too small to fail\" memory-allocation rule applies.\n\nOne might try to write a valid line that is longer than 32KB, but such\nrequest will likely fail with -ENOMEM. Therefore, I feel that separately\nreturning -EINVAL when a line is longer than KMALLOC_MAX_SIZE is redundant.\nThere is no need to distinguish over-32KB and over-KMALLOC_MAX_SIZE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58085",
"url": "https://www.suse.com/security/cve/CVE-2024-58085"
},
{
"category": "external",
"summary": "SUSE Bug 1239085 for CVE-2024-58085",
"url": "https://bugzilla.suse.com/1239085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58085"
},
{
"cve": "CVE-2024-58086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58086"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Stop active perfmon if it is being destroyed\n\nIf the active performance monitor (`v3d-\u003eactive_perfmon`) is being\ndestroyed, stop it first. Currently, the active perfmon is not\nstopped during destruction, leaving the `v3d-\u003eactive_perfmon` pointer\nstale. This can lead to undefined behavior and instability.\n\nThis patch ensures that the active perfmon is stopped before being\ndestroyed, aligning with the behavior introduced in commit\n7d1fd3638ee3 (\"drm/v3d: Stop the active perfmon before being destroyed\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58086",
"url": "https://www.suse.com/security/cve/CVE-2024-58086"
},
{
"category": "external",
"summary": "SUSE Bug 1239038 for CVE-2024-58086",
"url": "https://bugzilla.suse.com/1239038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58086"
},
{
"cve": "CVE-2024-58088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix deadlock when freeing cgroup storage\n\nThe following commit\nbc235cdb423a (\"bpf: Prevent deadlock from recursive bpf_task_storage_[get|delete]\")\nfirst introduced deadlock prevention for fentry/fexit programs attaching\non bpf_task_storage helpers. That commit also employed the logic in map\nfree path in its v6 version.\n\nLater bpf_cgrp_storage was first introduced in\nc4bcfb38a95e (\"bpf: Implement cgroup storage available to non-cgroup-attached bpf progs\")\nwhich faces the same issue as bpf_task_storage, instead of its busy\ncounter, NULL was passed to bpf_local_storage_map_free() which opened\na window to cause deadlock:\n\n\t\u003cTASK\u003e\n\t\t(acquiring local_storage-\u003elock)\n\t_raw_spin_lock_irqsave+0x3d/0x50\n\tbpf_local_storage_update+0xd1/0x460\n\tbpf_cgrp_storage_get+0x109/0x130\n\tbpf_prog_a4d4a370ba857314_cgrp_ptr+0x139/0x170\n\t? __bpf_prog_enter_recur+0x16/0x80\n\tbpf_trampoline_6442485186+0x43/0xa4\n\tcgroup_storage_ptr+0x9/0x20\n\t\t(holding local_storage-\u003elock)\n\tbpf_selem_unlink_storage_nolock.constprop.0+0x135/0x160\n\tbpf_selem_unlink_storage+0x6f/0x110\n\tbpf_local_storage_map_free+0xa2/0x110\n\tbpf_map_free_deferred+0x5b/0x90\n\tprocess_one_work+0x17c/0x390\n\tworker_thread+0x251/0x360\n\tkthread+0xd2/0x100\n\tret_from_fork+0x34/0x50\n\tret_from_fork_asm+0x1a/0x30\n\t\u003c/TASK\u003e\n\nProgs:\n - A: SEC(\"fentry/cgroup_storage_ptr\")\n - cgid (BPF_MAP_TYPE_HASH)\n\tRecord the id of the cgroup the current task belonging\n\tto in this hash map, using the address of the cgroup\n\tas the map key.\n - cgrpa (BPF_MAP_TYPE_CGRP_STORAGE)\n\tIf current task is a kworker, lookup the above hash\n\tmap using function parameter @owner as the key to get\n\tits corresponding cgroup id which is then used to get\n\ta trusted pointer to the cgroup through\n\tbpf_cgroup_from_id(). This trusted pointer can then\n\tbe passed to bpf_cgrp_storage_get() to finally trigger\n\tthe deadlock issue.\n - B: SEC(\"tp_btf/sys_enter\")\n - cgrpb (BPF_MAP_TYPE_CGRP_STORAGE)\n\tThe only purpose of this prog is to fill Prog A\u0027s\n\thash map by calling bpf_cgrp_storage_get() for as\n\tmany userspace tasks as possible.\n\nSteps to reproduce:\n - Run A;\n - while (true) { Run B; Destroy B; }\n\nFix this issue by passing its busy counter to the free procedure so\nit can be properly incremented before storage/smap locking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58088",
"url": "https://www.suse.com/security/cve/CVE-2024-58088"
},
{
"category": "external",
"summary": "SUSE Bug 1239510 for CVE-2024-58088",
"url": "https://bugzilla.suse.com/1239510"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58088"
},
{
"cve": "CVE-2024-58093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58093"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/ASPM: Fix link state exit during switch upstream function removal\n\nBefore 456d8aa37d0f (\"PCI/ASPM: Disable ASPM on MFD function removal to\navoid use-after-free\"), we would free the ASPM link only after the last\nfunction on the bus pertaining to the given link was removed.\n\nThat was too late. If function 0 is removed before sibling function,\nlink-\u003edownstream would point to free\u0027d memory after.\n\nAfter above change, we freed the ASPM parent link state upon any function\nremoval on the bus pertaining to a given link.\n\nThat is too early. If the link is to a PCIe switch with MFD on the upstream\nport, then removing functions other than 0 first would free a link which\nstill remains parent_link to the remaining downstream ports.\n\nThe resulting GPFs are especially frequent during hot-unplug, because\npciehp removes devices on the link bus in reverse order.\n\nOn that switch, function 0 is the virtual P2P bridge to the internal bus.\nFree exactly when function 0 is removed -- before the parent link is\nobsolete, but after all subordinate links are gone.\n\n[kwilczynski: commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58093",
"url": "https://www.suse.com/security/cve/CVE-2024-58093"
},
{
"category": "external",
"summary": "SUSE Bug 1241347 for CVE-2024-58093",
"url": "https://bugzilla.suse.com/1241347"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58093"
},
{
"cve": "CVE-2024-58094",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58094"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: add check read-only before truncation in jfs_truncate_nolock()\n\nAdded a check for \"read-only\" mode in the `jfs_truncate_nolock`\nfunction to avoid errors related to writing to a read-only\nfilesystem.\n\nCall stack:\n\nblock_write_begin() {\n jfs_write_failed() {\n jfs_truncate() {\n jfs_truncate_nolock() {\n txEnd() {\n ...\n log = JFS_SBI(tblk-\u003esb)-\u003elog;\n // (log == NULL)\n\nIf the `isReadOnly(ip)` condition is triggered in\n`jfs_truncate_nolock`, the function execution will stop, and no\nfurther data modification will occur. Instead, the `xtTruncate`\nfunction will be called with the \"COMMIT_WMAP\" flag, preventing\nmodifications in \"read-only\" mode.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58094",
"url": "https://www.suse.com/security/cve/CVE-2024-58094"
},
{
"category": "external",
"summary": "SUSE Bug 1241443 for CVE-2024-58094",
"url": "https://bugzilla.suse.com/1241443"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58094"
},
{
"cve": "CVE-2024-58095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: add check read-only before txBeginAnon() call\n\nAdded a read-only check before calling `txBeginAnon` in `extAlloc`\nand `extRecord`. This prevents modification attempts on a read-only\nmounted filesystem, avoiding potential errors or crashes.\n\nCall trace:\n txBeginAnon+0xac/0x154\n extAlloc+0xe8/0xdec fs/jfs/jfs_extent.c:78\n jfs_get_block+0x340/0xb98 fs/jfs/inode.c:248\n __block_write_begin_int+0x580/0x166c fs/buffer.c:2128\n __block_write_begin fs/buffer.c:2177 [inline]\n block_write_begin+0x98/0x11c fs/buffer.c:2236\n jfs_write_begin+0x44/0x88 fs/jfs/inode.c:299",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58095",
"url": "https://www.suse.com/security/cve/CVE-2024-58095"
},
{
"category": "external",
"summary": "SUSE Bug 1241442 for CVE-2024-58095",
"url": "https://bugzilla.suse.com/1241442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58095"
},
{
"cve": "CVE-2024-58096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: add srng-\u003elock for ath11k_hal_srng_* in monitor mode\n\nath11k_hal_srng_* should be used with srng-\u003elock to protect srng data.\n\nFor ath11k_dp_rx_mon_dest_process() and ath11k_dp_full_mon_process_rx(),\nthey use ath11k_hal_srng_* for many times but never call srng-\u003elock.\n\nSo when running (full) monitor mode, warning will occur:\nRIP: 0010:ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k]\nCall Trace:\n ? ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k]\n ath11k_dp_rx_process_mon_status+0xc45/0x1190 [ath11k]\n ? idr_alloc_u32+0x97/0xd0\n ath11k_dp_rx_process_mon_rings+0x32a/0x550 [ath11k]\n ath11k_dp_service_srng+0x289/0x5a0 [ath11k]\n ath11k_pcic_ext_grp_napi_poll+0x30/0xd0 [ath11k]\n __napi_poll+0x30/0x1f0\n net_rx_action+0x198/0x320\n __do_softirq+0xdd/0x319\n\nSo add srng-\u003elock for them to avoid such warnings.\n\nInorder to fetch the srng-\u003elock, should change srng\u0027s definition from\n\u0027void\u0027 to \u0027struct hal_srng\u0027. And initialize them elsewhere to prevent\none line of code from being too long. This is consistent with other ring\nprocess functions, such as ath11k_dp_process_rx().\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58096",
"url": "https://www.suse.com/security/cve/CVE-2024-58096"
},
{
"category": "external",
"summary": "SUSE Bug 1241344 for CVE-2024-58096",
"url": "https://bugzilla.suse.com/1241344"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58096"
},
{
"cve": "CVE-2024-58097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58097"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix RCU stall while reaping monitor destination ring\n\nWhile processing the monitor destination ring, MSDUs are reaped from the\nlink descriptor based on the corresponding buf_id.\n\nHowever, sometimes the driver cannot obtain a valid buffer corresponding\nto the buf_id received from the hardware. This causes an infinite loop\nin the destination processing, resulting in a kernel crash.\n\nkernel log:\nath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309\nath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed\nath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309\nath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed\n\nFix this by skipping the problematic buf_id and reaping the next entry,\nreplacing the break with the next MSDU processing.\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58097",
"url": "https://www.suse.com/security/cve/CVE-2024-58097"
},
{
"category": "external",
"summary": "SUSE Bug 1241343 for CVE-2024-58097",
"url": "https://bugzilla.suse.com/1241343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2024-58097"
},
{
"cve": "CVE-2025-21631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21631"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: fix waker_bfqq UAF after bfq_split_bfqq()\n\nOur syzkaller report a following UAF for v6.6:\n\nBUG: KASAN: slab-use-after-free in bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958\nRead of size 8 at addr ffff8881b57147d8 by task fsstress/232726\n\nCPU: 2 PID: 232726 Comm: fsstress Not tainted 6.6.0-g3629d1885222 #39\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106\n print_address_description.constprop.0+0x66/0x300 mm/kasan/report.c:364\n print_report+0x3e/0x70 mm/kasan/report.c:475\n kasan_report+0xb8/0xf0 mm/kasan/report.c:588\n hlist_add_head include/linux/list.h:1023 [inline]\n bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958\n bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271\n bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323\n blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660\n blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143\n __submit_bio+0xa0/0x6b0 block/blk-core.c:639\n __submit_bio_noacct_mq block/blk-core.c:718 [inline]\n submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747\n submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847\n __ext4_read_bh fs/ext4/super.c:205 [inline]\n ext4_read_bh+0x15e/0x2e0 fs/ext4/super.c:230\n __read_extent_tree_block+0x304/0x6f0 fs/ext4/extents.c:567\n ext4_find_extent+0x479/0xd20 fs/ext4/extents.c:947\n ext4_ext_map_blocks+0x1a3/0x2680 fs/ext4/extents.c:4182\n ext4_map_blocks+0x929/0x15a0 fs/ext4/inode.c:660\n ext4_iomap_begin_report+0x298/0x480 fs/ext4/inode.c:3569\n iomap_iter+0x3dd/0x1010 fs/iomap/iter.c:91\n iomap_fiemap+0x1f4/0x360 fs/iomap/fiemap.c:80\n ext4_fiemap+0x181/0x210 fs/ext4/extents.c:5051\n ioctl_fiemap.isra.0+0x1b4/0x290 fs/ioctl.c:220\n do_vfs_ioctl+0x31c/0x11a0 fs/ioctl.c:811\n __do_sys_ioctl fs/ioctl.c:869 [inline]\n __se_sys_ioctl+0xae/0x190 fs/ioctl.c:857\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x70/0x120 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\nAllocated by task 232719:\n kasan_save_stack+0x22/0x50 mm/kasan/common.c:45\n kasan_set_track+0x25/0x30 mm/kasan/common.c:52\n __kasan_slab_alloc+0x87/0x90 mm/kasan/common.c:328\n kasan_slab_alloc include/linux/kasan.h:188 [inline]\n slab_post_alloc_hook mm/slab.h:768 [inline]\n slab_alloc_node mm/slub.c:3492 [inline]\n kmem_cache_alloc_node+0x1b8/0x6f0 mm/slub.c:3537\n bfq_get_queue+0x215/0x1f00 block/bfq-iosched.c:5869\n bfq_get_bfqq_handle_split+0x167/0x5f0 block/bfq-iosched.c:6776\n bfq_init_rq+0x13a4/0x17a0 block/bfq-iosched.c:6938\n bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271\n bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323\n blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660\n blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143\n __submit_bio+0xa0/0x6b0 block/blk-core.c:639\n __submit_bio_noacct_mq block/blk-core.c:718 [inline]\n submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747\n submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847\n __ext4_read_bh fs/ext4/super.c:205 [inline]\n ext4_read_bh_nowait+0x15a/0x240 fs/ext4/super.c:217\n ext4_read_bh_lock+0xac/0xd0 fs/ext4/super.c:242\n ext4_bread_batch+0x268/0x500 fs/ext4/inode.c:958\n __ext4_find_entry+0x448/0x10f0 fs/ext4/namei.c:1671\n ext4_lookup_entry fs/ext4/namei.c:1774 [inline]\n ext4_lookup.part.0+0x359/0x6f0 fs/ext4/namei.c:1842\n ext4_lookup+0x72/0x90 fs/ext4/namei.c:1839\n __lookup_slow+0x257/0x480 fs/namei.c:1696\n lookup_slow fs/namei.c:1713 [inline]\n walk_component+0x454/0x5c0 fs/namei.c:2004\n link_path_walk.part.0+0x773/0xda0 fs/namei.c:2331\n link_path_walk fs/namei.c:3826 [inline]\n path_openat+0x1b9/0x520 fs/namei.c:3826\n do_filp_open+0x1b7/0x400 fs/namei.c:3857\n do_sys_openat2+0x5dc/0x6e0 fs/open.c:1428\n do_sys_open fs/open.c:1443 [inline]\n __do_sys_openat fs/open.c:1459 [inline]\n __se_sys_openat fs/open.c:1454 [inline]\n __x64_sys_openat+0x148/0x200 fs/open.c:1454\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_6\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21631",
"url": "https://www.suse.com/security/cve/CVE-2025-21631"
},
{
"category": "external",
"summary": "SUSE Bug 1236099 for CVE-2025-21631",
"url": "https://bugzilla.suse.com/1236099"
},
{
"category": "external",
"summary": "SUSE Bug 1236100 for CVE-2025-21631",
"url": "https://bugzilla.suse.com/1236100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2025-21631"
},
{
"cve": "CVE-2025-21635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21635"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe per-netns structure can be obtained from the table-\u003edata using\ncontainer_of(), then the \u0027net\u0027 one can be retrieved from the listen\nsocket (if available).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21635",
"url": "https://www.suse.com/security/cve/CVE-2025-21635"
},
{
"category": "external",
"summary": "SUSE Bug 1236111 for CVE-2025-21635",
"url": "https://bugzilla.suse.com/1236111"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21635"
},
{
"cve": "CVE-2025-21648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21648"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: clamp maximum hashtable size to INT_MAX\n\nUse INT_MAX as maximum size for the conntrack hashtable. Otherwise, it\nis possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when\nresizing hashtable because __GFP_NOWARN is unset. See:\n\n 0708a0afe291 (\"mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls\")\n\nNote: hashtable resize is only possible from init_netns.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21648",
"url": "https://www.suse.com/security/cve/CVE-2025-21648"
},
{
"category": "external",
"summary": "SUSE Bug 1236142 for CVE-2025-21648",
"url": "https://bugzilla.suse.com/1236142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21648"
},
{
"cve": "CVE-2025-21659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21659"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdev: prevent accessing NAPI instances from another namespace\n\nThe NAPI IDs were not fully exposed to user space prior to the netlink\nAPI, so they were never namespaced. The netlink API must ensure that\nat the very least NAPI instance belongs to the same netns as the owner\nof the genl sock.\n\nnapi_by_id() can become static now, but it needs to move because of\ndev_get_by_napi_id().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21659",
"url": "https://www.suse.com/security/cve/CVE-2025-21659"
},
{
"category": "external",
"summary": "SUSE Bug 1236206 for CVE-2025-21659",
"url": "https://bugzilla.suse.com/1236206"
},
{
"category": "external",
"summary": "SUSE Bug 1236207 for CVE-2025-21659",
"url": "https://bugzilla.suse.com/1236207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2025-21659"
},
{
"cve": "CVE-2025-21671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21671"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nzram: fix potential UAF of zram table\n\nIf zram_meta_alloc failed early, it frees allocated zram-\u003etable without\nsetting it NULL. Which will potentially cause zram_meta_free to access\nthe table if user reset an failed and uninitialized device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21671",
"url": "https://www.suse.com/security/cve/CVE-2025-21671"
},
{
"category": "external",
"summary": "SUSE Bug 1236692 for CVE-2025-21671",
"url": "https://bugzilla.suse.com/1236692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21671"
},
{
"cve": "CVE-2025-21683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix bpf_sk_select_reuseport() memory leak\n\nAs pointed out in the original comment, lookup in sockmap can return a TCP\nESTABLISHED socket. Such TCP socket may have had SO_ATTACH_REUSEPORT_EBPF\nset before it was ESTABLISHED. In other words, a non-NULL sk_reuseport_cb\ndoes not imply a non-refcounted socket.\n\nDrop sk\u0027s reference in both error paths.\n\nunreferenced object 0xffff888101911800 (size 2048):\n comm \"test_progs\", pid 44109, jiffies 4297131437\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 80 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 9336483b):\n __kmalloc_noprof+0x3bf/0x560\n __reuseport_alloc+0x1d/0x40\n reuseport_alloc+0xca/0x150\n reuseport_attach_prog+0x87/0x140\n sk_reuseport_attach_bpf+0xc8/0x100\n sk_setsockopt+0x1181/0x1990\n do_sock_setsockopt+0x12b/0x160\n __sys_setsockopt+0x7b/0xc0\n __x64_sys_setsockopt+0x1b/0x30\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21683",
"url": "https://www.suse.com/security/cve/CVE-2025-21683"
},
{
"category": "external",
"summary": "SUSE Bug 1236704 for CVE-2025-21683",
"url": "https://bugzilla.suse.com/1236704"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "low"
}
],
"title": "CVE-2025-21683"
},
{
"cve": "CVE-2025-21693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: zswap: properly synchronize freeing resources during CPU hotunplug\n\nIn zswap_compress() and zswap_decompress(), the per-CPU acomp_ctx of the\ncurrent CPU at the beginning of the operation is retrieved and used\nthroughout. However, since neither preemption nor migration are disabled,\nit is possible that the operation continues on a different CPU.\n\nIf the original CPU is hotunplugged while the acomp_ctx is still in use,\nwe run into a UAF bug as some of the resources attached to the acomp_ctx\nare freed during hotunplug in zswap_cpu_comp_dead() (i.e. \nacomp_ctx.buffer, acomp_ctx.req, or acomp_ctx.acomp).\n\nThe problem was introduced in commit 1ec3b5fe6eec (\"mm/zswap: move to use\ncrypto_acomp API for hardware acceleration\") when the switch to the\ncrypto_acomp API was made. Prior to that, the per-CPU crypto_comp was\nretrieved using get_cpu_ptr() which disables preemption and makes sure the\nCPU cannot go away from under us. Preemption cannot be disabled with the\ncrypto_acomp API as a sleepable context is needed.\n\nUse the acomp_ctx.mutex to synchronize CPU hotplug callbacks allocating\nand freeing resources with compression/decompression paths. Make sure\nthat acomp_ctx.req is NULL when the resources are freed. In the\ncompression/decompression paths, check if acomp_ctx.req is NULL after\nacquiring the mutex (meaning the CPU was offlined) and retry on the new\nCPU.\n\nThe initialization of acomp_ctx.mutex is moved from the CPU hotplug\ncallback to the pool initialization where it belongs (where the mutex is\nallocated). In addition to adding clarity, this makes sure that CPU\nhotplug cannot reinitialize a mutex that is already locked by\ncompression/decompression.\n\nPreviously a fix was attempted by holding cpus_read_lock() [1]. This\nwould have caused a potential deadlock as it is possible for code already\nholding the lock to fall into reclaim and enter zswap (causing a\ndeadlock). A fix was also attempted using SRCU for synchronization, but\nJohannes pointed out that synchronize_srcu() cannot be used in CPU hotplug\nnotifiers [2].\n\nAlternative fixes that were considered/attempted and could have worked:\n- Refcounting the per-CPU acomp_ctx. This involves complexity in\n handling the race between the refcount dropping to zero in\n zswap_[de]compress() and the refcount being re-initialized when the\n CPU is onlined.\n- Disabling migration before getting the per-CPU acomp_ctx [3], but\n that\u0027s discouraged and is a much bigger hammer than needed, and could\n result in subtle performance issues.\n\n[1]https://lkml.kernel.org/20241219212437.2714151-1-yosryahmed@google.com/\n[2]https://lkml.kernel.org/20250107074724.1756696-2-yosryahmed@google.com/\n[3]https://lkml.kernel.org/20250107222236.2715883-2-yosryahmed@google.com/\n\n[yosryahmed@google.com: remove comment]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21693",
"url": "https://www.suse.com/security/cve/CVE-2025-21693"
},
{
"category": "external",
"summary": "SUSE Bug 1237029 for CVE-2025-21693",
"url": "https://bugzilla.suse.com/1237029"
},
{
"category": "external",
"summary": "SUSE Bug 1237047 for CVE-2025-21693",
"url": "https://bugzilla.suse.com/1237047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2025-21693"
},
{
"cve": "CVE-2025-21696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21696"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: clear uffd-wp PTE/PMD state on mremap()\n\nWhen mremap()ing a memory region previously registered with userfaultfd as\nwrite-protected but without UFFD_FEATURE_EVENT_REMAP, an inconsistency in\nflag clearing leads to a mismatch between the vma flags (which have\nuffd-wp cleared) and the pte/pmd flags (which do not have uffd-wp\ncleared). This mismatch causes a subsequent mprotect(PROT_WRITE) to\ntrigger a warning in page_table_check_pte_flags() due to setting the pte\nto writable while uffd-wp is still set.\n\nFix this by always explicitly clearing the uffd-wp pte/pmd flags on any\nsuch mremap() so that the values are consistent with the existing clearing\nof VM_UFFD_WP. Be careful to clear the logical flag regardless of its\nphysical form; a PTE bit, a swap PTE bit, or a PTE marker. Cover PTE,\nhuge PMD and hugetlb paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21696",
"url": "https://www.suse.com/security/cve/CVE-2025-21696"
},
{
"category": "external",
"summary": "SUSE Bug 1237111 for CVE-2025-21696",
"url": "https://bugzilla.suse.com/1237111"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21696"
},
{
"cve": "CVE-2025-21701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: avoid race between device unregistration and ethnl ops\n\nThe following trace can be seen if a device is being unregistered while\nits number of channels are being modified.\n\n DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120\n CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771\n RIP: 0010:__mutex_lock+0xc8a/0x1120\n Call Trace:\n \u003cTASK\u003e\n ethtool_check_max_channel+0x1ea/0x880\n ethnl_set_channels+0x3c3/0xb10\n ethnl_default_set_doit+0x306/0x650\n genl_family_rcv_msg_doit+0x1e3/0x2c0\n genl_rcv_msg+0x432/0x6f0\n netlink_rcv_skb+0x13d/0x3b0\n genl_rcv+0x28/0x40\n netlink_unicast+0x42e/0x720\n netlink_sendmsg+0x765/0xc20\n __sys_sendto+0x3ac/0x420\n __x64_sys_sendto+0xe0/0x1c0\n do_syscall_64+0x95/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThis is because unregister_netdevice_many_notify might run before the\nrtnl lock section of ethnl operations, eg. set_channels in the above\nexample. In this example the rss lock would be destroyed by the device\nunregistration path before being used again, but in general running\nethnl operations while dismantle has started is not a good idea.\n\nFix this by denying any operation on devices being unregistered. A check\nwas already there in ethnl_ops_begin, but not wide enough.\n\nNote that the same issue cannot be seen on the ioctl version\n(__dev_ethtool) because the device reference is retrieved from within\nthe rtnl lock section there. Once dismantle started, the net device is\nunlisted and no reference will be found.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21701",
"url": "https://www.suse.com/security/cve/CVE-2025-21701"
},
{
"category": "external",
"summary": "SUSE Bug 1237164 for CVE-2025-21701",
"url": "https://bugzilla.suse.com/1237164"
},
{
"category": "external",
"summary": "SUSE Bug 1245805 for CVE-2025-21701",
"url": "https://bugzilla.suse.com/1245805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2025-21701"
},
{
"cve": "CVE-2025-21702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0\n\nExpected behaviour:\nIn case we reach scheduler\u0027s limit, pfifo_tail_enqueue() will drop a\npacket in scheduler\u0027s queue and decrease scheduler\u0027s qlen by one.\nThen, pfifo_tail_enqueue() enqueue new packet and increase\nscheduler\u0027s qlen by one. Finally, pfifo_tail_enqueue() return\n`NET_XMIT_CN` status code.\n\nWeird behaviour:\nIn case we set `sch-\u003elimit == 0` and trigger pfifo_tail_enqueue() on a\nscheduler that has no packet, the \u0027drop a packet\u0027 step will do nothing.\nThis means the scheduler\u0027s qlen still has value equal 0.\nThen, we continue to enqueue new packet and increase scheduler\u0027s qlen by\none. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by\none and return `NET_XMIT_CN` status code.\n\nThe problem is:\nLet\u0027s say we have two qdiscs: Qdisc_A and Qdisc_B.\n - Qdisc_A\u0027s type must have \u0027-\u003egraft()\u0027 function to create parent/child relationship.\n Let\u0027s say Qdisc_A\u0027s type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`.\n - Qdisc_B\u0027s type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`.\n - Qdisc_B is configured to have `sch-\u003elimit == 0`.\n - Qdisc_A is configured to route the enqueued\u0027s packet to Qdisc_B.\n\nEnqueue packet through Qdisc_A will lead to:\n - hfsc_enqueue(Qdisc_A) -\u003e pfifo_tail_enqueue(Qdisc_B)\n - Qdisc_B-\u003eq.qlen += 1\n - pfifo_tail_enqueue() return `NET_XMIT_CN`\n - hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` =\u003e hfsc_enqueue() don\u0027t increase qlen of Qdisc_A.\n\nThe whole process lead to a situation where Qdisc_A-\u003eq.qlen == 0 and Qdisc_B-\u003eq.qlen == 1.\nReplace \u0027hfsc\u0027 with other type (for example: \u0027drr\u0027) still lead to the same problem.\nThis violate the design where parent\u0027s qlen should equal to the sum of its childrens\u0027qlen.\n\nBug impact: This issue can be used for user-\u003ekernel privilege escalation when it is reachable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21702",
"url": "https://www.suse.com/security/cve/CVE-2025-21702"
},
{
"category": "external",
"summary": "SUSE Bug 1237312 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1237312"
},
{
"category": "external",
"summary": "SUSE Bug 1245797 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1245797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2025-21702"
},
{
"cve": "CVE-2025-21703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: Update sch-\u003eq.qlen before qdisc_tree_reduce_backlog()\n\nqdisc_tree_reduce_backlog() notifies parent qdisc only if child\nqdisc becomes empty, therefore we need to reduce the backlog of the\nchild qdisc before calling it. Otherwise it would miss the opportunity\nto call cops-\u003eqlen_notify(), in the case of DRR, it resulted in UAF\nsince DRR uses -\u003eqlen_notify() to maintain its active list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21703",
"url": "https://www.suse.com/security/cve/CVE-2025-21703"
},
{
"category": "external",
"summary": "SUSE Bug 1237313 for CVE-2025-21703",
"url": "https://bugzilla.suse.com/1237313"
},
{
"category": "external",
"summary": "SUSE Bug 1245796 for CVE-2025-21703",
"url": "https://bugzilla.suse.com/1245796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2025-21703"
},
{
"cve": "CVE-2025-21704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21704"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdc-acm: Check control transfer buffer size before access\n\nIf the first fragment is shorter than struct usb_cdc_notification, we can\u0027t\ncalculate an expected_size. Log an error and discard the notification\ninstead of reading lengths from memory outside the received data, which can\nlead to memory corruption when the expected_size decreases between\nfragments, causing `expected_size - acm-\u003enb_index` to wrap.\n\nThis issue has been present since the beginning of git history; however,\nit only leads to memory corruption since commit ea2583529cd1\n(\"cdc-acm: reassemble fragmented notifications\").\n\nA mitigating factor is that acm_ctrl_irq() can only execute after userspace\nhas opened /dev/ttyACM*; but if ModemManager is running, ModemManager will\ndo that automatically depending on the USB device\u0027s vendor/product IDs and\nits other interfaces.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21704",
"url": "https://www.suse.com/security/cve/CVE-2025-21704"
},
{
"category": "external",
"summary": "SUSE Bug 1237571 for CVE-2025-21704",
"url": "https://bugzilla.suse.com/1237571"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21704"
},
{
"cve": "CVE-2025-21705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21705"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle fastopen disconnect correctly\n\nSyzbot was able to trigger a data stream corruption:\n\n WARNING: CPU: 0 PID: 9846 at net/mptcp/protocol.c:1024 __mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Modules linked in:\n CPU: 0 UID: 0 PID: 9846 Comm: syz-executor351 Not tainted 6.13.0-rc2-syzkaller-00059-g00a5acdbf398 #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\n RIP: 0010:__mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Code: fa ff ff 48 8b 4c 24 18 80 e1 07 fe c1 38 c1 0f 8c 8e fa ff ff 48 8b 7c 24 18 e8 e0 db 54 f6 e9 7f fa ff ff e8 e6 80 ee f5 90 \u003c0f\u003e 0b 90 4c 8b 6c 24 40 4d 89 f4 e9 04 f5 ff ff 44 89 f1 80 e1 07\n RSP: 0018:ffffc9000c0cf400 EFLAGS: 00010293\n RAX: ffffffff8bb0dd5a RBX: ffff888033f5d230 RCX: ffff888059ce8000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000c0cf518 R08: ffffffff8bb0d1dd R09: 1ffff110170c8928\n R10: dffffc0000000000 R11: ffffed10170c8929 R12: 0000000000000000\n R13: ffff888033f5d220 R14: dffffc0000000000 R15: ffff8880592b8000\n FS: 00007f6e866496c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f6e86f491a0 CR3: 00000000310e6000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n __mptcp_clean_una_wakeup+0x7f/0x2d0 net/mptcp/protocol.c:1074\n mptcp_release_cb+0x7cb/0xb30 net/mptcp/protocol.c:3493\n release_sock+0x1aa/0x1f0 net/core/sock.c:3640\n inet_wait_for_connect net/ipv4/af_inet.c:609 [inline]\n __inet_stream_connect+0x8bd/0xf30 net/ipv4/af_inet.c:703\n mptcp_sendmsg_fastopen+0x2a2/0x530 net/mptcp/protocol.c:1755\n mptcp_sendmsg+0x1884/0x1b10 net/mptcp/protocol.c:1830\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f6e86ebfe69\n Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007f6e86649168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f6e86f491b8 RCX: 00007f6e86ebfe69\n RDX: 0000000030004001 RSI: 0000000020000080 RDI: 0000000000000003\n RBP: 00007f6e86f491b0 R08: 00007f6e866496c0 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6e86f491bc\n R13: 000000000000006e R14: 00007ffe445d9420 R15: 00007ffe445d9508\n \u003c/TASK\u003e\n\nThe root cause is the bad handling of disconnect() generated internally\nby the MPTCP protocol in case of connect FASTOPEN errors.\n\nAddress the issue increasing the socket disconnect counter even on such\na case, to allow other threads waiting on the same socket lock to\nproperly error out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21705",
"url": "https://www.suse.com/security/cve/CVE-2025-21705"
},
{
"category": "external",
"summary": "SUSE Bug 1238525 for CVE-2025-21705",
"url": "https://bugzilla.suse.com/1238525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21705"
},
{
"cve": "CVE-2025-21706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21706"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only set fullmesh for subflow endp\n\nWith the in-kernel path-manager, it is possible to change the \u0027fullmesh\u0027\nflag. The code in mptcp_pm_nl_fullmesh() expects to change it only on\n\u0027subflow\u0027 endpoints, to recreate more or less subflows using the linked\naddress.\n\nUnfortunately, the set_flags() hook was a bit more permissive, and\nallowed \u0027implicit\u0027 endpoints to get the \u0027fullmesh\u0027 flag while it is not\nallowed before.\n\nThat\u0027s what syzbot found, triggering the following warning:\n\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 __mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064\n Modules linked in:\n CPU: 0 UID: 0 PID: 6499 Comm: syz.1.413 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n RIP: 0010:__mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]\n RIP: 0010:mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]\n RIP: 0010:mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]\n RIP: 0010:mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064\n Code: 01 00 00 49 89 c5 e8 fb 45 e8 f5 e9 b8 fc ff ff e8 f1 45 e8 f5 4c 89 f7 be 03 00 00 00 e8 44 1d 0b f9 eb a0 e8 dd 45 e8 f5 90 \u003c0f\u003e 0b 90 e9 17 ff ff ff 89 d9 80 e1 07 38 c1 0f 8c c9 fc ff ff 48\n RSP: 0018:ffffc9000d307240 EFLAGS: 00010293\n RAX: ffffffff8bb72e03 RBX: 0000000000000000 RCX: ffff88807da88000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000d307430 R08: ffffffff8bb72cf0 R09: 1ffff1100b842a5e\n R10: dffffc0000000000 R11: ffffed100b842a5f R12: ffff88801e2e5ac0\n R13: ffff88805c214800 R14: ffff88805c2152e8 R15: 1ffff1100b842a5d\n FS: 00005555619f6500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000020002840 CR3: 00000000247e6000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2542\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f5fe8785d29\n Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007fff571f5558 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f5fe8975fa0 RCX: 00007f5fe8785d29\n RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000007\n RBP: 00007f5fe8801b08 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 00007f5fe8975fa0 R14: 00007f5fe8975fa0 R15: 000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21706",
"url": "https://www.suse.com/security/cve/CVE-2025-21706"
},
{
"category": "external",
"summary": "SUSE Bug 1238528 for CVE-2025-21706",
"url": "https://bugzilla.suse.com/1238528"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21706"
},
{
"cve": "CVE-2025-21707",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21707"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: consolidate suboption status\n\nMPTCP maintains the received sub-options status is the bitmask carrying\nthe received suboptions and in several bitfields carrying per suboption\nadditional info.\n\nZeroing the bitmask before parsing is not enough to ensure a consistent\nstatus, and the MPTCP code has to additionally clear some bitfiled\ndepending on the actually parsed suboption.\n\nThe above schema is fragile, and syzbot managed to trigger a path where\na relevant bitfield is not cleared/initialized:\n\n BUG: KMSAN: uninit-value in __mptcp_expand_seq net/mptcp/options.c:1030 [inline]\n BUG: KMSAN: uninit-value in mptcp_expand_seq net/mptcp/protocol.h:864 [inline]\n BUG: KMSAN: uninit-value in ack_update_msk net/mptcp/options.c:1060 [inline]\n BUG: KMSAN: uninit-value in mptcp_incoming_options+0x2036/0x3d30 net/mptcp/options.c:1209\n __mptcp_expand_seq net/mptcp/options.c:1030 [inline]\n mptcp_expand_seq net/mptcp/protocol.h:864 [inline]\n ack_update_msk net/mptcp/options.c:1060 [inline]\n mptcp_incoming_options+0x2036/0x3d30 net/mptcp/options.c:1209\n tcp_data_queue+0xb4/0x7be0 net/ipv4/tcp_input.c:5233\n tcp_rcv_established+0x1061/0x2510 net/ipv4/tcp_input.c:6264\n tcp_v4_do_rcv+0x7f3/0x11a0 net/ipv4/tcp_ipv4.c:1916\n tcp_v4_rcv+0x51df/0x5750 net/ipv4/tcp_ipv4.c:2351\n ip_protocol_deliver_rcu+0x2a3/0x13d0 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x336/0x500 net/ipv4/ip_input.c:233\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254\n dst_input include/net/dst.h:460 [inline]\n ip_rcv_finish+0x4a2/0x520 net/ipv4/ip_input.c:447\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip_rcv+0xcd/0x380 net/ipv4/ip_input.c:567\n __netif_receive_skb_one_core net/core/dev.c:5704 [inline]\n __netif_receive_skb+0x319/0xa00 net/core/dev.c:5817\n process_backlog+0x4ad/0xa50 net/core/dev.c:6149\n __napi_poll+0xe7/0x980 net/core/dev.c:6902\n napi_poll net/core/dev.c:6971 [inline]\n net_rx_action+0xa5a/0x19b0 net/core/dev.c:7093\n handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561\n __do_softirq+0x14/0x1a kernel/softirq.c:595\n do_softirq+0x9a/0x100 kernel/softirq.c:462\n __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:389\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]\n __dev_queue_xmit+0x2758/0x57d0 net/core/dev.c:4493\n dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n neigh_hh_output include/net/neighbour.h:523 [inline]\n neigh_output include/net/neighbour.h:537 [inline]\n ip_finish_output2+0x187c/0x1b70 net/ipv4/ip_output.c:236\n __ip_finish_output+0x287/0x810\n ip_finish_output+0x4b/0x600 net/ipv4/ip_output.c:324\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip_output+0x15f/0x3f0 net/ipv4/ip_output.c:434\n dst_output include/net/dst.h:450 [inline]\n ip_local_out net/ipv4/ip_output.c:130 [inline]\n __ip_queue_xmit+0x1f2a/0x20d0 net/ipv4/ip_output.c:536\n ip_queue_xmit+0x60/0x80 net/ipv4/ip_output.c:550\n __tcp_transmit_skb+0x3cea/0x4900 net/ipv4/tcp_output.c:1468\n tcp_transmit_skb net/ipv4/tcp_output.c:1486 [inline]\n tcp_write_xmit+0x3b90/0x9070 net/ipv4/tcp_output.c:2829\n __tcp_push_pending_frames+0xc4/0x380 net/ipv4/tcp_output.c:3012\n tcp_send_fin+0x9f6/0xf50 net/ipv4/tcp_output.c:3618\n __tcp_close+0x140c/0x1550 net/ipv4/tcp.c:3130\n __mptcp_close_ssk+0x74e/0x16f0 net/mptcp/protocol.c:2496\n mptcp_close_ssk+0x26b/0x2c0 net/mptcp/protocol.c:2550\n mptcp_pm_nl_rm_addr_or_subflow+0x635/0xd10 net/mptcp/pm_netlink.c:889\n mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:924 [inline]\n mptcp_pm_flush_addrs_and_subflows net/mptcp/pm_netlink.c:1688 [inline]\n mptcp_nl_flush_addrs_list net/mptcp/pm_netlink.c:1709 [inline]\n mptcp_pm_nl_flush_addrs_doit+0xe10/0x1630 net/mptcp/pm_netlink.c:1750\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21707",
"url": "https://www.suse.com/security/cve/CVE-2025-21707"
},
{
"category": "external",
"summary": "SUSE Bug 1238862 for CVE-2025-21707",
"url": "https://bugzilla.suse.com/1238862"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21707"
},
{
"cve": "CVE-2025-21708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: rtl8150: enable basic endpoint checking\n\nSyzkaller reports [1] encountering a common issue of utilizing a wrong\nusb endpoint type during URB submitting stage. This, in turn, triggers\na warning shown below.\n\nFor now, enable simple endpoint checking (specifically, bulk and\ninterrupt eps, testing control one is not essential) to mitigate\nthe issue with a view to do other related cosmetic changes later,\nif they are necessary.\n\n[1] Syzkaller report:\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 1 PID: 2586 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 driv\u003e\nModules linked in:\nCPU: 1 UID: 0 PID: 2586 Comm: dhcpcd Not tainted 6.11.0-rc4-syzkaller-00069-gfc88bb11617\u003e\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\nCode: 84 3c 02 00 00 e8 05 e4 fc fc 4c 89 ef e8 fd 25 d7 fe 45 89 e0 89 e9 4c 89 f2 48 8\u003e\nRSP: 0018:ffffc9000441f740 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff888112487a00 RCX: ffffffff811a99a9\nRDX: ffff88810df6ba80 RSI: ffffffff811a99b6 RDI: 0000000000000001\nRBP: 0000000000000003 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001\nR13: ffff8881023bf0a8 R14: ffff888112452a20 R15: ffff888112487a7c\nFS: 00007fc04eea5740(0000) GS:ffff8881f6300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f0a1de9f870 CR3: 000000010dbd0000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n rtl8150_open+0x300/0xe30 drivers/net/usb/rtl8150.c:733\n __dev_open+0x2d4/0x4e0 net/core/dev.c:1474\n __dev_change_flags+0x561/0x720 net/core/dev.c:8838\n dev_change_flags+0x8f/0x160 net/core/dev.c:8910\n devinet_ioctl+0x127a/0x1f10 net/ipv4/devinet.c:1177\n inet_ioctl+0x3aa/0x3f0 net/ipv4/af_inet.c:1003\n sock_do_ioctl+0x116/0x280 net/socket.c:1222\n sock_ioctl+0x22e/0x6c0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x193/0x220 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fc04ef73d49\n...\n\nThis change has not been tested on real hardware.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21708",
"url": "https://www.suse.com/security/cve/CVE-2025-21708"
},
{
"category": "external",
"summary": "SUSE Bug 1239087 for CVE-2025-21708",
"url": "https://bugzilla.suse.com/1239087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21708"
},
{
"cve": "CVE-2025-21711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21711"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rose: prevent integer overflows in rose_setsockopt()\n\nIn case of possible unpredictably large arguments passed to\nrose_setsockopt() and multiplied by extra values on top of that,\ninteger overflows may occur.\n\nDo the safest minimum and fix these issues by checking the\ncontents of \u0027opt\u0027 and returning -EINVAL if they are too large. Also,\nswitch to unsigned int and remove useless check for negative \u0027opt\u0027\nin ROSE_IDLE case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21711",
"url": "https://www.suse.com/security/cve/CVE-2025-21711"
},
{
"category": "external",
"summary": "SUSE Bug 1239114 for CVE-2025-21711",
"url": "https://bugzilla.suse.com/1239114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21711"
},
{
"cve": "CVE-2025-21714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21714"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix implicit ODP use after free\n\nPrevent double queueing of implicit ODP mr destroy work by using\n__xa_cmpxchg() to make sure this is the only time we are destroying this\nspecific mr.\n\nWithout this change, we could try to invalidate this mr twice, which in\nturn could result in queuing a MR work destroy twice, and eventually the\nsecond work could execute after the MR was freed due to the first work,\ncausing a user after free and trace below.\n\n refcount_t: underflow; use-after-free.\n WARNING: CPU: 2 PID: 12178 at lib/refcount.c:28 refcount_warn_saturate+0x12b/0x130\n Modules linked in: bonding ib_ipoib vfio_pci ip_gre geneve nf_tables ip6_gre gre ip6_tunnel tunnel6 ipip tunnel4 ib_umad rdma_ucm mlx5_vfio_pci vfio_pci_core vfio_iommu_type1 mlx5_ib vfio ib_uverbs mlx5_core iptable_raw openvswitch nsh rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm ib_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay zram zsmalloc fuse [last unloaded: ib_uverbs]\n CPU: 2 PID: 12178 Comm: kworker/u20:5 Not tainted 6.5.0-rc1_net_next_mlx5_58c644e #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: events_unbound free_implicit_child_mr_work [mlx5_ib]\n RIP: 0010:refcount_warn_saturate+0x12b/0x130\n Code: 48 c7 c7 38 95 2a 82 c6 05 bc c6 fe 00 01 e8 0c 66 aa ff 0f 0b 5b c3 48 c7 c7 e0 94 2a 82 c6 05 a7 c6 fe 00 01 e8 f5 65 aa ff \u003c0f\u003e 0b 5b c3 90 8b 07 3d 00 00 00 c0 74 12 83 f8 01 74 13 8d 50 ff\n RSP: 0018:ffff8881008e3e40 EFLAGS: 00010286\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000027\n RDX: ffff88852c91b5c8 RSI: 0000000000000001 RDI: ffff88852c91b5c0\n RBP: ffff8881dacd4e00 R08: 00000000ffffffff R09: 0000000000000019\n R10: 000000000000072e R11: 0000000063666572 R12: ffff88812bfd9e00\n R13: ffff8881c792d200 R14: ffff88810011c005 R15: ffff8881002099c0\n FS: 0000000000000000(0000) GS:ffff88852c900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f5694b5e000 CR3: 00000001153f6003 CR4: 0000000000370ea0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0x12b/0x130\n free_implicit_child_mr_work+0x180/0x1b0 [mlx5_ib]\n process_one_work+0x1cc/0x3c0\n worker_thread+0x218/0x3c0\n kthread+0xc6/0xf0\n ret_from_fork+0x1f/0x30\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21714",
"url": "https://www.suse.com/security/cve/CVE-2025-21714"
},
{
"category": "external",
"summary": "SUSE Bug 1237890 for CVE-2025-21714",
"url": "https://bugzilla.suse.com/1237890"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21714"
},
{
"cve": "CVE-2025-21715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21715"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: davicom: fix UAF in dm9000_drv_remove\n\ndm is netdev private data and it cannot be\nused after free_netdev() call. Using dm after free_netdev()\ncan cause UAF bug. Fix it by moving free_netdev() at the end of the\nfunction.\n\nThis is similar to the issue fixed in commit\nad297cd2db89 (\"net: qcom/emac: fix UAF in emac_remove\").\n\nThis bug is detected by our static analysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21715",
"url": "https://www.suse.com/security/cve/CVE-2025-21715"
},
{
"category": "external",
"summary": "SUSE Bug 1237889 for CVE-2025-21715",
"url": "https://bugzilla.suse.com/1237889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21715"
},
{
"cve": "CVE-2025-21716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21716"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix uninit-value in vxlan_vnifilter_dump()\n\nKMSAN reported an uninit-value access in vxlan_vnifilter_dump() [1].\n\nIf the length of the netlink message payload is less than\nsizeof(struct tunnel_msg), vxlan_vnifilter_dump() accesses bytes\nbeyond the message. This can lead to uninit-value access. Fix this by\nreturning an error in such situations.\n\n[1]\nBUG: KMSAN: uninit-value in vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6786\n netlink_dump+0x93e/0x15f0 net/netlink/af_netlink.c:2317\n __netlink_dump_start+0x716/0xd60 net/netlink/af_netlink.c:2432\n netlink_dump_start include/linux/netlink.h:340 [inline]\n rtnetlink_dump_start net/core/rtnetlink.c:6815 [inline]\n rtnetlink_rcv_msg+0x1256/0x14a0 net/core/rtnetlink.c:6882\n netlink_rcv_skb+0x467/0x660 net/netlink/af_netlink.c:2542\n rtnetlink_rcv+0x35/0x40 net/core/rtnetlink.c:6944\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0xed6/0x1290 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x1092/0x1230 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4110 [inline]\n slab_alloc_node mm/slub.c:4153 [inline]\n kmem_cache_alloc_node_noprof+0x800/0xe80 mm/slub.c:4205\n kmalloc_reserve+0x13b/0x4b0 net/core/skbuff.c:587\n __alloc_skb+0x347/0x7d0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1323 [inline]\n netlink_alloc_large_skb+0xa5/0x280 net/netlink/af_netlink.c:1196\n netlink_sendmsg+0xac9/0x1230 net/netlink/af_netlink.c:1866\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 30991 Comm: syz.4.10630 Not tainted 6.12.0-10694-gc44daa7e3c73 #29\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21716",
"url": "https://www.suse.com/security/cve/CVE-2025-21716"
},
{
"category": "external",
"summary": "SUSE Bug 1237891 for CVE-2025-21716",
"url": "https://bugzilla.suse.com/1237891"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21716"
},
{
"cve": "CVE-2025-21718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: fix timer races against user threads\n\nRose timers only acquire the socket spinlock, without\nchecking if the socket is owned by one user thread.\n\nAdd a check and rearm the timers if needed.\n\nBUG: KASAN: slab-use-after-free in rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174\nRead of size 2 at addr ffff88802f09b82a by task swapper/0/0\n\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174\n call_timer_fn+0x187/0x650 kernel/time/timer.c:1793\n expire_timers kernel/time/timer.c:1844 [inline]\n __run_timers kernel/time/timer.c:2418 [inline]\n __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2430\n run_timer_base kernel/time/timer.c:2439 [inline]\n run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2449\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21718",
"url": "https://www.suse.com/security/cve/CVE-2025-21718"
},
{
"category": "external",
"summary": "SUSE Bug 1239073 for CVE-2025-21718",
"url": "https://bugzilla.suse.com/1239073"
},
{
"category": "external",
"summary": "SUSE Bug 1239074 for CVE-2025-21718",
"url": "https://bugzilla.suse.com/1239074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2025-21718"
},
{
"cve": "CVE-2025-21719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmr: do not call mr_mfc_uses_dev() for unres entries\n\nsyzbot found that calling mr_mfc_uses_dev() for unres entries\nwould crash [1], because c-\u003emfc_un.res.minvif / c-\u003emfc_un.res.maxvif\nalias to \"struct sk_buff_head unresolved\", which contain two pointers.\n\nThis code never worked, lets remove it.\n\n[1]\nUnable to handle kernel paging request at virtual address ffff5fff2d536613\nKASAN: maybe wild-memory-access in range [0xfffefff96a9b3098-0xfffefff96a9b309f]\nModules linked in:\nCPU: 1 UID: 0 PID: 7321 Comm: syz.0.16 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline]\n pc : mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334\n lr : mr_mfc_uses_dev net/ipv4/ipmr_base.c:289 [inline]\n lr : mr_table_dump+0x694/0x8b0 net/ipv4/ipmr_base.c:334\nCall trace:\n mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline] (P)\n mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334 (P)\n mr_rtm_dumproute+0x254/0x454 net/ipv4/ipmr_base.c:382\n ipmr_rtm_dumproute+0x248/0x4b4 net/ipv4/ipmr.c:2648\n rtnl_dump_all+0x2e4/0x4e8 net/core/rtnetlink.c:4327\n rtnl_dumpit+0x98/0x1d0 net/core/rtnetlink.c:6791\n netlink_dump+0x4f0/0xbc0 net/netlink/af_netlink.c:2317\n netlink_recvmsg+0x56c/0xe64 net/netlink/af_netlink.c:1973\n sock_recvmsg_nosec net/socket.c:1033 [inline]\n sock_recvmsg net/socket.c:1055 [inline]\n sock_read_iter+0x2d8/0x40c net/socket.c:1125\n new_sync_read fs/read_write.c:484 [inline]\n vfs_read+0x740/0x970 fs/read_write.c:565\n ksys_read+0x15c/0x26c fs/read_write.c:708",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21719",
"url": "https://www.suse.com/security/cve/CVE-2025-21719"
},
{
"category": "external",
"summary": "SUSE Bug 1238860 for CVE-2025-21719",
"url": "https://bugzilla.suse.com/1238860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21719"
},
{
"cve": "CVE-2025-21723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21723"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix possible crash when setting up bsg fails\n\nIf bsg_setup_queue() fails, the bsg_queue is assigned a non-NULL value.\nConsequently, in mpi3mr_bsg_exit(), the condition \"if(!mrioc-\u003ebsg_queue)\"\nwill not be satisfied, preventing execution from entering\nbsg_remove_queue(), which could lead to the following crash:\n\nBUG: kernel NULL pointer dereference, address: 000000000000041c\nCall Trace:\n \u003cTASK\u003e\n mpi3mr_bsg_exit+0x1f/0x50 [mpi3mr]\n mpi3mr_remove+0x6f/0x340 [mpi3mr]\n pci_device_remove+0x3f/0xb0\n device_release_driver_internal+0x19d/0x220\n unbind_store+0xa4/0xb0\n kernfs_fop_write_iter+0x11f/0x200\n vfs_write+0x1fc/0x3e0\n ksys_write+0x67/0xe0\n do_syscall_64+0x38/0x80\n entry_SYSCALL_64_after_hwframe+0x78/0xe2",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21723",
"url": "https://www.suse.com/security/cve/CVE-2025-21723"
},
{
"category": "external",
"summary": "SUSE Bug 1238864 for CVE-2025-21723",
"url": "https://bugzilla.suse.com/1238864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21723"
},
{
"cve": "CVE-2025-21724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()\n\nResolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index()\nwhere shifting the constant \"1\" (of type int) by bitmap-\u003emapped.pgshift\n(an unsigned long value) could result in undefined behavior.\n\nThe constant \"1\" defaults to a 32-bit \"int\", and when \"pgshift\" exceeds\n31 (e.g., pgshift = 63) the shift operation overflows, as the result\ncannot be represented in a 32-bit type.\n\nTo resolve this, the constant is updated to \"1UL\", promoting it to an\nunsigned long type to match the operand\u0027s type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21724",
"url": "https://www.suse.com/security/cve/CVE-2025-21724"
},
{
"category": "external",
"summary": "SUSE Bug 1238863 for CVE-2025-21724",
"url": "https://bugzilla.suse.com/1238863"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21724"
},
{
"cve": "CVE-2025-21725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix oops due to unset link speed\n\nIt isn\u0027t guaranteed that NETWORK_INTERFACE_INFO::LinkSpeed will always\nbe set by the server, so the client must handle any values and then\nprevent oopses like below from happening:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 1323 Comm: cat Not tainted 6.13.0-rc7 #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41\n04/01/2014\nRIP: 0010:cifs_debug_data_proc_show+0xa45/0x1460 [cifs] Code: 00 00 48\n89 df e8 3b cd 1b c1 41 f6 44 24 2c 04 0f 84 50 01 00 00 48 89 ef e8\ne7 d0 1b c1 49 8b 44 24 18 31 d2 49 8d 7c 24 28 \u003c48\u003e f7 74 24 18 48 89\nc3 e8 6e cf 1b c1 41 8b 6c 24 28 49 8d 7c 24\nRSP: 0018:ffffc90001817be0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88811230022c RCX: ffffffffc041bd99\nRDX: 0000000000000000 RSI: 0000000000000567 RDI: ffff888112300228\nRBP: ffff888112300218 R08: fffff52000302f5f R09: ffffed1022fa58ac\nR10: ffff888117d2c566 R11: 00000000fffffffe R12: ffff888112300200\nR13: 000000012a15343f R14: 0000000000000001 R15: ffff888113f2db58\nFS: 00007fe27119e740(0000) GS:ffff888148600000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fe2633c5000 CR3: 0000000124da0000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? die+0x2e/0x50\n ? do_trap+0x159/0x1b0\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? do_error_trap+0x90/0x130\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? exc_divide_error+0x39/0x50\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? asm_exc_divide_error+0x1a/0x20\n ? cifs_debug_data_proc_show+0xa39/0x1460 [cifs]\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? seq_read_iter+0x42e/0x790\n seq_read_iter+0x19a/0x790\n proc_reg_read_iter+0xbe/0x110\n ? __pfx_proc_reg_read_iter+0x10/0x10\n vfs_read+0x469/0x570\n ? do_user_addr_fault+0x398/0x760\n ? __pfx_vfs_read+0x10/0x10\n ? find_held_lock+0x8a/0xa0\n ? __pfx_lock_release+0x10/0x10\n ksys_read+0xd3/0x170\n ? __pfx_ksys_read+0x10/0x10\n ? __rcu_read_unlock+0x50/0x270\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe271288911\nCode: 00 48 8b 15 01 25 10 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8\n20 ad 01 00 f3 0f 1e fa 80 3d b5 a7 10 00 00 74 13 31 c0 0f 05 \u003c48\u003e 3d\n00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec\nRSP: 002b:00007ffe87c079d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\nRAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007fe271288911\nRDX: 0000000000040000 RSI: 00007fe2633c6000 RDI: 0000000000000003\nRBP: 00007ffe87c07a00 R08: 0000000000000000 R09: 00007fe2713e6380\nR10: 0000000000000022 R11: 0000000000000246 R12: 0000000000040000\nR13: 00007fe2633c6000 R14: 0000000000000003 R15: 0000000000000000\n \u003c/TASK\u003e\n\nFix this by setting cifs_server_iface::speed to a sane value (1Gbps)\nby default when link speed is unset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21725",
"url": "https://www.suse.com/security/cve/CVE-2025-21725"
},
{
"category": "external",
"summary": "SUSE Bug 1238877 for CVE-2025-21725",
"url": "https://bugzilla.suse.com/1238877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21725"
},
{
"cve": "CVE-2025-21726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21726"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: avoid UAF for reorder_work\n\nAlthough the previous patch can avoid ps and ps UAF for _do_serial, it\ncan not avoid potential UAF issue for reorder_work. This issue can\nhappen just as below:\n\ncrypto_request\t\t\tcrypto_request\t\tcrypto_del_alg\npadata_do_serial\n ...\n padata_reorder\n // processes all remaining\n // requests then breaks\n while (1) {\n if (!padata)\n break;\n ...\n }\n\n\t\t\t\tpadata_do_serial\n\t\t\t\t // new request added\n\t\t\t\t list_add\n // sees the new request\n queue_work(reorder_work)\n\t\t\t\t padata_reorder\n\t\t\t\t queue_work_on(squeue-\u003ework)\n...\n\n\t\t\t\t\u003ckworker context\u003e\n\t\t\t\tpadata_serial_worker\n\t\t\t\t// completes new request,\n\t\t\t\t// no more outstanding\n\t\t\t\t// requests\n\n\t\t\t\t\t\t\tcrypto_del_alg\n\t\t\t\t\t\t\t // free pd\n\n\u003ckworker context\u003e\ninvoke_padata_reorder\n // UAF of pd\n\nTo avoid UAF for \u0027reorder_work\u0027, get \u0027pd\u0027 ref before put \u0027reorder_work\u0027\ninto the \u0027serial_wq\u0027 and put \u0027pd\u0027 ref until the \u0027serial_wq\u0027 finish.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21726",
"url": "https://www.suse.com/security/cve/CVE-2025-21726"
},
{
"category": "external",
"summary": "SUSE Bug 1238865 for CVE-2025-21726",
"url": "https://bugzilla.suse.com/1238865"
},
{
"category": "external",
"summary": "SUSE Bug 1240837 for CVE-2025-21726",
"url": "https://bugzilla.suse.com/1240837"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2025-21726"
},
{
"cve": "CVE-2025-21727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: fix UAF in padata_reorder\n\nA bug was found when run ltp test:\n\nBUG: KASAN: slab-use-after-free in padata_find_next+0x29/0x1a0\nRead of size 4 at addr ffff88bbfe003524 by task kworker/u113:2/3039206\n\nCPU: 0 PID: 3039206 Comm: kworker/u113:2 Kdump: loaded Not tainted 6.6.0+\nWorkqueue: pdecrypt_parallel padata_parallel_worker\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl+0x32/0x50\nprint_address_description.constprop.0+0x6b/0x3d0\nprint_report+0xdd/0x2c0\nkasan_report+0xa5/0xd0\npadata_find_next+0x29/0x1a0\npadata_reorder+0x131/0x220\npadata_parallel_worker+0x3d/0xc0\nprocess_one_work+0x2ec/0x5a0\n\nIf \u0027mdelay(10)\u0027 is added before calling \u0027padata_find_next\u0027 in the\n\u0027padata_reorder\u0027 function, this issue could be reproduced easily with\nltp test (pcrypt_aead01).\n\nThis can be explained as bellow:\n\npcrypt_aead_encrypt\n...\npadata_do_parallel\nrefcount_inc(\u0026pd-\u003erefcnt); // add refcnt\n...\npadata_do_serial\npadata_reorder // pd\nwhile (1) {\npadata_find_next(pd, true); // using pd\nqueue_work_on\n...\npadata_serial_worker\t\t\t\tcrypto_del_alg\npadata_put_pd_cnt // sub refcnt\n\t\t\t\t\t\tpadata_free_shell\n\t\t\t\t\t\tpadata_put_pd(ps-\u003epd);\n\t\t\t\t\t\t// pd is freed\n// loop again, but pd is freed\n// call padata_find_next, UAF\n}\n\nIn the padata_reorder function, when it loops in \u0027while\u0027, if the alg is\ndeleted, the refcnt may be decreased to 0 before entering\n\u0027padata_find_next\u0027, which leads to UAF.\n\nAs mentioned in [1], do_serial is supposed to be called with BHs disabled\nand always happen under RCU protection, to address this issue, add\nsynchronize_rcu() in \u0027padata_free_shell\u0027 wait for all _do_serial calls\nto finish.\n\n[1] https://lore.kernel.org/all/20221028160401.cccypv4euxikusiq@parnassus.localdomain/\n[2] https://lore.kernel.org/linux-kernel/jfjz5d7zwbytztackem7ibzalm5lnxldi2eofeiczqmqs2m7o6@fq426cwnjtkm/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21727",
"url": "https://www.suse.com/security/cve/CVE-2025-21727"
},
{
"category": "external",
"summary": "SUSE Bug 1237876 for CVE-2025-21727",
"url": "https://bugzilla.suse.com/1237876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21727"
},
{
"cve": "CVE-2025-21728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Send signals asynchronously if !preemptible\n\nBPF programs can execute in all kinds of contexts and when a program\nrunning in a non-preemptible context uses the bpf_send_signal() kfunc,\nit will cause issues because this kfunc can sleep.\nChange `irqs_disabled()` to `!preemptible()`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21728",
"url": "https://www.suse.com/security/cve/CVE-2025-21728"
},
{
"category": "external",
"summary": "SUSE Bug 1237879 for CVE-2025-21728",
"url": "https://bugzilla.suse.com/1237879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21728"
},
{
"cve": "CVE-2025-21729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21729"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix race between cancel_hw_scan and hw_scan completion\n\nThe rtwdev-\u003escanning flag isn\u0027t protected by mutex originally, so\ncancel_hw_scan can pass the condition, but suddenly hw_scan completion\nunset the flag and calls ieee80211_scan_completed() that will free\nlocal-\u003ehw_scan_req. Then, cancel_hw_scan raises null-ptr-deref and\nuse-after-free. Fix it by moving the check condition to where\nprotected by mutex.\n\n KASAN: null-ptr-deref in range [0x0000000000000088-0x000000000000008f]\n CPU: 2 PID: 6922 Comm: kworker/2:2 Tainted: G OE\n Hardware name: LENOVO 2356AD1/2356AD1, BIOS G7ETB6WW (2.76 ) 09/10/2019\n Workqueue: events cfg80211_conn_work [cfg80211]\n RIP: 0010:rtw89_fw_h2c_scan_offload_be+0xc33/0x13c3 [rtw89_core]\n Code: 00 45 89 6c 24 1c 0f 85 23 01 00 00 48 8b 85 20 ff ff ff 48 8d\n RSP: 0018:ffff88811fd9f068 EFLAGS: 00010206\n RAX: dffffc0000000000 RBX: ffff88811fd9f258 RCX: 0000000000000001\n RDX: 0000000000000011 RSI: 0000000000000001 RDI: 0000000000000089\n RBP: ffff88811fd9f170 R08: 0000000000000000 R09: 0000000000000000\n R10: ffff88811fd9f108 R11: 0000000000000000 R12: ffff88810e47f960\n R13: 0000000000000000 R14: 000000000000ffff R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff8881d6f00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007531dfca55b0 CR3: 00000001be296004 CR4: 00000000001706e0\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x61/0x73\n ? __die_body+0x20/0x73\n ? die_addr+0x4f/0x7b\n ? exc_general_protection+0x191/0x1db\n ? asm_exc_general_protection+0x27/0x30\n ? rtw89_fw_h2c_scan_offload_be+0xc33/0x13c3 [rtw89_core]\n ? rtw89_fw_h2c_scan_offload_be+0x458/0x13c3 [rtw89_core]\n ? __pfx_rtw89_fw_h2c_scan_offload_be+0x10/0x10 [rtw89_core]\n ? do_raw_spin_lock+0x75/0xdb\n ? __pfx_do_raw_spin_lock+0x10/0x10\n rtw89_hw_scan_offload+0xb5e/0xbf7 [rtw89_core]\n ? _raw_spin_unlock+0xe/0x24\n ? __mutex_lock.constprop.0+0x40c/0x471\n ? __pfx_rtw89_hw_scan_offload+0x10/0x10 [rtw89_core]\n ? __mutex_lock_slowpath+0x13/0x1f\n ? mutex_lock+0xa2/0xdc\n ? __pfx_mutex_lock+0x10/0x10\n rtw89_hw_scan_abort+0x58/0xb7 [rtw89_core]\n rtw89_ops_cancel_hw_scan+0x120/0x13b [rtw89_core]\n ieee80211_scan_cancel+0x468/0x4d0 [mac80211]\n ieee80211_prep_connection+0x858/0x899 [mac80211]\n ieee80211_mgd_auth+0xbea/0xdde [mac80211]\n ? __pfx_ieee80211_mgd_auth+0x10/0x10 [mac80211]\n ? cfg80211_find_elem+0x15/0x29 [cfg80211]\n ? is_bss+0x1b7/0x1d7 [cfg80211]\n ieee80211_auth+0x18/0x27 [mac80211]\n cfg80211_mlme_auth+0x3bb/0x3e7 [cfg80211]\n cfg80211_conn_do_work+0x410/0xb81 [cfg80211]\n ? __pfx_cfg80211_conn_do_work+0x10/0x10 [cfg80211]\n ? __kasan_check_read+0x11/0x1f\n ? psi_group_change+0x8bc/0x944\n ? __kasan_check_write+0x14/0x22\n ? mutex_lock+0x8e/0xdc\n ? __pfx_mutex_lock+0x10/0x10\n ? __pfx___radix_tree_lookup+0x10/0x10\n cfg80211_conn_work+0x245/0x34d [cfg80211]\n ? __pfx_cfg80211_conn_work+0x10/0x10 [cfg80211]\n ? update_cfs_rq_load_avg+0x3bc/0x3d7\n ? sched_clock_noinstr+0x9/0x1a\n ? sched_clock+0x10/0x24\n ? sched_clock_cpu+0x7e/0x42e\n ? newidle_balance+0x796/0x937\n ? __pfx_sched_clock_cpu+0x10/0x10\n ? __pfx_newidle_balance+0x10/0x10\n ? __kasan_check_read+0x11/0x1f\n ? psi_group_change+0x8bc/0x944\n ? _raw_spin_unlock+0xe/0x24\n ? raw_spin_rq_unlock+0x47/0x54\n ? raw_spin_rq_unlock_irq+0x9/0x1f\n ? finish_task_switch.isra.0+0x347/0x586\n ? __schedule+0x27bf/0x2892\n ? mutex_unlock+0x80/0xd0\n ? do_raw_spin_lock+0x75/0xdb\n ? __pfx___schedule+0x10/0x10\n process_scheduled_works+0x58c/0x821\n worker_thread+0x4c7/0x586\n ? __kasan_check_read+0x11/0x1f\n kthread+0x285/0x294\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x6f\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21729",
"url": "https://www.suse.com/security/cve/CVE-2025-21729"
},
{
"category": "external",
"summary": "SUSE Bug 1237874 for CVE-2025-21729",
"url": "https://bugzilla.suse.com/1237874"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21729"
},
{
"cve": "CVE-2025-21731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21731"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: don\u0027t allow reconnect after disconnect\n\nFollowing process can cause nbd_config UAF:\n\n1) grab nbd_config temporarily;\n\n2) nbd_genl_disconnect() flush all recv_work() and release the\ninitial reference:\n\n nbd_genl_disconnect\n nbd_disconnect_and_put\n nbd_disconnect\n flush_workqueue(nbd-\u003erecv_workq)\n if (test_and_clear_bit(NBD_RT_HAS_CONFIG_REF, ...))\n nbd_config_put\n -\u003e due to step 1), reference is still not zero\n\n3) nbd_genl_reconfigure() queue recv_work() again;\n\n nbd_genl_reconfigure\n config = nbd_get_config_unlocked(nbd)\n if (!config)\n -\u003e succeed\n if (!test_bit(NBD_RT_BOUND, ...))\n -\u003e succeed\n nbd_reconnect_socket\n queue_work(nbd-\u003erecv_workq, \u0026args-\u003ework)\n\n4) step 1) release the reference;\n\n5) Finially, recv_work() will trigger UAF:\n\n recv_work\n nbd_config_put(nbd)\n -\u003e nbd_config is freed\n atomic_dec(\u0026config-\u003erecv_threads)\n -\u003e UAF\n\nFix the problem by clearing NBD_RT_BOUND in nbd_genl_disconnect(), so\nthat nbd_genl_reconfigure() will fail.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21731",
"url": "https://www.suse.com/security/cve/CVE-2025-21731"
},
{
"category": "external",
"summary": "SUSE Bug 1237881 for CVE-2025-21731",
"url": "https://bugzilla.suse.com/1237881"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21731"
},
{
"cve": "CVE-2025-21732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21732"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error\n\nThis patch addresses a race condition for an ODP MR that can result in a\nCQE with an error on the UMR QP.\n\nDuring the __mlx5_ib_dereg_mr() flow, the following sequence of calls\noccurs:\n\nmlx5_revoke_mr()\n mlx5r_umr_revoke_mr()\n mlx5r_umr_post_send_wait()\n\nAt this point, the lkey is freed from the hardware\u0027s perspective.\n\nHowever, concurrently, mlx5_ib_invalidate_range() might be triggered by\nanother task attempting to invalidate a range for the same freed lkey.\n\nThis task will:\n - Acquire the umem_odp-\u003eumem_mutex lock.\n - Call mlx5r_umr_update_xlt() on the UMR QP.\n - Since the lkey has already been freed, this can lead to a CQE error,\n causing the UMR QP to enter an error state [1].\n\nTo resolve this race condition, the umem_odp-\u003eumem_mutex lock is now also\nacquired as part of the mlx5_revoke_mr() scope. Upon successful revoke,\nwe set umem_odp-\u003eprivate which points to that MR to NULL, preventing any\nfurther invalidation attempts on its lkey.\n\n[1] From dmesg:\n\n infiniband rocep8s0f0: dump_cqe:277:(pid 0): WC error: 6, Message: memory bind operation error\n cqe_dump: 00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000030: 00 00 00 00 08 00 78 06 25 00 11 b9 00 0e dd d2\n\n WARNING: CPU: 15 PID: 1506 at drivers/infiniband/hw/mlx5/umr.c:394 mlx5r_umr_post_send_wait+0x15a/0x2b0 [mlx5_ib]\n Modules linked in: ip6table_mangle ip6table_natip6table_filter ip6_tables iptable_mangle xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_umad ib_ipoib ib_cm mlx5_ib ib_uverbs ib_core fuse mlx5_core\n CPU: 15 UID: 0 PID: 1506 Comm: ibv_rc_pingpong Not tainted 6.12.0-rc7+ #1626\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:mlx5r_umr_post_send_wait+0x15a/0x2b0 [mlx5_ib]\n [..]\n Call Trace:\n \u003cTASK\u003e\n mlx5r_umr_update_xlt+0x23c/0x3e0 [mlx5_ib]\n mlx5_ib_invalidate_range+0x2e1/0x330 [mlx5_ib]\n __mmu_notifier_invalidate_range_start+0x1e1/0x240\n zap_page_range_single+0xf1/0x1a0\n madvise_vma_behavior+0x677/0x6e0\n do_madvise+0x1a2/0x4b0\n __x64_sys_madvise+0x25/0x30\n do_syscall_64+0x6b/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21732",
"url": "https://www.suse.com/security/cve/CVE-2025-21732"
},
{
"category": "external",
"summary": "SUSE Bug 1237877 for CVE-2025-21732",
"url": "https://bugzilla.suse.com/1237877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21732"
},
{
"cve": "CVE-2025-21733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Fix resetting of tracepoints\n\nIf a timerlat tracer is started with the osnoise option OSNOISE_WORKLOAD\ndisabled, but then that option is enabled and timerlat is removed, the\ntracepoints that were enabled on timerlat registration do not get\ndisabled. If the option is disabled again and timelat is started, then it\ntriggers a warning in the tracepoint code due to registering the\ntracepoint again without ever disabling it.\n\nDo not use the same user space defined options to know to disable the\ntracepoints when timerlat is removed. Instead, set a global flag when it\nis enabled and use that flag to know to disable the events.\n\n ~# echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo timerlat \u003e /sys/kernel/tracing/current_tracer\n ~# echo OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo nop \u003e /sys/kernel/tracing/current_tracer\n ~# echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo timerlat \u003e /sys/kernel/tracing/current_tracer\n\nTriggers:\n\n ------------[ cut here ]------------\n WARNING: CPU: 6 PID: 1337 at kernel/tracepoint.c:294 tracepoint_add_func+0x3b6/0x3f0\n Modules linked in:\n CPU: 6 UID: 0 PID: 1337 Comm: rtla Not tainted 6.13.0-rc4-test-00018-ga867c441128e-dirty #73\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:tracepoint_add_func+0x3b6/0x3f0\n Code: 48 8b 53 28 48 8b 73 20 4c 89 04 24 e8 23 59 11 00 4c 8b 04 24 e9 36 fe ff ff 0f 0b b8 ea ff ff ff 45 84 e4 0f 84 68 fe ff ff \u003c0f\u003e 0b e9 61 fe ff ff 48 8b 7b 18 48 85 ff 0f 84 4f ff ff ff 49 8b\n RSP: 0018:ffffb9b003a87ca0 EFLAGS: 00010202\n RAX: 00000000ffffffef RBX: ffffffff92f30860 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffff9bf59e91ccd0 RDI: ffffffff913b6410\n RBP: 000000000000000a R08: 00000000000005c7 R09: 0000000000000002\n R10: ffffb9b003a87ce0 R11: 0000000000000002 R12: 0000000000000001\n R13: ffffb9b003a87ce0 R14: ffffffffffffffef R15: 0000000000000008\n FS: 00007fce81209240(0000) GS:ffff9bf6fdd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055e99b728000 CR3: 00000001277c0002 CR4: 0000000000172ef0\n Call Trace:\n \u003cTASK\u003e\n ? __warn.cold+0xb7/0x14d\n ? tracepoint_add_func+0x3b6/0x3f0\n ? report_bug+0xea/0x170\n ? handle_bug+0x58/0x90\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n ? tracepoint_add_func+0x3b6/0x3f0\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n tracepoint_probe_register+0x78/0xb0\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n osnoise_workload_start+0x2b5/0x370\n timerlat_tracer_init+0x76/0x1b0\n tracing_set_tracer+0x244/0x400\n tracing_set_trace_write+0xa0/0xe0\n vfs_write+0xfc/0x570\n ? do_sys_openat2+0x9c/0xe0\n ksys_write+0x72/0xf0\n do_syscall_64+0x79/0x1c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21733",
"url": "https://www.suse.com/security/cve/CVE-2025-21733"
},
{
"category": "external",
"summary": "SUSE Bug 1238494 for CVE-2025-21733",
"url": "https://bugzilla.suse.com/1238494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21733"
},
{
"cve": "CVE-2025-21734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21734"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix copy buffer page size\n\nFor non-registered buffer, fastrpc driver copies the buffer and\npass it to the remote subsystem. There is a problem with current\nimplementation of page size calculation which is not considering\nthe offset in the calculation. This might lead to passing of\nimproper and out-of-bounds page size which could result in\nmemory issue. Calculate page start and page end using the offset\nadjusted address instead of absolute address.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21734",
"url": "https://www.suse.com/security/cve/CVE-2025-21734"
},
{
"category": "external",
"summary": "SUSE Bug 1238734 for CVE-2025-21734",
"url": "https://bugzilla.suse.com/1238734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21734"
},
{
"cve": "CVE-2025-21735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21735"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: Add bounds checking in nci_hci_create_pipe()\n\nThe \"pipe\" variable is a u8 which comes from the network. If it\u0027s more\nthan 127, then it results in memory corruption in the caller,\nnci_hci_connect_gate().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21735",
"url": "https://www.suse.com/security/cve/CVE-2025-21735"
},
{
"category": "external",
"summary": "SUSE Bug 1238497 for CVE-2025-21735",
"url": "https://bugzilla.suse.com/1238497"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21735"
},
{
"cve": "CVE-2025-21736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21736"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix possible int overflows in nilfs_fiemap()\n\nSince nilfs_bmap_lookup_contig() in nilfs_fiemap() calculates its result\nby being prepared to go through potentially maxblocks == INT_MAX blocks,\nthe value in n may experience an overflow caused by left shift of blkbits.\n\nWhile it is extremely unlikely to occur, play it safe and cast right hand\nexpression to wider type to mitigate the issue.\n\nFound by Linux Verification Center (linuxtesting.org) with static analysis\ntool SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21736",
"url": "https://www.suse.com/security/cve/CVE-2025-21736"
},
{
"category": "external",
"summary": "SUSE Bug 1238715 for CVE-2025-21736",
"url": "https://bugzilla.suse.com/1238715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21736"
},
{
"cve": "CVE-2025-21738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21738"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-sff: Ensure that we cannot write outside the allocated buffer\n\nreveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND ioctl with out_len\nset to 0xd42, SCSI command set to ATA_16 PASS-THROUGH, ATA command set to\nATA_NOP, and protocol set to ATA_PROT_PIO, can cause ata_pio_sector() to\nwrite outside the allocated buffer, overwriting random memory.\n\nWhile a ATA device is supposed to abort a ATA_NOP command, there does seem\nto be a bug either in libata-sff or QEMU, where either this status is not\nset, or the status is cleared before read by ata_sff_hsm_move().\nAnyway, that is most likely a separate bug.\n\nLooking at __atapi_pio_bytes(), it already has a safety check to ensure\nthat __atapi_pio_bytes() cannot write outside the allocated buffer.\n\nAdd a similar check to ata_pio_sector(), such that also ata_pio_sector()\ncannot write outside the allocated buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21738",
"url": "https://www.suse.com/security/cve/CVE-2025-21738"
},
{
"category": "external",
"summary": "SUSE Bug 1238917 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1238917"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21738"
},
{
"cve": "CVE-2025-21739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21739"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix use-after free in init error and remove paths\n\ndevm_blk_crypto_profile_init() registers a cleanup handler to run when\nthe associated (platform-) device is being released. For UFS, the\ncrypto private data and pointers are stored as part of the ufs_hba\u0027s\ndata structure \u0027struct ufs_hba::crypto_profile\u0027. This structure is\nallocated as part of the underlying ufshcd and therefore Scsi_host\nallocation.\n\nDuring driver release or during error handling in ufshcd_pltfrm_init(),\nthis structure is released as part of ufshcd_dealloc_host() before the\n(platform-) device associated with the crypto call above is released.\nOnce this device is released, the crypto cleanup code will run, using\nthe just-released \u0027struct ufs_hba::crypto_profile\u0027. This causes a\nuse-after-free situation:\n\n Call trace:\n kfree+0x60/0x2d8 (P)\n kvfree+0x44/0x60\n blk_crypto_profile_destroy_callback+0x28/0x70\n devm_action_release+0x1c/0x30\n release_nodes+0x6c/0x108\n devres_release_all+0x98/0x100\n device_unbind_cleanup+0x20/0x70\n really_probe+0x218/0x2d0\n\nIn other words, the initialisation code flow is:\n\n platform-device probe\n ufshcd_pltfrm_init()\n ufshcd_alloc_host()\n scsi_host_alloc()\n allocation of struct ufs_hba\n creation of scsi-host devices\n devm_blk_crypto_profile_init()\n devm registration of cleanup handler using platform-device\n\nand during error handling of ufshcd_pltfrm_init() or during driver\nremoval:\n\n ufshcd_dealloc_host()\n scsi_host_put()\n put_device(scsi-host)\n release of struct ufs_hba\n put_device(platform-device)\n crypto cleanup handler\n\nTo fix this use-after free, change ufshcd_alloc_host() to register a\ndevres action to automatically cleanup the underlying SCSI device on\nufshcd destruction, without requiring explicit calls to\nufshcd_dealloc_host(). This way:\n\n * the crypto profile and all other ufs_hba-owned resources are\n destroyed before SCSI (as they\u0027ve been registered after)\n * a memleak is plugged in tc-dwc-g210-pci.c remove() as a\n side-effect\n * EXPORT_SYMBOL_GPL(ufshcd_dealloc_host) can be removed fully as\n it\u0027s not needed anymore\n * no future drivers using ufshcd_alloc_host() could ever forget\n adding the cleanup",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21739",
"url": "https://www.suse.com/security/cve/CVE-2025-21739"
},
{
"category": "external",
"summary": "SUSE Bug 1238506 for CVE-2025-21739",
"url": "https://bugzilla.suse.com/1238506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21739"
},
{
"cve": "CVE-2025-21741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21741"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: fix DPE OoB read\n\nFix an out-of-bounds DPE read, limit the number of processed DPEs to\nthe amount that fits into the fixed-size NDP16 header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21741",
"url": "https://www.suse.com/security/cve/CVE-2025-21741"
},
{
"category": "external",
"summary": "SUSE Bug 1238767 for CVE-2025-21741",
"url": "https://bugzilla.suse.com/1238767"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21741"
},
{
"cve": "CVE-2025-21742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21742"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: use static NDP16 location in URB\n\nOriginal code allowed for the start of NDP16 to be anywhere within the\nURB based on the `wNdpIndex` value in NTH16. Only the start position of\nNDP16 was checked, so it was possible for even the fixed-length part\nof NDP16 to extend past the end of URB, leading to an out-of-bounds\nread.\n\nOn iOS devices, the NDP16 header always directly follows NTH16. Rely on\nand check for this specific format.\n\nThis, along with NCM-specific minimal URB length check that already\nexists, will ensure that the fixed-length part of NDP16 plus a set\namount of DPEs fit within the URB.\n\nNote that this commit alone does not fully address the OoB read.\nThe limit on the amount of DPEs needs to be enforced separately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21742",
"url": "https://www.suse.com/security/cve/CVE-2025-21742"
},
{
"category": "external",
"summary": "SUSE Bug 1238771 for CVE-2025-21742",
"url": "https://bugzilla.suse.com/1238771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21742"
},
{
"cve": "CVE-2025-21743",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21743"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: fix possible overflow in DPE length check\n\nOriginally, it was possible for the DPE length check to overflow if\nwDatagramIndex + wDatagramLength \u003e U16_MAX. This could lead to an OoB\nread.\n\nMove the wDatagramIndex term to the other side of the inequality.\n\nAn existing condition ensures that wDatagramIndex \u003c urb-\u003eactual_length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21743",
"url": "https://www.suse.com/security/cve/CVE-2025-21743"
},
{
"category": "external",
"summary": "SUSE Bug 1238781 for CVE-2025-21743",
"url": "https://bugzilla.suse.com/1238781"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21743"
},
{
"cve": "CVE-2025-21744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21744"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()\n\nOn removal of the device or unloading of the kernel module a potential NULL\npointer dereference occurs.\n\nThe following sequence deletes the interface:\n\n brcmf_detach()\n brcmf_remove_interface()\n brcmf_del_if()\n\nInside the brcmf_del_if() function the drvr-\u003eif2bss[ifidx] is updated to\nBRCMF_BSSIDX_INVALID (-1) if the bsscfgidx matches.\n\nAfter brcmf_remove_interface() call the brcmf_proto_detach() function is\ncalled providing the following sequence:\n\n brcmf_detach()\n brcmf_proto_detach()\n brcmf_proto_msgbuf_detach()\n brcmf_flowring_detach()\n brcmf_msgbuf_delete_flowring()\n brcmf_msgbuf_remove_flowring()\n brcmf_flowring_delete()\n brcmf_get_ifp()\n brcmf_txfinalize()\n\nSince brcmf_get_ip() can and actually will return NULL in this case the\ncall to brcmf_txfinalize() will result in a NULL pointer dereference inside\nbrcmf_txfinalize() when trying to update ifp-\u003endev-\u003estats.tx_errors.\n\nThis will only happen if a flowring still has an skb.\n\nAlthough the NULL pointer dereference has only been seen when trying to\nupdate the tx statistic, all other uses of the ifp pointer have been\nguarded as well with an early return if ifp is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21744",
"url": "https://www.suse.com/security/cve/CVE-2025-21744"
},
{
"category": "external",
"summary": "SUSE Bug 1238903 for CVE-2025-21744",
"url": "https://bugzilla.suse.com/1238903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21744"
},
{
"cve": "CVE-2025-21745",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21745"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage\n\nblkcg_fill_root_iostats() iterates over @block_class\u0027s devices by\nclass_dev_iter_(init|next)(), but does not end iterating with\nclass_dev_iter_exit(), so causes the class\u0027s subsystem refcount leakage.\n\nFix by ending the iterating with class_dev_iter_exit().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21745",
"url": "https://www.suse.com/security/cve/CVE-2025-21745"
},
{
"category": "external",
"summary": "SUSE Bug 1238785 for CVE-2025-21745",
"url": "https://bugzilla.suse.com/1238785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21745"
},
{
"cve": "CVE-2025-21749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21749"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: lock the socket in rose_bind()\n\nsyzbot reported a soft lockup in rose_loopback_timer(),\nwith a repro calling bind() from multiple threads.\n\nrose_bind() must lock the socket to avoid this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21749",
"url": "https://www.suse.com/security/cve/CVE-2025-21749"
},
{
"category": "external",
"summary": "SUSE Bug 1238904 for CVE-2025-21749",
"url": "https://bugzilla.suse.com/1238904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "low"
}
],
"title": "CVE-2025-21749"
},
{
"cve": "CVE-2025-21750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21750"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: Check the return value of of_property_read_string_index()\n\nSomewhen between 6.10 and 6.11 the driver started to crash on my\nMacBookPro14,3. The property doesn\u0027t exist and \u0027tmp\u0027 remains\nuninitialized, so we pass a random pointer to devm_kstrdup().\n\nThe crash I am getting looks like this:\n\nBUG: unable to handle page fault for address: 00007f033c669379\nPF: supervisor read access in kernel mode\nPF: error_code(0x0001) - permissions violation\nPGD 8000000101341067 P4D 8000000101341067 PUD 101340067 PMD 1013bb067 PTE 800000010aee9025\nOops: Oops: 0001 [#1] SMP PTI\nCPU: 4 UID: 0 PID: 827 Comm: (udev-worker) Not tainted 6.11.8-gentoo #1\nHardware name: Apple Inc. MacBookPro14,3/Mac-551B86E5744E2388, BIOS 529.140.2.0.0 06/23/2024\nRIP: 0010:strlen+0x4/0x30\nCode: f7 75 ec 31 c0 c3 cc cc cc cc 48 89 f8 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa \u003c80\u003e 3f 00 74 14 48 89 f8 48 83 c0 01 80 38 00 75 f7 48 29 f8 c3 cc\nRSP: 0018:ffffb4aac0683ad8 EFLAGS: 00010202\nRAX: 00000000ffffffea RBX: 00007f033c669379 RCX: 0000000000000001\nRDX: 0000000000000cc0 RSI: 00007f033c669379 RDI: 00007f033c669379\nRBP: 00000000ffffffea R08: 0000000000000000 R09: 00000000c0ba916a\nR10: ffffffffffffffff R11: ffffffffb61ea260 R12: ffff91f7815b50c8\nR13: 0000000000000cc0 R14: ffff91fafefffe30 R15: ffffb4aac0683b30\nFS: 00007f033ccbe8c0(0000) GS:ffff91faeed00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f033c669379 CR3: 0000000107b1e004 CR4: 00000000003706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x149/0x4c0\n ? raw_spin_rq_lock_nested+0xe/0x20\n ? sched_balance_newidle+0x22b/0x3c0\n ? update_load_avg+0x78/0x770\n ? exc_page_fault+0x6f/0x150\n ? asm_exc_page_fault+0x26/0x30\n ? __pfx_pci_conf1_write+0x10/0x10\n ? strlen+0x4/0x30\n devm_kstrdup+0x25/0x70\n brcmf_of_probe+0x273/0x350 [brcmfmac]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21750",
"url": "https://www.suse.com/security/cve/CVE-2025-21750"
},
{
"category": "external",
"summary": "SUSE Bug 1238905 for CVE-2025-21750",
"url": "https://bugzilla.suse.com/1238905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21750"
},
{
"cve": "CVE-2025-21753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21753"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free when attempting to join an aborted transaction\n\nWhen we are trying to join the current transaction and if it\u0027s aborted,\nwe read its \u0027aborted\u0027 field after unlocking fs_info-\u003etrans_lock and\nwithout holding any extra reference count on it. This means that a\nconcurrent task that is aborting the transaction may free the transaction\nbefore we read its \u0027aborted\u0027 field, leading to a use-after-free.\n\nFix this by reading the \u0027aborted\u0027 field while holding fs_info-\u003etrans_lock\nsince any freeing task must first acquire that lock and set\nfs_info-\u003erunning_transaction to NULL before freeing the transaction.\n\nThis was reported by syzbot and Dmitry with the following stack traces\nfrom KASAN:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n Read of size 4 at addr ffff888011839024 by task kworker/u4:9/1128\n\n CPU: 0 UID: 0 PID: 1128 Comm: kworker/u4:9 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Workqueue: events_unbound btrfs_async_reclaim_data_space\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n flush_space+0x448/0xcf0 fs/btrfs/space-info.c:803\n btrfs_async_reclaim_data_space+0x159/0x510 fs/btrfs/space-info.c:1321\n process_one_work kernel/workqueue.c:3236 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317\n worker_thread+0x870/0xd30 kernel/workqueue.c:3398\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\n Allocated by task 5315:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329\n kmalloc_noprof include/linux/slab.h:901 [inline]\n join_transaction+0x144/0xda0 fs/btrfs/transaction.c:308\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n btrfs_create_common+0x1b2/0x2e0 fs/btrfs/inode.c:6572\n lookup_open fs/namei.c:3649 [inline]\n open_last_lookups fs/namei.c:3748 [inline]\n path_openat+0x1c03/0x3590 fs/namei.c:3984\n do_filp_open+0x27f/0x4e0 fs/namei.c:4014\n do_sys_openat2+0x13e/0x1d0 fs/open.c:1402\n do_sys_open fs/open.c:1417 [inline]\n __do_sys_creat fs/open.c:1495 [inline]\n __se_sys_creat fs/open.c:1489 [inline]\n __x64_sys_creat+0x123/0x170 fs/open.c:1489\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 5336:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2353 [inline]\n slab_free mm/slub.c:4613 [inline]\n kfree+0x196/0x430 mm/slub.c:4761\n cleanup_transaction fs/btrfs/transaction.c:2063 [inline]\n btrfs_commit_transaction+0x2c97/0x3720 fs/btrfs/transaction.c:2598\n insert_balance_item+0x1284/0x20b0 fs/btrfs/volumes.c:3757\n btrfs_balance+0x992/\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21753",
"url": "https://www.suse.com/security/cve/CVE-2025-21753"
},
{
"category": "external",
"summary": "SUSE Bug 1237875 for CVE-2025-21753",
"url": "https://bugzilla.suse.com/1237875"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21753"
},
{
"cve": "CVE-2025-21754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21754"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix assertion failure when splitting ordered extent after transaction abort\n\nIf while we are doing a direct IO write a transaction abort happens, we\nmark all existing ordered extents with the BTRFS_ORDERED_IOERR flag (done\nat btrfs_destroy_ordered_extents()), and then after that if we enter\nbtrfs_split_ordered_extent() and the ordered extent has bytes left\n(meaning we have a bio that doesn\u0027t cover the whole ordered extent, see\ndetails at btrfs_extract_ordered_extent()), we will fail on the following\nassertion at btrfs_split_ordered_extent():\n\n ASSERT(!(flags \u0026 ~BTRFS_ORDERED_TYPE_FLAGS));\n\nbecause the BTRFS_ORDERED_IOERR flag is set and the definition of\nBTRFS_ORDERED_TYPE_FLAGS is just the union of all flags that identify the\ntype of write (regular, nocow, prealloc, compressed, direct IO, encoded).\n\nFix this by returning an error from btrfs_extract_ordered_extent() if we\nfind the BTRFS_ORDERED_IOERR flag in the ordered extent. The error will\nbe the error that resulted in the transaction abort or -EIO if no\ntransaction abort happened.\n\nThis was recently reported by syzbot with the following trace:\n\n FAULT_INJECTION: forcing a failure.\n name failslab, interval 1, probability 0, space 0, times 1\n CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.13.0-rc5-syzkaller #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n fail_dump lib/fault-inject.c:53 [inline]\n should_fail_ex+0x3b0/0x4e0 lib/fault-inject.c:154\n should_failslab+0xac/0x100 mm/failslab.c:46\n slab_pre_alloc_hook mm/slub.c:4072 [inline]\n slab_alloc_node mm/slub.c:4148 [inline]\n __do_kmalloc_node mm/slub.c:4297 [inline]\n __kmalloc_noprof+0xdd/0x4c0 mm/slub.c:4310\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n btrfs_chunk_alloc_add_chunk_item+0x244/0x1100 fs/btrfs/volumes.c:5742\n reserve_chunk_space+0x1ca/0x2c0 fs/btrfs/block-group.c:4292\n check_system_chunk fs/btrfs/block-group.c:4319 [inline]\n do_chunk_alloc fs/btrfs/block-group.c:3891 [inline]\n btrfs_chunk_alloc+0x77b/0xf80 fs/btrfs/block-group.c:4187\n find_free_extent_update_loop fs/btrfs/extent-tree.c:4166 [inline]\n find_free_extent+0x42d1/0x5810 fs/btrfs/extent-tree.c:4579\n btrfs_reserve_extent+0x422/0x810 fs/btrfs/extent-tree.c:4672\n btrfs_new_extent_direct fs/btrfs/direct-io.c:186 [inline]\n btrfs_get_blocks_direct_write+0x706/0xfa0 fs/btrfs/direct-io.c:321\n btrfs_dio_iomap_begin+0xbb7/0x1180 fs/btrfs/direct-io.c:525\n iomap_iter+0x697/0xf60 fs/iomap/iter.c:90\n __iomap_dio_rw+0xeb9/0x25b0 fs/iomap/direct-io.c:702\n btrfs_dio_write fs/btrfs/direct-io.c:775 [inline]\n btrfs_direct_write+0x610/0xa30 fs/btrfs/direct-io.c:880\n btrfs_do_write_iter+0x2a0/0x760 fs/btrfs/file.c:1397\n do_iter_readv_writev+0x600/0x880\n vfs_writev+0x376/0xba0 fs/read_write.c:1050\n do_pwritev fs/read_write.c:1146 [inline]\n __do_sys_pwritev2 fs/read_write.c:1204 [inline]\n __se_sys_pwritev2+0x196/0x2b0 fs/read_write.c:1195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f1281f85d29\n RSP: 002b:00007f12819fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148\n RAX: ffffffffffffffda RBX: 00007f1282176080 RCX: 00007f1281f85d29\n RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000005\n RBP: 00007f12819fe090 R08: 0000000000000000 R09: 0000000000000003\n R10: 0000000000007000 R11: 0000000000000246 R12: 0000000000000002\n R13: 0000000000000000 R14: 00007f1282176080 R15: 00007ffcb9e23328\n \u003c/TASK\u003e\n BTRFS error (device loop0 state A): Transaction aborted (error -12)\n BTRFS: error (device loop0 state A\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21754",
"url": "https://www.suse.com/security/cve/CVE-2025-21754"
},
{
"category": "external",
"summary": "SUSE Bug 1238496 for CVE-2025-21754",
"url": "https://bugzilla.suse.com/1238496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21754"
},
{
"cve": "CVE-2025-21755",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21755"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21755",
"url": "https://www.suse.com/security/cve/CVE-2025-21755"
},
{
"category": "external",
"summary": "SUSE Bug 1237882 for CVE-2025-21755",
"url": "https://bugzilla.suse.com/1237882"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21755"
},
{
"cve": "CVE-2025-21756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Keep the binding until socket destruction\n\nPreserve sockets bindings; this includes both resulting from an explicit\nbind() and those implicitly bound through autobind during connect().\n\nPrevents socket unbinding during a transport reassignment, which fixes a\nuse-after-free:\n\n 1. vsock_create() (refcnt=1) calls vsock_insert_unbound() (refcnt=2)\n 2. transport-\u003erelease() calls vsock_remove_bound() without checking if\n sk was bound and moved to bound list (refcnt=1)\n 3. vsock_bind() assumes sk is in unbound list and before\n __vsock_insert_bound(vsock_bound_sockets()) calls\n __vsock_remove_bound() which does:\n list_del_init(\u0026vsk-\u003ebound_table); // nop\n sock_put(\u0026vsk-\u003esk); // refcnt=0\n\nBUG: KASAN: slab-use-after-free in __vsock_bind+0x62e/0x730\nRead of size 4 at addr ffff88816b46a74c by task a.out/2057\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n __vsock_bind+0x62e/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAllocated by task 2057:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n __vsock_create.constprop.0+0x2e/0xb60\n vsock_create+0xe4/0x420\n __sock_create+0x241/0x650\n __sys_socket+0xf2/0x1a0\n __x64_sys_socket+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2057:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n __vsock_bind+0x5e1/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 7 PID: 2057 at lib/refcount.c:25 refcount_warn_saturate+0xce/0x150\nRIP: 0010:refcount_warn_saturate+0xce/0x150\n __vsock_bind+0x66d/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 7 PID: 2057 at lib/refcount.c:28 refcount_warn_saturate+0xee/0x150\nRIP: 0010:refcount_warn_saturate+0xee/0x150\n vsock_remove_bound+0x187/0x1e0\n __vsock_release+0x383/0x4a0\n vsock_release+0x90/0x120\n __sock_release+0xa3/0x250\n sock_close+0x14/0x20\n __fput+0x359/0xa80\n task_work_run+0x107/0x1d0\n do_exit+0x847/0x2560\n do_group_exit+0xb8/0x250\n __x64_sys_exit_group+0x3a/0x50\n x64_sys_call+0xfec/0x14f0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21756",
"url": "https://www.suse.com/security/cve/CVE-2025-21756"
},
{
"category": "external",
"summary": "SUSE Bug 1238876 for CVE-2025-21756",
"url": "https://bugzilla.suse.com/1238876"
},
{
"category": "external",
"summary": "SUSE Bug 1245795 for CVE-2025-21756",
"url": "https://bugzilla.suse.com/1245795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2025-21756"
},
{
"cve": "CVE-2025-21758",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21758"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: add RCU protection to mld_newpack()\n\nmld_newpack() can be called without RTNL or RCU being held.\n\nNote that we no longer can use sock_alloc_send_skb() because\nipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.\n\nInstead use alloc_skb() and charge the net-\u003eipv6.igmp_sk\nsocket under RCU protection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21758",
"url": "https://www.suse.com/security/cve/CVE-2025-21758"
},
{
"category": "external",
"summary": "SUSE Bug 1238737 for CVE-2025-21758",
"url": "https://bugzilla.suse.com/1238737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21758"
},
{
"cve": "CVE-2025-21759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21759"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: extend RCU protection in igmp6_send()\n\nigmp6_send() can be called without RTNL or RCU being held.\n\nExtend RCU protection so that we can safely fetch the net pointer\nand avoid a potential UAF.\n\nNote that we no longer can use sock_alloc_send_skb() because\nipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.\n\nInstead use alloc_skb() and charge the net-\u003eipv6.igmp_sk\nsocket under RCU protection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21759",
"url": "https://www.suse.com/security/cve/CVE-2025-21759"
},
{
"category": "external",
"summary": "SUSE Bug 1238738 for CVE-2025-21759",
"url": "https://bugzilla.suse.com/1238738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21759"
},
{
"cve": "CVE-2025-21760",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21760"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: extend RCU protection in ndisc_send_skb()\n\nndisc_send_skb() can be called without RTNL or RCU held.\n\nAcquire rcu_read_lock() earlier, so that we can use dev_net_rcu()\nand avoid a potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21760",
"url": "https://www.suse.com/security/cve/CVE-2025-21760"
},
{
"category": "external",
"summary": "SUSE Bug 1238763 for CVE-2025-21760",
"url": "https://bugzilla.suse.com/1238763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21760"
},
{
"cve": "CVE-2025-21761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21761"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: use RCU protection in ovs_vport_cmd_fill_info()\n\novs_vport_cmd_fill_info() can be called without RTNL or RCU.\n\nUse RCU protection and dev_net_rcu() to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21761",
"url": "https://www.suse.com/security/cve/CVE-2025-21761"
},
{
"category": "external",
"summary": "SUSE Bug 1238775 for CVE-2025-21761",
"url": "https://bugzilla.suse.com/1238775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21761"
},
{
"cve": "CVE-2025-21762",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21762"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narp: use RCU protection in arp_xmit()\n\narp_xmit() can be called without RTNL or RCU protection.\n\nUse RCU protection to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21762",
"url": "https://www.suse.com/security/cve/CVE-2025-21762"
},
{
"category": "external",
"summary": "SUSE Bug 1238780 for CVE-2025-21762",
"url": "https://bugzilla.suse.com/1238780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21762"
},
{
"cve": "CVE-2025-21763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21763"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nneighbour: use RCU protection in __neigh_notify()\n\n__neigh_notify() can be called without RTNL or RCU protection.\n\nUse RCU protection to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21763",
"url": "https://www.suse.com/security/cve/CVE-2025-21763"
},
{
"category": "external",
"summary": "SUSE Bug 1237897 for CVE-2025-21763",
"url": "https://bugzilla.suse.com/1237897"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21763"
},
{
"cve": "CVE-2025-21764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21764"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: use RCU protection in ndisc_alloc_skb()\n\nndisc_alloc_skb() can be called without RTNL or RCU being held.\n\nAdd RCU protection to avoid possible UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21764",
"url": "https://www.suse.com/security/cve/CVE-2025-21764"
},
{
"category": "external",
"summary": "SUSE Bug 1237885 for CVE-2025-21764",
"url": "https://bugzilla.suse.com/1237885"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21764"
},
{
"cve": "CVE-2025-21765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21765"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: use RCU protection in ip6_default_advmss()\n\nip6_default_advmss() needs rcu protection to make\nsure the net structure it reads does not disappear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21765",
"url": "https://www.suse.com/security/cve/CVE-2025-21765"
},
{
"category": "external",
"summary": "SUSE Bug 1237906 for CVE-2025-21765",
"url": "https://bugzilla.suse.com/1237906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21765"
},
{
"cve": "CVE-2025-21766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21766"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: use RCU protection in __ip_rt_update_pmtu()\n\n__ip_rt_update_pmtu() must use RCU protection to make\nsure the net structure it reads does not disappear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21766",
"url": "https://www.suse.com/security/cve/CVE-2025-21766"
},
{
"category": "external",
"summary": "SUSE Bug 1238754 for CVE-2025-21766",
"url": "https://bugzilla.suse.com/1238754"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21766"
},
{
"cve": "CVE-2025-21767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21767"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context\n\nThe following bug report happened with a PREEMPT_RT kernel:\n\n BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog\n preempt_count: 1, expected: 0\n RCU nest depth: 0, expected: 0\n get_random_u32+0x4f/0x110\n clocksource_verify_choose_cpus+0xab/0x1a0\n clocksource_verify_percpu.part.0+0x6b/0x330\n clocksource_watchdog_kthread+0x193/0x1a0\n\nIt is due to the fact that clocksource_verify_choose_cpus() is invoked with\npreemption disabled. This function invokes get_random_u32() to obtain\nrandom numbers for choosing CPUs. The batched_entropy_32 local lock and/or\nthe base_crng.lock spinlock in driver/char/random.c will be acquired during\nthe call. In PREEMPT_RT kernel, they are both sleeping locks and so cannot\nbe acquired in atomic context.\n\nFix this problem by using migrate_disable() to allow smp_processor_id() to\nbe reliably used without introducing atomic context. preempt_disable() is\nthen called after clocksource_verify_choose_cpus() but before the\nclocksource measurement is being run to avoid introducing unexpected\nlatency.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21767",
"url": "https://www.suse.com/security/cve/CVE-2025-21767"
},
{
"category": "external",
"summary": "SUSE Bug 1238509 for CVE-2025-21767",
"url": "https://bugzilla.suse.com/1238509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21767"
},
{
"cve": "CVE-2025-21768",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21768"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels\n\nSome lwtunnels have a dst cache for post-transformation dst.\nIf the packet destination did not change we may end up recording\na reference to the lwtunnel in its own cache, and the lwtunnel\nstate will never be freed.\n\nDiscovered by the ioam6.sh test, kmemleak was recently fixed\nto catch per-cpu memory leaks. I\u0027m not sure if rpl and seg6\ncan actually hit this, but in principle I don\u0027t see why not.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21768",
"url": "https://www.suse.com/security/cve/CVE-2025-21768"
},
{
"category": "external",
"summary": "SUSE Bug 1238714 for CVE-2025-21768",
"url": "https://bugzilla.suse.com/1238714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21768"
},
{
"cve": "CVE-2025-21772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21772"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npartitions: mac: fix handling of bogus partition table\n\nFix several issues in partition probing:\n\n - The bailout for a bad partoffset must use put_dev_sector(), since the\n preceding read_part_sector() succeeded.\n - If the partition table claims a silly sector size like 0xfff bytes\n (which results in partition table entries straddling sector boundaries),\n bail out instead of accessing out-of-bounds memory.\n - We must not assume that the partition table contains proper NUL\n termination - use strnlen() and strncmp() instead of strlen() and\n strcmp().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21772",
"url": "https://www.suse.com/security/cve/CVE-2025-21772"
},
{
"category": "external",
"summary": "SUSE Bug 1238911 for CVE-2025-21772",
"url": "https://bugzilla.suse.com/1238911"
},
{
"category": "external",
"summary": "SUSE Bug 1238912 for CVE-2025-21772",
"url": "https://bugzilla.suse.com/1238912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2025-21772"
},
{
"cve": "CVE-2025-21773",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21773"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: etas_es58x: fix potential NULL pointer dereference on udev-\u003eserial\n\nThe driver assumed that es58x_dev-\u003eudev-\u003eserial could never be NULL.\nWhile this is true on commercially available devices, an attacker\ncould spoof the device identity providing a NULL USB serial number.\nThat would trigger a NULL pointer dereference.\n\nAdd a check on es58x_dev-\u003eudev-\u003eserial before accessing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21773",
"url": "https://www.suse.com/security/cve/CVE-2025-21773"
},
{
"category": "external",
"summary": "SUSE Bug 1238762 for CVE-2025-21773",
"url": "https://bugzilla.suse.com/1238762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21773"
},
{
"cve": "CVE-2025-21775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21775"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: ctucanfd: handle skb allocation failure\n\nIf skb allocation fails, the pointer to struct can_frame is NULL. This\nis actually handled everywhere inside ctucan_err_interrupt() except for\nthe only place.\n\nAdd the missed NULL check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21775",
"url": "https://www.suse.com/security/cve/CVE-2025-21775"
},
{
"category": "external",
"summary": "SUSE Bug 1238501 for CVE-2025-21775",
"url": "https://bugzilla.suse.com/1238501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21775"
},
{
"cve": "CVE-2025-21776",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21776"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: hub: Ignore non-compliant devices with too many configs or interfaces\n\nRobert Morris created a test program which can cause\nusb_hub_to_struct_hub() to dereference a NULL or inappropriate\npointer:\n\nOops: general protection fault, probably for non-canonical address\n0xcccccccccccccccc: 0000 [#1] SMP DEBUG_PAGEALLOC PTI\nCPU: 7 UID: 0 PID: 117 Comm: kworker/7:1 Not tainted 6.13.0-rc3-00017-gf44d154d6e3d #14\nHardware name: FreeBSD BHYVE/BHYVE, BIOS 14.0 10/17/2021\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_hub_adjust_deviceremovable+0x78/0x110\n...\nCall Trace:\n \u003cTASK\u003e\n ? die_addr+0x31/0x80\n ? exc_general_protection+0x1b4/0x3c0\n ? asm_exc_general_protection+0x26/0x30\n ? usb_hub_adjust_deviceremovable+0x78/0x110\n hub_probe+0x7c7/0xab0\n usb_probe_interface+0x14b/0x350\n really_probe+0xd0/0x2d0\n ? __pfx___device_attach_driver+0x10/0x10\n __driver_probe_device+0x6e/0x110\n driver_probe_device+0x1a/0x90\n __device_attach_driver+0x7e/0xc0\n bus_for_each_drv+0x7f/0xd0\n __device_attach+0xaa/0x1a0\n bus_probe_device+0x8b/0xa0\n device_add+0x62e/0x810\n usb_set_configuration+0x65d/0x990\n usb_generic_driver_probe+0x4b/0x70\n usb_probe_device+0x36/0xd0\n\nThe cause of this error is that the device has two interfaces, and the\nhub driver binds to interface 1 instead of interface 0, which is where\nusb_hub_to_struct_hub() looks.\n\nWe can prevent the problem from occurring by refusing to accept hub\ndevices that violate the USB spec by having more than one\nconfiguration or interface.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21776",
"url": "https://www.suse.com/security/cve/CVE-2025-21776"
},
{
"category": "external",
"summary": "SUSE Bug 1238909 for CVE-2025-21776",
"url": "https://bugzilla.suse.com/1238909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21776"
},
{
"cve": "CVE-2025-21779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21779"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Reject Hyper-V\u0027s SEND_IPI hypercalls if local APIC isn\u0027t in-kernel\n\nAdvertise support for Hyper-V\u0027s SEND_IPI and SEND_IPI_EX hypercalls if and\nonly if the local API is emulated/virtualized by KVM, and explicitly reject\nsaid hypercalls if the local APIC is emulated in userspace, i.e. don\u0027t rely\non userspace to opt-in to KVM_CAP_HYPERV_ENFORCE_CPUID.\n\nRejecting SEND_IPI and SEND_IPI_EX fixes a NULL-pointer dereference if\nHyper-V enlightenments are exposed to the guest without an in-kernel local\nAPIC:\n\n dump_stack+0xbe/0xfd\n __kasan_report.cold+0x34/0x84\n kasan_report+0x3a/0x50\n __apic_accept_irq+0x3a/0x5c0\n kvm_hv_send_ipi.isra.0+0x34e/0x820\n kvm_hv_hypercall+0x8d9/0x9d0\n kvm_emulate_hypercall+0x506/0x7e0\n __vmx_handle_exit+0x283/0xb60\n vmx_handle_exit+0x1d/0xd0\n vcpu_enter_guest+0x16b0/0x24c0\n vcpu_run+0xc0/0x550\n kvm_arch_vcpu_ioctl_run+0x170/0x6d0\n kvm_vcpu_ioctl+0x413/0xb20\n __se_sys_ioctl+0x111/0x160\n do_syscal1_64+0x30/0x40\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nNote, checking the sending vCPU is sufficient, as the per-VM irqchip_mode\ncan\u0027t be modified after vCPUs are created, i.e. if one vCPU has an\nin-kernel local APIC, then all vCPUs have an in-kernel local APIC.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21779",
"url": "https://www.suse.com/security/cve/CVE-2025-21779"
},
{
"category": "external",
"summary": "SUSE Bug 1238768 for CVE-2025-21779",
"url": "https://bugzilla.suse.com/1238768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21779"
},
{
"cve": "CVE-2025-21780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21780"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()\n\nIt malicious user provides a small pptable through sysfs and then\na bigger pptable, it may cause buffer overflow attack in function\nsmu_sys_set_pp_table().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21780",
"url": "https://www.suse.com/security/cve/CVE-2025-21780"
},
{
"category": "external",
"summary": "SUSE Bug 1239115 for CVE-2025-21780",
"url": "https://bugzilla.suse.com/1239115"
},
{
"category": "external",
"summary": "SUSE Bug 1239116 for CVE-2025-21780",
"url": "https://bugzilla.suse.com/1239116"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2025-21780"
},
{
"cve": "CVE-2025-21781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21781"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: fix panic during interface removal\n\nReference counting is used to ensure that\nbatadv_hardif_neigh_node and batadv_hard_iface\nare not freed before/during\nbatadv_v_elp_throughput_metric_update work is\nfinished.\n\nBut there isn\u0027t a guarantee that the hard if will\nremain associated with a soft interface up until\nthe work is finished.\n\nThis fixes a crash triggered by reboot that looks\nlike this:\n\nCall trace:\n batadv_v_mesh_free+0xd0/0x4dc [batman_adv]\n batadv_v_elp_throughput_metric_update+0x1c/0xa4\n process_one_work+0x178/0x398\n worker_thread+0x2e8/0x4d0\n kthread+0xd8/0xdc\n ret_from_fork+0x10/0x20\n\n(the batadv_v_mesh_free call is misleading,\nand does not actually happen)\n\nI was able to make the issue happen more reliably\nby changing hardif_neigh-\u003ebat_v.metric_work work\nto be delayed work. This allowed me to track down\nand confirm the fix.\n\n[sven@narfation.org: prevent entering batadv_v_elp_get_throughput without\n soft_iface]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21781",
"url": "https://www.suse.com/security/cve/CVE-2025-21781"
},
{
"category": "external",
"summary": "SUSE Bug 1238735 for CVE-2025-21781",
"url": "https://bugzilla.suse.com/1238735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21781"
},
{
"cve": "CVE-2025-21782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\norangefs: fix a oob in orangefs_debug_write\n\nI got a syzbot report: slab-out-of-bounds Read in\norangefs_debug_write... several people suggested fixes,\nI tested Al Viro\u0027s suggestion and made this patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21782",
"url": "https://www.suse.com/security/cve/CVE-2025-21782"
},
{
"category": "external",
"summary": "SUSE Bug 1239117 for CVE-2025-21782",
"url": "https://bugzilla.suse.com/1239117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21782"
},
{
"cve": "CVE-2025-21784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21784"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode()\n\nIn function psp_init_cap_microcode(), it should bail out when failed to\nload firmware, otherwise it may cause invalid memory access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21784",
"url": "https://www.suse.com/security/cve/CVE-2025-21784"
},
{
"category": "external",
"summary": "SUSE Bug 1238510 for CVE-2025-21784",
"url": "https://bugzilla.suse.com/1238510"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21784"
},
{
"cve": "CVE-2025-21785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21785"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array\n\nThe loop that detects/populates cache information already has a bounds\ncheck on the array size but does not account for cache levels with\nseparate data/instructions cache. Fix this by incrementing the index\nfor any populated leaf (instead of any populated level).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21785",
"url": "https://www.suse.com/security/cve/CVE-2025-21785"
},
{
"category": "external",
"summary": "SUSE Bug 1238747 for CVE-2025-21785",
"url": "https://bugzilla.suse.com/1238747"
},
{
"category": "external",
"summary": "SUSE Bug 1240745 for CVE-2025-21785",
"url": "https://bugzilla.suse.com/1240745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2025-21785"
},
{
"cve": "CVE-2025-21787",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21787"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nteam: better TEAM_OPTION_TYPE_STRING validation\n\nsyzbot reported following splat [1]\n\nMake sure user-provided data contains one nul byte.\n\n[1]\n BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:633 [inline]\n BUG: KMSAN: uninit-value in string+0x3ec/0x5f0 lib/vsprintf.c:714\n string_nocheck lib/vsprintf.c:633 [inline]\n string+0x3ec/0x5f0 lib/vsprintf.c:714\n vsnprintf+0xa5d/0x1960 lib/vsprintf.c:2843\n __request_module+0x252/0x9f0 kernel/module/kmod.c:149\n team_mode_get drivers/net/team/team_core.c:480 [inline]\n team_change_mode drivers/net/team/team_core.c:607 [inline]\n team_mode_option_set+0x437/0x970 drivers/net/team/team_core.c:1401\n team_option_set drivers/net/team/team_core.c:375 [inline]\n team_nl_options_set_doit+0x1339/0x1f90 drivers/net/team/team_core.c:2662\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0x1214/0x12c0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2543\n genl_rcv+0x40/0x60 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1892\n sock_sendmsg_nosec net/socket.c:718 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:733\n ____sys_sendmsg+0x877/0xb60 net/socket.c:2573\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2627\n __sys_sendmsg net/socket.c:2659 [inline]\n __do_sys_sendmsg net/socket.c:2664 [inline]\n __se_sys_sendmsg net/socket.c:2662 [inline]\n __x64_sys_sendmsg+0x212/0x3c0 net/socket.c:2662\n x64_sys_call+0x2ed6/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21787",
"url": "https://www.suse.com/security/cve/CVE-2025-21787"
},
{
"category": "external",
"summary": "SUSE Bug 1238774 for CVE-2025-21787",
"url": "https://bugzilla.suse.com/1238774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21787"
},
{
"cve": "CVE-2025-21790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21790"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: check vxlan_vnigroup_init() return value\n\nvxlan_init() must check vxlan_vnigroup_init() success\notherwise a crash happens later, spotted by syzbot.\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000002c: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000160-0x0000000000000167]\nCPU: 0 UID: 0 PID: 7313 Comm: syz-executor147 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:vxlan_vnigroup_uninit+0x89/0x500 drivers/net/vxlan/vxlan_vnifilter.c:912\nCode: 00 48 8b 44 24 08 4c 8b b0 98 41 00 00 49 8d 86 60 01 00 00 48 89 c2 48 89 44 24 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 4d 04 00 00 49 8b 86 60 01 00 00 48 ba 00 00 00\nRSP: 0018:ffffc9000cc1eea8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8672effb\nRDX: 000000000000002c RSI: ffffffff8672ecb9 RDI: ffff8880461b4f18\nRBP: ffff8880461b4ef4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000020000\nR13: ffff8880461b0d80 R14: 0000000000000000 R15: dffffc0000000000\nFS: 00007fecfa95d6c0(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fecfa95cfb8 CR3: 000000004472c000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vxlan_uninit+0x1ab/0x200 drivers/net/vxlan/vxlan_core.c:2942\n unregister_netdevice_many_notify+0x12d6/0x1f30 net/core/dev.c:11824\n unregister_netdevice_many net/core/dev.c:11866 [inline]\n unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11736\n register_netdevice+0x1829/0x1eb0 net/core/dev.c:10901\n __vxlan_dev_create+0x7c6/0xa30 drivers/net/vxlan/vxlan_core.c:3981\n vxlan_newlink+0xd1/0x130 drivers/net/vxlan/vxlan_core.c:4407\n rtnl_newlink_create net/core/rtnetlink.c:3795 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21790",
"url": "https://www.suse.com/security/cve/CVE-2025-21790"
},
{
"category": "external",
"summary": "SUSE Bug 1238753 for CVE-2025-21790",
"url": "https://bugzilla.suse.com/1238753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21790"
},
{
"cve": "CVE-2025-21791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: use RCU protection in l3mdev_l3_out()\n\nl3mdev_l3_out() can be called without RCU being held:\n\nraw_sendmsg()\n ip_push_pending_frames()\n ip_send_skb()\n ip_local_out()\n __ip_local_out()\n l3mdev_ip_out()\n\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\na potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21791",
"url": "https://www.suse.com/security/cve/CVE-2025-21791"
},
{
"category": "external",
"summary": "SUSE Bug 1238512 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "external",
"summary": "SUSE Bug 1240744 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1240744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2025-21791"
},
{
"cve": "CVE-2025-21792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21792"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt\n\nIf an AX25 device is bound to a socket by setting the SO_BINDTODEVICE\nsocket option, a refcount leak will occur in ax25_release().\n\nCommit 9fd75b66b8f6 (\"ax25: Fix refcount leaks caused by ax25_cb_del()\")\nadded decrement of device refcounts in ax25_release(). In order for that\nto work correctly the refcounts must already be incremented when the\ndevice is bound to the socket. An AX25 device can be bound to a socket\nby either calling ax25_bind() or setting SO_BINDTODEVICE socket option.\nIn both cases the refcounts should be incremented, but in fact it is done\nonly in ax25_bind().\n\nThis bug leads to the following issue reported by Syzkaller:\n\n================================================================\nrefcount_t: decrement hit 0; leaking memory.\nWARNING: CPU: 1 PID: 5932 at lib/refcount.c:31 refcount_warn_saturate+0x1ed/0x210 lib/refcount.c:31\nModules linked in:\nCPU: 1 UID: 0 PID: 5932 Comm: syz-executor424 Not tainted 6.13.0-rc4-syzkaller-00110-g4099a71718b0 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:refcount_warn_saturate+0x1ed/0x210 lib/refcount.c:31\nCall Trace:\n \u003cTASK\u003e\n __refcount_dec include/linux/refcount.h:336 [inline]\n refcount_dec include/linux/refcount.h:351 [inline]\n ref_tracker_free+0x710/0x820 lib/ref_tracker.c:236\n netdev_tracker_free include/linux/netdevice.h:4156 [inline]\n netdev_put include/linux/netdevice.h:4173 [inline]\n netdev_put include/linux/netdevice.h:4169 [inline]\n ax25_release+0x33f/0xa10 net/ax25/af_ax25.c:1069\n __sock_release+0xb0/0x270 net/socket.c:640\n sock_close+0x1c/0x30 net/socket.c:1408\n ...\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n ...\n \u003c/TASK\u003e\n================================================================\n\nFix the implementation of ax25_setsockopt() by adding increment of\nrefcounts for the new device bound, and decrement of refcounts for\nthe old unbound device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21792",
"url": "https://www.suse.com/security/cve/CVE-2025-21792"
},
{
"category": "external",
"summary": "SUSE Bug 1238745 for CVE-2025-21792",
"url": "https://bugzilla.suse.com/1238745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21792"
},
{
"cve": "CVE-2025-21793",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21793"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: sn-f-ospi: Fix division by zero\n\nWhen there is no dummy cycle in the spi-nor commands, both dummy bus cycle\nbytes and width are zero. Because of the cpu\u0027s warning when divided by\nzero, the warning should be avoided. Return just zero to avoid such\ncalculations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21793",
"url": "https://www.suse.com/security/cve/CVE-2025-21793"
},
{
"category": "external",
"summary": "SUSE Bug 1238500 for CVE-2025-21793",
"url": "https://bugzilla.suse.com/1238500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21793"
},
{
"cve": "CVE-2025-21794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()\n\nSyzbot[1] has detected a stack-out-of-bounds read of the ep_addr array from\nhid-thrustmaster driver. This array is passed to usb_check_int_endpoints\nfunction from usb.c core driver, which executes a for loop that iterates\nover the elements of the passed array. Not finding a null element at the end of\nthe array, it tries to read the next, non-existent element, crashing the kernel.\n\nTo fix this, a 0 element was added at the end of the array to break the for\nloop.\n\n[1] https://syzkaller.appspot.com/bug?extid=9c9179ac46169c56c1ad",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21794",
"url": "https://www.suse.com/security/cve/CVE-2025-21794"
},
{
"category": "external",
"summary": "SUSE Bug 1238502 for CVE-2025-21794",
"url": "https://bugzilla.suse.com/1238502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21794"
},
{
"cve": "CVE-2025-21795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21795"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: fix hang in nfsd4_shutdown_callback\n\nIf nfs4_client is in courtesy state then there is no point to send\nthe callback. This causes nfsd4_shutdown_callback to hang since\ncl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP\nnotifies NFSD that the connection was dropped.\n\nThis patch modifies nfsd4_run_cb_work to skip the RPC call if\nnfs4_client is in courtesy state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21795",
"url": "https://www.suse.com/security/cve/CVE-2025-21795"
},
{
"category": "external",
"summary": "SUSE Bug 1238759 for CVE-2025-21795",
"url": "https://bugzilla.suse.com/1238759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21795"
},
{
"cve": "CVE-2025-21796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21796"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: clear acl_access/acl_default after releasing them\n\nIf getting acl_default fails, acl_access and acl_default will be released\nsimultaneously. However, acl_access will still retain a pointer pointing\nto the released posix_acl, which will trigger a WARNING in\nnfs3svc_release_getacl like this:\n\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 26 PID: 3199 at lib/refcount.c:28\nrefcount_warn_saturate+0xb5/0x170\nModules linked in:\nCPU: 26 UID: 0 PID: 3199 Comm: nfsd Not tainted\n6.12.0-rc6-00079-g04ae226af01f-dirty #8\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xb5/0x170\nCode: cc cc 0f b6 1d b3 20 a5 03 80 fb 01 0f 87 65 48 d8 00 83 e3 01 75\ne4 48 c7 c7 c0 3b 9b 85 c6 05 97 20 a5 03 01 e8 fb 3e 30 ff \u003c0f\u003e 0b eb\ncd 0f b6 1d 8a3\nRSP: 0018:ffffc90008637cd8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff83904fde\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88871ed36380\nRBP: ffff888158beeb40 R08: 0000000000000001 R09: fffff520010c6f56\nR10: ffffc90008637ab7 R11: 0000000000000001 R12: 0000000000000001\nR13: ffff888140e77400 R14: ffff888140e77408 R15: ffffffff858b42c0\nFS: 0000000000000000(0000) GS:ffff88871ed00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000562384d32158 CR3: 000000055cc6a000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0xb5/0x170\n ? __warn+0xa5/0x140\n ? refcount_warn_saturate+0xb5/0x170\n ? report_bug+0x1b1/0x1e0\n ? handle_bug+0x53/0xa0\n ? exc_invalid_op+0x17/0x40\n ? asm_exc_invalid_op+0x1a/0x20\n ? tick_nohz_tick_stopped+0x1e/0x40\n ? refcount_warn_saturate+0xb5/0x170\n ? refcount_warn_saturate+0xb5/0x170\n nfs3svc_release_getacl+0xc9/0xe0\n svc_process_common+0x5db/0xb60\n ? __pfx_svc_process_common+0x10/0x10\n ? __rcu_read_unlock+0x69/0xa0\n ? __pfx_nfsd_dispatch+0x10/0x10\n ? svc_xprt_received+0xa1/0x120\n ? xdr_init_decode+0x11d/0x190\n svc_process+0x2a7/0x330\n svc_handle_xprt+0x69d/0x940\n svc_recv+0x180/0x2d0\n nfsd+0x168/0x200\n ? __pfx_nfsd+0x10/0x10\n kthread+0x1a2/0x1e0\n ? kthread+0xf4/0x1e0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\nKernel panic - not syncing: kernel: panic_on_warn set ...\n\nClear acl_access/acl_default after posix_acl_release is called to prevent\nUAF from being triggered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21796",
"url": "https://www.suse.com/security/cve/CVE-2025-21796"
},
{
"category": "external",
"summary": "SUSE Bug 1238716 for CVE-2025-21796",
"url": "https://bugzilla.suse.com/1238716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21796"
},
{
"cve": "CVE-2025-21799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21799"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()\n\nWhen getting the IRQ we use k3_udma_glue_tx_get_irq() which returns\nnegative error value on error. So not NULL check is not sufficient\nto deteremine if IRQ is valid. Check that IRQ is greater then zero\nto ensure it is valid.\n\nThere is no issue at probe time but at runtime user can invoke\n.set_channels which results in the following call chain.\nam65_cpsw_set_channels()\n am65_cpsw_nuss_update_tx_rx_chns()\n am65_cpsw_nuss_remove_tx_chns()\n am65_cpsw_nuss_init_tx_chns()\n\nAt this point if am65_cpsw_nuss_init_tx_chns() fails due to\nk3_udma_glue_tx_get_irq() then tx_chn-\u003eirq will be set to a\nnegative value.\n\nThen, at subsequent .set_channels with higher channel count we\nwill attempt to free an invalid IRQ in am65_cpsw_nuss_remove_tx_chns()\nleading to a kernel warning.\n\nThe issue is present in the original commit that introduced this driver,\nalthough there, am65_cpsw_nuss_update_tx_rx_chns() existed as\nam65_cpsw_nuss_update_tx_chns().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21799",
"url": "https://www.suse.com/security/cve/CVE-2025-21799"
},
{
"category": "external",
"summary": "SUSE Bug 1238739 for CVE-2025-21799",
"url": "https://bugzilla.suse.com/1238739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21799"
},
{
"cve": "CVE-2025-21802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21802"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix oops when unload drivers paralleling\n\nWhen unload hclge driver, it tries to disable sriov first for each\nae_dev node from hnae3_ae_dev_list. If user unloads hns3 driver at\nthe time, because it removes all the ae_dev nodes, and it may cause\noops.\n\nBut we can\u0027t simply use hnae3_common_lock for this. Because in the\nprocess flow of pci_disable_sriov(), it will trigger the remove flow\nof VF, which will also take hnae3_common_lock.\n\nTo fixes it, introduce a new mutex to protect the unload process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21802",
"url": "https://www.suse.com/security/cve/CVE-2025-21802"
},
{
"category": "external",
"summary": "SUSE Bug 1238751 for CVE-2025-21802",
"url": "https://bugzilla.suse.com/1238751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21802"
},
{
"cve": "CVE-2025-21804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21804"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()\n\nThe rcar_pcie_parse_outbound_ranges() uses the devm_request_mem_region()\nmacro to request a needed resource. A string variable that lives on the\nstack is then used to store a dynamically computed resource name, which\nis then passed on as one of the macro arguments. This can lead to\nundefined behavior.\n\nDepending on the current contents of the memory, the manifestations of\nerrors may vary. One possible output may be as follows:\n\n $ cat /proc/iomem\n 30000000-37ffffff :\n 38000000-3fffffff :\n\nSometimes, garbage may appear after the colon.\n\nIn very rare cases, if no NULL-terminator is found in memory, the system\nmight crash because the string iterator will overrun which can lead to\naccess of unmapped memory above the stack.\n\nThus, fix this by replacing outbound_name with the name of the previously\nrequested resource. With the changes applied, the output will be as\nfollows:\n\n $ cat /proc/iomem\n 30000000-37ffffff : memory2\n 38000000-3fffffff : memory3\n\n[kwilczynski: commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21804",
"url": "https://www.suse.com/security/cve/CVE-2025-21804"
},
{
"category": "external",
"summary": "SUSE Bug 1238736 for CVE-2025-21804",
"url": "https://bugzilla.suse.com/1238736"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21804"
},
{
"cve": "CVE-2025-21806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21806"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: let net.core.dev_weight always be non-zero\n\nThe following problem was encountered during stability test:\n\n(NULL net_device): NAPI poll function process_backlog+0x0/0x530 \\\n\treturned 1, exceeding its budget of 0.\n------------[ cut here ]------------\nlist_add double add: new=ffff88905f746f48, prev=ffff88905f746f48, \\\n\tnext=ffff88905f746e40.\nWARNING: CPU: 18 PID: 5462 at lib/list_debug.c:35 \\\n\t__list_add_valid_or_report+0xf3/0x130\nCPU: 18 UID: 0 PID: 5462 Comm: ping Kdump: loaded Not tainted 6.13.0-rc7+\nRIP: 0010:__list_add_valid_or_report+0xf3/0x130\nCall Trace:\n? __warn+0xcd/0x250\n? __list_add_valid_or_report+0xf3/0x130\nenqueue_to_backlog+0x923/0x1070\nnetif_rx_internal+0x92/0x2b0\n__netif_rx+0x15/0x170\nloopback_xmit+0x2ef/0x450\ndev_hard_start_xmit+0x103/0x490\n__dev_queue_xmit+0xeac/0x1950\nip_finish_output2+0x6cc/0x1620\nip_output+0x161/0x270\nip_push_pending_frames+0x155/0x1a0\nraw_sendmsg+0xe13/0x1550\n__sys_sendto+0x3bf/0x4e0\n__x64_sys_sendto+0xdc/0x1b0\ndo_syscall_64+0x5b/0x170\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe reproduction command is as follows:\n sysctl -w net.core.dev_weight=0\n ping 127.0.0.1\n\nThis is because when the napi\u0027s weight is set to 0, process_backlog() may\nreturn 0 and clear the NAPI_STATE_SCHED bit of napi-\u003estate, causing this\nnapi to be re-polled in net_rx_action() until __do_softirq() times out.\nSince the NAPI_STATE_SCHED bit has been cleared, napi_schedule_rps() can\nbe retriggered in enqueue_to_backlog(), causing this issue.\n\nMaking the napi\u0027s weight always non-zero solves this problem.\n\nTriggering this issue requires system-wide admin (setting is\nnot namespaced).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21806",
"url": "https://www.suse.com/security/cve/CVE-2025-21806"
},
{
"category": "external",
"summary": "SUSE Bug 1238746 for CVE-2025-21806",
"url": "https://bugzilla.suse.com/1238746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21806"
},
{
"cve": "CVE-2025-21808",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21808"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: xdp: Disallow attaching device-bound programs in generic mode\n\nDevice-bound programs are used to support RX metadata kfuncs. These\nkfuncs are driver-specific and rely on the driver context to read the\nmetadata. This means they can\u0027t work in generic XDP mode. However, there\nis no check to disallow such programs from being attached in generic\nmode, in which case the metadata kfuncs will be called in an invalid\ncontext, leading to crashes.\n\nFix this by adding a check to disallow attaching device-bound programs\nin generic mode.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21808",
"url": "https://www.suse.com/security/cve/CVE-2025-21808"
},
{
"category": "external",
"summary": "SUSE Bug 1238742 for CVE-2025-21808",
"url": "https://bugzilla.suse.com/1238742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21808"
},
{
"cve": "CVE-2025-21810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: class: Fix wild pointer dereferences in API class_dev_iter_next()\n\nThere are a potential wild pointer dereferences issue regarding APIs\nclass_dev_iter_(init|next|exit)(), as explained by below typical usage:\n\n// All members of @iter are wild pointers.\nstruct class_dev_iter iter;\n\n// class_dev_iter_init(@iter, @class, ...) checks parameter @class for\n// potential class_to_subsys() error, and it returns void type and does\n// not initialize its output parameter @iter, so caller can not detect\n// the error and continues to invoke class_dev_iter_next(@iter) even if\n// @iter still contains wild pointers.\nclass_dev_iter_init(\u0026iter, ...);\n\n// Dereference these wild pointers in @iter here once suffer the error.\nwhile (dev = class_dev_iter_next(\u0026iter)) { ... };\n\n// Also dereference these wild pointers here.\nclass_dev_iter_exit(\u0026iter);\n\nActually, all callers of these APIs have such usage pattern in kernel tree.\nFix by:\n- Initialize output parameter @iter by memset() in class_dev_iter_init()\n and give callers prompt by pr_crit() for the error.\n- Check if @iter is valid in class_dev_iter_next().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21810",
"url": "https://www.suse.com/security/cve/CVE-2025-21810"
},
{
"category": "external",
"summary": "SUSE Bug 1238757 for CVE-2025-21810",
"url": "https://bugzilla.suse.com/1238757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21810"
},
{
"cve": "CVE-2025-21812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21812"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: rcu protect dev-\u003eax25_ptr\n\nsyzbot found a lockdep issue [1].\n\nWe should remove ax25 RTNL dependency in ax25_setsockopt()\n\nThis should also fix a variety of possible UAF in ax25.\n\n[1]\n\nWARNING: possible circular locking dependency detected\n6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0 Not tainted\n------------------------------------------------------\nsyz.5.1818/12806 is trying to acquire lock:\n ffffffff8fcb3988 (rtnl_mutex){+.+.}-{4:4}, at: ax25_setsockopt+0xa55/0xe90 net/ax25/af_ax25.c:680\n\nbut task is already holding lock:\n ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1618 [inline]\n ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_setsockopt+0x209/0xe90 net/ax25/af_ax25.c:574\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #1 (sk_lock-AF_AX25){+.+.}-{0:0}:\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849\n lock_sock_nested+0x48/0x100 net/core/sock.c:3642\n lock_sock include/net/sock.h:1618 [inline]\n ax25_kill_by_device net/ax25/af_ax25.c:101 [inline]\n ax25_device_event+0x24d/0x580 net/ax25/af_ax25.c:146\n notifier_call_chain+0x1a5/0x3f0 kernel/notifier.c:85\n __dev_notify_flags+0x207/0x400\n dev_change_flags+0xf0/0x1a0 net/core/dev.c:9026\n dev_ifsioc+0x7c8/0xe70 net/core/dev_ioctl.c:563\n dev_ioctl+0x719/0x1340 net/core/dev_ioctl.c:820\n sock_do_ioctl+0x240/0x460 net/socket.c:1234\n sock_ioctl+0x626/0x8e0 net/socket.c:1339\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n-\u003e #0 (rtnl_mutex){+.+.}-{4:4}:\n check_prev_add kernel/locking/lockdep.c:3161 [inline]\n check_prevs_add kernel/locking/lockdep.c:3280 [inline]\n validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904\n __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849\n __mutex_lock_common kernel/locking/mutex.c:585 [inline]\n __mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735\n ax25_setsockopt+0xa55/0xe90 net/ax25/af_ax25.c:680\n do_sock_setsockopt+0x3af/0x720 net/socket.c:2324\n __sys_setsockopt net/socket.c:2349 [inline]\n __do_sys_setsockopt net/socket.c:2355 [inline]\n __se_sys_setsockopt net/socket.c:2352 [inline]\n __x64_sys_setsockopt+0x1ee/0x280 net/socket.c:2352\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(sk_lock-AF_AX25);\n lock(rtnl_mutex);\n lock(sk_lock-AF_AX25);\n lock(rtnl_mutex);\n\n *** DEADLOCK ***\n\n1 lock held by syz.5.1818/12806:\n #0: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1618 [inline]\n #0: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_setsockopt+0x209/0xe90 net/ax25/af_ax25.c:574\n\nstack backtrace:\nCPU: 1 UID: 0 PID: 12806 Comm: syz.5.1818 Not tainted 6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2074\n check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2206\n check_prev_add kernel/locking/lockdep.c:3161 [inline]\n check_prevs_add kernel/lockin\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21812",
"url": "https://www.suse.com/security/cve/CVE-2025-21812"
},
{
"category": "external",
"summary": "SUSE Bug 1238471 for CVE-2025-21812",
"url": "https://bugzilla.suse.com/1238471"
},
{
"category": "external",
"summary": "SUSE Bug 1240736 for CVE-2025-21812",
"url": "https://bugzilla.suse.com/1240736"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2025-21812"
},
{
"cve": "CVE-2025-21814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21814"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: Ensure info-\u003eenable callback is always set\n\nThe ioctl and sysfs handlers unconditionally call the -\u003eenable callback.\nNot all drivers implement that callback, leading to NULL dereferences.\nExample of affected drivers: ptp_s390.c, ptp_vclock.c and ptp_mock.c.\n\nInstead use a dummy callback if no better was specified by the driver.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21814",
"url": "https://www.suse.com/security/cve/CVE-2025-21814"
},
{
"category": "external",
"summary": "SUSE Bug 1238473 for CVE-2025-21814",
"url": "https://bugzilla.suse.com/1238473"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21814"
},
{
"cve": "CVE-2025-21815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21815"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/compaction: fix UBSAN shift-out-of-bounds warning\n\nsyzkaller reported a UBSAN shift-out-of-bounds warning of (1UL \u003c\u003c order)\nin isolate_freepages_block(). The bogus compound_order can be any value\nbecause it is union with flags. Add back the MAX_PAGE_ORDER check to fix\nthe warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21815",
"url": "https://www.suse.com/security/cve/CVE-2025-21815"
},
{
"category": "external",
"summary": "SUSE Bug 1238474 for CVE-2025-21815",
"url": "https://bugzilla.suse.com/1238474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21815"
},
{
"cve": "CVE-2025-21819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21819"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/amd/display: Use HW lock mgr for PSR1\"\n\nThis reverts commit\na2b5a9956269 (\"drm/amd/display: Use HW lock mgr for PSR1\")\n\nBecause it may cause system hang while connect with two edp panel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21819",
"url": "https://www.suse.com/security/cve/CVE-2025-21819"
},
{
"category": "external",
"summary": "SUSE Bug 1238994 for CVE-2025-21819",
"url": "https://bugzilla.suse.com/1238994"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21819"
},
{
"cve": "CVE-2025-21820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21820"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: xilinx_uartps: split sysrq handling\n\nlockdep detects the following circular locking dependency:\n\nCPU 0 CPU 1\n========================== ============================\ncdns_uart_isr() printk()\n uart_port_lock(port) console_lock()\n\t\t\t cdns_uart_console_write()\n if (!port-\u003esysrq)\n uart_port_lock(port)\n uart_handle_break()\n port-\u003esysrq = ...\n uart_handle_sysrq_char()\n printk()\n console_lock()\n\nThe fixed commit attempts to avoid this situation by only taking the\nport lock in cdns_uart_console_write if port-\u003esysrq unset. However, if\n(as shown above) cdns_uart_console_write runs before port-\u003esysrq is set,\nthen it will try to take the port lock anyway. This may result in a\ndeadlock.\n\nFix this by splitting sysrq handling into two parts. We use the prepare\nhelper under the port lock and defer handling until we release the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21820",
"url": "https://www.suse.com/security/cve/CVE-2025-21820"
},
{
"category": "external",
"summary": "SUSE Bug 1238479 for CVE-2025-21820",
"url": "https://bugzilla.suse.com/1238479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21820"
},
{
"cve": "CVE-2025-21821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21821"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omap: use threaded IRQ for LCD DMA\n\nWhen using touchscreen and framebuffer, Nokia 770 crashes easily with:\n\n BUG: scheduling while atomic: irq/144-ads7846/82/0x00010000\n Modules linked in: usb_f_ecm g_ether usb_f_rndis u_ether libcomposite configfs omap_udc ohci_omap ohci_hcd\n CPU: 0 UID: 0 PID: 82 Comm: irq/144-ads7846 Not tainted 6.12.7-770 #2\n Hardware name: Nokia 770\n Call trace:\n unwind_backtrace from show_stack+0x10/0x14\n show_stack from dump_stack_lvl+0x54/0x5c\n dump_stack_lvl from __schedule_bug+0x50/0x70\n __schedule_bug from __schedule+0x4d4/0x5bc\n __schedule from schedule+0x34/0xa0\n schedule from schedule_preempt_disabled+0xc/0x10\n schedule_preempt_disabled from __mutex_lock.constprop.0+0x218/0x3b4\n __mutex_lock.constprop.0 from clk_prepare_lock+0x38/0xe4\n clk_prepare_lock from clk_set_rate+0x18/0x154\n clk_set_rate from sossi_read_data+0x4c/0x168\n sossi_read_data from hwa742_read_reg+0x5c/0x8c\n hwa742_read_reg from send_frame_handler+0xfc/0x300\n send_frame_handler from process_pending_requests+0x74/0xd0\n process_pending_requests from lcd_dma_irq_handler+0x50/0x74\n lcd_dma_irq_handler from __handle_irq_event_percpu+0x44/0x130\n __handle_irq_event_percpu from handle_irq_event+0x28/0x68\n handle_irq_event from handle_level_irq+0x9c/0x170\n handle_level_irq from generic_handle_domain_irq+0x2c/0x3c\n generic_handle_domain_irq from omap1_handle_irq+0x40/0x8c\n omap1_handle_irq from generic_handle_arch_irq+0x28/0x3c\n generic_handle_arch_irq from call_with_stack+0x1c/0x24\n call_with_stack from __irq_svc+0x94/0xa8\n Exception stack(0xc5255da0 to 0xc5255de8)\n 5da0: 00000001 c22fc620 00000000 00000000 c08384a8 c106fc00 00000000 c240c248\n 5dc0: c113a600 c3f6ec30 00000001 00000000 c22fc620 c5255df0 c22fc620 c0279a94\n 5de0: 60000013 ffffffff\n __irq_svc from clk_prepare_lock+0x4c/0xe4\n clk_prepare_lock from clk_get_rate+0x10/0x74\n clk_get_rate from uwire_setup_transfer+0x40/0x180\n uwire_setup_transfer from spi_bitbang_transfer_one+0x2c/0x9c\n spi_bitbang_transfer_one from spi_transfer_one_message+0x2d0/0x664\n spi_transfer_one_message from __spi_pump_transfer_message+0x29c/0x498\n __spi_pump_transfer_message from __spi_sync+0x1f8/0x2e8\n __spi_sync from spi_sync+0x24/0x40\n spi_sync from ads7846_halfd_read_state+0x5c/0x1c0\n ads7846_halfd_read_state from ads7846_irq+0x58/0x348\n ads7846_irq from irq_thread_fn+0x1c/0x78\n irq_thread_fn from irq_thread+0x120/0x228\n irq_thread from kthread+0xc8/0xe8\n kthread from ret_from_fork+0x14/0x28\n\nAs a quick fix, switch to a threaded IRQ which provides a stable system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21821",
"url": "https://www.suse.com/security/cve/CVE-2025-21821"
},
{
"category": "external",
"summary": "SUSE Bug 1239174 for CVE-2025-21821",
"url": "https://bugzilla.suse.com/1239174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21821"
},
{
"cve": "CVE-2025-21823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21823"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: Drop unmanaged ELP metric worker\n\nThe ELP worker needs to calculate new metric values for all neighbors\n\"reachable\" over an interface. Some of the used metric sources require\nlocks which might need to sleep. This sleep is incompatible with the RCU\nlist iterator used for the recorded neighbors. The initial approach to work\naround of this problem was to queue another work item per neighbor and then\nrun this in a new context.\n\nEven when this solved the RCU vs might_sleep() conflict, it has a major\nproblems: Nothing was stopping the work item in case it is not needed\nanymore - for example because one of the related interfaces was removed or\nthe batman-adv module was unloaded - resulting in potential invalid memory\naccesses.\n\nDirectly canceling the metric worker also has various problems:\n\n* cancel_work_sync for a to-be-deactivated interface is called with\n rtnl_lock held. But the code in the ELP metric worker also tries to use\n rtnl_lock() - which will never return in this case. This also means that\n cancel_work_sync would never return because it is waiting for the worker\n to finish.\n* iterating over the neighbor list for the to-be-deactivated interface is\n currently done using the RCU specific methods. Which means that it is\n possible to miss items when iterating over it without the associated\n spinlock - a behaviour which is acceptable for a periodic metric check\n but not for a cleanup routine (which must \"stop\" all still running\n workers)\n\nThe better approch is to get rid of the per interface neighbor metric\nworker and handle everything in the interface worker. The original problems\nare solved by:\n\n* creating a list of neighbors which require new metric information inside\n the RCU protected context, gathering the metric according to the new list\n outside the RCU protected context\n* only use rcu_trylock inside metric gathering code to avoid a deadlock\n when the cancel_delayed_work_sync is called in the interface removal code\n (which is called with the rtnl_lock held)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21823",
"url": "https://www.suse.com/security/cve/CVE-2025-21823"
},
{
"category": "external",
"summary": "SUSE Bug 1238475 for CVE-2025-21823",
"url": "https://bugzilla.suse.com/1238475"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21823"
},
{
"cve": "CVE-2025-21825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21825"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Cancel the running bpf_timer through kworker for PREEMPT_RT\n\nDuring the update procedure, when overwrite element in a pre-allocated\nhtab, the freeing of old_element is protected by the bucket lock. The\nreason why the bucket lock is necessary is that the old_element has\nalready been stashed in htab-\u003eextra_elems after alloc_htab_elem()\nreturns. If freeing the old_element after the bucket lock is unlocked,\nthe stashed element may be reused by concurrent update procedure and the\nfreeing of old_element will run concurrently with the reuse of the\nold_element. However, the invocation of check_and_free_fields() may\nacquire a spin-lock which violates the lockdep rule because its caller\nhas already held a raw-spin-lock (bucket lock). The following warning\nwill be reported when such race happens:\n\n BUG: scheduling while atomic: test_progs/676/0x00000003\n 3 locks held by test_progs/676:\n #0: ffffffff864b0240 (rcu_read_lock_trace){....}-{0:0}, at: bpf_prog_test_run_syscall+0x2c0/0x830\n #1: ffff88810e961188 (\u0026htab-\u003elockdep_key){....}-{2:2}, at: htab_map_update_elem+0x306/0x1500\n #2: ffff8881f4eac1b8 (\u0026base-\u003esoftirq_expiry_lock){....}-{2:2}, at: hrtimer_cancel_wait_running+0xe9/0x1b0\n Modules linked in: bpf_testmod(O)\n Preemption disabled at:\n [\u003cffffffff817837a3\u003e] htab_map_update_elem+0x293/0x1500\n CPU: 0 UID: 0 PID: 676 Comm: test_progs Tainted: G ... 6.12.0+ #11\n Tainted: [W]=WARN, [O]=OOT_MODULE\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)...\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x57/0x70\n dump_stack+0x10/0x20\n __schedule_bug+0x120/0x170\n __schedule+0x300c/0x4800\n schedule_rtlock+0x37/0x60\n rtlock_slowlock_locked+0x6d9/0x54c0\n rt_spin_lock+0x168/0x230\n hrtimer_cancel_wait_running+0xe9/0x1b0\n hrtimer_cancel+0x24/0x30\n bpf_timer_delete_work+0x1d/0x40\n bpf_timer_cancel_and_free+0x5e/0x80\n bpf_obj_free_fields+0x262/0x4a0\n check_and_free_fields+0x1d0/0x280\n htab_map_update_elem+0x7fc/0x1500\n bpf_prog_9f90bc20768e0cb9_overwrite_cb+0x3f/0x43\n bpf_prog_ea601c4649694dbd_overwrite_timer+0x5d/0x7e\n bpf_prog_test_run_syscall+0x322/0x830\n __sys_bpf+0x135d/0x3ca0\n __x64_sys_bpf+0x75/0xb0\n x64_sys_call+0x1b5/0xa10\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n ...\n \u003c/TASK\u003e\n\nIt seems feasible to break the reuse and refill of per-cpu extra_elems\ninto two independent parts: reuse the per-cpu extra_elems with bucket\nlock being held and refill the old_element as per-cpu extra_elems after\nthe bucket lock is unlocked. However, it will make the concurrent\noverwrite procedures on the same CPU return unexpected -E2BIG error when\nthe map is full.\n\nTherefore, the patch fixes the lock problem by breaking the cancelling\nof bpf_timer into two steps for PREEMPT_RT:\n1) use hrtimer_try_to_cancel() and check its return value\n2) if the timer is running, use hrtimer_cancel() through a kworker to\n cancel it again\nConsidering that the current implementation of hrtimer_cancel() will try\nto acquire a being held softirq_expiry_lock when the current timer is\nrunning, these steps above are reasonable. However, it also has\ndownside. When the timer is running, the cancelling of the timer is\ndelayed when releasing the last map uref. The delay is also fixable\n(e.g., break the cancelling of bpf timer into two parts: one part in\nlocked scope, another one in unlocked scope), it can be revised later if\nnecessary.\n\nIt is a bit hard to decide the right fix tag. One reason is that the\nproblem depends on PREEMPT_RT which is enabled in v6.12. Considering the\nsoftirq_expiry_lock lock exists since v5.4 and bpf_timer is introduced\nin v5.15, the bpf_timer commit is used in the fixes tag and an extra\ndepends-on tag is added to state the dependency on PREEMPT_RT.\n\nDepends-on: v6.12+ with PREEMPT_RT enabled",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21825",
"url": "https://www.suse.com/security/cve/CVE-2025-21825"
},
{
"category": "external",
"summary": "SUSE Bug 1238971 for CVE-2025-21825",
"url": "https://bugzilla.suse.com/1238971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21825"
},
{
"cve": "CVE-2025-21828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21828"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: don\u0027t flush non-uploaded STAs\n\nIf STA state is pre-moved to AUTHORIZED (such as in IBSS\nscenarios) and insertion fails, the station is freed.\nIn this case, the driver never knew about the station,\nso trying to flush it is unexpected and may crash.\n\nCheck if the sta was uploaded to the driver before and\nfix this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21828",
"url": "https://www.suse.com/security/cve/CVE-2025-21828"
},
{
"category": "external",
"summary": "SUSE Bug 1238958 for CVE-2025-21828",
"url": "https://bugzilla.suse.com/1238958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21828"
},
{
"cve": "CVE-2025-21829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21829"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix the warning \"__rxe_cleanup+0x12c/0x170 [rdma_rxe]\"\n\nThe Call Trace is as below:\n\"\n \u003cTASK\u003e\n ? show_regs.cold+0x1a/0x1f\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? __warn+0x84/0xd0\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? report_bug+0x105/0x180\n ? handle_bug+0x46/0x80\n ? exc_invalid_op+0x19/0x70\n ? asm_exc_invalid_op+0x1b/0x20\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? __rxe_cleanup+0x124/0x170 [rdma_rxe]\n rxe_destroy_qp.cold+0x24/0x29 [rdma_rxe]\n ib_destroy_qp_user+0x118/0x190 [ib_core]\n rdma_destroy_qp.cold+0x43/0x5e [rdma_cm]\n rtrs_cq_qp_destroy.cold+0x1d/0x2b [rtrs_core]\n rtrs_srv_close_work.cold+0x1b/0x31 [rtrs_server]\n process_one_work+0x21d/0x3f0\n worker_thread+0x4a/0x3c0\n ? process_one_work+0x3f0/0x3f0\n kthread+0xf0/0x120\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n \u003c/TASK\u003e\n\"\nWhen too many rdma resources are allocated, rxe needs more time to\nhandle these rdma resources. Sometimes with the current timeout, rxe\ncan not release the rdma resources correctly.\n\nCompared with other rdma drivers, a bigger timeout is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21829",
"url": "https://www.suse.com/security/cve/CVE-2025-21829"
},
{
"category": "external",
"summary": "SUSE Bug 1239030 for CVE-2025-21829",
"url": "https://bugzilla.suse.com/1239030"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21829"
},
{
"cve": "CVE-2025-21830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21830"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Handle weird files\n\nA corrupted filesystem (e.g. bcachefs) might return weird files.\nInstead of throwing a warning and allowing access to such file, treat\nthem as regular files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21830",
"url": "https://www.suse.com/security/cve/CVE-2025-21830"
},
{
"category": "external",
"summary": "SUSE Bug 1239033 for CVE-2025-21830",
"url": "https://bugzilla.suse.com/1239033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21830"
},
{
"cve": "CVE-2025-21831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1\n\ncommit 9d26d3a8f1b0 (\"PCI: Put PCIe ports into D3 during suspend\") sets the\npolicy that all PCIe ports are allowed to use D3. When the system is\nsuspended if the port is not power manageable by the platform and won\u0027t be\nused for wakeup via a PME this sets up the policy for these ports to go\ninto D3hot.\n\nThis policy generally makes sense from an OSPM perspective but it leads to\nproblems with wakeup from suspend on the TUXEDO Sirius 16 Gen 1 with a\nspecific old BIOS. This manifests as a system hang.\n\nOn the affected Device + BIOS combination, add a quirk for the root port of\nthe problematic controller to ensure that these root ports are not put into\nD3hot at suspend.\n\nThis patch is based on\n\n https://lore.kernel.org/linux-pci/20230708214457.1229-2-mario.limonciello@amd.com\n\nbut with the added condition both in the documentation and in the code to\napply only to the TUXEDO Sirius 16 Gen 1 with a specific old BIOS and only\nthe affected root ports.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21831",
"url": "https://www.suse.com/security/cve/CVE-2025-21831"
},
{
"category": "external",
"summary": "SUSE Bug 1239039 for CVE-2025-21831",
"url": "https://bugzilla.suse.com/1239039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21831"
},
{
"cve": "CVE-2025-21832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21832"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: don\u0027t revert iter for -EIOCBQUEUED\n\nblkdev_read_iter() has a few odd checks, like gating the position and\ncount adjustment on whether or not the result is bigger-than-or-equal to\nzero (where bigger than makes more sense), and not checking the return\nvalue of blkdev_direct_IO() before doing an iov_iter_revert(). The\nlatter can lead to attempting to revert with a negative value, which\nwhen passed to iov_iter_revert() as an unsigned value will lead to\nthrowing a WARN_ON() because unroll is bigger than MAX_RW_COUNT.\n\nBe sane and don\u0027t revert for -EIOCBQUEUED, like what is done in other\nspots.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21832",
"url": "https://www.suse.com/security/cve/CVE-2025-21832"
},
{
"category": "external",
"summary": "SUSE Bug 1239105 for CVE-2025-21832",
"url": "https://bugzilla.suse.com/1239105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21832"
},
{
"cve": "CVE-2025-21833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21833"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Avoid use of NULL after WARN_ON_ONCE\n\nThere is a WARN_ON_ONCE to catch an unlikely situation when\ndomain_remove_dev_pasid can\u0027t find the `pasid`. In case it nevertheless\nhappens we must avoid using a NULL pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21833",
"url": "https://www.suse.com/security/cve/CVE-2025-21833"
},
{
"category": "external",
"summary": "SUSE Bug 1239108 for CVE-2025-21833",
"url": "https://bugzilla.suse.com/1239108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21833"
},
{
"cve": "CVE-2025-21835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21835"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_midi: fix MIDI Streaming descriptor lengths\n\nWhile the MIDI jacks are configured correctly, and the MIDIStreaming\nendpoint descriptors are filled with the correct information,\nbNumEmbMIDIJack and bLength are set incorrectly in these descriptors.\n\nThis does not matter when the numbers of in and out ports are equal, but\nwhen they differ the host will receive broken descriptors with\nuninitialized stack memory leaking into the descriptor for whichever\nvalue is smaller.\n\nThe precise meaning of \"in\" and \"out\" in the port counts is not clearly\ndefined and can be confusing. But elsewhere the driver consistently\nuses this to match the USB meaning of IN and OUT viewed from the host,\nso that \"in\" ports send data to the host and \"out\" ports receive data\nfrom it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21835",
"url": "https://www.suse.com/security/cve/CVE-2025-21835"
},
{
"category": "external",
"summary": "SUSE Bug 1239068 for CVE-2025-21835",
"url": "https://bugzilla.suse.com/1239068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21835"
},
{
"cve": "CVE-2025-21836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21836"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/kbuf: reallocate buf lists on upgrade\n\nIORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it\nwas created for legacy selected buffer and has been emptied. It violates\nthe requirement that most of the field should stay stable after publish.\nAlways reallocate it instead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21836",
"url": "https://www.suse.com/security/cve/CVE-2025-21836"
},
{
"category": "external",
"summary": "SUSE Bug 1239066 for CVE-2025-21836",
"url": "https://bugzilla.suse.com/1239066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21836"
},
{
"cve": "CVE-2025-21838",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21838"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: flush gadget workqueue after device removal\n\ndevice_del() can lead to new work being scheduled in gadget-\u003ework\nworkqueue. This is observed, for example, with the dwc3 driver with the\nfollowing call stack:\n device_del()\n gadget_unbind_driver()\n usb_gadget_disconnect_locked()\n dwc3_gadget_pullup()\n\t dwc3_gadget_soft_disconnect()\n\t usb_gadget_set_state()\n\t schedule_work(\u0026gadget-\u003ework)\n\nMove flush_work() after device_del() to ensure the workqueue is cleaned\nup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21838",
"url": "https://www.suse.com/security/cve/CVE-2025-21838"
},
{
"category": "external",
"summary": "SUSE Bug 1239065 for CVE-2025-21838",
"url": "https://bugzilla.suse.com/1239065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21838"
},
{
"cve": "CVE-2025-21844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21844"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Add check for next_buffer in receive_encrypted_standard()\n\nAdd check for the return value of cifs_buf_get() and cifs_small_buf_get()\nin receive_encrypted_standard() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21844",
"url": "https://www.suse.com/security/cve/CVE-2025-21844"
},
{
"category": "external",
"summary": "SUSE Bug 1239512 for CVE-2025-21844",
"url": "https://bugzilla.suse.com/1239512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21844"
},
{
"cve": "CVE-2025-21846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21846"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nacct: perform last write from workqueue\n\nIn [1] it was reported that the acct(2) system call can be used to\ntrigger NULL deref in cases where it is set to write to a file that\ntriggers an internal lookup. This can e.g., happen when pointing acc(2)\nto /sys/power/resume. At the point the where the write to this file\nhappens the calling task has already exited and called exit_fs(). A\nlookup will thus trigger a NULL-deref when accessing current-\u003efs.\n\nReorganize the code so that the the final write happens from the\nworkqueue but with the caller\u0027s credentials. This preserves the\n(strange) permission model and has almost no regression risk.\n\nThis api should stop to exist though.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21846",
"url": "https://www.suse.com/security/cve/CVE-2025-21846"
},
{
"category": "external",
"summary": "SUSE Bug 1239508 for CVE-2025-21846",
"url": "https://bugzilla.suse.com/1239508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21846"
},
{
"cve": "CVE-2025-21847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21847"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()\n\nThe nullity of sps-\u003ecstream should be checked similarly as it is done in\nsof_set_stream_data_offset() function.\nAssuming that it is not NULL if sps-\u003estream is NULL is incorrect and can\nlead to NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21847",
"url": "https://www.suse.com/security/cve/CVE-2025-21847"
},
{
"category": "external",
"summary": "SUSE Bug 1239471 for CVE-2025-21847",
"url": "https://bugzilla.suse.com/1239471"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21847"
},
{
"cve": "CVE-2025-21848",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21848"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfp: bpf: Add check for nfp_app_ctrl_msg_alloc()\n\nAdd check for the return value of nfp_app_ctrl_msg_alloc() in\nnfp_bpf_cmsg_alloc() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21848",
"url": "https://www.suse.com/security/cve/CVE-2025-21848"
},
{
"category": "external",
"summary": "SUSE Bug 1239479 for CVE-2025-21848",
"url": "https://bugzilla.suse.com/1239479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21848"
},
{
"cve": "CVE-2025-21850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21850"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: Fix crash when a namespace is disabled\n\nThe namespace percpu counter protects pending I/O, and we can\nonly safely diable the namespace once the counter drop to zero.\nOtherwise we end up with a crash when running blktests/nvme/058\n(eg for loop transport):\n\n[ 2352.930426] [ T53909] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN PTI\n[ 2352.930431] [ T53909] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]\n[ 2352.930434] [ T53909] CPU: 3 UID: 0 PID: 53909 Comm: kworker/u16:5 Tainted: G W 6.13.0-rc6 #232\n[ 2352.930438] [ T53909] Tainted: [W]=WARN\n[ 2352.930440] [ T53909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n[ 2352.930443] [ T53909] Workqueue: nvmet-wq nvme_loop_execute_work [nvme_loop]\n[ 2352.930449] [ T53909] RIP: 0010:blkcg_set_ioprio+0x44/0x180\n\nas the queue is already torn down when calling submit_bio();\n\nSo we need to init the percpu counter in nvmet_ns_enable(), and\nwait for it to drop to zero in nvmet_ns_disable() to avoid having\nI/O pending after the namespace has been disabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21850",
"url": "https://www.suse.com/security/cve/CVE-2025-21850"
},
{
"category": "external",
"summary": "SUSE Bug 1239477 for CVE-2025-21850",
"url": "https://bugzilla.suse.com/1239477"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21850"
},
{
"cve": "CVE-2025-21852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21852"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Add rx_skb of kfree_skb to raw_tp_null_args[].\n\nYan Zhai reported a BPF prog could trigger a null-ptr-deref [0]\nin trace_kfree_skb if the prog does not check if rx_sk is NULL.\n\nCommit c53795d48ee8 (\"net: add rx_sk to trace_kfree_skb\") added\nrx_sk to trace_kfree_skb, but rx_sk is optional and could be NULL.\n\nLet\u0027s add kfree_skb to raw_tp_null_args[] to let the BPF verifier\nvalidate such a prog and prevent the issue.\n\nNow we fail to load such a prog:\n\n libbpf: prog \u0027drop\u0027: -- BEGIN PROG LOAD LOG --\n 0: R1=ctx() R10=fp0\n ; int BPF_PROG(drop, struct sk_buff *skb, void *location, @ kfree_skb_sk_null.bpf.c:21\n 0: (79) r3 = *(u64 *)(r1 +24)\n func \u0027kfree_skb\u0027 arg3 has btf_id 5253 type STRUCT \u0027sock\u0027\n 1: R1=ctx() R3_w=trusted_ptr_or_null_sock(id=1)\n ; bpf_printk(\"sk: %d, %d\\n\", sk, sk-\u003e__sk_common.skc_family); @ kfree_skb_sk_null.bpf.c:24\n 1: (69) r4 = *(u16 *)(r3 +16)\n R3 invalid mem access \u0027trusted_ptr_or_null_\u0027\n processed 2 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0\n -- END PROG LOAD LOG --\n\nNote this fix requires commit 838a10bd2ebf (\"bpf: Augment raw_tp\narguments with PTR_MAYBE_NULL\").\n\n[0]:\nBUG: kernel NULL pointer dereference, address: 0000000000000010\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 0 P4D 0\nPREEMPT SMP\nRIP: 0010:bpf_prog_5e21a6db8fcff1aa_drop+0x10/0x2d\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x1f/0x60\n ? page_fault_oops+0x148/0x420\n ? search_bpf_extables+0x5b/0x70\n ? fixup_exception+0x27/0x2c0\n ? exc_page_fault+0x75/0x170\n ? asm_exc_page_fault+0x22/0x30\n ? bpf_prog_5e21a6db8fcff1aa_drop+0x10/0x2d\n bpf_trace_run4+0x68/0xd0\n ? unix_stream_connect+0x1f4/0x6f0\n sk_skb_reason_drop+0x90/0x120\n unix_stream_connect+0x1f4/0x6f0\n __sys_connect+0x7f/0xb0\n __x64_sys_connect+0x14/0x20\n do_syscall_64+0x47/0xc30\n entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21852",
"url": "https://www.suse.com/security/cve/CVE-2025-21852"
},
{
"category": "external",
"summary": "SUSE Bug 1239487 for CVE-2025-21852",
"url": "https://bugzilla.suse.com/1239487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21852"
},
{
"cve": "CVE-2025-21853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21853"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: avoid holding freeze_mutex during mmap operation\n\nWe use map-\u003efreeze_mutex to prevent races between map_freeze() and\nmemory mapping BPF map contents with writable permissions. The way we\nnaively do this means we\u0027ll hold freeze_mutex for entire duration of all\nthe mm and VMA manipulations, which is completely unnecessary. This can\npotentially also lead to deadlocks, as reported by syzbot in [0].\n\nSo, instead, hold freeze_mutex only during writeability checks, bump\n(proactively) \"write active\" count for the map, unlock the mutex and\nproceed with mmap logic. And only if something went wrong during mmap\nlogic, then undo that \"write active\" counter increment.\n\n [0] https://lore.kernel.org/bpf/678dcbc9.050a0220.303755.0066.GAE@google.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21853",
"url": "https://www.suse.com/security/cve/CVE-2025-21853"
},
{
"category": "external",
"summary": "SUSE Bug 1239476 for CVE-2025-21853",
"url": "https://bugzilla.suse.com/1239476"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21853"
},
{
"cve": "CVE-2025-21854",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21854"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsockmap, vsock: For connectible sockets allow only connected\n\nsockmap expects all vsocks to have a transport assigned, which is expressed\nin vsock_proto::psock_update_sk_prot(). However, there is an edge case\nwhere an unconnected (connectible) socket may lose its previously assigned\ntransport. This is handled with a NULL check in the vsock/BPF recv path.\n\nAnother design detail is that listening vsocks are not supposed to have any\ntransport assigned at all. Which implies they are not supported by the\nsockmap. But this is complicated by the fact that a socket, before\nswitching to TCP_LISTEN, may have had some transport assigned during a\nfailed connect() attempt. Hence, we may end up with a listening vsock in a\nsockmap, which blows up quickly:\n\nKASAN: null-ptr-deref in range [0x0000000000000120-0x0000000000000127]\nCPU: 7 UID: 0 PID: 56 Comm: kworker/7:0 Not tainted 6.14.0-rc1+\nWorkqueue: vsock-loopback vsock_loopback_work\nRIP: 0010:vsock_read_skb+0x4b/0x90\nCall Trace:\n sk_psock_verdict_data_ready+0xa4/0x2e0\n virtio_transport_recv_pkt+0x1ca8/0x2acc\n vsock_loopback_work+0x27d/0x3f0\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x35a/0x700\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n\nFor connectible sockets, instead of relying solely on the state of\nvsk-\u003etransport, tell sockmap to only allow those representing established\nconnections. This aligns with the behaviour for AF_INET and AF_UNIX.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21854",
"url": "https://www.suse.com/security/cve/CVE-2025-21854"
},
{
"category": "external",
"summary": "SUSE Bug 1239470 for CVE-2025-21854",
"url": "https://bugzilla.suse.com/1239470"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21854"
},
{
"cve": "CVE-2025-21855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21855"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Don\u0027t reference skb after sending to VIOS\n\nPreviously, after successfully flushing the xmit buffer to VIOS,\nthe tx_bytes stat was incremented by the length of the skb.\n\nIt is invalid to access the skb memory after sending the buffer to\nthe VIOS because, at any point after sending, the VIOS can trigger\nan interrupt to free this memory. A race between reading skb-\u003elen\nand freeing the skb is possible (especially during LPM) and will\nresult in use-after-free:\n ==================================================================\n BUG: KASAN: slab-use-after-free in ibmvnic_xmit+0x75c/0x1808 [ibmvnic]\n Read of size 4 at addr c00000024eb48a70 by task hxecom/14495\n \u003c...\u003e\n Call Trace:\n [c000000118f66cf0] [c0000000018cba6c] dump_stack_lvl+0x84/0xe8 (unreliable)\n [c000000118f66d20] [c0000000006f0080] print_report+0x1a8/0x7f0\n [c000000118f66df0] [c0000000006f08f0] kasan_report+0x128/0x1f8\n [c000000118f66f00] [c0000000006f2868] __asan_load4+0xac/0xe0\n [c000000118f66f20] [c0080000046eac84] ibmvnic_xmit+0x75c/0x1808 [ibmvnic]\n [c000000118f67340] [c0000000014be168] dev_hard_start_xmit+0x150/0x358\n \u003c...\u003e\n Freed by task 0:\n kasan_save_stack+0x34/0x68\n kasan_save_track+0x2c/0x50\n kasan_save_free_info+0x64/0x108\n __kasan_mempool_poison_object+0x148/0x2d4\n napi_skb_cache_put+0x5c/0x194\n net_tx_action+0x154/0x5b8\n handle_softirqs+0x20c/0x60c\n do_softirq_own_stack+0x6c/0x88\n \u003c...\u003e\n The buggy address belongs to the object at c00000024eb48a00 which\n belongs to the cache skbuff_head_cache of size 224\n==================================================================",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21855",
"url": "https://www.suse.com/security/cve/CVE-2025-21855"
},
{
"category": "external",
"summary": "SUSE Bug 1239484 for CVE-2025-21855",
"url": "https://bugzilla.suse.com/1239484"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21855"
},
{
"cve": "CVE-2025-21856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21856"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ism: add release function for struct device\n\nAccording to device_release() in /drivers/base/core.c,\na device without a release function is a broken device\nand must be fixed.\n\nThe current code directly frees the device after calling device_add()\nwithout waiting for other kernel parts to release their references.\nThus, a reference could still be held to a struct device,\ne.g., by sysfs, leading to potential use-after-free\nissues if a proper release function is not set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21856",
"url": "https://www.suse.com/security/cve/CVE-2025-21856"
},
{
"category": "external",
"summary": "SUSE Bug 1239486 for CVE-2025-21856",
"url": "https://bugzilla.suse.com/1239486"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21856"
},
{
"cve": "CVE-2025-21857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21857"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_api: fix error handling causing NULL dereference\n\ntcf_exts_miss_cookie_base_alloc() calls xa_alloc_cyclic() which can\nreturn 1 if the allocation succeeded after wrapping. This was treated as\nan error, with value 1 returned to caller tcf_exts_init_ex() which sets\nexts-\u003eactions to NULL and returns 1 to caller fl_change().\n\nfl_change() treats err == 1 as success, calling tcf_exts_validate_ex()\nwhich calls tcf_action_init() with exts-\u003eactions as argument, where it\nis dereferenced.\n\nExample trace:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nCPU: 114 PID: 16151 Comm: handler114 Kdump: loaded Not tainted 5.14.0-503.16.1.el9_5.x86_64 #1\nRIP: 0010:tcf_action_init+0x1f8/0x2c0\nCall Trace:\n tcf_action_init+0x1f8/0x2c0\n tcf_exts_validate_ex+0x175/0x190\n fl_change+0x537/0x1120 [cls_flower]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21857",
"url": "https://www.suse.com/security/cve/CVE-2025-21857"
},
{
"category": "external",
"summary": "SUSE Bug 1239478 for CVE-2025-21857",
"url": "https://bugzilla.suse.com/1239478"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21857"
},
{
"cve": "CVE-2025-21858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngeneve: Fix use-after-free in geneve_find_dev().\n\nsyzkaller reported a use-after-free in geneve_find_dev() [0]\nwithout repro.\n\ngeneve_configure() links struct geneve_dev.next to\nnet_generic(net, geneve_net_id)-\u003egeneve_list.\n\nThe net here could differ from dev_net(dev) if IFLA_NET_NS_PID,\nIFLA_NET_NS_FD, or IFLA_TARGET_NETNSID is set.\n\nWhen dev_net(dev) is dismantled, geneve_exit_batch_rtnl() finally\ncalls unregister_netdevice_queue() for each dev in the netns,\nand later the dev is freed.\n\nHowever, its geneve_dev.next is still linked to the backend UDP\nsocket netns.\n\nThen, use-after-free will occur when another geneve dev is created\nin the netns.\n\nLet\u0027s call geneve_dellink() instead in geneve_destroy_tunnels().\n\n[0]:\nBUG: KASAN: slab-use-after-free in geneve_find_dev drivers/net/geneve.c:1295 [inline]\nBUG: KASAN: slab-use-after-free in geneve_configure+0x234/0x858 drivers/net/geneve.c:1343\nRead of size 2 at addr ffff000054d6ee24 by task syz.1.4029/13441\n\nCPU: 1 UID: 0 PID: 13441 Comm: syz.1.4029 Not tainted 6.13.0-g0ad9617c78ac #24 dc35ca22c79fb82e8e7bc5c9c9adafea898b1e3d\nHardware name: linux,dummy-virt (DT)\nCall trace:\n show_stack+0x38/0x50 arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0xbc/0x108 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x16c/0x6f0 mm/kasan/report.c:489\n kasan_report+0xc0/0x120 mm/kasan/report.c:602\n __asan_report_load2_noabort+0x20/0x30 mm/kasan/report_generic.c:379\n geneve_find_dev drivers/net/geneve.c:1295 [inline]\n geneve_configure+0x234/0x858 drivers/net/geneve.c:1343\n geneve_newlink+0xb8/0x128 drivers/net/geneve.c:1634\n rtnl_newlink_create+0x23c/0x868 net/core/rtnetlink.c:3795\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]\n rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x618/0x838 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x5fc/0x8b0 net/netlink/af_netlink.c:1892\n sock_sendmsg_nosec net/socket.c:713 [inline]\n __sock_sendmsg net/socket.c:728 [inline]\n ____sys_sendmsg+0x410/0x6f8 net/socket.c:2568\n ___sys_sendmsg+0x178/0x1d8 net/socket.c:2622\n __sys_sendmsg net/socket.c:2654 [inline]\n __do_sys_sendmsg net/socket.c:2659 [inline]\n __se_sys_sendmsg net/socket.c:2657 [inline]\n __arm64_sys_sendmsg+0x12c/0x1c8 net/socket.c:2657\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x90/0x278 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x13c/0x250 arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x54/0x70 arch/arm64/kernel/syscall.c:151\n el0_svc+0x4c/0xa8 arch/arm64/kernel/entry-common.c:744\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:762\n el0t_64_sync+0x198/0x1a0 arch/arm64/kernel/entry.S:600\n\nAllocated by task 13247:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x30/0x68 mm/kasan/common.c:68\n kasan_save_alloc_info+0x44/0x58 mm/kasan/generic.c:568\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x84/0xa0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4298 [inline]\n __kmalloc_node_noprof+0x2a0/0x560 mm/slub.c:4304\n __kvmalloc_node_noprof+0x9c/0x230 mm/util.c:645\n alloc_netdev_mqs+0xb8/0x11a0 net/core/dev.c:11470\n rtnl_create_link+0x2b8/0xb50 net/core/rtnetlink.c:3604\n rtnl_newlink_create+0x19c/0x868 net/core/rtnetlink.c:3780\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]\n rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938\n netlink_unicast_kernel net/netlink/af_n\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21858",
"url": "https://www.suse.com/security/cve/CVE-2025-21858"
},
{
"category": "external",
"summary": "SUSE Bug 1239468 for CVE-2025-21858",
"url": "https://bugzilla.suse.com/1239468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21858"
},
{
"cve": "CVE-2025-21859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21859"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: f_midi: f_midi_complete to call queue_work\n\nWhen using USB MIDI, a lock is attempted to be acquired twice through a\nre-entrant call to f_midi_transmit, causing a deadlock.\n\nFix it by using queue_work() to schedule the inner f_midi_transmit() via\na high priority work queue from the completion handler.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21859",
"url": "https://www.suse.com/security/cve/CVE-2025-21859"
},
{
"category": "external",
"summary": "SUSE Bug 1239467 for CVE-2025-21859",
"url": "https://bugzilla.suse.com/1239467"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21859"
},
{
"cve": "CVE-2025-21861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/migrate_device: don\u0027t add folio to be freed to LRU in migrate_device_finalize()\n\nIf migration succeeded, we called\nfolio_migrate_flags()-\u003emem_cgroup_migrate() to migrate the memcg from the\nold to the new folio. This will set memcg_data of the old folio to 0.\n\nSimilarly, if migration failed, memcg_data of the dst folio is left unset.\n\nIf we call folio_putback_lru() on such folios (memcg_data == 0), we will\nadd the folio to be freed to the LRU, making memcg code unhappy. Running\nthe hmm selftests:\n\n # ./hmm-tests\n ...\n # RUN hmm.hmm_device_private.migrate ...\n [ 102.078007][T14893] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7ff27d200 pfn:0x13cc00\n [ 102.079974][T14893] anon flags: 0x17ff00000020018(uptodate|dirty|swapbacked|node=0|zone=2|lastcpupid=0x7ff)\n [ 102.082037][T14893] raw: 017ff00000020018 dead000000000100 dead000000000122 ffff8881353896c9\n [ 102.083687][T14893] raw: 00000007ff27d200 0000000000000000 00000001ffffffff 0000000000000000\n [ 102.085331][T14893] page dumped because: VM_WARN_ON_ONCE_FOLIO(!memcg \u0026\u0026 !mem_cgroup_disabled())\n [ 102.087230][T14893] ------------[ cut here ]------------\n [ 102.088279][T14893] WARNING: CPU: 0 PID: 14893 at ./include/linux/memcontrol.h:726 folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.090478][T14893] Modules linked in:\n [ 102.091244][T14893] CPU: 0 UID: 0 PID: 14893 Comm: hmm-tests Not tainted 6.13.0-09623-g6c216bc522fd #151\n [ 102.093089][T14893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n [ 102.094848][T14893] RIP: 0010:folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.096104][T14893] Code: ...\n [ 102.099908][T14893] RSP: 0018:ffffc900236c37b0 EFLAGS: 00010293\n [ 102.101152][T14893] RAX: 0000000000000000 RBX: ffffea0004f30000 RCX: ffffffff8183f426\n [ 102.102684][T14893] RDX: ffff8881063cb880 RSI: ffffffff81b8117f RDI: ffff8881063cb880\n [ 102.104227][T14893] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000\n [ 102.105757][T14893] R10: 0000000000000001 R11: 0000000000000002 R12: ffffc900236c37d8\n [ 102.107296][T14893] R13: ffff888277a2bcb0 R14: 000000000000001f R15: 0000000000000000\n [ 102.108830][T14893] FS: 00007ff27dbdd740(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000\n [ 102.110643][T14893] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 102.111924][T14893] CR2: 00007ff27d400000 CR3: 000000010866e000 CR4: 0000000000750ef0\n [ 102.113478][T14893] PKRU: 55555554\n [ 102.114172][T14893] Call Trace:\n [ 102.114805][T14893] \u003cTASK\u003e\n [ 102.115397][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.116547][T14893] ? __warn.cold+0x110/0x210\n [ 102.117461][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.118667][T14893] ? report_bug+0x1b9/0x320\n [ 102.119571][T14893] ? handle_bug+0x54/0x90\n [ 102.120494][T14893] ? exc_invalid_op+0x17/0x50\n [ 102.121433][T14893] ? asm_exc_invalid_op+0x1a/0x20\n [ 102.122435][T14893] ? __wake_up_klogd.part.0+0x76/0xd0\n [ 102.123506][T14893] ? dump_page+0x4f/0x60\n [ 102.124352][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.125500][T14893] folio_batch_move_lru+0xd4/0x200\n [ 102.126577][T14893] ? __pfx_lru_add+0x10/0x10\n [ 102.127505][T14893] __folio_batch_add_and_move+0x391/0x720\n [ 102.128633][T14893] ? __pfx_lru_add+0x10/0x10\n [ 102.129550][T14893] folio_putback_lru+0x16/0x80\n [ 102.130564][T14893] migrate_device_finalize+0x9b/0x530\n [ 102.131640][T14893] dmirror_migrate_to_device.constprop.0+0x7c5/0xad0\n [ 102.133047][T14893] dmirror_fops_unlocked_ioctl+0x89b/0xc80\n\nLikely, nothing else goes wrong: putting the last folio reference will\nremove the folio from the LRU again. So besides memcg complaining, adding\nthe folio to be freed to the LRU is just an unnecessary step.\n\nThe new flow resembles what we have in migrate_folio_move(): add the dst\nto the lru, rem\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21861",
"url": "https://www.suse.com/security/cve/CVE-2025-21861"
},
{
"category": "external",
"summary": "SUSE Bug 1239483 for CVE-2025-21861",
"url": "https://bugzilla.suse.com/1239483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21861"
},
{
"cve": "CVE-2025-21862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21862"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: fix incorrect initialization order\n\nSyzkaller reports the following bug:\n\nBUG: spinlock bad magic on CPU#1, syz-executor.0/7995\n lock: 0xffff88805303f3e0, .magic: 00000000, .owner: \u003cnone\u003e/-1, .owner_cpu: 0\nCPU: 1 PID: 7995 Comm: syz-executor.0 Tainted: G E 5.10.209+ #1\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x119/0x179 lib/dump_stack.c:118\n debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline]\n do_raw_spin_lock+0x1f6/0x270 kernel/locking/spinlock_debug.c:112\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline]\n _raw_spin_lock_irqsave+0x50/0x70 kernel/locking/spinlock.c:159\n reset_per_cpu_data+0xe6/0x240 [drop_monitor]\n net_dm_cmd_trace+0x43d/0x17a0 [drop_monitor]\n genl_family_rcv_msg_doit+0x22f/0x330 net/netlink/genetlink.c:739\n genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]\n genl_rcv_msg+0x341/0x5a0 net/netlink/genetlink.c:800\n netlink_rcv_skb+0x14d/0x440 net/netlink/af_netlink.c:2497\n genl_rcv+0x29/0x40 net/netlink/genetlink.c:811\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x54b/0x800 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x914/0xe00 net/netlink/af_netlink.c:1916\n sock_sendmsg_nosec net/socket.c:651 [inline]\n __sock_sendmsg+0x157/0x190 net/socket.c:663\n ____sys_sendmsg+0x712/0x870 net/socket.c:2378\n ___sys_sendmsg+0xf8/0x170 net/socket.c:2432\n __sys_sendmsg+0xea/0x1b0 net/socket.c:2461\n do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x62/0xc7\nRIP: 0033:0x7f3f9815aee9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f3f972bf0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f3f9826d050 RCX: 00007f3f9815aee9\nRDX: 0000000020000000 RSI: 0000000020001300 RDI: 0000000000000007\nRBP: 00007f3f981b63bd R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000006e R14: 00007f3f9826d050 R15: 00007ffe01ee6768\n\nIf drop_monitor is built as a kernel module, syzkaller may have time\nto send a netlink NET_DM_CMD_START message during the module loading.\nThis will call the net_dm_monitor_start() function that uses\na spinlock that has not yet been initialized.\n\nTo fix this, let\u0027s place resource initialization above the registration\nof a generic netlink family.\n\nFound by InfoTeCS on behalf of Linux Verification Center\n(linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21862",
"url": "https://www.suse.com/security/cve/CVE-2025-21862"
},
{
"category": "external",
"summary": "SUSE Bug 1239474 for CVE-2025-21862",
"url": "https://bugzilla.suse.com/1239474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21862"
},
{
"cve": "CVE-2025-21863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21863"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: prevent opcode speculation\n\nsqe-\u003eopcode is used for different tables, make sure we santitise it\nagainst speculations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21863",
"url": "https://www.suse.com/security/cve/CVE-2025-21863"
},
{
"category": "external",
"summary": "SUSE Bug 1239475 for CVE-2025-21863",
"url": "https://bugzilla.suse.com/1239475"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21863"
},
{
"cve": "CVE-2025-21864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: drop secpath at the same time as we currently drop dst\n\nXiumei reported hitting the WARN in xfrm6_tunnel_net_exit while\nrunning tests that boil down to:\n - create a pair of netns\n - run a basic TCP test over ipcomp6\n - delete the pair of netns\n\nThe xfrm_state found on spi_byaddr was not deleted at the time we\ndelete the netns, because we still have a reference on it. This\nlingering reference comes from a secpath (which holds a ref on the\nxfrm_state), which is still attached to an skb. This skb is not\nleaked, it ends up on sk_receive_queue and then gets defer-free\u0027d by\nskb_attempt_defer_free.\n\nThe problem happens when we defer freeing an skb (push it on one CPU\u0027s\ndefer_list), and don\u0027t flush that list before the netns is deleted. In\nthat case, we still have a reference on the xfrm_state that we don\u0027t\nexpect at this point.\n\nWe already drop the skb\u0027s dst in the TCP receive path when it\u0027s no\nlonger needed, so let\u0027s also drop the secpath. At this point,\ntcp_filter has already called into the LSM hooks that may require the\nsecpath, so it should not be needed anymore. However, in some of those\nplaces, the MPTCP extension has just been attached to the skb, so we\ncannot simply drop all extensions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21864",
"url": "https://www.suse.com/security/cve/CVE-2025-21864"
},
{
"category": "external",
"summary": "SUSE Bug 1239482 for CVE-2025-21864",
"url": "https://bugzilla.suse.com/1239482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21864"
},
{
"cve": "CVE-2025-21865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21865"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().\n\nBrad Spengler reported the list_del() corruption splat in\ngtp_net_exit_batch_rtnl(). [0]\n\nCommit eb28fd76c0a0 (\"gtp: Destroy device along with udp socket\u0027s netns\ndismantle.\") added the for_each_netdev() loop in gtp_net_exit_batch_rtnl()\nto destroy devices in each netns as done in geneve and ip tunnels.\n\nHowever, this could trigger -\u003edellink() twice for the same device during\n-\u003eexit_batch_rtnl().\n\nSay we have two netns A \u0026 B and gtp device B that resides in netns B but\nwhose UDP socket is in netns A.\n\n 1. cleanup_net() processes netns A and then B.\n\n 2. gtp_net_exit_batch_rtnl() finds the device B while iterating\n netns A\u0027s gn-\u003egtp_dev_list and calls -\u003edellink().\n\n [ device B is not yet unlinked from netns B\n as unregister_netdevice_many() has not been called. ]\n\n 3. gtp_net_exit_batch_rtnl() finds the device B while iterating\n netns B\u0027s for_each_netdev() and calls -\u003edellink().\n\ngtp_dellink() cleans up the device\u0027s hash table, unlinks the dev from\ngn-\u003egtp_dev_list, and calls unregister_netdevice_queue().\n\nBasically, calling gtp_dellink() multiple times is fine unless\nCONFIG_DEBUG_LIST is enabled.\n\nLet\u0027s remove for_each_netdev() in gtp_net_exit_batch_rtnl() and\ndelegate the destruction to default_device_exit_batch() as done\nin bareudp.\n\n[0]:\nlist_del corruption, ffff8880aaa62c00-\u003enext (autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc00/0x1000 [slab object]) is LIST_POISON1 (ffffffffffffff02) (prev is 0xffffffffffffff04)\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN\nCPU: 1 UID: 0 PID: 1804 Comm: kworker/u8:7 Tainted: G T 6.12.13-grsec-full-20250211091339 #1\nTainted: [T]=RANDSTRUCT\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: netns cleanup_net\nRIP: 0010:[\u003cffffffff84947381\u003e] __list_del_entry_valid_or_report+0x141/0x200 lib/list_debug.c:58\nCode: c2 76 91 31 c0 e8 9f b1 f7 fc 0f 0b 4d 89 f0 48 c7 c1 02 ff ff ff 48 89 ea 48 89 ee 48 c7 c7 e0 c2 76 91 31 c0 e8 7f b1 f7 fc \u003c0f\u003e 0b 4d 89 e8 48 c7 c1 04 ff ff ff 48 89 ea 48 89 ee 48 c7 c7 60\nRSP: 0018:fffffe8040b4fbd0 EFLAGS: 00010283\nRAX: 00000000000000cc RBX: dffffc0000000000 RCX: ffffffff818c4054\nRDX: ffffffff84947381 RSI: ffffffff818d1512 RDI: 0000000000000000\nRBP: ffff8880aaa62c00 R08: 0000000000000001 R09: fffffbd008169f32\nR10: fffffe8040b4f997 R11: 0000000000000001 R12: a1988d84f24943e4\nR13: ffffffffffffff02 R14: ffffffffffffff04 R15: ffff8880aaa62c08\nRBX: kasan shadow of 0x0\nRCX: __wake_up_klogd.part.0+0x74/0xe0 kernel/printk/printk.c:4554\nRDX: __list_del_entry_valid_or_report+0x141/0x200 lib/list_debug.c:58\nRSI: vprintk+0x72/0x100 kernel/printk/printk_safe.c:71\nRBP: autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc00/0x1000 [slab object]\nRSP: process kstack fffffe8040b4fbd0+0x7bd0/0x8000 [kworker/u8:7+netns 1804 ]\nR09: kasan shadow of process kstack fffffe8040b4f990+0x7990/0x8000 [kworker/u8:7+netns 1804 ]\nR10: process kstack fffffe8040b4f997+0x7997/0x8000 [kworker/u8:7+netns 1804 ]\nR15: autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc08/0x1000 [slab object]\nFS: 0000000000000000(0000) GS:ffff888116000000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000748f5372c000 CR3: 0000000015408000 CR4: 00000000003406f0 shadow CR4: 00000000003406f0\nStack:\n 0000000000000000 ffffffff8a0c35e7 ffffffff8a0c3603 ffff8880aaa62c00\n ffff8880aaa62c00 0000000000000004 ffff88811145311c 0000000000000005\n 0000000000000001 ffff8880aaa62000 fffffe8040b4fd40 ffffffff8a0c360d\nCall Trace:\n \u003cTASK\u003e\n [\u003cffffffff8a0c360d\u003e] __list_del_entry_valid include/linux/list.h:131 [inline] fffffe8040b4fc28\n [\u003cffffffff8a0c360d\u003e] __list_del_entry include/linux/list.h:248 [inline] fffffe8040b4fc28\n [\u003cffffffff8a0c360d\u003e] list_del include/linux/list.h:262 [inl\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21865",
"url": "https://www.suse.com/security/cve/CVE-2025-21865"
},
{
"category": "external",
"summary": "SUSE Bug 1239481 for CVE-2025-21865",
"url": "https://bugzilla.suse.com/1239481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21865"
},
{
"cve": "CVE-2025-21866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC\n\nErhard reported the following KASAN hit while booting his PowerMac G4\nwith a KASAN-enabled kernel 6.13-rc6:\n\n BUG: KASAN: vmalloc-out-of-bounds in copy_to_kernel_nofault+0xd8/0x1c8\n Write of size 8 at addr f1000000 by task chronyd/1293\n\n CPU: 0 UID: 123 PID: 1293 Comm: chronyd Tainted: G W 6.13.0-rc6-PMacG4 #2\n Tainted: [W]=WARN\n Hardware name: PowerMac3,6 7455 0x80010303 PowerMac\n Call Trace:\n [c2437590] [c1631a84] dump_stack_lvl+0x70/0x8c (unreliable)\n [c24375b0] [c0504998] print_report+0xdc/0x504\n [c2437610] [c050475c] kasan_report+0xf8/0x108\n [c2437690] [c0505a3c] kasan_check_range+0x24/0x18c\n [c24376a0] [c03fb5e4] copy_to_kernel_nofault+0xd8/0x1c8\n [c24376c0] [c004c014] patch_instructions+0x15c/0x16c\n [c2437710] [c00731a8] bpf_arch_text_copy+0x60/0x7c\n [c2437730] [c0281168] bpf_jit_binary_pack_finalize+0x50/0xac\n [c2437750] [c0073cf4] bpf_int_jit_compile+0xb30/0xdec\n [c2437880] [c0280394] bpf_prog_select_runtime+0x15c/0x478\n [c24378d0] [c1263428] bpf_prepare_filter+0xbf8/0xc14\n [c2437990] [c12677ec] bpf_prog_create_from_user+0x258/0x2b4\n [c24379d0] [c027111c] do_seccomp+0x3dc/0x1890\n [c2437ac0] [c001d8e0] system_call_exception+0x2dc/0x420\n [c2437f30] [c00281ac] ret_from_syscall+0x0/0x2c\n --- interrupt: c00 at 0x5a1274\n NIP: 005a1274 LR: 006a3b3c CTR: 005296c8\n REGS: c2437f40 TRAP: 0c00 Tainted: G W (6.13.0-rc6-PMacG4)\n MSR: 0200f932 \u003cVEC,EE,PR,FP,ME,IR,DR,RI\u003e CR: 24004422 XER: 00000000\n\n GPR00: 00000166 af8f3fa0 a7ee3540 00000001 00000000 013b6500 005a5858 0200f932\n GPR08: 00000000 00001fe9 013d5fc8 005296c8 2822244c 00b2fcd8 00000000 af8f4b57\n GPR16: 00000000 00000001 00000000 00000000 00000000 00000001 00000000 00000002\n GPR24: 00afdbb0 00000000 00000000 00000000 006e0004 013ce060 006e7c1c 00000001\n NIP [005a1274] 0x5a1274\n LR [006a3b3c] 0x6a3b3c\n --- interrupt: c00\n\n The buggy address belongs to the virtual mapping at\n [f1000000, f1002000) created by:\n text_area_cpu_up+0x20/0x190\n\n The buggy address belongs to the physical page:\n page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x76e30\n flags: 0x80000000(zone=2)\n raw: 80000000 00000000 00000122 00000000 00000000 00000000 ffffffff 00000001\n raw: 00000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n f0ffff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n f0ffff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n \u003ef1000000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n f1000080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n f1000100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ==================================================================\n\nf8 corresponds to KASAN_VMALLOC_INVALID which means the area is not\ninitialised hence not supposed to be used yet.\n\nPowerpc text patching infrastructure allocates a virtual memory area\nusing get_vm_area() and flags it as VM_ALLOC. But that flag is meant\nto be used for vmalloc() and vmalloc() allocated memory is not\nsupposed to be used before a call to __vmalloc_node_range() which is\nnever called for that area.\n\nThat went undetected until commit e4137f08816b (\"mm, kasan, kmsan:\ninstrument copy_from/to_kernel_nofault\")\n\nThe area allocated by text_area_cpu_up() is not vmalloc memory, it is\nmapped directly on demand when needed by map_kernel_page(). There is\nno VM flag corresponding to such usage, so just pass no flag. That way\nthe area will be unpoisonned and usable immediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21866",
"url": "https://www.suse.com/security/cve/CVE-2025-21866"
},
{
"category": "external",
"summary": "SUSE Bug 1239473 for CVE-2025-21866",
"url": "https://bugzilla.suse.com/1239473"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21866"
},
{
"cve": "CVE-2025-21867",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21867"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()\n\nKMSAN reported a use-after-free issue in eth_skb_pkt_type()[1]. The\ncause of the issue was that eth_skb_pkt_type() accessed skb\u0027s data\nthat didn\u0027t contain an Ethernet header. This occurs when\nbpf_prog_test_run_xdp() passes an invalid value as the user_data\nargument to bpf_test_init().\n\nFix this by returning an error when user_data is less than ETH_HLEN in\nbpf_test_init(). Additionally, remove the check for \"if (user_size \u003e\nsize)\" as it is unnecessary.\n\n[1]\nBUG: KMSAN: use-after-free in eth_skb_pkt_type include/linux/etherdevice.h:627 [inline]\nBUG: KMSAN: use-after-free in eth_type_trans+0x4ee/0x980 net/ethernet/eth.c:165\n eth_skb_pkt_type include/linux/etherdevice.h:627 [inline]\n eth_type_trans+0x4ee/0x980 net/ethernet/eth.c:165\n __xdp_build_skb_from_frame+0x5a8/0xa50 net/core/xdp.c:635\n xdp_recv_frames net/bpf/test_run.c:272 [inline]\n xdp_test_run_batch net/bpf/test_run.c:361 [inline]\n bpf_test_run_xdp_live+0x2954/0x3330 net/bpf/test_run.c:390\n bpf_prog_test_run_xdp+0x148e/0x1b10 net/bpf/test_run.c:1318\n bpf_prog_test_run+0x5b7/0xa30 kernel/bpf/syscall.c:4371\n __sys_bpf+0x6a6/0xe20 kernel/bpf/syscall.c:5777\n __do_sys_bpf kernel/bpf/syscall.c:5866 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5864 [inline]\n __x64_sys_bpf+0xa4/0xf0 kernel/bpf/syscall.c:5864\n x64_sys_call+0x2ea0/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:322\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n free_pages_prepare mm/page_alloc.c:1056 [inline]\n free_unref_page+0x156/0x1320 mm/page_alloc.c:2657\n __free_pages+0xa3/0x1b0 mm/page_alloc.c:4838\n bpf_ringbuf_free kernel/bpf/ringbuf.c:226 [inline]\n ringbuf_map_free+0xff/0x1e0 kernel/bpf/ringbuf.c:235\n bpf_map_free kernel/bpf/syscall.c:838 [inline]\n bpf_map_free_deferred+0x17c/0x310 kernel/bpf/syscall.c:862\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa2b/0x1b60 kernel/workqueue.c:3310\n worker_thread+0xedf/0x1550 kernel/workqueue.c:3391\n kthread+0x535/0x6b0 kernel/kthread.c:389\n ret_from_fork+0x6e/0x90 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nCPU: 1 UID: 0 PID: 17276 Comm: syz.1.16450 Not tainted 6.12.0-05490-g9bb88c659673 #8\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21867",
"url": "https://www.suse.com/security/cve/CVE-2025-21867"
},
{
"category": "external",
"summary": "SUSE Bug 1240181 for CVE-2025-21867",
"url": "https://bugzilla.suse.com/1240181"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21867"
},
{
"cve": "CVE-2025-21869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21869"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/code-patching: Disable KASAN report during patching via temporary mm\n\nErhard reports the following KASAN hit on Talos II (power9) with kernel 6.13:\n\n[ 12.028126] ==================================================================\n[ 12.028198] BUG: KASAN: user-memory-access in copy_to_kernel_nofault+0x8c/0x1a0\n[ 12.028260] Write of size 8 at addr 0000187e458f2000 by task systemd/1\n\n[ 12.028346] CPU: 87 UID: 0 PID: 1 Comm: systemd Tainted: G T 6.13.0-P9-dirty #3\n[ 12.028408] Tainted: [T]=RANDSTRUCT\n[ 12.028446] Hardware name: T2P9D01 REV 1.01 POWER9 0x4e1202 opal:skiboot-bc106a0 PowerNV\n[ 12.028500] Call Trace:\n[ 12.028536] [c000000008dbf3b0] [c000000001656a48] dump_stack_lvl+0xbc/0x110 (unreliable)\n[ 12.028609] [c000000008dbf3f0] [c0000000006e2fc8] print_report+0x6b0/0x708\n[ 12.028666] [c000000008dbf4e0] [c0000000006e2454] kasan_report+0x164/0x300\n[ 12.028725] [c000000008dbf600] [c0000000006e54d4] kasan_check_range+0x314/0x370\n[ 12.028784] [c000000008dbf640] [c0000000006e6310] __kasan_check_write+0x20/0x40\n[ 12.028842] [c000000008dbf660] [c000000000578e8c] copy_to_kernel_nofault+0x8c/0x1a0\n[ 12.028902] [c000000008dbf6a0] [c0000000000acfe4] __patch_instructions+0x194/0x210\n[ 12.028965] [c000000008dbf6e0] [c0000000000ade80] patch_instructions+0x150/0x590\n[ 12.029026] [c000000008dbf7c0] [c0000000001159bc] bpf_arch_text_copy+0x6c/0xe0\n[ 12.029085] [c000000008dbf800] [c000000000424250] bpf_jit_binary_pack_finalize+0x40/0xc0\n[ 12.029147] [c000000008dbf830] [c000000000115dec] bpf_int_jit_compile+0x3bc/0x930\n[ 12.029206] [c000000008dbf990] [c000000000423720] bpf_prog_select_runtime+0x1f0/0x280\n[ 12.029266] [c000000008dbfa00] [c000000000434b18] bpf_prog_load+0xbb8/0x1370\n[ 12.029324] [c000000008dbfb70] [c000000000436ebc] __sys_bpf+0x5ac/0x2e00\n[ 12.029379] [c000000008dbfd00] [c00000000043a228] sys_bpf+0x28/0x40\n[ 12.029435] [c000000008dbfd20] [c000000000038eb4] system_call_exception+0x334/0x610\n[ 12.029497] [c000000008dbfe50] [c00000000000c270] system_call_vectored_common+0xf0/0x280\n[ 12.029561] --- interrupt: 3000 at 0x3fff82f5cfa8\n[ 12.029608] NIP: 00003fff82f5cfa8 LR: 00003fff82f5cfa8 CTR: 0000000000000000\n[ 12.029660] REGS: c000000008dbfe80 TRAP: 3000 Tainted: G T (6.13.0-P9-dirty)\n[ 12.029735] MSR: 900000000280f032 \u003cSF,HV,VEC,VSX,EE,PR,FP,ME,IR,DR,RI\u003e CR: 42004848 XER: 00000000\n[ 12.029855] IRQMASK: 0\n GPR00: 0000000000000169 00003fffdcf789a0 00003fff83067100 0000000000000005\n GPR04: 00003fffdcf78a98 0000000000000090 0000000000000000 0000000000000008\n GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000\n GPR12: 0000000000000000 00003fff836ff7e0 c000000000010678 0000000000000000\n GPR16: 0000000000000000 0000000000000000 00003fffdcf78f28 00003fffdcf78f90\n GPR20: 0000000000000000 0000000000000000 0000000000000000 00003fffdcf78f80\n GPR24: 00003fffdcf78f70 00003fffdcf78d10 00003fff835c7239 00003fffdcf78bd8\n GPR28: 00003fffdcf78a98 0000000000000000 0000000000000000 000000011f547580\n[ 12.030316] NIP [00003fff82f5cfa8] 0x3fff82f5cfa8\n[ 12.030361] LR [00003fff82f5cfa8] 0x3fff82f5cfa8\n[ 12.030405] --- interrupt: 3000\n[ 12.030444] ==================================================================\n\nCommit c28c15b6d28a (\"powerpc/code-patching: Use temporary mm for\nRadix MMU\") is inspired from x86 but unlike x86 is doesn\u0027t disable\nKASAN reports during patching. This wasn\u0027t a problem at the begining\nbecause __patch_mem() is not instrumented.\n\nCommit 465cabc97b42 (\"powerpc/code-patching: introduce\npatch_instructions()\") use copy_to_kernel_nofault() to copy several\ninstructions at once. But when using temporary mm the destination is\nnot regular kernel memory but a kind of kernel-like memory located\nin user address space. \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21869",
"url": "https://www.suse.com/security/cve/CVE-2025-21869"
},
{
"category": "external",
"summary": "SUSE Bug 1240182 for CVE-2025-21869",
"url": "https://bugzilla.suse.com/1240182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21869"
},
{
"cve": "CVE-2025-21870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21870"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers\n\nOther, non DAI copier widgets could have the same stream name (sname) as\nthe ALH copier and in that case the copier-\u003edata is NULL, no alh_data is\nattached, which could lead to NULL pointer dereference.\nWe could check for this NULL pointer in sof_ipc4_prepare_copier_module()\nand avoid the crash, but a similar loop in sof_ipc4_widget_setup_comp_dai()\nwill miscalculate the ALH device count, causing broken audio.\n\nThe correct fix is to harden the matching logic by making sure that the\n1. widget is a DAI widget - so dai = w-\u003eprivate is valid\n2. the dai (and thus the copier) is ALH copier",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21870",
"url": "https://www.suse.com/security/cve/CVE-2025-21870"
},
{
"category": "external",
"summary": "SUSE Bug 1240191 for CVE-2025-21870",
"url": "https://bugzilla.suse.com/1240191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21870"
},
{
"cve": "CVE-2025-21871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21871"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: optee: Fix supplicant wait loop\n\nOP-TEE supplicant is a user-space daemon and it\u0027s possible for it\nbe hung or crashed or killed in the middle of processing an OP-TEE\nRPC call. It becomes more complicated when there is incorrect shutdown\nordering of the supplicant process vs the OP-TEE client application which\ncan eventually lead to system hang-up waiting for the closure of the\nclient application.\n\nAllow the client process waiting in kernel for supplicant response to\nbe killed rather than indefinitely waiting in an unkillable state. Also,\na normal uninterruptible wait should not have resulted in the hung-task\nwatchdog getting triggered, but the endless loop would.\n\nThis fixes issues observed during system reboot/shutdown when supplicant\ngot hung for some reason or gets crashed/killed which lead to client\ngetting hung in an unkillable state. It in turn lead to system being in\nhung up state requiring hard power off/on to recover.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21871",
"url": "https://www.suse.com/security/cve/CVE-2025-21871"
},
{
"category": "external",
"summary": "SUSE Bug 1240183 for CVE-2025-21871",
"url": "https://bugzilla.suse.com/1240183"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21871"
},
{
"cve": "CVE-2025-21873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21873"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: bsg: Fix crash when arpmb command fails\n\nIf the device doesn\u0027t support arpmb we\u0027ll crash due to copying user data in\nbsg_transport_sg_io_fn().\n\nIn the case where ufs_bsg_exec_advanced_rpmb_req() returns an error, do not\nset the job\u0027s reply_len.\n\nMemory crash backtrace:\n3,1290,531166405,-;ufshcd 0000:00:12.5: ARPMB OP failed: error code -22\n\n4,1308,531166555,-;Call Trace:\n\n4,1309,531166559,-; \u003cTASK\u003e\n\n4,1310,531166565,-; ? show_regs+0x6d/0x80\n\n4,1311,531166575,-; ? die+0x37/0xa0\n\n4,1312,531166583,-; ? do_trap+0xd4/0xf0\n\n4,1313,531166593,-; ? do_error_trap+0x71/0xb0\n\n4,1314,531166601,-; ? usercopy_abort+0x6c/0x80\n\n4,1315,531166610,-; ? exc_invalid_op+0x52/0x80\n\n4,1316,531166622,-; ? usercopy_abort+0x6c/0x80\n\n4,1317,531166630,-; ? asm_exc_invalid_op+0x1b/0x20\n\n4,1318,531166643,-; ? usercopy_abort+0x6c/0x80\n\n4,1319,531166652,-; __check_heap_object+0xe3/0x120\n\n4,1320,531166661,-; check_heap_object+0x185/0x1d0\n\n4,1321,531166670,-; __check_object_size.part.0+0x72/0x150\n\n4,1322,531166679,-; __check_object_size+0x23/0x30\n\n4,1323,531166688,-; bsg_transport_sg_io_fn+0x314/0x3b0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21873",
"url": "https://www.suse.com/security/cve/CVE-2025-21873"
},
{
"category": "external",
"summary": "SUSE Bug 1240184 for CVE-2025-21873",
"url": "https://bugzilla.suse.com/1240184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21873"
},
{
"cve": "CVE-2025-21875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21875"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: always handle address removal under msk socket lock\n\nSyzkaller reported a lockdep splat in the PM control path:\n\n WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 sock_owned_by_me include/net/sock.h:1711 [inline]\n WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 msk_owned_by_me net/mptcp/protocol.h:363 [inline]\n WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 mptcp_pm_nl_addr_send_ack+0x57c/0x610 net/mptcp/pm_netlink.c:788\n Modules linked in:\n CPU: 0 UID: 0 PID: 6693 Comm: syz.0.205 Not tainted 6.14.0-rc2-syzkaller-00303-gad1b832bf1cf #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024\n RIP: 0010:sock_owned_by_me include/net/sock.h:1711 [inline]\n RIP: 0010:msk_owned_by_me net/mptcp/protocol.h:363 [inline]\n RIP: 0010:mptcp_pm_nl_addr_send_ack+0x57c/0x610 net/mptcp/pm_netlink.c:788\n Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 ca 7b d3 f5 eb b9 e8 c3 7b d3 f5 90 0f 0b 90 e9 dd fb ff ff e8 b5 7b d3 f5 90 \u003c0f\u003e 0b 90 e9 3e fb ff ff 44 89 f1 80 e1 07 38 c1 0f 8c eb fb ff ff\n RSP: 0000:ffffc900034f6f60 EFLAGS: 00010283\n RAX: ffffffff8bee3c2b RBX: 0000000000000001 RCX: 0000000000080000\n RDX: ffffc90004d42000 RSI: 000000000000a407 RDI: 000000000000a408\n RBP: ffffc900034f7030 R08: ffffffff8bee37f6 R09: 0100000000000000\n R10: dffffc0000000000 R11: ffffed100bcc62e4 R12: ffff88805e6316e0\n R13: ffff88805e630c00 R14: dffffc0000000000 R15: ffff88805e630c00\n FS: 00007f7e9a7e96c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000001b2fd18ff8 CR3: 0000000032c24000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n mptcp_pm_remove_addr+0x103/0x1d0 net/mptcp/pm.c:59\n mptcp_pm_remove_anno_addr+0x1f4/0x2f0 net/mptcp/pm_netlink.c:1486\n mptcp_nl_remove_subflow_and_signal_addr net/mptcp/pm_netlink.c:1518 [inline]\n mptcp_pm_nl_del_addr_doit+0x118d/0x1af0 net/mptcp/pm_netlink.c:1629\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb1f/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x206/0x480 net/netlink/af_netlink.c:2543\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x8de/0xcb0 net/netlink/af_netlink.c:1892\n sock_sendmsg_nosec net/socket.c:718 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:733\n ____sys_sendmsg+0x53a/0x860 net/socket.c:2573\n ___sys_sendmsg net/socket.c:2627 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2659\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f7e9998cde9\n Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007f7e9a7e9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f7e99ba5fa0 RCX: 00007f7e9998cde9\n RDX: 000000002000c094 RSI: 0000400000000000 RDI: 0000000000000007\n RBP: 00007f7e99a0e2a0 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 0000000000000000 R14: 00007f7e99ba5fa0 R15: 00007fff49231088\n\nIndeed the PM can try to send a RM_ADDR over a msk without acquiring\nfirst the msk socket lock.\n\nThe bugged code-path comes from an early optimization: when there\nare no subflows, the PM should (usually) not send RM_ADDR\nnotifications.\n\nThe above statement is incorrect, as without locks another process\ncould concur\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21875",
"url": "https://www.suse.com/security/cve/CVE-2025-21875"
},
{
"category": "external",
"summary": "SUSE Bug 1240168 for CVE-2025-21875",
"url": "https://bugzilla.suse.com/1240168"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21875"
},
{
"cve": "CVE-2025-21876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21876"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix suspicious RCU usage\n\nCommit \u003cd74169ceb0d2\u003e (\"iommu/vt-d: Allocate DMAR fault interrupts\nlocally\") moved the call to enable_drhd_fault_handling() to a code\npath that does not hold any lock while traversing the drhd list. Fix\nit by ensuring the dmar_global_lock lock is held when traversing the\ndrhd list.\n\nWithout this fix, the following warning is triggered:\n =============================\n WARNING: suspicious RCU usage\n 6.14.0-rc3 #55 Not tainted\n -----------------------------\n drivers/iommu/intel/dmar.c:2046 RCU-list traversed in non-reader section!!\n other info that might help us debug this:\n rcu_scheduler_active = 1, debug_locks = 1\n 2 locks held by cpuhp/1/23:\n #0: ffffffff84a67c50 (cpu_hotplug_lock){++++}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0\n #1: ffffffff84a6a380 (cpuhp_state-up){+.+.}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0\n stack backtrace:\n CPU: 1 UID: 0 PID: 23 Comm: cpuhp/1 Not tainted 6.14.0-rc3 #55\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xb7/0xd0\n lockdep_rcu_suspicious+0x159/0x1f0\n ? __pfx_enable_drhd_fault_handling+0x10/0x10\n enable_drhd_fault_handling+0x151/0x180\n cpuhp_invoke_callback+0x1df/0x990\n cpuhp_thread_fun+0x1ea/0x2c0\n smpboot_thread_fn+0x1f5/0x2e0\n ? __pfx_smpboot_thread_fn+0x10/0x10\n kthread+0x12a/0x2d0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x4a/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nHolding the lock in enable_drhd_fault_handling() triggers a lockdep splat\nabout a possible deadlock between dmar_global_lock and cpu_hotplug_lock.\nThis is avoided by not holding dmar_global_lock when calling\niommu_device_register(), which initiates the device probe process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21876",
"url": "https://www.suse.com/security/cve/CVE-2025-21876"
},
{
"category": "external",
"summary": "SUSE Bug 1240179 for CVE-2025-21876",
"url": "https://bugzilla.suse.com/1240179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21876"
},
{
"cve": "CVE-2025-21877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21877"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: gl620a: fix endpoint checking in genelink_bind()\n\nSyzbot reports [1] a warning in usb_submit_urb() triggered by\ninconsistencies between expected and actually present endpoints\nin gl620a driver. Since genelink_bind() does not properly\nverify whether specified eps are in fact provided by the device,\nin this case, an artificially manufactured one, one may get a\nmismatch.\n\nFix the issue by resorting to a usbnet utility function\nusbnet_get_endpoints(), usually reserved for this very problem.\nCheck for endpoints and return early before proceeding further if\nany are missing.\n\n[1] Syzbot report:\nusb 5-1: Manufacturer: syz\nusb 5-1: SerialNumber: syz\nusb 5-1: config 0 descriptor??\ngl620a 5-1:0.23 usb0: register \u0027gl620a\u0027 at usb-dummy_hcd.0-1, ...\n------------[ cut here ]------------\nusb 5-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 2 PID: 1841 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\nModules linked in:\nCPU: 2 UID: 0 PID: 1841 Comm: kworker/2:2 Not tainted 6.12.0-syzkaller-07834-g06afb0f36106 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: mld mld_ifc_work\nRIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\n...\nCall Trace:\n \u003cTASK\u003e\n usbnet_start_xmit+0x6be/0x2780 drivers/net/usb/usbnet.c:1467\n __netdev_start_xmit include/linux/netdevice.h:5002 [inline]\n netdev_start_xmit include/linux/netdevice.h:5011 [inline]\n xmit_one net/core/dev.c:3590 [inline]\n dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3606\n sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343\n __dev_xmit_skb net/core/dev.c:3827 [inline]\n __dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4400\n dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n neigh_resolve_output net/core/neighbour.c:1514 [inline]\n neigh_resolve_output+0x5bc/0x950 net/core/neighbour.c:1494\n neigh_output include/net/neighbour.h:539 [inline]\n ip6_finish_output2+0xb1b/0x2070 net/ipv6/ip6_output.c:141\n __ip6_finish_output net/ipv6/ip6_output.c:215 [inline]\n ip6_finish_output+0x3f9/0x1360 net/ipv6/ip6_output.c:226\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip6_output+0x1f8/0x540 net/ipv6/ip6_output.c:247\n dst_output include/net/dst.h:450 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netfilter.h:308 [inline]\n mld_sendpack+0x9f0/0x11d0 net/ipv6/mcast.c:1819\n mld_send_cr net/ipv6/mcast.c:2120 [inline]\n mld_ifc_work+0x740/0xca0 net/ipv6/mcast.c:2651\n process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21877",
"url": "https://www.suse.com/security/cve/CVE-2025-21877"
},
{
"category": "external",
"summary": "SUSE Bug 1240172 for CVE-2025-21877",
"url": "https://bugzilla.suse.com/1240172"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21877"
},
{
"cve": "CVE-2025-21878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21878"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: npcm: disable interrupt enable bit before devm_request_irq\n\nThe customer reports that there is a soft lockup issue related to\nthe i2c driver. After checking, the i2c module was doing a tx transfer\nand the bmc machine reboots in the middle of the i2c transaction, the i2c\nmodule keeps the status without being reset.\n\nDue to such an i2c module status, the i2c irq handler keeps getting\ntriggered since the i2c irq handler is registered in the kernel booting\nprocess after the bmc machine is doing a warm rebooting.\nThe continuous triggering is stopped by the soft lockup watchdog timer.\n\nDisable the interrupt enable bit in the i2c module before calling\ndevm_request_irq to fix this issue since the i2c relative status bit\nis read-only.\n\nHere is the soft lockup log.\n[ 28.176395] watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [swapper/0:1]\n[ 28.183351] Modules linked in:\n[ 28.186407] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.15.120-yocto-s-dirty-bbebc78 #1\n[ 28.201174] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 28.208128] pc : __do_softirq+0xb0/0x368\n[ 28.212055] lr : __do_softirq+0x70/0x368\n[ 28.215972] sp : ffffff8035ebca00\n[ 28.219278] x29: ffffff8035ebca00 x28: 0000000000000002 x27: ffffff80071a3780\n[ 28.226412] x26: ffffffc008bdc000 x25: ffffffc008bcc640 x24: ffffffc008be50c0\n[ 28.233546] x23: ffffffc00800200c x22: 0000000000000000 x21: 000000000000001b\n[ 28.240679] x20: 0000000000000000 x19: ffffff80001c3200 x18: ffffffffffffffff\n[ 28.247812] x17: ffffffc02d2e0000 x16: ffffff8035eb8b40 x15: 00001e8480000000\n[ 28.254945] x14: 02c3647e37dbfcb6 x13: 02c364f2ab14200c x12: 0000000002c364f2\n[ 28.262078] x11: 00000000fa83b2da x10: 000000000000b67e x9 : ffffffc008010250\n[ 28.269211] x8 : 000000009d983d00 x7 : 7fffffffffffffff x6 : 0000036d74732434\n[ 28.276344] x5 : 00ffffffffffffff x4 : 0000000000000015 x3 : 0000000000000198\n[ 28.283476] x2 : ffffffc02d2e0000 x1 : 00000000000000e0 x0 : ffffffc008bdcb40\n[ 28.290611] Call trace:\n[ 28.293052] __do_softirq+0xb0/0x368\n[ 28.296625] __irq_exit_rcu+0xe0/0x100\n[ 28.300374] irq_exit+0x14/0x20\n[ 28.303513] handle_domain_irq+0x68/0x90\n[ 28.307440] gic_handle_irq+0x78/0xb0\n[ 28.311098] call_on_irq_stack+0x20/0x38\n[ 28.315019] do_interrupt_handler+0x54/0x5c\n[ 28.319199] el1_interrupt+0x2c/0x4c\n[ 28.322777] el1h_64_irq_handler+0x14/0x20\n[ 28.326872] el1h_64_irq+0x74/0x78\n[ 28.330269] __setup_irq+0x454/0x780\n[ 28.333841] request_threaded_irq+0xd0/0x1b4\n[ 28.338107] devm_request_threaded_irq+0x84/0x100\n[ 28.342809] npcm_i2c_probe_bus+0x188/0x3d0\n[ 28.346990] platform_probe+0x6c/0xc4\n[ 28.350653] really_probe+0xcc/0x45c\n[ 28.354227] __driver_probe_device+0x8c/0x160\n[ 28.358578] driver_probe_device+0x44/0xe0\n[ 28.362670] __driver_attach+0x124/0x1d0\n[ 28.366589] bus_for_each_dev+0x7c/0xe0\n[ 28.370426] driver_attach+0x28/0x30\n[ 28.373997] bus_add_driver+0x124/0x240\n[ 28.377830] driver_register+0x7c/0x124\n[ 28.381662] __platform_driver_register+0x2c/0x34\n[ 28.386362] npcm_i2c_init+0x3c/0x5c\n[ 28.389937] do_one_initcall+0x74/0x230\n[ 28.393768] kernel_init_freeable+0x24c/0x2b4\n[ 28.398126] kernel_init+0x28/0x130\n[ 28.401614] ret_from_fork+0x10/0x20\n[ 28.405189] Kernel panic - not syncing: softlockup: hung tasks\n[ 28.411011] SMP: stopping secondary CPUs\n[ 28.414933] Kernel Offset: disabled\n[ 28.418412] CPU features: 0x00000000,00000802\n[ 28.427644] Rebooting in 20 seconds..",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21878",
"url": "https://www.suse.com/security/cve/CVE-2025-21878"
},
{
"category": "external",
"summary": "SUSE Bug 1240192 for CVE-2025-21878",
"url": "https://bugzilla.suse.com/1240192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21878"
},
{
"cve": "CVE-2025-21881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nuprobes: Reject the shared zeropage in uprobe_write_opcode()\n\nWe triggered the following crash in syzkaller tests:\n\n BUG: Bad page state in process syz.7.38 pfn:1eff3\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eff3\n flags: 0x3fffff00004004(referenced|reserved|node=0|zone=1|lastcpupid=0x1fffff)\n raw: 003fffff00004004 ffffe6c6c07bfcc8 ffffe6c6c07bfcc8 0000000000000000\n raw: 0000000000000000 0000000000000000 00000000fffffffe 0000000000000000\n page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x32/0x50\n bad_page+0x69/0xf0\n free_unref_page_prepare+0x401/0x500\n free_unref_page+0x6d/0x1b0\n uprobe_write_opcode+0x460/0x8e0\n install_breakpoint.part.0+0x51/0x80\n register_for_each_vma+0x1d9/0x2b0\n __uprobe_register+0x245/0x300\n bpf_uprobe_multi_link_attach+0x29b/0x4f0\n link_create+0x1e2/0x280\n __sys_bpf+0x75f/0xac0\n __x64_sys_bpf+0x1a/0x30\n do_syscall_64+0x56/0x100\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\n BUG: Bad rss-counter state mm:00000000452453e0 type:MM_FILEPAGES val:-1\n\nThe following syzkaller test case can be used to reproduce:\n\n r2 = creat(\u0026(0x7f0000000000)=\u0027./file0\\x00\u0027, 0x8)\n write$nbd(r2, \u0026(0x7f0000000580)=ANY=[], 0x10)\n r4 = openat(0xffffffffffffff9c, \u0026(0x7f0000000040)=\u0027./file0\\x00\u0027, 0x42, 0x0)\n mmap$IORING_OFF_SQ_RING(\u0026(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r4, 0x0)\n r5 = userfaultfd(0x80801)\n ioctl$UFFDIO_API(r5, 0xc018aa3f, \u0026(0x7f0000000040)={0xaa, 0x20})\n r6 = userfaultfd(0x80801)\n ioctl$UFFDIO_API(r6, 0xc018aa3f, \u0026(0x7f0000000140))\n ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, \u0026(0x7f0000000100)={{\u0026(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x2})\n ioctl$UFFDIO_ZEROPAGE(r5, 0xc020aa04, \u0026(0x7f0000000000)={{\u0026(0x7f0000ffd000/0x1000)=nil, 0x1000}})\n r7 = bpf$PROG_LOAD(0x5, \u0026(0x7f0000000140)={0x2, 0x3, \u0026(0x7f0000000200)=ANY=[@ANYBLOB=\"1800000000120000000000000000000095\"], \u0026(0x7f0000000000)=\u0027GPL\\x00\u0027, 0x7, 0x0, 0x0, 0x0, 0x0, \u0027\\x00\u0027, 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)\n bpf$BPF_LINK_CREATE_XDP(0x1c, \u0026(0x7f0000000040)={r7, 0x0, 0x30, 0x1e, @val=@uprobe_multi={\u0026(0x7f0000000080)=\u0027./file0\\x00\u0027, \u0026(0x7f0000000100)=[0x2], 0x0, 0x0, 0x1}}, 0x40)\n\nThe cause is that zero pfn is set to the PTE without increasing the RSS\ncount in mfill_atomic_pte_zeropage() and the refcount of zero folio does\nnot increase accordingly. Then, the operation on the same pfn is performed\nin uprobe_write_opcode()-\u003e__replace_page() to unconditional decrease the\nRSS count and old_folio\u0027s refcount.\n\nTherefore, two bugs are introduced:\n\n 1. The RSS count is incorrect, when process exit, the check_mm() report\n error \"Bad rss-count\".\n\n 2. The reserved folio (zero folio) is freed when folio-\u003erefcount is zero,\n then free_pages_prepare-\u003efree_page_is_bad() report error\n \"Bad page state\".\n\nThere is more, the following warning could also theoretically be triggered:\n\n __replace_page()\n -\u003e ...\n -\u003e folio_remove_rmap_pte()\n -\u003e VM_WARN_ON_FOLIO(is_zero_folio(folio), folio)\n\nConsidering that uprobe hit on the zero folio is a very rare case, just\nreject zero old folio immediately after get_user_page_vma_remote().\n\n[ mingo: Cleaned up the changelog ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21881",
"url": "https://www.suse.com/security/cve/CVE-2025-21881"
},
{
"category": "external",
"summary": "SUSE Bug 1240185 for CVE-2025-21881",
"url": "https://bugzilla.suse.com/1240185"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21881"
},
{
"cve": "CVE-2025-21883",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21883"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix deinitializing VF in error path\n\nIf ice_ena_vfs() fails after calling ice_create_vf_entries(), it frees\nall VFs without removing them from snapshot PF-VF mailbox list, leading\nto list corruption.\n\nReproducer:\n devlink dev eswitch set $PF1_PCI mode switchdev\n ip l s $PF1 up\n ip l s $PF1 promisc on\n sleep 1\n echo 1 \u003e /sys/class/net/$PF1/device/sriov_numvfs\n sleep 1\n echo 1 \u003e /sys/class/net/$PF1/device/sriov_numvfs\n\nTrace (minimized):\n list_add corruption. next-\u003eprev should be prev (ffff8882e241c6f0), but was 0000000000000000. (next=ffff888455da1330).\n kernel BUG at lib/list_debug.c:29!\n RIP: 0010:__list_add_valid_or_report+0xa6/0x100\n ice_mbx_init_vf_info+0xa7/0x180 [ice]\n ice_initialize_vf_entry+0x1fa/0x250 [ice]\n ice_sriov_configure+0x8d7/0x1520 [ice]\n ? __percpu_ref_switch_mode+0x1b1/0x5d0\n ? __pfx_ice_sriov_configure+0x10/0x10 [ice]\n\nSometimes a KASAN report can be seen instead with a similar stack trace:\n BUG: KASAN: use-after-free in __list_add_valid_or_report+0xf1/0x100\n\nVFs are added to this list in ice_mbx_init_vf_info(), but only removed\nin ice_free_vfs(). Move the removing to ice_free_vf_entries(), which is\nalso being called in other places where VFs are being removed (including\nice_free_vfs() itself).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21883",
"url": "https://www.suse.com/security/cve/CVE-2025-21883"
},
{
"category": "external",
"summary": "SUSE Bug 1240189 for CVE-2025-21883",
"url": "https://bugzilla.suse.com/1240189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21883"
},
{
"cve": "CVE-2025-21884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: better track kernel sockets lifetime\n\nWhile kernel sockets are dismantled during pernet_operations-\u003eexit(),\ntheir freeing can be delayed by any tx packets still held in qdisc\nor device queues, due to skb_set_owner_w() prior calls.\n\nThis then trigger the following warning from ref_tracker_dir_exit() [1]\n\nTo fix this, make sure that kernel sockets own a reference on net-\u003epassive.\n\nAdd sk_net_refcnt_upgrade() helper, used whenever a kernel socket\nis converted to a refcounted one.\n\n[1]\n\n[ 136.263918][ T35] ref_tracker: net notrefcnt@ffff8880638f01e0 has 1/2 users at\n[ 136.263918][ T35] sk_alloc+0x2b3/0x370\n[ 136.263918][ T35] inet6_create+0x6ce/0x10f0\n[ 136.263918][ T35] __sock_create+0x4c0/0xa30\n[ 136.263918][ T35] inet_ctl_sock_create+0xc2/0x250\n[ 136.263918][ T35] igmp6_net_init+0x39/0x390\n[ 136.263918][ T35] ops_init+0x31e/0x590\n[ 136.263918][ T35] setup_net+0x287/0x9e0\n[ 136.263918][ T35] copy_net_ns+0x33f/0x570\n[ 136.263918][ T35] create_new_namespaces+0x425/0x7b0\n[ 136.263918][ T35] unshare_nsproxy_namespaces+0x124/0x180\n[ 136.263918][ T35] ksys_unshare+0x57d/0xa70\n[ 136.263918][ T35] __x64_sys_unshare+0x38/0x40\n[ 136.263918][ T35] do_syscall_64+0xf3/0x230\n[ 136.263918][ T35] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 136.263918][ T35]\n[ 136.343488][ T35] ref_tracker: net notrefcnt@ffff8880638f01e0 has 1/2 users at\n[ 136.343488][ T35] sk_alloc+0x2b3/0x370\n[ 136.343488][ T35] inet6_create+0x6ce/0x10f0\n[ 136.343488][ T35] __sock_create+0x4c0/0xa30\n[ 136.343488][ T35] inet_ctl_sock_create+0xc2/0x250\n[ 136.343488][ T35] ndisc_net_init+0xa7/0x2b0\n[ 136.343488][ T35] ops_init+0x31e/0x590\n[ 136.343488][ T35] setup_net+0x287/0x9e0\n[ 136.343488][ T35] copy_net_ns+0x33f/0x570\n[ 136.343488][ T35] create_new_namespaces+0x425/0x7b0\n[ 136.343488][ T35] unshare_nsproxy_namespaces+0x124/0x180\n[ 136.343488][ T35] ksys_unshare+0x57d/0xa70\n[ 136.343488][ T35] __x64_sys_unshare+0x38/0x40\n[ 136.343488][ T35] do_syscall_64+0xf3/0x230\n[ 136.343488][ T35] entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21884",
"url": "https://www.suse.com/security/cve/CVE-2025-21884"
},
{
"category": "external",
"summary": "SUSE Bug 1240171 for CVE-2025-21884",
"url": "https://bugzilla.suse.com/1240171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21884"
},
{
"cve": "CVE-2025-21885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21885"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix the page details for the srq created by kernel consumers\n\nWhile using nvme target with use_srq on, below kernel panic is noticed.\n\n[ 549.698111] bnxt_en 0000:41:00.0 enp65s0np0: FEC autoneg off encoding: Clause 91 RS(544,514)\n[ 566.393619] Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI\n..\n[ 566.393799] \u003cTASK\u003e\n[ 566.393807] ? __die_body+0x1a/0x60\n[ 566.393823] ? die+0x38/0x60\n[ 566.393835] ? do_trap+0xe4/0x110\n[ 566.393847] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393867] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393881] ? do_error_trap+0x7c/0x120\n[ 566.393890] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393911] ? exc_divide_error+0x34/0x50\n[ 566.393923] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393939] ? asm_exc_divide_error+0x16/0x20\n[ 566.393966] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393997] bnxt_qplib_create_srq+0xc9/0x340 [bnxt_re]\n[ 566.394040] bnxt_re_create_srq+0x335/0x3b0 [bnxt_re]\n[ 566.394057] ? srso_return_thunk+0x5/0x5f\n[ 566.394068] ? __init_swait_queue_head+0x4a/0x60\n[ 566.394090] ib_create_srq_user+0xa7/0x150 [ib_core]\n[ 566.394147] nvmet_rdma_queue_connect+0x7d0/0xbe0 [nvmet_rdma]\n[ 566.394174] ? lock_release+0x22c/0x3f0\n[ 566.394187] ? srso_return_thunk+0x5/0x5f\n\nPage size and shift info is set only for the user space SRQs.\nSet page size and page shift for kernel space SRQs also.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21885",
"url": "https://www.suse.com/security/cve/CVE-2025-21885"
},
{
"category": "external",
"summary": "SUSE Bug 1240169 for CVE-2025-21885",
"url": "https://bugzilla.suse.com/1240169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21885"
},
{
"cve": "CVE-2025-21886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21886"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix implicit ODP hang on parent deregistration\n\nFix the destroy_unused_implicit_child_mr() to prevent hanging during\nparent deregistration as of below [1].\n\nUpon entering destroy_unused_implicit_child_mr(), the reference count\nfor the implicit MR parent is incremented using:\nrefcount_inc_not_zero().\n\nA corresponding decrement must be performed if\nfree_implicit_child_mr_work() is not called.\n\nThe code has been updated to properly manage the reference count that\nwas incremented.\n\n[1]\nINFO: task python3:2157 blocked for more than 120 seconds.\nNot tainted 6.12.0-rc7+ #1633\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:python3 state:D stack:0 pid:2157 tgid:2157 ppid:1685 flags:0x00000000\nCall Trace:\n\u003cTASK\u003e\n__schedule+0x420/0xd30\nschedule+0x47/0x130\n__mlx5_ib_dereg_mr+0x379/0x5d0 [mlx5_ib]\n? __pfx_autoremove_wake_function+0x10/0x10\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0x116/0x170 [ib_uverbs]\n? lock_release+0xc6/0x280\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n __x64_sys_ioctl+0x1b0/0xa70\n? kmem_cache_free+0x221/0x400\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f20f21f017b\nRSP: 002b:00007ffcfc4a77c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffcfc4a78d8 RCX: 00007f20f21f017b\nRDX: 00007ffcfc4a78c0 RSI: 00000000c0181b01 RDI: 0000000000000003\nRBP: 00007ffcfc4a78a0 R08: 000056147d125190 R09: 00007f20f1f14c60\nR10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcfc4a7890\nR13: 000000000000001c R14: 000056147d100fc0 R15: 00007f20e365c9d0\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21886",
"url": "https://www.suse.com/security/cve/CVE-2025-21886"
},
{
"category": "external",
"summary": "SUSE Bug 1240188 for CVE-2025-21886",
"url": "https://bugzilla.suse.com/1240188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21886"
},
{
"cve": "CVE-2025-21887",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21887"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\novl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up\n\nThe issue was caused by dput(upper) being called before\novl_dentry_update_reval(), while upper-\u003ed_flags was still\naccessed in ovl_dentry_remote().\n\nMove dput(upper) after its last use to prevent use-after-free.\n\nBUG: KASAN: slab-use-after-free in ovl_dentry_remote fs/overlayfs/util.c:162 [inline]\nBUG: KASAN: slab-use-after-free in ovl_dentry_update_reval+0xd2/0xf0 fs/overlayfs/util.c:167\n\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n ovl_dentry_remote fs/overlayfs/util.c:162 [inline]\n ovl_dentry_update_reval+0xd2/0xf0 fs/overlayfs/util.c:167\n ovl_link_up fs/overlayfs/copy_up.c:610 [inline]\n ovl_copy_up_one+0x2105/0x3490 fs/overlayfs/copy_up.c:1170\n ovl_copy_up_flags+0x18d/0x200 fs/overlayfs/copy_up.c:1223\n ovl_rename+0x39e/0x18c0 fs/overlayfs/dir.c:1136\n vfs_rename+0xf84/0x20a0 fs/namei.c:4893\n...\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21887",
"url": "https://www.suse.com/security/cve/CVE-2025-21887"
},
{
"category": "external",
"summary": "SUSE Bug 1240176 for CVE-2025-21887",
"url": "https://bugzilla.suse.com/1240176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21887"
},
{
"cve": "CVE-2025-21888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21888"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix a WARN during dereg_mr for DM type\n\nMemory regions (MR) of type DM (device memory) do not have an associated\numem.\n\nIn the __mlx5_ib_dereg_mr() -\u003e mlx5_free_priv_descs() flow, the code\nincorrectly takes the wrong branch, attempting to call\ndma_unmap_single() on a DMA address that is not mapped.\n\nThis results in a WARN [1], as shown below.\n\nThe issue is resolved by properly accounting for the DM type and\nensuring the correct branch is selected in mlx5_free_priv_descs().\n\n[1]\nWARNING: CPU: 12 PID: 1346 at drivers/iommu/dma-iommu.c:1230 iommu_dma_unmap_page+0x79/0x90\nModules linked in: ip6table_mangle ip6table_nat ip6table_filter ip6_tables iptable_mangle xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry ovelay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core fuse mlx5_core\nCPU: 12 UID: 0 PID: 1346 Comm: ibv_rc_pingpong Not tainted 6.12.0-rc7+ #1631\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:iommu_dma_unmap_page+0x79/0x90\nCode: 2b 49 3b 29 72 26 49 3b 69 08 73 20 4d 89 f0 44 89 e9 4c 89 e2 48 89 ee 48 89 df 5b 5d 41 5c 41 5d 41 5e 41 5f e9 07 b8 88 ff \u003c0f\u003e 0b 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 66 0f 1f 44 00\nRSP: 0018:ffffc90001913a10 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88810194b0a8 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001\nRBP: ffff88810194b0a8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f537abdd740(0000) GS:ffff88885fb00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f537aeb8000 CR3: 000000010c248001 CR4: 0000000000372eb0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x84/0x190\n? iommu_dma_unmap_page+0x79/0x90\n? report_bug+0xf8/0x1c0\n? handle_bug+0x55/0x90\n? exc_invalid_op+0x13/0x60\n? asm_exc_invalid_op+0x16/0x20\n? iommu_dma_unmap_page+0x79/0x90\ndma_unmap_page_attrs+0xe6/0x290\nmlx5_free_priv_descs+0xb0/0xe0 [mlx5_ib]\n__mlx5_ib_dereg_mr+0x37e/0x520 [mlx5_ib]\n? _raw_spin_unlock_irq+0x24/0x40\n? wait_for_completion+0xfe/0x130\n? rdma_restrack_put+0x63/0xe0 [ib_core]\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0x116/0x170 [ib_uverbs]\n? lock_release+0xc6/0x280\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n__x64_sys_ioctl+0x1b0/0xa70\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f537adaf17b\nCode: 0f 1e fa 48 8b 05 1d ad 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d ed ac 0c 00 f7 d8 64 89 01 48\nRSP: 002b:00007ffff218f0b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffff218f1d8 RCX: 00007f537adaf17b\nRDX: 00007ffff218f1c0 RSI: 00000000c0181b01 RDI: 0000000000000003\nRBP: 00007ffff218f1a0 R08: 00007f537aa8d010 R09: 0000561ee2e4f270\nR10: 00007f537aace3a8 R11: 0000000000000246 R12: 00007ffff218f190\nR13: 000000000000001c R14: 0000561ee2e4d7c0 R15: 00007ffff218f450\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21888",
"url": "https://www.suse.com/security/cve/CVE-2025-21888"
},
{
"category": "external",
"summary": "SUSE Bug 1240177 for CVE-2025-21888",
"url": "https://bugzilla.suse.com/1240177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21888"
},
{
"cve": "CVE-2025-21889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Add RCU read lock protection to perf_iterate_ctx()\n\nThe perf_iterate_ctx() function performs RCU list traversal but\ncurrently lacks RCU read lock protection. This causes lockdep warnings\nwhen running perf probe with unshare(1) under CONFIG_PROVE_RCU_LIST=y:\n\n\tWARNING: suspicious RCU usage\n\tkernel/events/core.c:8168 RCU-list traversed in non-reader section!!\n\n\t Call Trace:\n\t lockdep_rcu_suspicious\n\t ? perf_event_addr_filters_apply\n\t perf_iterate_ctx\n\t perf_event_exec\n\t begin_new_exec\n\t ? load_elf_phdrs\n\t load_elf_binary\n\t ? lock_acquire\n\t ? find_held_lock\n\t ? bprm_execve\n\t bprm_execve\n\t do_execveat_common.isra.0\n\t __x64_sys_execve\n\t do_syscall_64\n\t entry_SYSCALL_64_after_hwframe\n\nThis protection was previously present but was removed in commit\nbd2756811766 (\"perf: Rewrite core context handling\"). Add back the\nnecessary rcu_read_lock()/rcu_read_unlock() pair around\nperf_iterate_ctx() call in perf_event_exec().\n\n[ mingo: Use scoped_guard() as suggested by Peter ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21889",
"url": "https://www.suse.com/security/cve/CVE-2025-21889"
},
{
"category": "external",
"summary": "SUSE Bug 1240167 for CVE-2025-21889",
"url": "https://bugzilla.suse.com/1240167"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21889"
},
{
"cve": "CVE-2025-21890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21890"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix checksums set in idpf_rx_rsc()\n\nidpf_rx_rsc() uses skb_transport_offset(skb) while the transport header\nis not set yet.\n\nThis triggers the following warning for CONFIG_DEBUG_NET=y builds.\n\nDEBUG_NET_WARN_ON_ONCE(!skb_transport_header_was_set(skb))\n\n[ 69.261620] WARNING: CPU: 7 PID: 0 at ./include/linux/skbuff.h:3020 idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261629] Modules linked in: vfat fat dummy bridge intel_uncore_frequency_tpmi intel_uncore_frequency_common intel_vsec_tpmi idpf intel_vsec cdc_ncm cdc_eem cdc_ether usbnet mii xhci_pci xhci_hcd ehci_pci ehci_hcd libeth\n[ 69.261644] CPU: 7 UID: 0 PID: 0 Comm: swapper/7 Tainted: G S W 6.14.0-smp-DEV #1697\n[ 69.261648] Tainted: [S]=CPU_OUT_OF_SPEC, [W]=WARN\n[ 69.261650] RIP: 0010:idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261677] ? __warn (kernel/panic.c:242 kernel/panic.c:748)\n[ 69.261682] ? idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261687] ? report_bug (lib/bug.c:?)\n[ 69.261690] ? handle_bug (arch/x86/kernel/traps.c:285)\n[ 69.261694] ? exc_invalid_op (arch/x86/kernel/traps.c:309)\n[ 69.261697] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)\n[ 69.261700] ? __pfx_idpf_vport_splitq_napi_poll (drivers/net/ethernet/intel/idpf/idpf_txrx.c:4011) idpf\n[ 69.261704] ? idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261708] ? idpf_vport_splitq_napi_poll (drivers/net/ethernet/intel/idpf/idpf_txrx.c:3072) idpf\n[ 69.261712] __napi_poll (net/core/dev.c:7194)\n[ 69.261716] net_rx_action (net/core/dev.c:7265)\n[ 69.261718] ? __qdisc_run (net/sched/sch_generic.c:293)\n[ 69.261721] ? sched_clock (arch/x86/include/asm/preempt.h:84 arch/x86/kernel/tsc.c:288)\n[ 69.261726] handle_softirqs (kernel/softirq.c:561)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21890",
"url": "https://www.suse.com/security/cve/CVE-2025-21890"
},
{
"category": "external",
"summary": "SUSE Bug 1240173 for CVE-2025-21890",
"url": "https://bugzilla.suse.com/1240173"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21890"
},
{
"cve": "CVE-2025-21891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21891"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: ensure network headers are in skb linear part\n\nsyzbot found that ipvlan_process_v6_outbound() was assuming\nthe IPv6 network header isis present in skb-\u003ehead [1]\n\nAdd the needed pskb_network_may_pull() calls for both\nIPv4 and IPv6 handlers.\n\n[1]\nBUG: KMSAN: uninit-value in __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n ipv6_addr_type include/net/ipv6.h:555 [inline]\n ip6_route_output_flags_noref net/ipv6/route.c:2616 [inline]\n ip6_route_output_flags+0x51/0x720 net/ipv6/route.c:2651\n ip6_route_output include/net/ip6_route.h:93 [inline]\n ipvlan_route_v6_outbound+0x24e/0x520 drivers/net/ipvlan/ipvlan_core.c:476\n ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:491 [inline]\n ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:541 [inline]\n ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:605 [inline]\n ipvlan_queue_xmit+0xd72/0x1780 drivers/net/ipvlan/ipvlan_core.c:671\n ipvlan_start_xmit+0x5b/0x210 drivers/net/ipvlan/ipvlan_main.c:223\n __netdev_start_xmit include/linux/netdevice.h:5150 [inline]\n netdev_start_xmit include/linux/netdevice.h:5159 [inline]\n xmit_one net/core/dev.c:3735 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3751\n sch_direct_xmit+0x399/0xd40 net/sched/sch_generic.c:343\n qdisc_restart net/sched/sch_generic.c:408 [inline]\n __qdisc_run+0x14da/0x35d0 net/sched/sch_generic.c:416\n qdisc_run+0x141/0x4d0 include/net/pkt_sched.h:127\n net_tx_action+0x78b/0x940 net/core/dev.c:5484\n handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561\n __do_softirq+0x14/0x1a kernel/softirq.c:595\n do_softirq+0x9a/0x100 kernel/softirq.c:462\n __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:389\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]\n __dev_queue_xmit+0x2758/0x57d0 net/core/dev.c:4611\n dev_queue_xmit include/linux/netdevice.h:3311 [inline]\n packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3132 [inline]\n packet_sendmsg+0x93e0/0xa7e0 net/packet/af_packet.c:3164\n sock_sendmsg_nosec net/socket.c:718 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21891",
"url": "https://www.suse.com/security/cve/CVE-2025-21891"
},
{
"category": "external",
"summary": "SUSE Bug 1240186 for CVE-2025-21891",
"url": "https://bugzilla.suse.com/1240186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21891"
},
{
"cve": "CVE-2025-21892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21892"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix the recovery flow of the UMR QP\n\nThis patch addresses an issue in the recovery flow of the UMR QP,\nensuring tasks do not get stuck, as highlighted by the call trace [1].\n\nDuring recovery, before transitioning the QP to the RESET state, the\nsoftware must wait for all outstanding WRs to complete.\n\nFailing to do so can cause the firmware to skip sending some flushed\nCQEs with errors and simply discard them upon the RESET, as per the IB\nspecification.\n\nThis race condition can result in lost CQEs and tasks becoming stuck.\n\nTo resolve this, the patch sends a final WR which serves only as a\nbarrier before moving the QP state to RESET.\n\nOnce a CQE is received for that final WR, it guarantees that no\noutstanding WRs remain, making it safe to transition the QP to RESET and\nsubsequently back to RTS, restoring proper functionality.\n\nNote:\nFor the barrier WR, we simply reuse the failed and ready WR.\nSince the QP is in an error state, it will only receive\nIB_WC_WR_FLUSH_ERR. However, as it serves only as a barrier we don\u0027t\ncare about its status.\n\n[1]\nINFO: task rdma_resource_l:1922 blocked for more than 120 seconds.\nTainted: G W 6.12.0-rc7+ #1626\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:rdma_resource_l state:D stack:0 pid:1922 tgid:1922 ppid:1369\n flags:0x00004004\nCall Trace:\n\u003cTASK\u003e\n__schedule+0x420/0xd30\nschedule+0x47/0x130\nschedule_timeout+0x280/0x300\n? mark_held_locks+0x48/0x80\n? lockdep_hardirqs_on_prepare+0xe5/0x1a0\nwait_for_completion+0x75/0x130\nmlx5r_umr_post_send_wait+0x3c2/0x5b0 [mlx5_ib]\n? __pfx_mlx5r_umr_done+0x10/0x10 [mlx5_ib]\nmlx5r_umr_revoke_mr+0x93/0xc0 [mlx5_ib]\n__mlx5_ib_dereg_mr+0x299/0x520 [mlx5_ib]\n? _raw_spin_unlock_irq+0x24/0x40\n? wait_for_completion+0xfe/0x130\n? rdma_restrack_put+0x63/0xe0 [ib_core]\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? __lock_acquire+0x64e/0x2080\n? mark_held_locks+0x48/0x80\n? find_held_lock+0x2d/0xa0\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? __fget_files+0xc3/0x1b0\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n__x64_sys_ioctl+0x1b0/0xa70\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f99c918b17b\nRSP: 002b:00007ffc766d0468 EFLAGS: 00000246 ORIG_RAX:\n 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffc766d0578 RCX:\n 00007f99c918b17b\nRDX: 00007ffc766d0560 RSI: 00000000c0181b01 RDI:\n 0000000000000003\nRBP: 00007ffc766d0540 R08: 00007f99c8f99010 R09:\n 000000000000bd7e\nR10: 00007f99c94c1c70 R11: 0000000000000246 R12:\n 00007ffc766d0530\nR13: 000000000000001c R14: 0000000040246a80 R15:\n 0000000000000000\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21892",
"url": "https://www.suse.com/security/cve/CVE-2025-21892"
},
{
"category": "external",
"summary": "SUSE Bug 1240175 for CVE-2025-21892",
"url": "https://bugzilla.suse.com/1240175"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21892"
},
{
"cve": "CVE-2025-21894",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21894"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC\n\nActually ENETC VFs do not support HWTSTAMP_TX_ONESTEP_SYNC because only\nENETC PF can access PMa_SINGLE_STEP registers. And there will be a crash\nif VFs are used to test one-step timestamp, the crash log as follows.\n\n[ 129.110909] Unable to handle kernel paging request at virtual address 00000000000080c0\n[ 129.287769] Call trace:\n[ 129.290219] enetc_port_mac_wr+0x30/0xec (P)\n[ 129.294504] enetc_start_xmit+0xda4/0xe74\n[ 129.298525] enetc_xmit+0x70/0xec\n[ 129.301848] dev_hard_start_xmit+0x98/0x118",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21894",
"url": "https://www.suse.com/security/cve/CVE-2025-21894"
},
{
"category": "external",
"summary": "SUSE Bug 1240581 for CVE-2025-21894",
"url": "https://bugzilla.suse.com/1240581"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21894"
},
{
"cve": "CVE-2025-21895",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21895"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Order the PMU list to fix warning about unordered pmu_ctx_list\n\nSyskaller triggers a warning due to prev_epc-\u003epmu != next_epc-\u003epmu in\nperf_event_swap_task_ctx_data(). vmcore shows that two lists have the same\nperf_event_pmu_context, but not in the same order.\n\nThe problem is that the order of pmu_ctx_list for the parent is impacted by\nthe time when an event/PMU is added. While the order for a child is\nimpacted by the event order in the pinned_groups and flexible_groups. So\nthe order of pmu_ctx_list in the parent and child may be different.\n\nTo fix this problem, insert the perf_event_pmu_context to its proper place\nafter iteration of the pmu_ctx_list.\n\nThe follow testcase can trigger above warning:\n\n # perf record -e cycles --call-graph lbr -- taskset -c 3 ./a.out \u0026\n # perf stat -e cpu-clock,cs -p xxx // xxx is the pid of a.out\n\n test.c\n\n void main() {\n int count = 0;\n pid_t pid;\n\n printf(\"%d running\\n\", getpid());\n sleep(30);\n printf(\"running\\n\");\n\n pid = fork();\n if (pid == -1) {\n printf(\"fork error\\n\");\n return;\n }\n if (pid == 0) {\n while (1) {\n count++;\n }\n } else {\n while (1) {\n count++;\n }\n }\n }\n\nThe testcase first opens an LBR event, so it will allocate task_ctx_data,\nand then open tracepoint and software events, so the parent context will\nhave 3 different perf_event_pmu_contexts. On inheritance, child ctx will\ninsert the perf_event_pmu_context in another order and the warning will\ntrigger.\n\n[ mingo: Tidied up the changelog. ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21895",
"url": "https://www.suse.com/security/cve/CVE-2025-21895"
},
{
"category": "external",
"summary": "SUSE Bug 1240585 for CVE-2025-21895",
"url": "https://bugzilla.suse.com/1240585"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21895"
},
{
"cve": "CVE-2025-21904",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21904"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncaif_virtio: fix wrong pointer check in cfv_probe()\n\ndel_vqs() frees virtqueues, therefore cfv-\u003evq_tx pointer should be checked\nfor NULL before calling it, not cfv-\u003evdev. Also the current implementation\nis redundant because the pointer cfv-\u003evdev is dereferenced before it is\nchecked for NULL.\n\nFix this by checking cfv-\u003evq_tx for NULL instead of cfv-\u003evdev before\ncalling del_vqs().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21904",
"url": "https://www.suse.com/security/cve/CVE-2025-21904"
},
{
"category": "external",
"summary": "SUSE Bug 1240576 for CVE-2025-21904",
"url": "https://bugzilla.suse.com/1240576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21904"
},
{
"cve": "CVE-2025-21905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21905"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: limit printed string from FW file\n\nThere\u0027s no guarantee here that the file is always with a\nNUL-termination, so reading the string may read beyond the\nend of the TLV. If that\u0027s the last TLV in the file, it can\nperhaps even read beyond the end of the file buffer.\n\nFix that by limiting the print format to the size of the\nbuffer we have.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21905",
"url": "https://www.suse.com/security/cve/CVE-2025-21905"
},
{
"category": "external",
"summary": "SUSE Bug 1240575 for CVE-2025-21905",
"url": "https://bugzilla.suse.com/1240575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21905"
},
{
"cve": "CVE-2025-21906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21906"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: clean up ROC on failure\n\nIf the firmware fails to start the session protection, then we\ndo call iwl_mvm_roc_finished() here, but that won\u0027t do anything\nat all because IWL_MVM_STATUS_ROC_P2P_RUNNING was never set.\nSet IWL_MVM_STATUS_ROC_P2P_RUNNING in the failure/stop path.\nIf it started successfully before, it\u0027s already set, so that\ndoesn\u0027t matter, and if it didn\u0027t start it needs to be set to\nclean up.\n\nNot doing so will lead to a WARN_ON() later on a fresh remain-\non-channel, since the link is already active when activated as\nit was never deactivated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21906",
"url": "https://www.suse.com/security/cve/CVE-2025-21906"
},
{
"category": "external",
"summary": "SUSE Bug 1240587 for CVE-2025-21906",
"url": "https://bugzilla.suse.com/1240587"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21906"
},
{
"cve": "CVE-2025-21908",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21908"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: fix nfs_release_folio() to not deadlock via kcompactd writeback\n\nAdd PF_KCOMPACTD flag and current_is_kcompactd() helper to check for it so\nnfs_release_folio() can skip calling nfs_wb_folio() from kcompactd.\n\nOtherwise NFS can deadlock waiting for kcompactd enduced writeback which\nrecurses back to NFS (which triggers writeback to NFSD via NFS loopback\nmount on the same host, NFSD blocks waiting for XFS\u0027s call to\n__filemap_get_folio):\n\n6070.550357] INFO: task kcompactd0:58 blocked for more than 4435 seconds.\n\n{---\n[58] \"kcompactd0\"\n[\u003c0\u003e] folio_wait_bit+0xe8/0x200\n[\u003c0\u003e] folio_wait_writeback+0x2b/0x80\n[\u003c0\u003e] nfs_wb_folio+0x80/0x1b0 [nfs]\n[\u003c0\u003e] nfs_release_folio+0x68/0x130 [nfs]\n[\u003c0\u003e] split_huge_page_to_list_to_order+0x362/0x840\n[\u003c0\u003e] migrate_pages_batch+0x43d/0xb90\n[\u003c0\u003e] migrate_pages_sync+0x9a/0x240\n[\u003c0\u003e] migrate_pages+0x93c/0x9f0\n[\u003c0\u003e] compact_zone+0x8e2/0x1030\n[\u003c0\u003e] compact_node+0xdb/0x120\n[\u003c0\u003e] kcompactd+0x121/0x2e0\n[\u003c0\u003e] kthread+0xcf/0x100\n[\u003c0\u003e] ret_from_fork+0x31/0x40\n[\u003c0\u003e] ret_from_fork_asm+0x1a/0x30\n---}\n\n[akpm@linux-foundation.org: fix build]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21908",
"url": "https://www.suse.com/security/cve/CVE-2025-21908"
},
{
"category": "external",
"summary": "SUSE Bug 1240600 for CVE-2025-21908",
"url": "https://bugzilla.suse.com/1240600"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21908"
},
{
"cve": "CVE-2025-21909",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21909"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: reject cooked mode if it is set along with other flags\n\nIt is possible to set both MONITOR_FLAG_COOK_FRAMES and MONITOR_FLAG_ACTIVE\nflags simultaneously on the same monitor interface from the userspace. This\ncauses a sub-interface to be created with no IEEE80211_SDATA_IN_DRIVER bit\nset because the monitor interface is in the cooked state and it takes\nprecedence over all other states. When the interface is then being deleted\nthe kernel calls WARN_ONCE() from check_sdata_in_driver() because of missing\nthat bit.\n\nFix this by rejecting MONITOR_FLAG_COOK_FRAMES if it is set along with\nother flags.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21909",
"url": "https://www.suse.com/security/cve/CVE-2025-21909"
},
{
"category": "external",
"summary": "SUSE Bug 1240590 for CVE-2025-21909",
"url": "https://bugzilla.suse.com/1240590"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21909"
},
{
"cve": "CVE-2025-21910",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21910"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: regulatory: improve invalid hints checking\n\nSyzbot keeps reporting an issue [1] that occurs when erroneous symbols\nsent from userspace get through into user_alpha2[] via\nregulatory_hint_user() call. Such invalid regulatory hints should be\nrejected.\n\nWhile a sanity check from commit 47caf685a685 (\"cfg80211: regulatory:\nreject invalid hints\") looks to be enough to deter these very cases,\nthere is a way to get around it due to 2 reasons.\n\n1) The way isalpha() works, symbols other than latin lower and\nupper letters may be used to determine a country/domain.\nFor instance, greek letters will also be considered upper/lower\nletters and for such characters isalpha() will return true as well.\nHowever, ISO-3166-1 alpha2 codes should only hold latin\ncharacters.\n\n2) While processing a user regulatory request, between\nreg_process_hint_user() and regulatory_hint_user() there happens to\nbe a call to queue_regulatory_request() which modifies letters in\nrequest-\u003ealpha2[] with toupper(). This works fine for latin symbols,\nless so for weird letter characters from the second part of _ctype[].\n\nSyzbot triggers a warning in is_user_regdom_saved() by first sending\nover an unexpected non-latin letter that gets malformed by toupper()\ninto a character that ends up failing isalpha() check.\n\nPrevent this by enhancing is_an_alpha2() to ensure that incoming\nsymbols are latin letters and nothing else.\n\n[1] Syzbot report:\n------------[ cut here ]------------\nUnexpected user alpha2: A\ufffd\nWARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 is_user_regdom_saved net/wireless/reg.c:440 [inline]\nWARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 restore_alpha2 net/wireless/reg.c:3424 [inline]\nWARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 restore_regulatory_settings+0x3c0/0x1e50 net/wireless/reg.c:3516\nModules linked in:\nCPU: 1 UID: 0 PID: 964 Comm: kworker/1:2 Not tainted 6.12.0-rc5-syzkaller-00044-gc1e939a21eb1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: events_power_efficient crda_timeout_work\nRIP: 0010:is_user_regdom_saved net/wireless/reg.c:440 [inline]\nRIP: 0010:restore_alpha2 net/wireless/reg.c:3424 [inline]\nRIP: 0010:restore_regulatory_settings+0x3c0/0x1e50 net/wireless/reg.c:3516\n...\nCall Trace:\n \u003cTASK\u003e\n crda_timeout_work+0x27/0x50 net/wireless/reg.c:542\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa65/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f2/0x390 kernel/kthread.c:389\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21910",
"url": "https://www.suse.com/security/cve/CVE-2025-21910"
},
{
"category": "external",
"summary": "SUSE Bug 1240583 for CVE-2025-21910",
"url": "https://bugzilla.suse.com/1240583"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21910"
},
{
"cve": "CVE-2025-21912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21912"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: rcar: Use raw_spinlock to protect register access\n\nUse raw_spinlock in order to fix spurious messages about invalid context\nwhen spinlock debugging is enabled. The lock is only used to serialize\nregister access.\n\n [ 4.239592] =============================\n [ 4.239595] [ BUG: Invalid wait context ]\n [ 4.239599] 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35 Not tainted\n [ 4.239603] -----------------------------\n [ 4.239606] kworker/u8:5/76 is trying to lock:\n [ 4.239609] ffff0000091898a0 (\u0026p-\u003elock){....}-{3:3}, at: gpio_rcar_config_interrupt_input_mode+0x34/0x164\n [ 4.239641] other info that might help us debug this:\n [ 4.239643] context-{5:5}\n [ 4.239646] 5 locks held by kworker/u8:5/76:\n [ 4.239651] #0: ffff0000080fb148 ((wq_completion)async){+.+.}-{0:0}, at: process_one_work+0x190/0x62c\n [ 4.250180] OF: /soc/sound@ec500000/ports/port@0/endpoint: Read of boolean property \u0027frame-master\u0027 with a value.\n [ 4.254094] #1: ffff80008299bd80 ((work_completion)(\u0026entry-\u003ework)){+.+.}-{0:0}, at: process_one_work+0x1b8/0x62c\n [ 4.254109] #2: ffff00000920c8f8\n [ 4.258345] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property \u0027bitclock-master\u0027 with a value.\n [ 4.264803] (\u0026dev-\u003emutex){....}-{4:4}, at: __device_attach_async_helper+0x3c/0xdc\n [ 4.264820] #3: ffff00000a50ca40 (request_class#2){+.+.}-{4:4}, at: __setup_irq+0xa0/0x690\n [ 4.264840] #4:\n [ 4.268872] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property \u0027frame-master\u0027 with a value.\n [ 4.273275] ffff00000a50c8c8 (lock_class){....}-{2:2}, at: __setup_irq+0xc4/0x690\n [ 4.296130] renesas_sdhi_internal_dmac ee100000.mmc: mmc1 base at 0x00000000ee100000, max clock rate 200 MHz\n [ 4.304082] stack backtrace:\n [ 4.304086] CPU: 1 UID: 0 PID: 76 Comm: kworker/u8:5 Not tainted 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35\n [ 4.304092] Hardware name: Renesas Salvator-X 2nd version board based on r8a77965 (DT)\n [ 4.304097] Workqueue: async async_run_entry_fn\n [ 4.304106] Call trace:\n [ 4.304110] show_stack+0x14/0x20 (C)\n [ 4.304122] dump_stack_lvl+0x6c/0x90\n [ 4.304131] dump_stack+0x14/0x1c\n [ 4.304138] __lock_acquire+0xdfc/0x1584\n [ 4.426274] lock_acquire+0x1c4/0x33c\n [ 4.429942] _raw_spin_lock_irqsave+0x5c/0x80\n [ 4.434307] gpio_rcar_config_interrupt_input_mode+0x34/0x164\n [ 4.440061] gpio_rcar_irq_set_type+0xd4/0xd8\n [ 4.444422] __irq_set_trigger+0x5c/0x178\n [ 4.448435] __setup_irq+0x2e4/0x690\n [ 4.452012] request_threaded_irq+0xc4/0x190\n [ 4.456285] devm_request_threaded_irq+0x7c/0xf4\n [ 4.459398] ata1: link resume succeeded after 1 retries\n [ 4.460902] mmc_gpiod_request_cd_irq+0x68/0xe0\n [ 4.470660] mmc_start_host+0x50/0xac\n [ 4.474327] mmc_add_host+0x80/0xe4\n [ 4.477817] tmio_mmc_host_probe+0x2b0/0x440\n [ 4.482094] renesas_sdhi_probe+0x488/0x6f4\n [ 4.486281] renesas_sdhi_internal_dmac_probe+0x60/0x78\n [ 4.491509] platform_probe+0x64/0xd8\n [ 4.495178] really_probe+0xb8/0x2a8\n [ 4.498756] __driver_probe_device+0x74/0x118\n [ 4.503116] driver_probe_device+0x3c/0x154\n [ 4.507303] __device_attach_driver+0xd4/0x160\n [ 4.511750] bus_for_each_drv+0x84/0xe0\n [ 4.515588] __device_attach_async_helper+0xb0/0xdc\n [ 4.520470] async_run_entry_fn+0x30/0xd8\n [ 4.524481] process_one_work+0x210/0x62c\n [ 4.528494] worker_thread+0x1ac/0x340\n [ 4.532245] kthread+0x10c/0x110\n [ 4.535476] ret_from_fork+0x10/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21912",
"url": "https://www.suse.com/security/cve/CVE-2025-21912"
},
{
"category": "external",
"summary": "SUSE Bug 1240584 for CVE-2025-21912",
"url": "https://bugzilla.suse.com/1240584"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21912"
},
{
"cve": "CVE-2025-21913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21913"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range()\n\nXen doesn\u0027t offer MSR_FAM10H_MMIO_CONF_BASE to all guests. This results\nin the following warning:\n\n unchecked MSR access error: RDMSR from 0xc0010058 at rIP: 0xffffffff8101d19f (xen_do_read_msr+0x7f/0xa0)\n Call Trace:\n xen_read_msr+0x1e/0x30\n amd_get_mmconfig_range+0x2b/0x80\n quirk_amd_mmconfig_area+0x28/0x100\n pnp_fixup_device+0x39/0x50\n __pnp_add_device+0xf/0x150\n pnp_add_device+0x3d/0x100\n pnpacpi_add_device_handler+0x1f9/0x280\n acpi_ns_get_device_callback+0x104/0x1c0\n acpi_ns_walk_namespace+0x1d0/0x260\n acpi_get_devices+0x8a/0xb0\n pnpacpi_init+0x50/0x80\n do_one_initcall+0x46/0x2e0\n kernel_init_freeable+0x1da/0x2f0\n kernel_init+0x16/0x1b0\n ret_from_fork+0x30/0x50\n ret_from_fork_asm+0x1b/0x30\n\nbased on quirks for a \"PNP0c01\" device. Treating MMCFG as disabled is the\nright course of action, so no change is needed there.\n\nThis was most likely exposed by fixing the Xen MSR accessors to not be\nsilently-safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21913",
"url": "https://www.suse.com/security/cve/CVE-2025-21913"
},
{
"category": "external",
"summary": "SUSE Bug 1240591 for CVE-2025-21913",
"url": "https://bugzilla.suse.com/1240591"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21913"
},
{
"cve": "CVE-2025-21914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21914"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nslimbus: messaging: Free transaction ID in delayed interrupt scenario\n\nIn case of interrupt delay for any reason, slim_do_transfer()\nreturns timeout error but the transaction ID (TID) is not freed.\nThis results into invalid memory access inside\nqcom_slim_ngd_rx_msgq_cb() due to invalid TID.\n\nFix the issue by freeing the TID in slim_do_transfer() before\nreturning timeout error to avoid invalid memory access.\n\nCall trace:\n__memcpy_fromio+0x20/0x190\nqcom_slim_ngd_rx_msgq_cb+0x130/0x290 [slim_qcom_ngd_ctrl]\nvchan_complete+0x2a0/0x4a0\ntasklet_action_common+0x274/0x700\ntasklet_action+0x28/0x3c\n_stext+0x188/0x620\nrun_ksoftirqd+0x34/0x74\nsmpboot_thread_fn+0x1d8/0x464\nkthread+0x178/0x238\nret_from_fork+0x10/0x20\nCode: aa0003e8 91000429 f100044a 3940002b (3800150b)\n---[ end trace 0fe00bec2b975c99 ]---\nKernel panic - not syncing: Oops: Fatal exception in interrupt.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21914",
"url": "https://www.suse.com/security/cve/CVE-2025-21914"
},
{
"category": "external",
"summary": "SUSE Bug 1240595 for CVE-2025-21914",
"url": "https://bugzilla.suse.com/1240595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21914"
},
{
"cve": "CVE-2025-21915",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21915"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncdx: Fix possible UAF error in driver_override_show()\n\nFixed a possible UAF problem in driver_override_show() in drivers/cdx/cdx.c\n\nThis function driver_override_show() is part of DEVICE_ATTR_RW, which\nincludes both driver_override_show() and driver_override_store().\nThese functions can be executed concurrently in sysfs.\n\nThe driver_override_store() function uses driver_set_override() to\nupdate the driver_override value, and driver_set_override() internally\nlocks the device (device_lock(dev)). If driver_override_show() reads\ncdx_dev-\u003edriver_override without locking, it could potentially access\na freed pointer if driver_override_store() frees the string\nconcurrently. This could lead to printing a kernel address, which is a\nsecurity risk since DEVICE_ATTR can be read by all users.\n\nAdditionally, a similar pattern is used in drivers/amba/bus.c, as well\nas many other bus drivers, where device_lock() is taken in the show\nfunction, and it has been working without issues.\n\nThis potential bug was detected by our experimental static analysis\ntool, which analyzes locking APIs and paired functions to identify\ndata races and atomicity violations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21915",
"url": "https://www.suse.com/security/cve/CVE-2025-21915"
},
{
"category": "external",
"summary": "SUSE Bug 1240594 for CVE-2025-21915",
"url": "https://bugzilla.suse.com/1240594"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21915"
},
{
"cve": "CVE-2025-21916",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21916"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: atm: cxacru: fix a flaw in existing endpoint checks\n\nSyzbot once again identified a flaw in usb endpoint checking, see [1].\nThis time the issue stems from a commit authored by me (2eabb655a968\n(\"usb: atm: cxacru: fix endpoint checking in cxacru_bind()\")).\n\nWhile using usb_find_common_endpoints() may usually be enough to\ndiscard devices with wrong endpoints, in this case one needs more\nthan just finding and identifying the sufficient number of endpoints\nof correct types - one needs to check the endpoint\u0027s address as well.\n\nSince cxacru_bind() fills URBs with CXACRU_EP_CMD address in mind,\nswitch the endpoint verification approach to usb_check_XXX_endpoints()\ninstead to fix incomplete ep testing.\n\n[1] Syzbot report:\nusb 5-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 0 PID: 1378 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503\n...\nRIP: 0010:usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503\n...\nCall Trace:\n \u003cTASK\u003e\n cxacru_cm+0x3c8/0xe50 drivers/usb/atm/cxacru.c:649\n cxacru_card_status drivers/usb/atm/cxacru.c:760 [inline]\n cxacru_bind+0xcf9/0x1150 drivers/usb/atm/cxacru.c:1223\n usbatm_usb_probe+0x314/0x1d30 drivers/usb/atm/usbatm.c:1058\n cxacru_usb_probe+0x184/0x220 drivers/usb/atm/cxacru.c:1377\n usb_probe_interface+0x641/0xbb0 drivers/usb/core/driver.c:396\n really_probe+0x2b9/0xad0 drivers/base/dd.c:658\n __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:800\n driver_probe_device+0x50/0x430 drivers/base/dd.c:830\n...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21916",
"url": "https://www.suse.com/security/cve/CVE-2025-21916"
},
{
"category": "external",
"summary": "SUSE Bug 1240582 for CVE-2025-21916",
"url": "https://bugzilla.suse.com/1240582"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21916"
},
{
"cve": "CVE-2025-21917",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21917"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: renesas_usbhs: Flush the notify_hotplug_work\n\nWhen performing continuous unbind/bind operations on the USB drivers\navailable on the Renesas RZ/G2L SoC, a kernel crash with the message\n\"Unable to handle kernel NULL pointer dereference at virtual address\"\nmay occur. This issue points to the usbhsc_notify_hotplug() function.\n\nFlush the delayed work to avoid its execution when driver resources are\nunavailable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21917",
"url": "https://www.suse.com/security/cve/CVE-2025-21917"
},
{
"category": "external",
"summary": "SUSE Bug 1240596 for CVE-2025-21917",
"url": "https://bugzilla.suse.com/1240596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21917"
},
{
"cve": "CVE-2025-21918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21918"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Fix NULL pointer access\n\nResources should be released only after all threads that utilize them\nhave been destroyed.\nThis commit ensures that resources are not released prematurely by waiting\nfor the associated workqueue to complete before deallocating them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21918",
"url": "https://www.suse.com/security/cve/CVE-2025-21918"
},
{
"category": "external",
"summary": "SUSE Bug 1240592 for CVE-2025-21918",
"url": "https://bugzilla.suse.com/1240592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21918"
},
{
"cve": "CVE-2025-21919",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21919"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/fair: Fix potential memory corruption in child_cfs_rq_on_list\n\nchild_cfs_rq_on_list attempts to convert a \u0027prev\u0027 pointer to a cfs_rq.\nThis \u0027prev\u0027 pointer can originate from struct rq\u0027s leaf_cfs_rq_list,\nmaking the conversion invalid and potentially leading to memory\ncorruption. Depending on the relative positions of leaf_cfs_rq_list and\nthe task group (tg) pointer within the struct, this can cause a memory\nfault or access garbage data.\n\nThe issue arises in list_add_leaf_cfs_rq, where both\ncfs_rq-\u003eleaf_cfs_rq_list and rq-\u003eleaf_cfs_rq_list are added to the same\nleaf list. Also, rq-\u003etmp_alone_branch can be set to rq-\u003eleaf_cfs_rq_list.\n\nThis adds a check `if (prev == \u0026rq-\u003eleaf_cfs_rq_list)` after the main\nconditional in child_cfs_rq_on_list. This ensures that the container_of\noperation will convert a correct cfs_rq struct.\n\nThis check is sufficient because only cfs_rqs on the same CPU are added\nto the list, so verifying the \u0027prev\u0027 pointer against the current rq\u0027s list\nhead is enough.\n\nFixes a potential memory corruption issue that due to current struct\nlayout might not be manifesting as a crash but could lead to unpredictable\nbehavior when the layout changes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21919",
"url": "https://www.suse.com/security/cve/CVE-2025-21919"
},
{
"category": "external",
"summary": "SUSE Bug 1240593 for CVE-2025-21919",
"url": "https://bugzilla.suse.com/1240593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21919"
},
{
"cve": "CVE-2025-21922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21922"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: Fix KMSAN uninit-value warning with bpf\n\nSyzbot caught an \"KMSAN: uninit-value\" warning [1], which is caused by the\nppp driver not initializing a 2-byte header when using socket filter.\n\nThe following code can generate a PPP filter BPF program:\n\u0027\u0027\u0027\nstruct bpf_program fp;\npcap_t *handle;\nhandle = pcap_open_dead(DLT_PPP_PPPD, 65535);\npcap_compile(handle, \u0026fp, \"ip and outbound\", 0, 0);\nbpf_dump(\u0026fp, 1);\n\u0027\u0027\u0027\nIts output is:\n\u0027\u0027\u0027\n(000) ldh [2]\n(001) jeq #0x21 jt 2 jf 5\n(002) ldb [0]\n(003) jeq #0x1 jt 4 jf 5\n(004) ret #65535\n(005) ret #0\n\u0027\u0027\u0027\nWen can find similar code at the following link:\nhttps://github.com/ppp-project/ppp/blob/master/pppd/options.c#L1680\nThe maintainer of this code repository is also the original maintainer\nof the ppp driver.\n\nAs you can see the BPF program skips 2 bytes of data and then reads the\n\u0027Protocol\u0027 field to determine if it\u0027s an IP packet. Then it read the first\nbyte of the first 2 bytes to determine the direction.\n\nThe issue is that only the first byte indicating direction is initialized\nin current ppp driver code while the second byte is not initialized.\n\nFor normal BPF programs generated by libpcap, uninitialized data won\u0027t be\nused, so it\u0027s not a problem. However, for carefully crafted BPF programs,\nsuch as those generated by syzkaller [2], which start reading from offset\n0, the uninitialized data will be used and caught by KMSAN.\n\n[1] https://syzkaller.appspot.com/bug?extid=853242d9c9917165d791\n[2] https://syzkaller.appspot.com/text?tag=ReproC\u0026x=11994913980000",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21922",
"url": "https://www.suse.com/security/cve/CVE-2025-21922"
},
{
"category": "external",
"summary": "SUSE Bug 1240639 for CVE-2025-21922",
"url": "https://bugzilla.suse.com/1240639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21922"
},
{
"cve": "CVE-2025-21923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21923"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-steam: Fix use-after-free when detaching device\n\nWhen a hid-steam device is removed it must clean up the client_hdev used for\nintercepting hidraw access. This can lead to scheduling deferred work to\nreattach the input device. Though the cleanup cancels the deferred work, this\nwas done before the client_hdev itself is cleaned up, so it gets rescheduled.\nThis patch fixes the ordering to make sure the deferred work is properly\ncanceled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21923",
"url": "https://www.suse.com/security/cve/CVE-2025-21923"
},
{
"category": "external",
"summary": "SUSE Bug 1240691 for CVE-2025-21923",
"url": "https://bugzilla.suse.com/1240691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21923"
},
{
"cve": "CVE-2025-21924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error\n\nDuring the initialization of ptp, hclge_ptp_get_cycle might return an error\nand returned directly without unregister clock and free it. To avoid that,\ncall hclge_ptp_destroy_clock to unregist and free clock if\nhclge_ptp_get_cycle failed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21924",
"url": "https://www.suse.com/security/cve/CVE-2025-21924"
},
{
"category": "external",
"summary": "SUSE Bug 1240720 for CVE-2025-21924",
"url": "https://bugzilla.suse.com/1240720"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21924"
},
{
"cve": "CVE-2025-21925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nllc: do not use skb_get() before dev_queue_xmit()\n\nsyzbot is able to crash hosts [1], using llc and devices\nnot supporting IFF_TX_SKB_SHARING.\n\nIn this case, e1000 driver calls eth_skb_pad(), while\nthe skb is shared.\n\nSimply replace skb_get() by skb_clone() in net/llc/llc_s_ac.c\n\nNote that e1000 driver might have an issue with pktgen,\nbecause it does not clear IFF_TX_SKB_SHARING, this is an\northogonal change.\n\nWe need to audit other skb_get() uses in net/llc.\n\n[1]\n\nkernel BUG at net/core/skbuff.c:2178 !\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 16371 Comm: syz.2.2764 Not tainted 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:pskb_expand_head+0x6ce/0x1240 net/core/skbuff.c:2178\nCall Trace:\n \u003cTASK\u003e\n __skb_pad+0x18a/0x610 net/core/skbuff.c:2466\n __skb_put_padto include/linux/skbuff.h:3843 [inline]\n skb_put_padto include/linux/skbuff.h:3862 [inline]\n eth_skb_pad include/linux/etherdevice.h:656 [inline]\n e1000_xmit_frame+0x2d99/0x5800 drivers/net/ethernet/intel/e1000/e1000_main.c:3128\n __netdev_start_xmit include/linux/netdevice.h:5151 [inline]\n netdev_start_xmit include/linux/netdevice.h:5160 [inline]\n xmit_one net/core/dev.c:3806 [inline]\n dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3822\n sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343\n __dev_xmit_skb net/core/dev.c:4045 [inline]\n __dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4621\n dev_queue_xmit include/linux/netdevice.h:3313 [inline]\n llc_sap_action_send_test_c+0x268/0x320 net/llc/llc_s_ac.c:144\n llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline]\n llc_sap_next_state net/llc/llc_sap.c:182 [inline]\n llc_sap_state_process+0x239/0x510 net/llc/llc_sap.c:209\n llc_ui_sendmsg+0xd0d/0x14e0 net/llc/af_llc.c:993\n sock_sendmsg_nosec net/socket.c:718 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21925",
"url": "https://www.suse.com/security/cve/CVE-2025-21925"
},
{
"category": "external",
"summary": "SUSE Bug 1240713 for CVE-2025-21925",
"url": "https://bugzilla.suse.com/1240713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21925"
},
{
"cve": "CVE-2025-21926",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21926"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gso: fix ownership in __udp_gso_segment\n\nIn __udp_gso_segment the skb destructor is removed before segmenting the\nskb but the socket reference is kept as-is. This is an issue if the\noriginal skb is later orphaned as we can hit the following bug:\n\n kernel BUG at ./include/linux/skbuff.h:3312! (skb_orphan)\n RIP: 0010:ip_rcv_core+0x8b2/0xca0\n Call Trace:\n ip_rcv+0xab/0x6e0\n __netif_receive_skb_one_core+0x168/0x1b0\n process_backlog+0x384/0x1100\n __napi_poll.constprop.0+0xa1/0x370\n net_rx_action+0x925/0xe50\n\nThe above can happen following a sequence of events when using\nOpenVSwitch, when an OVS_ACTION_ATTR_USERSPACE action precedes an\nOVS_ACTION_ATTR_OUTPUT action:\n\n1. OVS_ACTION_ATTR_USERSPACE is handled (in do_execute_actions): the skb\n goes through queue_gso_packets and then __udp_gso_segment, where its\n destructor is removed.\n2. The segments\u0027 data are copied and sent to userspace.\n3. OVS_ACTION_ATTR_OUTPUT is handled (in do_execute_actions) and the\n same original skb is sent to its path.\n4. If it later hits skb_orphan, we hit the bug.\n\nFix this by also removing the reference to the socket in\n__udp_gso_segment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21926",
"url": "https://www.suse.com/security/cve/CVE-2025-21926"
},
{
"category": "external",
"summary": "SUSE Bug 1240712 for CVE-2025-21926",
"url": "https://bugzilla.suse.com/1240712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21926"
},
{
"cve": "CVE-2025-21927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()\n\nnvme_tcp_recv_pdu() doesn\u0027t check the validity of the header length.\nWhen header digests are enabled, a target might send a packet with an\ninvalid header length (e.g. 255), causing nvme_tcp_verify_hdgst()\nto access memory outside the allocated area and cause memory corruptions\nby overwriting it with the calculated digest.\n\nFix this by rejecting packets with an unexpected header length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21927",
"url": "https://www.suse.com/security/cve/CVE-2025-21927"
},
{
"category": "external",
"summary": "SUSE Bug 1240714 for CVE-2025-21927",
"url": "https://bugzilla.suse.com/1240714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21927"
},
{
"cve": "CVE-2025-21928",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21928"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()\n\nThe system can experience a random crash a few minutes after the driver is\nremoved. This issue occurs due to improper handling of memory freeing in\nthe ishtp_hid_remove() function.\n\nThe function currently frees the `driver_data` directly within the loop\nthat destroys the HID devices, which can lead to accessing freed memory.\nSpecifically, `hid_destroy_device()` uses `driver_data` when it calls\n`hid_ishtp_set_feature()` to power off the sensor, so freeing\n`driver_data` beforehand can result in accessing invalid memory.\n\nThis patch resolves the issue by storing the `driver_data` in a temporary\nvariable before calling `hid_destroy_device()`, and then freeing the\n`driver_data` after the device is destroyed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21928",
"url": "https://www.suse.com/security/cve/CVE-2025-21928"
},
{
"category": "external",
"summary": "SUSE Bug 1240722 for CVE-2025-21928",
"url": "https://bugzilla.suse.com/1240722"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21928"
},
{
"cve": "CVE-2025-21930",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21930"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don\u0027t try to talk to a dead firmware\n\nThis fixes:\n\n bad state = 0\n WARNING: CPU: 10 PID: 702 at drivers/net/wireless/inel/iwlwifi/iwl-trans.c:178 iwl_trans_send_cmd+0xba/0xe0 [iwlwifi]\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0xca/0x1c0\n ? iwl_trans_send_cmd+0xba/0xe0 [iwlwifi 64fa9ad799a0e0d2ba53d4af93a53ad9a531f8d4]\n iwl_fw_dbg_clear_monitor_buf+0xd7/0x110 [iwlwifi 64fa9ad799a0e0d2ba53d4af93a53ad9a531f8d4]\n _iwl_dbgfs_fw_dbg_clear_write+0xe2/0x120 [iwlmvm 0e8adb18cea92d2c341766bcc10b18699290068a]\n\nAsk whether the firmware is alive before sending a command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21930",
"url": "https://www.suse.com/security/cve/CVE-2025-21930"
},
{
"category": "external",
"summary": "SUSE Bug 1240715 for CVE-2025-21930",
"url": "https://bugzilla.suse.com/1240715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21930"
},
{
"cve": "CVE-2025-21931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21931"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio\n\nCommit b15c87263a69 (\"hwpoison, memory_hotplug: allow hwpoisoned pages to\nbe offlined) add page poison checks in do_migrate_range in order to make\noffline hwpoisoned page possible by introducing isolate_lru_page and\ntry_to_unmap for hwpoisoned page. However folio lock must be held before\ncalling try_to_unmap. Add it to fix this problem.\n\nWarning will be produced if folio is not locked during unmap:\n\n ------------[ cut here ]------------\n kernel BUG at ./include/linux/swapops.h:400!\n Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n Modules linked in:\n CPU: 4 UID: 0 PID: 411 Comm: bash Tainted: G W 6.13.0-rc1-00016-g3c434c7ee82a-dirty #41\n Tainted: [W]=WARN\n Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015\n pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : try_to_unmap_one+0xb08/0xd3c\n lr : try_to_unmap_one+0x3dc/0xd3c\n Call trace:\n try_to_unmap_one+0xb08/0xd3c (P)\n try_to_unmap_one+0x3dc/0xd3c (L)\n rmap_walk_anon+0xdc/0x1f8\n rmap_walk+0x3c/0x58\n try_to_unmap+0x88/0x90\n unmap_poisoned_folio+0x30/0xa8\n do_migrate_range+0x4a0/0x568\n offline_pages+0x5a4/0x670\n memory_block_action+0x17c/0x374\n memory_subsys_offline+0x3c/0x78\n device_offline+0xa4/0xd0\n state_store+0x8c/0xf0\n dev_attr_store+0x18/0x2c\n sysfs_kf_write+0x44/0x54\n kernfs_fop_write_iter+0x118/0x1a8\n vfs_write+0x3a8/0x4bc\n ksys_write+0x6c/0xf8\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x44/0x100\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x30/0xd0\n el0t_64_sync_handler+0xc8/0xcc\n el0t_64_sync+0x198/0x19c\n Code: f9407be0 b5fff320 d4210000 17ffff97 (d4210000)\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21931",
"url": "https://www.suse.com/security/cve/CVE-2025-21931"
},
{
"category": "external",
"summary": "SUSE Bug 1240709 for CVE-2025-21931",
"url": "https://bugzilla.suse.com/1240709"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21931"
},
{
"cve": "CVE-2025-21934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21934"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrapidio: fix an API misues when rio_add_net() fails\n\nrio_add_net() calls device_register() and fails when device_register()\nfails. Thus, put_device() should be used rather than kfree(). Add\n\"mport-\u003enet = NULL;\" to avoid a use after free issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21934",
"url": "https://www.suse.com/security/cve/CVE-2025-21934"
},
{
"category": "external",
"summary": "SUSE Bug 1240708 for CVE-2025-21934",
"url": "https://bugzilla.suse.com/1240708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21934"
},
{
"cve": "CVE-2025-21935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21935"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrapidio: add check for rio_add_net() in rio_scan_alloc_net()\n\nThe return value of rio_add_net() should be checked. If it fails,\nput_device() should be called to free the memory and give up the reference\ninitialized in rio_add_net().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21935",
"url": "https://www.suse.com/security/cve/CVE-2025-21935"
},
{
"category": "external",
"summary": "SUSE Bug 1240700 for CVE-2025-21935",
"url": "https://bugzilla.suse.com/1240700"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21935"
},
{
"cve": "CVE-2025-21936",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21936"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected()\n\nAdd check for the return value of mgmt_alloc_skb() in\nmgmt_device_connected() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21936",
"url": "https://www.suse.com/security/cve/CVE-2025-21936"
},
{
"category": "external",
"summary": "SUSE Bug 1240716 for CVE-2025-21936",
"url": "https://bugzilla.suse.com/1240716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21936"
},
{
"cve": "CVE-2025-21937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21937"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name()\n\nAdd check for the return value of mgmt_alloc_skb() in\nmgmt_remote_name() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21937",
"url": "https://www.suse.com/security/cve/CVE-2025-21937"
},
{
"category": "external",
"summary": "SUSE Bug 1240643 for CVE-2025-21937",
"url": "https://bugzilla.suse.com/1240643"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21937"
},
{
"cve": "CVE-2025-21941",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21941"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in resource_build_scaling_params\n\nNull pointer dereference issue could occur when pipe_ctx-\u003eplane_state\nis null. The fix adds a check to ensure \u0027pipe_ctx-\u003eplane_state\u0027 is not\nnull before accessing. This prevents a null pointer dereference.\n\nFound by code review.\n\n(cherry picked from commit 63e6a77ccf239337baa9b1e7787cde9fa0462092)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21941",
"url": "https://www.suse.com/security/cve/CVE-2025-21941"
},
{
"category": "external",
"summary": "SUSE Bug 1240701 for CVE-2025-21941",
"url": "https://bugzilla.suse.com/1240701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21941"
},
{
"cve": "CVE-2025-21943",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21943"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: aggregator: protect driver attr handlers against module unload\n\nBoth new_device_store and delete_device_store touch module global\nresources (e.g. gpio_aggregator_lock). To prevent race conditions with\nmodule unload, a reference needs to be held.\n\nAdd try_module_get() in these handlers.\n\nFor new_device_store, this eliminates what appears to be the most dangerous\nscenario: if an id is allocated from gpio_aggregator_idr but\nplatform_device_register has not yet been called or completed, a concurrent\nmodule unload could fail to unregister/delete the device, leaving behind a\ndangling platform device/GPIO forwarder. This can result in various issues.\nThe following simple reproducer demonstrates these problems:\n\n #!/bin/bash\n while :; do\n # note: whether \u0027gpiochip0 0\u0027 exists or not does not matter.\n echo \u0027gpiochip0 0\u0027 \u003e /sys/bus/platform/drivers/gpio-aggregator/new_device\n done \u0026\n while :; do\n modprobe gpio-aggregator\n modprobe -r gpio-aggregator\n done \u0026\n wait\n\n Starting with the following warning, several kinds of warnings will appear\n and the system may become unstable:\n\n ------------[ cut here ]------------\n list_del corruption, ffff888103e2e980-\u003enext is LIST_POISON1 (dead000000000100)\n WARNING: CPU: 1 PID: 1327 at lib/list_debug.c:56 __list_del_entry_valid_or_report+0xa3/0x120\n [...]\n RIP: 0010:__list_del_entry_valid_or_report+0xa3/0x120\n [...]\n Call Trace:\n \u003cTASK\u003e\n ? __list_del_entry_valid_or_report+0xa3/0x120\n ? __warn.cold+0x93/0xf2\n ? __list_del_entry_valid_or_report+0xa3/0x120\n ? report_bug+0xe6/0x170\n ? __irq_work_queue_local+0x39/0xe0\n ? handle_bug+0x58/0x90\n ? exc_invalid_op+0x13/0x60\n ? asm_exc_invalid_op+0x16/0x20\n ? __list_del_entry_valid_or_report+0xa3/0x120\n gpiod_remove_lookup_table+0x22/0x60\n new_device_store+0x315/0x350 [gpio_aggregator]\n kernfs_fop_write_iter+0x137/0x1f0\n vfs_write+0x262/0x430\n ksys_write+0x60/0xd0\n do_syscall_64+0x6c/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21943",
"url": "https://www.suse.com/security/cve/CVE-2025-21943"
},
{
"category": "external",
"summary": "SUSE Bug 1240647 for CVE-2025-21943",
"url": "https://bugzilla.suse.com/1240647"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21943"
},
{
"cve": "CVE-2025-21948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: appleir: Fix potential NULL dereference at raw event handle\n\nSyzkaller reports a NULL pointer dereference issue in input_event().\n\nBUG: KASAN: null-ptr-deref in instrument_atomic_read include/linux/instrumented.h:68 [inline]\nBUG: KASAN: null-ptr-deref in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\nBUG: KASAN: null-ptr-deref in is_event_supported drivers/input/input.c:67 [inline]\nBUG: KASAN: null-ptr-deref in input_event+0x42/0xa0 drivers/input/input.c:395\nRead of size 8 at addr 0000000000000028 by task syz-executor199/2949\n\nCPU: 0 UID: 0 PID: 2949 Comm: syz-executor199 Not tainted 6.13.0-rc4-syzkaller-00076-gf097a36ef88d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n kasan_report+0xd9/0x110 mm/kasan/report.c:602\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189\n instrument_atomic_read include/linux/instrumented.h:68 [inline]\n _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\n is_event_supported drivers/input/input.c:67 [inline]\n input_event+0x42/0xa0 drivers/input/input.c:395\n input_report_key include/linux/input.h:439 [inline]\n key_down drivers/hid/hid-appleir.c:159 [inline]\n appleir_raw_event+0x3e5/0x5e0 drivers/hid/hid-appleir.c:232\n __hid_input_report.constprop.0+0x312/0x440 drivers/hid/hid-core.c:2111\n hid_ctrl+0x49f/0x550 drivers/hid/usbhid/hid-core.c:484\n __usb_hcd_giveback_urb+0x389/0x6e0 drivers/usb/core/hcd.c:1650\n usb_hcd_giveback_urb+0x396/0x450 drivers/usb/core/hcd.c:1734\n dummy_timer+0x17f7/0x3960 drivers/usb/gadget/udc/dummy_hcd.c:1993\n __run_hrtimer kernel/time/hrtimer.c:1739 [inline]\n __hrtimer_run_queues+0x20a/0xae0 kernel/time/hrtimer.c:1803\n hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1820\n handle_softirqs+0x206/0x8d0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xfa/0x160 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1049\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702\n __mod_timer+0x8f6/0xdc0 kernel/time/timer.c:1185\n add_timer+0x62/0x90 kernel/time/timer.c:1295\n schedule_timeout+0x11f/0x280 kernel/time/sleep_timeout.c:98\n usbhid_wait_io+0x1c7/0x380 drivers/hid/usbhid/hid-core.c:645\n usbhid_init_reports+0x19f/0x390 drivers/hid/usbhid/hid-core.c:784\n hiddev_ioctl+0x1133/0x15b0 drivers/hid/usbhid/hiddev.c:794\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl fs/ioctl.c:892 [inline]\n __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nThis happens due to the malformed report items sent by the emulated device\nwhich results in a report, that has no fields, being added to the report list.\nDue to this appleir_input_configured() is never called, hidinput_connect()\nfails which results in the HID_CLAIMED_INPUT flag is not being set. However,\nit does not make appleir_probe() fail and lets the event callback to be\ncalled without the associated input device.\n\nThus, add a check for the HID_CLAIMED_INPUT flag and leave the event hook\nearly if the driver didn\u0027t claim any input_dev for some reason. Moreover,\nsome other hid drivers accessing input_dev in their event callbacks do have\nsimilar checks, too.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21948",
"url": "https://www.suse.com/security/cve/CVE-2025-21948"
},
{
"category": "external",
"summary": "SUSE Bug 1240703 for CVE-2025-21948",
"url": "https://bugzilla.suse.com/1240703"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21948"
},
{
"cve": "CVE-2025-21950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21950"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl\n\nIn the \"pmcmd_ioctl\" function, three memory objects allocated by\nkmalloc are initialized by \"hcall_get_cpu_state\", which are then\ncopied to user space. The initializer is indeed implemented in\n\"acrn_hypercall2\" (arch/x86/include/asm/acrn.h). There is a risk of\ninformation leakage due to uninitialized bytes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21950",
"url": "https://www.suse.com/security/cve/CVE-2025-21950"
},
{
"category": "external",
"summary": "SUSE Bug 1240719 for CVE-2025-21950",
"url": "https://bugzilla.suse.com/1240719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21950"
},
{
"cve": "CVE-2025-21951",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21951"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock\n\nThere are multiple places from where the recovery work gets scheduled\nasynchronously. Also, there are multiple places where the caller waits\nsynchronously for the recovery to be completed. One such place is during\nthe PM shutdown() callback.\n\nIf the device is not alive during recovery_work, it will try to reset the\ndevice using pci_reset_function(). This function internally will take the\ndevice_lock() first before resetting the device. By this time, if the lock\nhas already been acquired, then recovery_work will get stalled while\nwaiting for the lock. And if the lock was already acquired by the caller\nwhich waits for the recovery_work to be completed, it will lead to\ndeadlock.\n\nThis is what happened on the X1E80100 CRD device when the device died\nbefore shutdown() callback. Driver core calls the driver\u0027s shutdown()\ncallback while holding the device_lock() leading to deadlock.\n\nAnd this deadlock scenario can occur on other paths as well, like during\nthe PM suspend() callback, where the driver core would hold the\ndevice_lock() before calling driver\u0027s suspend() callback. And if the\nrecovery_work was already started, it could lead to deadlock. This is also\nobserved on the X1E80100 CRD.\n\nSo to fix both issues, use pci_try_reset_function() in recovery_work. This\nfunction first checks for the availability of the device_lock() before\ntrying to reset the device. If the lock is available, it will acquire it\nand reset the device. Otherwise, it will return -EAGAIN. If that happens,\nrecovery_work will fail with the error message \"Recovery failed\" as not\nmuch could be done.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21951",
"url": "https://www.suse.com/security/cve/CVE-2025-21951"
},
{
"category": "external",
"summary": "SUSE Bug 1240718 for CVE-2025-21951",
"url": "https://bugzilla.suse.com/1240718"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21951"
},
{
"cve": "CVE-2025-21953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21953"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: cleanup mana struct after debugfs_remove()\n\nWhen on a MANA VM hibernation is triggered, as part of hibernate_snapshot(),\nmana_gd_suspend() and mana_gd_resume() are called. If during this\nmana_gd_resume(), a failure occurs with HWC creation, mana_port_debugfs\npointer does not get reinitialized and ends up pointing to older,\ncleaned-up dentry.\nFurther in the hibernation path, as part of power_down(), mana_gd_shutdown()\nis triggered. This call, unaware of the failures in resume, tries to cleanup\nthe already cleaned up mana_port_debugfs value and hits the following bug:\n\n[ 191.359296] mana 7870:00:00.0: Shutdown was called\n[ 191.359918] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[ 191.360584] #PF: supervisor write access in kernel mode\n[ 191.361125] #PF: error_code(0x0002) - not-present page\n[ 191.361727] PGD 1080ea067 P4D 0\n[ 191.362172] Oops: Oops: 0002 [#1] SMP NOPTI\n[ 191.362606] CPU: 11 UID: 0 PID: 1674 Comm: bash Not tainted 6.14.0-rc5+ #2\n[ 191.363292] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024\n[ 191.364124] RIP: 0010:down_write+0x19/0x50\n[ 191.364537] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 53 48 89 fb e8 de cd ff ff 31 c0 ba 01 00 00 00 \u003cf0\u003e 48 0f b1 13 75 16 65 48 8b 05 88 24 4c 6a 48 89 43 08 48 8b 5d\n[ 191.365867] RSP: 0000:ff45fbe0c1c037b8 EFLAGS: 00010246\n[ 191.366350] RAX: 0000000000000000 RBX: 0000000000000098 RCX: ffffff8100000000\n[ 191.366951] RDX: 0000000000000001 RSI: 0000000000000064 RDI: 0000000000000098\n[ 191.367600] RBP: ff45fbe0c1c037c0 R08: 0000000000000000 R09: 0000000000000001\n[ 191.368225] R10: ff45fbe0d2b01000 R11: 0000000000000008 R12: 0000000000000000\n[ 191.368874] R13: 000000000000000b R14: ff43dc27509d67c0 R15: 0000000000000020\n[ 191.369549] FS: 00007dbc5001e740(0000) GS:ff43dc663f380000(0000) knlGS:0000000000000000\n[ 191.370213] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 191.370830] CR2: 0000000000000098 CR3: 0000000168e8e002 CR4: 0000000000b73ef0\n[ 191.371557] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 191.372192] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n[ 191.372906] Call Trace:\n[ 191.373262] \u003cTASK\u003e\n[ 191.373621] ? show_regs+0x64/0x70\n[ 191.374040] ? __die+0x24/0x70\n[ 191.374468] ? page_fault_oops+0x290/0x5b0\n[ 191.374875] ? do_user_addr_fault+0x448/0x800\n[ 191.375357] ? exc_page_fault+0x7a/0x160\n[ 191.375971] ? asm_exc_page_fault+0x27/0x30\n[ 191.376416] ? down_write+0x19/0x50\n[ 191.376832] ? down_write+0x12/0x50\n[ 191.377232] simple_recursive_removal+0x4a/0x2a0\n[ 191.377679] ? __pfx_remove_one+0x10/0x10\n[ 191.378088] debugfs_remove+0x44/0x70\n[ 191.378530] mana_detach+0x17c/0x4f0\n[ 191.378950] ? __flush_work+0x1e2/0x3b0\n[ 191.379362] ? __cond_resched+0x1a/0x50\n[ 191.379787] mana_remove+0xf2/0x1a0\n[ 191.380193] mana_gd_shutdown+0x3b/0x70\n[ 191.380642] pci_device_shutdown+0x3a/0x80\n[ 191.381063] device_shutdown+0x13e/0x230\n[ 191.381480] kernel_power_off+0x35/0x80\n[ 191.381890] hibernate+0x3c6/0x470\n[ 191.382312] state_store+0xcb/0xd0\n[ 191.382734] kobj_attr_store+0x12/0x30\n[ 191.383211] sysfs_kf_write+0x3e/0x50\n[ 191.383640] kernfs_fop_write_iter+0x140/0x1d0\n[ 191.384106] vfs_write+0x271/0x440\n[ 191.384521] ksys_write+0x72/0xf0\n[ 191.384924] __x64_sys_write+0x19/0x20\n[ 191.385313] x64_sys_call+0x2b0/0x20b0\n[ 191.385736] do_syscall_64+0x79/0x150\n[ 191.386146] ? __mod_memcg_lruvec_state+0xe7/0x240\n[ 191.386676] ? __lruvec_stat_mod_folio+0x79/0xb0\n[ 191.387124] ? __pfx_lru_add+0x10/0x10\n[ 191.387515] ? queued_spin_unlock+0x9/0x10\n[ 191.387937] ? do_anonymous_page+0x33c/0xa00\n[ 191.388374] ? __handle_mm_fault+0xcf3/0x1210\n[ 191.388805] ? __count_memcg_events+0xbe/0x180\n[ 191.389235] ? handle_mm_fault+0xae/0x300\n[ 19\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21953",
"url": "https://www.suse.com/security/cve/CVE-2025-21953"
},
{
"category": "external",
"summary": "SUSE Bug 1240727 for CVE-2025-21953",
"url": "https://bugzilla.suse.com/1240727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21953"
},
{
"cve": "CVE-2025-21956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21956"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Assign normalized_pix_clk when color depth = 14\n\n[WHY \u0026 HOW]\nA warning message \"WARNING: CPU: 4 PID: 459 at ... /dc_resource.c:3397\ncalculate_phy_pix_clks+0xef/0x100 [amdgpu]\" occurs because the\ndisplay_color_depth == COLOR_DEPTH_141414 is not handled. This is\nobserved in Radeon RX 6600 XT.\n\nIt is fixed by assigning pix_clk * (14 * 3) / 24 - same as the rests.\n\nAlso fixes the indentation in get_norm_pix_clk.\n\n(cherry picked from commit 274a87eb389f58eddcbc5659ab0b180b37e92775)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21956",
"url": "https://www.suse.com/security/cve/CVE-2025-21956"
},
{
"category": "external",
"summary": "SUSE Bug 1240739 for CVE-2025-21956",
"url": "https://bugzilla.suse.com/1240739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21956"
},
{
"cve": "CVE-2025-21957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21957"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla1280: Fix kernel oops when debug level \u003e 2\n\nA null dereference or oops exception will eventually occur when qla1280.c\ndriver is compiled with DEBUG_QLA1280 enabled and ql_debug_level \u003e 2. I\nthink its clear from the code that the intention here is sg_dma_len(s) not\nlength of sg_next(s) when printing the debug info.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21957",
"url": "https://www.suse.com/security/cve/CVE-2025-21957"
},
{
"category": "external",
"summary": "SUSE Bug 1240742 for CVE-2025-21957",
"url": "https://bugzilla.suse.com/1240742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21957"
},
{
"cve": "CVE-2025-21960",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21960"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neth: bnxt: do not update checksum in bnxt_xdp_build_skb()\n\nThe bnxt_rx_pkt() updates ip_summed value at the end if checksum offload\nis enabled.\nWhen the XDP-MB program is attached and it returns XDP_PASS, the\nbnxt_xdp_build_skb() is called to update skb_shared_info.\nThe main purpose of bnxt_xdp_build_skb() is to update skb_shared_info,\nbut it updates ip_summed value too if checksum offload is enabled.\nThis is actually duplicate work.\n\nWhen the bnxt_rx_pkt() updates ip_summed value, it checks if ip_summed\nis CHECKSUM_NONE or not.\nIt means that ip_summed should be CHECKSUM_NONE at this moment.\nBut ip_summed may already be updated to CHECKSUM_UNNECESSARY in the\nXDP-MB-PASS path.\nSo the by skb_checksum_none_assert() WARNS about it.\n\nThis is duplicate work and updating ip_summed in the\nbnxt_xdp_build_skb() is not needed.\n\nSplat looks like:\nWARNING: CPU: 3 PID: 5782 at ./include/linux/skbuff.h:5155 bnxt_rx_pkt+0x479b/0x7610 [bnxt_en]\nModules linked in: bnxt_re bnxt_en rdma_ucm rdma_cm iw_cm ib_cm ib_uverbs veth xt_nat xt_tcpudp xt_conntrack nft_chain_nat xt_MASQUERADE nf_]\nCPU: 3 UID: 0 PID: 5782 Comm: socat Tainted: G W 6.14.0-rc4+ #27\nTainted: [W]=WARN\nHardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021\nRIP: 0010:bnxt_rx_pkt+0x479b/0x7610 [bnxt_en]\nCode: 54 24 0c 4c 89 f1 4c 89 ff c1 ea 1f ff d3 0f 1f 00 49 89 c6 48 85 c0 0f 84 4c e5 ff ff 48 89 c7 e8 ca 3d a0 c8 e9 8f f4 ff ff \u003c0f\u003e 0b f\nRSP: 0018:ffff88881ba09928 EFLAGS: 00010202\nRAX: 0000000000000000 RBX: 00000000c7590303 RCX: 0000000000000000\nRDX: 1ffff1104e7d1610 RSI: 0000000000000001 RDI: ffff8881c91300b8\nRBP: ffff88881ba09b28 R08: ffff888273e8b0d0 R09: ffff888273e8b070\nR10: ffff888273e8b010 R11: ffff888278b0f000 R12: ffff888273e8b080\nR13: ffff8881c9130e00 R14: ffff8881505d3800 R15: ffff888273e8b000\nFS: 00007f5a2e7be080(0000) GS:ffff88881ba00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fff2e708ff8 CR3: 000000013e3b0000 CR4: 00000000007506f0\nPKRU: 55555554\nCall Trace:\n \u003cIRQ\u003e\n ? __warn+0xcd/0x2f0\n ? bnxt_rx_pkt+0x479b/0x7610\n ? report_bug+0x326/0x3c0\n ? handle_bug+0x53/0xa0\n ? exc_invalid_op+0x14/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? bnxt_rx_pkt+0x479b/0x7610\n ? bnxt_rx_pkt+0x3e41/0x7610\n ? __pfx_bnxt_rx_pkt+0x10/0x10\n ? napi_complete_done+0x2cf/0x7d0\n __bnxt_poll_work+0x4e8/0x1220\n ? __pfx___bnxt_poll_work+0x10/0x10\n ? __pfx_mark_lock.part.0+0x10/0x10\n bnxt_poll_p5+0x36a/0xfa0\n ? __pfx_bnxt_poll_p5+0x10/0x10\n __napi_poll.constprop.0+0xa0/0x440\n net_rx_action+0x899/0xd00\n...\n\nFollowing ping.py patch adds xdp-mb-pass case. so ping.py is going\nto be able to reproduce this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21960",
"url": "https://www.suse.com/security/cve/CVE-2025-21960"
},
{
"category": "external",
"summary": "SUSE Bug 1240815 for CVE-2025-21960",
"url": "https://bugzilla.suse.com/1240815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21960"
},
{
"cve": "CVE-2025-21961",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21961"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neth: bnxt: fix truesize for mb-xdp-pass case\n\nWhen mb-xdp is set and return is XDP_PASS, packet is converted from\nxdp_buff to sk_buff with xdp_update_skb_shared_info() in\nbnxt_xdp_build_skb().\nbnxt_xdp_build_skb() passes incorrect truesize argument to\nxdp_update_skb_shared_info().\nThe truesize is calculated as BNXT_RX_PAGE_SIZE * sinfo-\u003enr_frags but\nthe skb_shared_info was wiped by napi_build_skb() before.\nSo it stores sinfo-\u003enr_frags before bnxt_xdp_build_skb() and use it\ninstead of getting skb_shared_info from xdp_get_shared_info_from_buff().\n\nSplat looks like:\n ------------[ cut here ]------------\n WARNING: CPU: 2 PID: 0 at net/core/skbuff.c:6072 skb_try_coalesce+0x504/0x590\n Modules linked in: xt_nat xt_tcpudp veth af_packet xt_conntrack nft_chain_nat xt_MASQUERADE nf_conntrack_netlink xfrm_user xt_addrtype nft_coms\n CPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.14.0-rc2+ #3\n RIP: 0010:skb_try_coalesce+0x504/0x590\n Code: 4b fd ff ff 49 8b 34 24 40 80 e6 40 0f 84 3d fd ff ff 49 8b 74 24 48 40 f6 c6 01 0f 84 2e fd ff ff 48 8d 4e ff e9 25 fd ff ff \u003c0f\u003e 0b e99\n RSP: 0018:ffffb62c4120caa8 EFLAGS: 00010287\n RAX: 0000000000000003 RBX: ffffb62c4120cb14 RCX: 0000000000000ec0\n RDX: 0000000000001000 RSI: ffffa06e5d7dc000 RDI: 0000000000000003\n RBP: ffffa06e5d7ddec0 R08: ffffa06e6120a800 R09: ffffa06e7a119900\n R10: 0000000000002310 R11: ffffa06e5d7dcec0 R12: ffffe4360575f740\n R13: ffffe43600000000 R14: 0000000000000002 R15: 0000000000000002\n FS: 0000000000000000(0000) GS:ffffa0755f700000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f147b76b0f8 CR3: 00000001615d4000 CR4: 00000000007506f0\n PKRU: 55555554\n Call Trace:\n \u003cIRQ\u003e\n ? __warn+0x84/0x130\n ? skb_try_coalesce+0x504/0x590\n ? report_bug+0x18a/0x1a0\n ? handle_bug+0x53/0x90\n ? exc_invalid_op+0x14/0x70\n ? asm_exc_invalid_op+0x16/0x20\n ? skb_try_coalesce+0x504/0x590\n inet_frag_reasm_finish+0x11f/0x2e0\n ip_defrag+0x37a/0x900\n ip_local_deliver+0x51/0x120\n ip_sublist_rcv_finish+0x64/0x70\n ip_sublist_rcv+0x179/0x210\n ip_list_rcv+0xf9/0x130\n\nHow to reproduce:\n\u003cNode A\u003e\nip link set $interface1 xdp obj xdp_pass.o\nip link set $interface1 mtu 9000 up\nip a a 10.0.0.1/24 dev $interface1\n\u003cNode B\u003e\nip link set $interfac2 mtu 9000 up\nip a a 10.0.0.2/24 dev $interface2\nping 10.0.0.1 -s 65000\n\nFollowing ping.py patch adds xdp-mb-pass case. so ping.py is going to be\nable to reproduce this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21961",
"url": "https://www.suse.com/security/cve/CVE-2025-21961"
},
{
"category": "external",
"summary": "SUSE Bug 1240816 for CVE-2025-21961",
"url": "https://bugzilla.suse.com/1240816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21961"
},
{
"cve": "CVE-2025-21962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21962"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix integer overflow while processing closetimeo mount option\n\nUser-provided mount parameter closetimeo of type u32 is intended to have\nan upper limit, but before it is validated, the value is converted from\nseconds to jiffies which can lead to an integer overflow.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21962",
"url": "https://www.suse.com/security/cve/CVE-2025-21962"
},
{
"category": "external",
"summary": "SUSE Bug 1240655 for CVE-2025-21962",
"url": "https://bugzilla.suse.com/1240655"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21962"
},
{
"cve": "CVE-2025-21963",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21963"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix integer overflow while processing acdirmax mount option\n\nUser-provided mount parameter acdirmax of type u32 is intended to have\nan upper limit, but before it is validated, the value is converted from\nseconds to jiffies which can lead to an integer overflow.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21963",
"url": "https://www.suse.com/security/cve/CVE-2025-21963"
},
{
"category": "external",
"summary": "SUSE Bug 1240717 for CVE-2025-21963",
"url": "https://bugzilla.suse.com/1240717"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21963"
},
{
"cve": "CVE-2025-21964",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21964"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix integer overflow while processing acregmax mount option\n\nUser-provided mount parameter acregmax of type u32 is intended to have\nan upper limit, but before it is validated, the value is converted from\nseconds to jiffies which can lead to an integer overflow.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21964",
"url": "https://www.suse.com/security/cve/CVE-2025-21964"
},
{
"category": "external",
"summary": "SUSE Bug 1240740 for CVE-2025-21964",
"url": "https://bugzilla.suse.com/1240740"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21964"
},
{
"cve": "CVE-2025-21966",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21966"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-flakey: Fix memory corruption in optional corrupt_bio_byte feature\n\nFix memory corruption due to incorrect parameter being passed to bio_init",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21966",
"url": "https://www.suse.com/security/cve/CVE-2025-21966"
},
{
"category": "external",
"summary": "SUSE Bug 1240779 for CVE-2025-21966",
"url": "https://bugzilla.suse.com/1240779"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21966"
},
{
"cve": "CVE-2025-21968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21968"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix slab-use-after-free on hdcp_work\n\n[Why]\nA slab-use-after-free is reported when HDCP is destroyed but the\nproperty_validate_dwork queue is still running.\n\n[How]\nCancel the delayed work when destroying workqueue.\n\n(cherry picked from commit 725a04ba5a95e89c89633d4322430cfbca7ce128)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21968",
"url": "https://www.suse.com/security/cve/CVE-2025-21968"
},
{
"category": "external",
"summary": "SUSE Bug 1240783 for CVE-2025-21968",
"url": "https://bugzilla.suse.com/1240783"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21968"
},
{
"cve": "CVE-2025-21969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21969"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd\n\nAfter the hci sync command releases l2cap_conn, the hci receive data work\nqueue references the released l2cap_conn when sending to the upper layer.\nAdd hci dev lock to the hci receive data work queue to synchronize the two.\n\n[1]\nBUG: KASAN: slab-use-after-free in l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954\nRead of size 8 at addr ffff8880271a4000 by task kworker/u9:2/5837\n\nCPU: 0 UID: 0 PID: 5837 Comm: kworker/u9:2 Not tainted 6.13.0-rc5-syzkaller-00163-gab75170520d4 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: hci1 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n l2cap_build_cmd net/bluetooth/l2cap_core.c:2964 [inline]\n l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954\n l2cap_sig_send_rej net/bluetooth/l2cap_core.c:5502 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5538 [inline]\n l2cap_recv_frame+0x221f/0x10db0 net/bluetooth/l2cap_core.c:6817\n hci_acldata_packet net/bluetooth/hci_core.c:3797 [inline]\n hci_rx_work+0x508/0xdb0 net/bluetooth/hci_core.c:4040\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nAllocated by task 5837:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n l2cap_conn_add+0xa9/0x8e0 net/bluetooth/l2cap_core.c:6860\n l2cap_connect_cfm+0x115/0x1090 net/bluetooth/l2cap_core.c:7239\n hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline]\n hci_remote_features_evt+0x68e/0xac0 net/bluetooth/hci_event.c:3726\n hci_event_func net/bluetooth/hci_event.c:7473 [inline]\n hci_event_packet+0xac2/0x1540 net/bluetooth/hci_event.c:7525\n hci_rx_work+0x3f3/0xdb0 net/bluetooth/hci_core.c:4035\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nFreed by task 54:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2353 [inline]\n slab_free mm/slub.c:4613 [inline]\n kfree+0x196/0x430 mm/slub.c:4761\n l2cap_connect_cfm+0xcc/0x1090 net/bluetooth/l2cap_core.c:7235\n hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline]\n hci_conn_failed+0x287/0x400 net/bluetooth/hci_conn.c:1266\n hci_abort_conn_sync+0x56c/0x11f0 net/bluetooth/hci_sync.c:5603\n hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entr\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21969",
"url": "https://www.suse.com/security/cve/CVE-2025-21969"
},
{
"category": "external",
"summary": "SUSE Bug 1240784 for CVE-2025-21969",
"url": "https://bugzilla.suse.com/1240784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21969"
},
{
"cve": "CVE-2025-21970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21970"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Bridge, fix the crash caused by LAG state check\n\nWhen removing LAG device from bridge, NETDEV_CHANGEUPPER event is\ntriggered. Driver finds the lower devices (PFs) to flush all the\noffloaded entries. And mlx5_lag_is_shared_fdb is checked, it returns\nfalse if one of PF is unloaded. In such case,\nmlx5_esw_bridge_lag_rep_get() and its caller return NULL, instead of\nthe alive PF, and the flush is skipped.\n\nBesides, the bridge fdb entry\u0027s lastuse is updated in mlx5 bridge\nevent handler. But this SWITCHDEV_FDB_ADD_TO_BRIDGE event can be\nignored in this case because the upper interface for bond is deleted,\nand the entry will never be aged because lastuse is never updated.\n\nTo make things worse, as the entry is alive, mlx5 bridge workqueue\nkeeps sending that event, which is then handled by kernel bridge\nnotifier. It causes the following crash when accessing the passed bond\nnetdev which is already destroyed.\n\nTo fix this issue, remove such checks. LAG state is already checked in\ncommit 15f8f168952f (\"net/mlx5: Bridge, verify LAG state when adding\nbond to bridge\"), driver still need to skip offload if LAG becomes\ninvalid state after initialization.\n\n Oops: stack segment: 0000 [#1] SMP\n CPU: 3 UID: 0 PID: 23695 Comm: kworker/u40:3 Tainted: G OE 6.11.0_mlnx #1\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: mlx5_bridge_wq mlx5_esw_bridge_update_work [mlx5_core]\n RIP: 0010:br_switchdev_event+0x2c/0x110 [bridge]\n Code: 44 00 00 48 8b 02 48 f7 00 00 02 00 00 74 69 41 54 55 53 48 83 ec 08 48 8b a8 08 01 00 00 48 85 ed 74 4a 48 83 fe 02 48 89 d3 \u003c4c\u003e 8b 65 00 74 23 76 49 48 83 fe 05 74 7e 48 83 fe 06 75 2f 0f b7\n RSP: 0018:ffffc900092cfda0 EFLAGS: 00010297\n RAX: ffff888123bfe000 RBX: ffffc900092cfe08 RCX: 00000000ffffffff\n RDX: ffffc900092cfe08 RSI: 0000000000000001 RDI: ffffffffa0c585f0\n RBP: 6669746f6e690a30 R08: 0000000000000000 R09: ffff888123ae92c8\n R10: 0000000000000000 R11: fefefefefefefeff R12: ffff888123ae9c60\n R13: 0000000000000001 R14: ffffc900092cfe08 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff88852c980000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f15914c8734 CR3: 0000000002830005 CR4: 0000000000770ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die_body+0x1a/0x60\n ? die+0x38/0x60\n ? do_trap+0x10b/0x120\n ? do_error_trap+0x64/0xa0\n ? exc_stack_segment+0x33/0x50\n ? asm_exc_stack_segment+0x22/0x30\n ? br_switchdev_event+0x2c/0x110 [bridge]\n ? sched_balance_newidle.isra.149+0x248/0x390\n notifier_call_chain+0x4b/0xa0\n atomic_notifier_call_chain+0x16/0x20\n mlx5_esw_bridge_update+0xec/0x170 [mlx5_core]\n mlx5_esw_bridge_update_work+0x19/0x40 [mlx5_core]\n process_scheduled_works+0x81/0x390\n worker_thread+0x106/0x250\n ? bh_worker+0x110/0x110\n kthread+0xb7/0xe0\n ? kthread_park+0x80/0x80\n ret_from_fork+0x2d/0x50\n ? kthread_park+0x80/0x80\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21970",
"url": "https://www.suse.com/security/cve/CVE-2025-21970"
},
{
"category": "external",
"summary": "SUSE Bug 1240819 for CVE-2025-21970",
"url": "https://bugzilla.suse.com/1240819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21970"
},
{
"cve": "CVE-2025-21971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21971"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: Prevent creation of classes with TC_H_ROOT\n\nThe function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination\ncondition when traversing up the qdisc tree to update parent backlog\ncounters. However, if a class is created with classid TC_H_ROOT, the\ntraversal terminates prematurely at this class instead of reaching the\nactual root qdisc, causing parent statistics to be incorrectly maintained.\nIn case of DRR, this could lead to a crash as reported by Mingi Cho.\n\nPrevent the creation of any Qdisc class with classid TC_H_ROOT\n(0xFFFFFFFF) across all qdisc types, as suggested by Jamal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21971",
"url": "https://www.suse.com/security/cve/CVE-2025-21971"
},
{
"category": "external",
"summary": "SUSE Bug 1240799 for CVE-2025-21971",
"url": "https://bugzilla.suse.com/1240799"
},
{
"category": "external",
"summary": "SUSE Bug 1245794 for CVE-2025-21971",
"url": "https://bugzilla.suse.com/1245794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2025-21971"
},
{
"cve": "CVE-2025-21972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21972"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: unshare packets when reassembling\n\nEnsure that the frag_list used for reassembly isn\u0027t shared with other\npackets. This avoids incorrect reassembly when packets are cloned, and\nprevents a memory leak due to circular references between fragments and\ntheir skb_shared_info.\n\nThe upcoming MCTP-over-USB driver uses skb_clone which can trigger the\nproblem - other MCTP drivers don\u0027t share SKBs.\n\nA kunit test is added to reproduce the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21972",
"url": "https://www.suse.com/security/cve/CVE-2025-21972"
},
{
"category": "external",
"summary": "SUSE Bug 1240813 for CVE-2025-21972",
"url": "https://bugzilla.suse.com/1240813"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21972"
},
{
"cve": "CVE-2025-21975",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21975"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: handle errors in mlx5_chains_create_table()\n\nIn mlx5_chains_create_table(), the return value of mlx5_get_fdb_sub_ns()\nand mlx5_get_flow_namespace() must be checked to prevent NULL pointer\ndereferences. If either function fails, the function should log error\nmessage with mlx5_core_warn() and return error pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21975",
"url": "https://www.suse.com/security/cve/CVE-2025-21975"
},
{
"category": "external",
"summary": "SUSE Bug 1240812 for CVE-2025-21975",
"url": "https://bugzilla.suse.com/1240812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21975"
},
{
"cve": "CVE-2025-21978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/hyperv: Fix address space leak when Hyper-V DRM device is removed\n\nWhen a Hyper-V DRM device is probed, the driver allocates MMIO space for\nthe vram, and maps it cacheable. If the device removed, or in the error\npath for device probing, the MMIO space is released but no unmap is done.\nConsequently the kernel address space for the mapping is leaked.\n\nFix this by adding iounmap() calls in the device removal path, and in the\nerror path during device probing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21978",
"url": "https://www.suse.com/security/cve/CVE-2025-21978"
},
{
"category": "external",
"summary": "SUSE Bug 1240806 for CVE-2025-21978",
"url": "https://bugzilla.suse.com/1240806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21978"
},
{
"cve": "CVE-2025-21979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21979"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: cancel wiphy_work before freeing wiphy\n\nA wiphy_work can be queued from the moment the wiphy is allocated and\ninitialized (i.e. wiphy_new_nm). When a wiphy_work is queued, the\nrdev::wiphy_work is getting queued.\n\nIf wiphy_free is called before the rdev::wiphy_work had a chance to run,\nthe wiphy memory will be freed, and then when it eventally gets to run\nit\u0027ll use invalid memory.\n\nFix this by canceling the work before freeing the wiphy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21979",
"url": "https://www.suse.com/security/cve/CVE-2025-21979"
},
{
"category": "external",
"summary": "SUSE Bug 1240808 for CVE-2025-21979",
"url": "https://bugzilla.suse.com/1240808"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21979"
},
{
"cve": "CVE-2025-21980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: address a potential NULL pointer dereference in the GRED scheduler.\n\nIf kzalloc in gred_init returns a NULL pointer, the code follows the\nerror handling path, invoking gred_destroy. This, in turn, calls\ngred_offload, where memset could receive a NULL pointer as input,\npotentially leading to a kernel crash.\n\nWhen table-\u003eopt is NULL in gred_init(), gred_change_table_def()\nis not called yet, so it is not necessary to call -\u003endo_setup_tc()\nin gred_offload().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21980",
"url": "https://www.suse.com/security/cve/CVE-2025-21980"
},
{
"category": "external",
"summary": "SUSE Bug 1240809 for CVE-2025-21980",
"url": "https://bugzilla.suse.com/1240809"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21980"
},
{
"cve": "CVE-2025-21981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix memory leak in aRFS after reset\n\nFix aRFS (accelerated Receive Flow Steering) structures memory leak by\nadding a checker to verify if aRFS memory is already allocated while\nconfiguring VSI. aRFS objects are allocated in two cases:\n- as part of VSI initialization (at probe), and\n- as part of reset handling\n\nHowever, VSI reconfiguration executed during reset involves memory\nallocation one more time, without prior releasing already allocated\nresources. This led to the memory leak with the following signature:\n\n[root@os-delivery ~]# cat /sys/kernel/debug/kmemleak\nunreferenced object 0xff3c1ca7252e6000 (size 8192):\n comm \"kworker/0:0\", pid 8, jiffies 4296833052\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 0):\n [\u003cffffffff991ec485\u003e] __kmalloc_cache_noprof+0x275/0x340\n [\u003cffffffffc0a6e06a\u003e] ice_init_arfs+0x3a/0xe0 [ice]\n [\u003cffffffffc09f1027\u003e] ice_vsi_cfg_def+0x607/0x850 [ice]\n [\u003cffffffffc09f244b\u003e] ice_vsi_setup+0x5b/0x130 [ice]\n [\u003cffffffffc09c2131\u003e] ice_init+0x1c1/0x460 [ice]\n [\u003cffffffffc09c64af\u003e] ice_probe+0x2af/0x520 [ice]\n [\u003cffffffff994fbcd3\u003e] local_pci_probe+0x43/0xa0\n [\u003cffffffff98f07103\u003e] work_for_cpu_fn+0x13/0x20\n [\u003cffffffff98f0b6d9\u003e] process_one_work+0x179/0x390\n [\u003cffffffff98f0c1e9\u003e] worker_thread+0x239/0x340\n [\u003cffffffff98f14abc\u003e] kthread+0xcc/0x100\n [\u003cffffffff98e45a6d\u003e] ret_from_fork+0x2d/0x50\n [\u003cffffffff98e083ba\u003e] ret_from_fork_asm+0x1a/0x30\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21981",
"url": "https://www.suse.com/security/cve/CVE-2025-21981"
},
{
"category": "external",
"summary": "SUSE Bug 1240612 for CVE-2025-21981",
"url": "https://bugzilla.suse.com/1240612"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21981"
},
{
"cve": "CVE-2025-21985",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21985"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix out-of-bound accesses\n\n[WHAT \u0026 HOW]\nhpo_stream_to_link_encoder_mapping has size MAX_HPO_DP2_ENCODERS(=4),\nbut location can have size up to 6. As a result, it is necessary to\ncheck location against MAX_HPO_DP2_ENCODERS.\n\nSimiliarly, disp_cfg_stream_location can be used as an array index which\nshould be 0..5, so the ASSERT\u0027s conditions should be less without equal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21985",
"url": "https://www.suse.com/security/cve/CVE-2025-21985"
},
{
"category": "external",
"summary": "SUSE Bug 1240811 for CVE-2025-21985",
"url": "https://bugzilla.suse.com/1240811"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21985"
},
{
"cve": "CVE-2025-21991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21991"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes\n\nCurrently, load_microcode_amd() iterates over all NUMA nodes, retrieves their\nCPU masks and unconditionally accesses per-CPU data for the first CPU of each\nmask.\n\nAccording to Documentation/admin-guide/mm/numaperf.rst:\n\n \"Some memory may share the same node as a CPU, and others are provided as\n memory only nodes.\"\n\nTherefore, some node CPU masks may be empty and wouldn\u0027t have a \"first CPU\".\n\nOn a machine with far memory (and therefore CPU-less NUMA nodes):\n- cpumask_of_node(nid) is 0\n- cpumask_first(0) is CONFIG_NR_CPUS\n- cpu_data(CONFIG_NR_CPUS) accesses the cpu_info per-CPU array at an\n index that is 1 out of bounds\n\nThis does not have any security implications since flashing microcode is\na privileged operation but I believe this has reliability implications by\npotentially corrupting memory while flashing a microcode update.\n\nWhen booting with CONFIG_UBSAN_BOUNDS=y on an AMD machine that flashes\na microcode update. I get the following splat:\n\n UBSAN: array-index-out-of-bounds in arch/x86/kernel/cpu/microcode/amd.c:X:Y\n index 512 is out of range for type \u0027unsigned long[512]\u0027\n [...]\n Call Trace:\n dump_stack\n __ubsan_handle_out_of_bounds\n load_microcode_amd\n request_microcode_amd\n reload_store\n kernfs_fop_write_iter\n vfs_write\n ksys_write\n do_syscall_64\n entry_SYSCALL_64_after_hwframe\n\nChange the loop to go over only NUMA nodes which have CPUs before determining\nwhether the first CPU on the respective node needs microcode update.\n\n [ bp: Massage commit message, fix typo. ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21991",
"url": "https://www.suse.com/security/cve/CVE-2025-21991"
},
{
"category": "external",
"summary": "SUSE Bug 1240795 for CVE-2025-21991",
"url": "https://bugzilla.suse.com/1240795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21991"
},
{
"cve": "CVE-2025-21992",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21992"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: ignore non-functional sensor in HP 5MP Camera\n\nThe HP 5MP Camera (USB ID 0408:5473) reports a HID sensor interface that\nis not actually implemented. Attempting to access this non-functional\nsensor via iio_info causes system hangs as runtime PM tries to wake up\nan unresponsive sensor.\n\n [453] hid-sensor-hub 0003:0408:5473.0003: Report latency attributes: ffffffff:ffffffff\n [453] hid-sensor-hub 0003:0408:5473.0003: common attributes: 5:1, 2:1, 3:1 ffffffff:ffffffff\n\nAdd this device to the HID ignore list since the sensor interface is\nnon-functional by design and should not be exposed to userspace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21992",
"url": "https://www.suse.com/security/cve/CVE-2025-21992"
},
{
"category": "external",
"summary": "SUSE Bug 1240796 for CVE-2025-21992",
"url": "https://bugzilla.suse.com/1240796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21992"
},
{
"cve": "CVE-2025-21993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()\n\nWhen performing an iSCSI boot using IPv6, iscsistart still reads the\n/sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 prefix\nlength is 64, this causes the shift exponent to become negative,\ntriggering a UBSAN warning. As the concept of a subnet mask does not\napply to IPv6, the value is set to ~0 to suppress the warning message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21993",
"url": "https://www.suse.com/security/cve/CVE-2025-21993"
},
{
"category": "external",
"summary": "SUSE Bug 1240797 for CVE-2025-21993",
"url": "https://bugzilla.suse.com/1240797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21993"
},
{
"cve": "CVE-2025-21995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21995"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sched: Fix fence reference count leak\n\nThe last_scheduled fence leaks when an entity is being killed and adding\nthe cleanup callback fails.\n\nDecrement the reference count of prev when dma_fence_add_callback()\nfails, ensuring proper balance.\n\n[phasta: add git tag info for stable kernel]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21995",
"url": "https://www.suse.com/security/cve/CVE-2025-21995"
},
{
"category": "external",
"summary": "SUSE Bug 1240821 for CVE-2025-21995",
"url": "https://bugzilla.suse.com/1240821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21995"
},
{
"cve": "CVE-2025-21996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()\n\nOn the off chance that command stream passed from userspace via\nioctl() call to radeon_vce_cs_parse() is weirdly crafted and\nfirst command to execute is to encode (case 0x03000001), the function\nin question will attempt to call radeon_vce_cs_reloc() with size\nargument that has not been properly initialized. Specifically, \u0027size\u0027\nwill point to \u0027tmp\u0027 variable before the latter had a chance to be\nassigned any value.\n\nPlay it safe and init \u0027tmp\u0027 with 0, thus ensuring that\nradeon_vce_cs_reloc() will catch an early error in cases like these.\n\nFound by Linux Verification Center (linuxtesting.org) with static\nanalysis tool SVACE.\n\n(cherry picked from commit 2d52de55f9ee7aaee0e09ac443f77855989c6b68)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21996",
"url": "https://www.suse.com/security/cve/CVE-2025-21996"
},
{
"category": "external",
"summary": "SUSE Bug 1240801 for CVE-2025-21996",
"url": "https://bugzilla.suse.com/1240801"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-21996"
},
{
"cve": "CVE-2025-21999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21999"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nproc: fix UAF in proc_get_inode()\n\nFix race between rmmod and /proc/XXX\u0027s inode instantiation.\n\nThe bug is that pde-\u003eproc_ops don\u0027t belong to /proc, it belongs to a\nmodule, therefore dereferencing it after /proc entry has been registered\nis a bug unless use_pde/unuse_pde() pair has been used.\n\nuse_pde/unuse_pde can be avoided (2 atomic ops!) because pde-\u003eproc_ops\nnever changes so information necessary for inode instantiation can be\nsaved _before_ proc_register() in PDE itself and used later, avoiding\npde-\u003eproc_ops-\u003e... dereference.\n\n rmmod lookup\nsys_delete_module\n proc_lookup_de\n\t\t\t pde_get(de);\n\t\t\t proc_get_inode(dir-\u003ei_sb, de);\n mod-\u003eexit()\n proc_remove\n remove_proc_subtree\n proc_entry_rundown(de);\n free_module(mod);\n\n if (S_ISREG(inode-\u003ei_mode))\n\t if (de-\u003eproc_ops-\u003eproc_read_iter)\n --\u003e As module is already freed, will trigger UAF\n\nBUG: unable to handle page fault for address: fffffbfff80a702b\nPGD 817fc4067 P4D 817fc4067 PUD 817fc0067 PMD 102ef4067 PTE 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 26 UID: 0 PID: 2667 Comm: ls Tainted: G\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nRIP: 0010:proc_get_inode+0x302/0x6e0\nRSP: 0018:ffff88811c837998 EFLAGS: 00010a06\nRAX: dffffc0000000000 RBX: ffffffffc0538140 RCX: 0000000000000007\nRDX: 1ffffffff80a702b RSI: 0000000000000001 RDI: ffffffffc0538158\nRBP: ffff8881299a6000 R08: 0000000067bbe1e5 R09: 1ffff11023906f20\nR10: ffffffffb560ca07 R11: ffffffffb2b43a58 R12: ffff888105bb78f0\nR13: ffff888100518048 R14: ffff8881299a6004 R15: 0000000000000001\nFS: 00007f95b9686840(0000) GS:ffff8883af100000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: fffffbfff80a702b CR3: 0000000117dd2000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n proc_lookup_de+0x11f/0x2e0\n __lookup_slow+0x188/0x350\n walk_component+0x2ab/0x4f0\n path_lookupat+0x120/0x660\n filename_lookup+0x1ce/0x560\n vfs_statx+0xac/0x150\n __do_sys_newstat+0x96/0x110\n do_syscall_64+0x5f/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n[adobriyan@gmail.com: don\u0027t do 2 atomic ops on the common path]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21999",
"url": "https://www.suse.com/security/cve/CVE-2025-21999"
},
{
"category": "external",
"summary": "SUSE Bug 1240802 for CVE-2025-21999",
"url": "https://bugzilla.suse.com/1240802"
},
{
"category": "external",
"summary": "SUSE Bug 1242579 for CVE-2025-21999",
"url": "https://bugzilla.suse.com/1242579"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2025-21999"
},
{
"cve": "CVE-2025-22001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22001"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/qaic: Fix integer overflow in qaic_validate_req()\n\nThese are u64 variables that come from the user via\nqaic_attach_slice_bo_ioctl(). Use check_add_overflow() to ensure that\nthe math doesn\u0027t have an integer wrapping bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22001",
"url": "https://www.suse.com/security/cve/CVE-2025-22001"
},
{
"category": "external",
"summary": "SUSE Bug 1240873 for CVE-2025-22001",
"url": "https://bugzilla.suse.com/1240873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22001"
},
{
"cve": "CVE-2025-22003",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22003"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: ucan: fix out of bound read in strscpy() source\n\nCommit 7fdaf8966aae (\"can: ucan: use strscpy() to instead of strncpy()\")\nunintentionally introduced a one byte out of bound read on strscpy()\u0027s\nsource argument (which is kind of ironic knowing that strscpy() is meant\nto be a more secure alternative :)).\n\nLet\u0027s consider below buffers:\n\n dest[len + 1]; /* will be NUL terminated */\n src[len]; /* may not be NUL terminated */\n\nWhen doing:\n\n strncpy(dest, src, len);\n dest[len] = \u0027\\0\u0027;\n\nstrncpy() will read up to len bytes from src.\n\nOn the other hand:\n\n strscpy(dest, src, len + 1);\n\nwill read up to len + 1 bytes from src, that is to say, an out of bound\nread of one byte will occur on src if it is not NUL terminated. Note\nthat the src[len] byte is never copied, but strscpy() still needs to\nread it to check whether a truncation occurred or not.\n\nThis exact pattern happened in ucan.\n\nThe root cause is that the source is not NUL terminated. Instead of\ndoing a copy in a local buffer, directly NUL terminate it as soon as\nusb_control_msg() returns. With this, the local firmware_str[] variable\ncan be removed.\n\nOn top of this do a couple refactors:\n\n - ucan_ctl_payload-\u003eraw is only used for the firmware string, so\n rename it to ucan_ctl_payload-\u003efw_str and change its type from u8 to\n char.\n\n - ucan_device_request_in() is only used to retrieve the firmware\n string, so rename it to ucan_get_fw_str() and refactor it to make it\n directly handle all the string termination logic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22003",
"url": "https://www.suse.com/security/cve/CVE-2025-22003"
},
{
"category": "external",
"summary": "SUSE Bug 1240825 for CVE-2025-22003",
"url": "https://bugzilla.suse.com/1240825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22003"
},
{
"cve": "CVE-2025-22004",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22004"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atm: fix use after free in lec_send()\n\nThe -\u003esend() operation frees skb so save the length before calling\n-\u003esend() to avoid a use after free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22004",
"url": "https://www.suse.com/security/cve/CVE-2025-22004"
},
{
"category": "external",
"summary": "SUSE Bug 1240835 for CVE-2025-22004",
"url": "https://bugzilla.suse.com/1240835"
},
{
"category": "external",
"summary": "SUSE Bug 1241090 for CVE-2025-22004",
"url": "https://bugzilla.suse.com/1241090"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2025-22004"
},
{
"cve": "CVE-2025-22007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22007"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix error code in chan_alloc_skb_cb()\n\nThe chan_alloc_skb_cb() function is supposed to return error pointers on\nerror. Returning NULL will lead to a NULL dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22007",
"url": "https://www.suse.com/security/cve/CVE-2025-22007"
},
{
"category": "external",
"summary": "SUSE Bug 1240829 for CVE-2025-22007",
"url": "https://bugzilla.suse.com/1240829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22007"
},
{
"cve": "CVE-2025-22008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22008"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: check that dummy regulator has been probed before using it\n\nDue to asynchronous driver probing there is a chance that the dummy\nregulator hasn\u0027t already been probed when first accessing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22008",
"url": "https://www.suse.com/security/cve/CVE-2025-22008"
},
{
"category": "external",
"summary": "SUSE Bug 1240942 for CVE-2025-22008",
"url": "https://bugzilla.suse.com/1240942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22008"
},
{
"cve": "CVE-2025-22009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: dummy: force synchronous probing\n\nSometimes I get a NULL pointer dereference at boot time in kobject_get()\nwith the following call stack:\n\nanatop_regulator_probe()\n devm_regulator_register()\n regulator_register()\n regulator_resolve_supply()\n kobject_get()\n\nBy placing some extra BUG_ON() statements I could verify that this is\nraised because probing of the \u0027dummy\u0027 regulator driver is not completed\n(\u0027dummy_regulator_rdev\u0027 is still NULL).\n\nIn the JTAG debugger I can see that dummy_regulator_probe() and\nanatop_regulator_probe() can be run by different kernel threads\n(kworker/u4:*). I haven\u0027t further investigated whether this can be\nchanged or if there are other possibilities to force synchronization\nbetween these two probe routines. On the other hand I don\u0027t expect much\nboot time penalty by probing the \u0027dummy\u0027 regulator synchronously.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22009",
"url": "https://www.suse.com/security/cve/CVE-2025-22009"
},
{
"category": "external",
"summary": "SUSE Bug 1240940 for CVE-2025-22009",
"url": "https://bugzilla.suse.com/1240940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22009"
},
{
"cve": "CVE-2025-22010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix soft lockup during bt pages loop\n\nDriver runs a for-loop when allocating bt pages and mapping them with\nbuffer pages. When a large buffer (e.g. MR over 100GB) is being allocated,\nit may require a considerable loop count. This will lead to soft lockup:\n\n watchdog: BUG: soft lockup - CPU#27 stuck for 22s!\n ...\n Call trace:\n hem_list_alloc_mid_bt+0x124/0x394 [hns_roce_hw_v2]\n hns_roce_hem_list_request+0xf8/0x160 [hns_roce_hw_v2]\n hns_roce_mtr_create+0x2e4/0x360 [hns_roce_hw_v2]\n alloc_mr_pbl+0xd4/0x17c [hns_roce_hw_v2]\n hns_roce_reg_user_mr+0xf8/0x190 [hns_roce_hw_v2]\n ib_uverbs_reg_mr+0x118/0x290\n\n watchdog: BUG: soft lockup - CPU#35 stuck for 23s!\n ...\n Call trace:\n hns_roce_hem_list_find_mtt+0x7c/0xb0 [hns_roce_hw_v2]\n mtr_map_bufs+0xc4/0x204 [hns_roce_hw_v2]\n hns_roce_mtr_create+0x31c/0x3c4 [hns_roce_hw_v2]\n alloc_mr_pbl+0xb0/0x160 [hns_roce_hw_v2]\n hns_roce_reg_user_mr+0x108/0x1c0 [hns_roce_hw_v2]\n ib_uverbs_reg_mr+0x120/0x2bc\n\nAdd a cond_resched() to fix soft lockup during these loops. In order not\nto affect the allocation performance of normal-size buffer, set the loop\ncount of a 100GB MR as the threshold to call cond_resched().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22010",
"url": "https://www.suse.com/security/cve/CVE-2025-22010"
},
{
"category": "external",
"summary": "SUSE Bug 1240943 for CVE-2025-22010",
"url": "https://bugzilla.suse.com/1240943"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22010"
},
{
"cve": "CVE-2025-22013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state\n\nThere are several problems with the way hyp code lazily saves the host\u0027s\nFPSIMD/SVE state, including:\n\n* Host SVE being discarded unexpectedly due to inconsistent\n configuration of TIF_SVE and CPACR_ELx.ZEN. This has been seen to\n result in QEMU crashes where SVE is used by memmove(), as reported by\n Eric Auger:\n\n https://issues.redhat.com/browse/RHEL-68997\n\n* Host SVE state is discarded *after* modification by ptrace, which was an\n unintentional ptrace ABI change introduced with lazy discarding of SVE state.\n\n* The host FPMR value can be discarded when running a non-protected VM,\n where FPMR support is not exposed to a VM, and that VM uses\n FPSIMD/SVE. In these cases the hyp code does not save the host\u0027s FPMR\n before unbinding the host\u0027s FPSIMD/SVE/SME state, leaving a stale\n value in memory.\n\nAvoid these by eagerly saving and \"flushing\" the host\u0027s FPSIMD/SVE/SME\nstate when loading a vCPU such that KVM does not need to save any of the\nhost\u0027s FPSIMD/SVE/SME state. For clarity, fpsimd_kvm_prepare() is\nremoved and the necessary call to fpsimd_save_and_flush_cpu_state() is\nplaced in kvm_arch_vcpu_load_fp(). As \u0027fpsimd_state\u0027 and \u0027fpmr_ptr\u0027\nshould not be used, they are set to NULL; all uses of these will be\nremoved in subsequent patches.\n\nHistorical problems go back at least as far as v5.17, e.g. erroneous\nassumptions about TIF_SVE being clear in commit:\n\n 8383741ab2e773a9 (\"KVM: arm64: Get rid of host SVE tracking/saving\")\n\n... and so this eager save+flush probably needs to be backported to ALL\nstable trees.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22013",
"url": "https://www.suse.com/security/cve/CVE-2025-22013"
},
{
"category": "external",
"summary": "SUSE Bug 1240938 for CVE-2025-22013",
"url": "https://bugzilla.suse.com/1240938"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22013"
},
{
"cve": "CVE-2025-22014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22014"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pdr: Fix the potential deadlock\n\nWhen some client process A call pdr_add_lookup() to add the look up for\nthe service and does schedule locator work, later a process B got a new\nserver packet indicating locator is up and call pdr_locator_new_server()\nwhich eventually sets pdr-\u003elocator_init_complete to true which process A\nsees and takes list lock and queries domain list but it will timeout due\nto deadlock as the response will queued to the same qmi-\u003ewq and it is\nordered workqueue and process B is not able to complete new server\nrequest work due to deadlock on list lock.\n\nFix it by removing the unnecessary list iteration as the list iteration\nis already being done inside locator work, so avoid it here and just\ncall schedule_work() here.\n\n Process A Process B\n\n process_scheduled_works()\npdr_add_lookup() qmi_data_ready_work()\n process_scheduled_works() pdr_locator_new_server()\n pdr-\u003elocator_init_complete=true;\n pdr_locator_work()\n mutex_lock(\u0026pdr-\u003elist_lock);\n\n pdr_locate_service() mutex_lock(\u0026pdr-\u003elist_lock);\n\n pdr_get_domain_list()\n pr_err(\"PDR: %s get domain list\n txn wait failed: %d\\n\",\n req-\u003eservice_name,\n ret);\n\nTimeout error log due to deadlock:\n\n\"\n PDR: tms/servreg get domain list txn wait failed: -110\n PDR: service lookup for msm/adsp/sensor_pd:tms/servreg failed: -110\n\"\n\nThanks to Bjorn and Johan for letting me know that this commit also fixes\nan audio regression when using the in-kernel pd-mapper as that makes it\neasier to hit this race. [1]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22014",
"url": "https://www.suse.com/security/cve/CVE-2025-22014"
},
{
"category": "external",
"summary": "SUSE Bug 1240937 for CVE-2025-22014",
"url": "https://bugzilla.suse.com/1240937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22014"
},
{
"cve": "CVE-2025-22015",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22015"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/migrate: fix shmem xarray update during migration\n\nA shmem folio can be either in page cache or in swap cache, but not at the\nsame time. Namely, once it is in swap cache, folio-\u003emapping should be\nNULL, and the folio is no longer in a shmem mapping.\n\nIn __folio_migrate_mapping(), to determine the number of xarray entries to\nupdate, folio_test_swapbacked() is used, but that conflates shmem in page\ncache case and shmem in swap cache case. It leads to xarray multi-index\nentry corruption, since it turns a sibling entry to a normal entry during\nxas_store() (see [1] for a userspace reproduction). Fix it by only using\nfolio_test_swapcache() to determine whether xarray is storing swap cache\nentries or not to choose the right number of xarray entries to update.\n\n[1] https://lore.kernel.org/linux-mm/Z8idPCkaJW1IChjT@casper.infradead.org/\n\nNote:\nIn __split_huge_page(), folio_test_anon() \u0026\u0026 folio_test_swapcache() is\nused to get swap_cache address space, but that ignores the shmem folio in\nswap cache case. It could lead to NULL pointer dereferencing when a\nin-swap-cache shmem folio is split at __xa_store(), since\n!folio_test_anon() is true and folio-\u003emapping is NULL. But fortunately,\nits caller split_huge_page_to_list_to_order() bails out early with EBUSY\nwhen folio-\u003emapping is NULL. So no need to take care of it here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22015",
"url": "https://www.suse.com/security/cve/CVE-2025-22015"
},
{
"category": "external",
"summary": "SUSE Bug 1240944 for CVE-2025-22015",
"url": "https://bugzilla.suse.com/1240944"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22015"
},
{
"cve": "CVE-2025-22016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22016"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpll: fix xa_alloc_cyclic() error handling\n\nIn case of returning 1 from xa_alloc_cyclic() (wrapping) ERR_PTR(1) will\nbe returned, which will cause IS_ERR() to be false. Which can lead to\ndereference not allocated pointer (pin).\n\nFix it by checking if err is lower than zero.\n\nThis wasn\u0027t found in real usecase, only noticed. Credit to Pierre.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22016",
"url": "https://www.suse.com/security/cve/CVE-2025-22016"
},
{
"category": "external",
"summary": "SUSE Bug 1240934 for CVE-2025-22016",
"url": "https://bugzilla.suse.com/1240934"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22016"
},
{
"cve": "CVE-2025-22017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22017"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndevlink: fix xa_alloc_cyclic() error handling\n\nIn case of returning 1 from xa_alloc_cyclic() (wrapping) ERR_PTR(1) will\nbe returned, which will cause IS_ERR() to be false. Which can lead to\ndereference not allocated pointer (rel).\n\nFix it by checking if err is lower than zero.\n\nThis wasn\u0027t found in real usecase, only noticed. Credit to Pierre.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22017",
"url": "https://www.suse.com/security/cve/CVE-2025-22017"
},
{
"category": "external",
"summary": "SUSE Bug 1240936 for CVE-2025-22017",
"url": "https://bugzilla.suse.com/1240936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22017"
},
{
"cve": "CVE-2025-22018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22018"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: Fix NULL pointer dereference\n\nWhen MPOA_cache_impos_rcvd() receives the msg, it can trigger\nNull Pointer Dereference Vulnerability if both entry and\nholding_time are NULL. Because there is only for the situation\nwhere entry is NULL and holding_time exists, it can be passed\nwhen both entry and holding_time are NULL. If these are NULL,\nthe entry will be passd to eg_cache_put() as parameter and\nit is referenced by entry-\u003euse code in it.\n\nkasan log:\n\n[ 3.316691] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006:I\n[ 3.317568] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\n[ 3.318188] CPU: 3 UID: 0 PID: 79 Comm: ex Not tainted 6.14.0-rc2 #102\n[ 3.318601] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n[ 3.319298] RIP: 0010:eg_cache_remove_entry+0xa5/0x470\n[ 3.319677] Code: c1 f7 6e fd 48 c7 c7 00 7e 38 b2 e8 95 64 54 fd 48 c7 c7 40 7e 38 b2 48 89 ee e80\n[ 3.321220] RSP: 0018:ffff88800583f8a8 EFLAGS: 00010006\n[ 3.321596] RAX: 0000000000000006 RBX: ffff888005989000 RCX: ffffffffaecc2d8e\n[ 3.322112] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000030\n[ 3.322643] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff6558b88\n[ 3.323181] R10: 0000000000000003 R11: 203a207972746e65 R12: 1ffff11000b07f15\n[ 3.323707] R13: dffffc0000000000 R14: ffff888005989000 R15: ffff888005989068\n[ 3.324185] FS: 000000001b6313c0(0000) GS:ffff88806d380000(0000) knlGS:0000000000000000\n[ 3.325042] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 3.325545] CR2: 00000000004b4b40 CR3: 000000000248e000 CR4: 00000000000006f0\n[ 3.326430] Call Trace:\n[ 3.326725] \u003cTASK\u003e\n[ 3.326927] ? die_addr+0x3c/0xa0\n[ 3.327330] ? exc_general_protection+0x161/0x2a0\n[ 3.327662] ? asm_exc_general_protection+0x26/0x30\n[ 3.328214] ? vprintk_emit+0x15e/0x420\n[ 3.328543] ? eg_cache_remove_entry+0xa5/0x470\n[ 3.328910] ? eg_cache_remove_entry+0x9a/0x470\n[ 3.329294] ? __pfx_eg_cache_remove_entry+0x10/0x10\n[ 3.329664] ? console_unlock+0x107/0x1d0\n[ 3.329946] ? __pfx_console_unlock+0x10/0x10\n[ 3.330283] ? do_syscall_64+0xa6/0x1a0\n[ 3.330584] ? entry_SYSCALL_64_after_hwframe+0x47/0x7f\n[ 3.331090] ? __pfx_prb_read_valid+0x10/0x10\n[ 3.331395] ? down_trylock+0x52/0x80\n[ 3.331703] ? vprintk_emit+0x15e/0x420\n[ 3.331986] ? __pfx_vprintk_emit+0x10/0x10\n[ 3.332279] ? down_trylock+0x52/0x80\n[ 3.332527] ? _printk+0xbf/0x100\n[ 3.332762] ? __pfx__printk+0x10/0x10\n[ 3.333007] ? _raw_write_lock_irq+0x81/0xe0\n[ 3.333284] ? __pfx__raw_write_lock_irq+0x10/0x10\n[ 3.333614] msg_from_mpoad+0x1185/0x2750\n[ 3.333893] ? __build_skb_around+0x27b/0x3a0\n[ 3.334183] ? __pfx_msg_from_mpoad+0x10/0x10\n[ 3.334501] ? __alloc_skb+0x1c0/0x310\n[ 3.334809] ? __pfx___alloc_skb+0x10/0x10\n[ 3.335283] ? _raw_spin_lock+0xe0/0xe0\n[ 3.335632] ? finish_wait+0x8d/0x1e0\n[ 3.335975] vcc_sendmsg+0x684/0xba0\n[ 3.336250] ? __pfx_vcc_sendmsg+0x10/0x10\n[ 3.336587] ? __pfx_autoremove_wake_function+0x10/0x10\n[ 3.337056] ? fdget+0x176/0x3e0\n[ 3.337348] __sys_sendto+0x4a2/0x510\n[ 3.337663] ? __pfx___sys_sendto+0x10/0x10\n[ 3.337969] ? ioctl_has_perm.constprop.0.isra.0+0x284/0x400\n[ 3.338364] ? sock_ioctl+0x1bb/0x5a0\n[ 3.338653] ? __rseq_handle_notify_resume+0x825/0xd20\n[ 3.339017] ? __pfx_sock_ioctl+0x10/0x10\n[ 3.339316] ? __pfx___rseq_handle_notify_resume+0x10/0x10\n[ 3.339727] ? selinux_file_ioctl+0xa4/0x260\n[ 3.340166] __x64_sys_sendto+0xe0/0x1c0\n[ 3.340526] ? syscall_exit_to_user_mode+0x123/0x140\n[ 3.340898] do_syscall_64+0xa6/0x1a0\n[ 3.341170] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 3.341533] RIP: 0033:0x44a380\n[ 3.341757] Code: 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c00\n[ \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22018",
"url": "https://www.suse.com/security/cve/CVE-2025-22018"
},
{
"category": "external",
"summary": "SUSE Bug 1241266 for CVE-2025-22018",
"url": "https://bugzilla.suse.com/1241266"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22018"
},
{
"cve": "CVE-2025-22020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove\n\nThis fixes the following crash:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\nRead of size 8 at addr ffff888136335380 by task kworker/6:0/140241\n\nCPU: 6 UID: 0 PID: 140241 Comm: kworker/6:0 Kdump: loaded Tainted: G E 6.14.0-rc6+ #1\nTainted: [E]=UNSIGNED_MODULE\nHardware name: LENOVO 30FNA1V7CW/1057, BIOS S0EKT54A 07/01/2024\nWorkqueue: events rtsx_usb_ms_poll_card [rtsx_usb_ms]\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x51/0x70\n print_address_description.constprop.0+0x27/0x320\n ? rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\n print_report+0x3e/0x70\n kasan_report+0xab/0xe0\n ? rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\n rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\n ? __pfx_rtsx_usb_ms_poll_card+0x10/0x10 [rtsx_usb_ms]\n ? __pfx___schedule+0x10/0x10\n ? kick_pool+0x3b/0x270\n process_one_work+0x357/0x660\n worker_thread+0x390/0x4c0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x190/0x1d0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2d/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 161446:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0x7b/0x90\n __kmalloc_noprof+0x1a7/0x470\n memstick_alloc_host+0x1f/0xe0 [memstick]\n rtsx_usb_ms_drv_probe+0x47/0x320 [rtsx_usb_ms]\n platform_probe+0x60/0xe0\n call_driver_probe+0x35/0x120\n really_probe+0x123/0x410\n __driver_probe_device+0xc7/0x1e0\n driver_probe_device+0x49/0xf0\n __device_attach_driver+0xc6/0x160\n bus_for_each_drv+0xe4/0x160\n __device_attach+0x13a/0x2b0\n bus_probe_device+0xbd/0xd0\n device_add+0x4a5/0x760\n platform_device_add+0x189/0x370\n mfd_add_device+0x587/0x5e0\n mfd_add_devices+0xb1/0x130\n rtsx_usb_probe+0x28e/0x2e0 [rtsx_usb]\n usb_probe_interface+0x15c/0x460\n call_driver_probe+0x35/0x120\n really_probe+0x123/0x410\n __driver_probe_device+0xc7/0x1e0\n driver_probe_device+0x49/0xf0\n __device_attach_driver+0xc6/0x160\n bus_for_each_drv+0xe4/0x160\n __device_attach+0x13a/0x2b0\n rebind_marked_interfaces.isra.0+0xcc/0x110\n usb_reset_device+0x352/0x410\n usbdev_do_ioctl+0xe5c/0x1860\n usbdev_ioctl+0xa/0x20\n __x64_sys_ioctl+0xc5/0xf0\n do_syscall_64+0x59/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 161506:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x36/0x60\n __kasan_slab_free+0x34/0x50\n kfree+0x1fd/0x3b0\n device_release+0x56/0xf0\n kobject_cleanup+0x73/0x1c0\n rtsx_usb_ms_drv_remove+0x13d/0x220 [rtsx_usb_ms]\n platform_remove+0x2f/0x50\n device_release_driver_internal+0x24b/0x2e0\n bus_remove_device+0x124/0x1d0\n device_del+0x239/0x530\n platform_device_del.part.0+0x19/0xe0\n platform_device_unregister+0x1c/0x40\n mfd_remove_devices_fn+0x167/0x170\n device_for_each_child_reverse+0xc9/0x130\n mfd_remove_devices+0x6e/0xa0\n rtsx_usb_disconnect+0x2e/0xd0 [rtsx_usb]\n usb_unbind_interface+0xf3/0x3f0\n device_release_driver_internal+0x24b/0x2e0\n proc_disconnect_claim+0x13d/0x220\n usbdev_do_ioctl+0xb5e/0x1860\n usbdev_ioctl+0xa/0x20\n __x64_sys_ioctl+0xc5/0xf0\n do_syscall_64+0x59/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nLast potentially related work creation:\n kasan_save_stack+0x20/0x40\n kasan_record_aux_stack+0x85/0x90\n insert_work+0x29/0x100\n __queue_work+0x34a/0x540\n call_timer_fn+0x2a/0x160\n expire_timers+0x5f/0x1f0\n __run_timer_base.part.0+0x1b6/0x1e0\n run_timer_softirq+0x8b/0xe0\n handle_softirqs+0xf9/0x360\n __irq_exit_rcu+0x114/0x130\n sysvec_apic_timer_interrupt+0x72/0x90\n asm_sysvec_apic_timer_interrupt+0x16/0x20\n\nSecond to last potentially related work creation:\n kasan_save_stack+0x20/0x40\n kasan_record_aux_stack+0x85/0x90\n insert_work+0x29/0x100\n __queue_work+0x34a/0x540\n call_timer_fn+0x2a/0x160\n expire_timers+0x5f/0x1f0\n __run_timer_base.part.0+0x1b6/0x1e0\n run_timer_softirq+0x8b/0xe0\n handle_softirqs+0xf9/0x\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22020",
"url": "https://www.suse.com/security/cve/CVE-2025-22020"
},
{
"category": "external",
"summary": "SUSE Bug 1241280 for CVE-2025-22020",
"url": "https://bugzilla.suse.com/1241280"
},
{
"category": "external",
"summary": "SUSE Bug 1241281 for CVE-2025-22020",
"url": "https://bugzilla.suse.com/1241281"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2025-22020"
},
{
"cve": "CVE-2025-22021",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22021"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: socket: Lookup orig tuple for IPv6 SNAT\n\nnf_sk_lookup_slow_v4 does the conntrack lookup for IPv4 packets to\nrestore the original 5-tuple in case of SNAT, to be able to find the\nright socket (if any). Then socket_match() can correctly check whether\nthe socket was transparent.\n\nHowever, the IPv6 counterpart (nf_sk_lookup_slow_v6) lacks this\nconntrack lookup, making xt_socket fail to match on the socket when the\npacket was SNATed. Add the same logic to nf_sk_lookup_slow_v6.\n\nIPv6 SNAT is used in Kubernetes clusters for pod-to-world packets, as\npods\u0027 addresses are in the fd00::/8 ULA subnet and need to be replaced\nwith the node\u0027s external address. Cilium leverages Envoy to enforce L7\npolicies, and Envoy uses transparent sockets. Cilium inserts an iptables\nprerouting rule that matches on `-m socket --transparent` and redirects\nthe packets to localhost, but it fails to match SNATed IPv6 packets due\nto that missing conntrack lookup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22021",
"url": "https://www.suse.com/security/cve/CVE-2025-22021"
},
{
"category": "external",
"summary": "SUSE Bug 1241282 for CVE-2025-22021",
"url": "https://bugzilla.suse.com/1241282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "low"
}
],
"title": "CVE-2025-22021"
},
{
"cve": "CVE-2025-22025",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22025"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: put dl_stid if fail to queue dl_recall\n\nBefore calling nfsd4_run_cb to queue dl_recall to the callback_wq, we\nincrement the reference count of dl_stid.\nWe expect that after the corresponding work_struct is processed, the\nreference count of dl_stid will be decremented through the callback\nfunction nfsd4_cb_recall_release.\nHowever, if the call to nfsd4_run_cb fails, the incremented reference\ncount of dl_stid will not be decremented correspondingly, leading to the\nfollowing nfs4_stid leak:\nunreferenced object 0xffff88812067b578 (size 344):\n comm \"nfsd\", pid 2761, jiffies 4295044002 (age 5541.241s)\n hex dump (first 32 bytes):\n 01 00 00 00 6b 6b 6b 6b b8 02 c0 e2 81 88 ff ff ....kkkk........\n 00 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 ad 4e ad de .kkkkkkk.....N..\n backtrace:\n kmem_cache_alloc+0x4b9/0x700\n nfsd4_process_open1+0x34/0x300\n nfsd4_open+0x2d1/0x9d0\n nfsd4_proc_compound+0x7a2/0xe30\n nfsd_dispatch+0x241/0x3e0\n svc_process_common+0x5d3/0xcc0\n svc_process+0x2a3/0x320\n nfsd+0x180/0x2e0\n kthread+0x199/0x1d0\n ret_from_fork+0x30/0x50\n ret_from_fork_asm+0x1b/0x30\nunreferenced object 0xffff8881499f4d28 (size 368):\n comm \"nfsd\", pid 2761, jiffies 4295044005 (age 5541.239s)\n hex dump (first 32 bytes):\n 01 00 00 00 00 00 00 00 30 4d 9f 49 81 88 ff ff ........0M.I....\n 30 4d 9f 49 81 88 ff ff 20 00 00 00 01 00 00 00 0M.I.... .......\n backtrace:\n kmem_cache_alloc+0x4b9/0x700\n nfs4_alloc_stid+0x29/0x210\n alloc_init_deleg+0x92/0x2e0\n nfs4_set_delegation+0x284/0xc00\n nfs4_open_delegation+0x216/0x3f0\n nfsd4_process_open2+0x2b3/0xee0\n nfsd4_open+0x770/0x9d0\n nfsd4_proc_compound+0x7a2/0xe30\n nfsd_dispatch+0x241/0x3e0\n svc_process_common+0x5d3/0xcc0\n svc_process+0x2a3/0x320\n nfsd+0x180/0x2e0\n kthread+0x199/0x1d0\n ret_from_fork+0x30/0x50\n ret_from_fork_asm+0x1b/0x30\nFix it by checking the result of nfsd4_run_cb and call nfs4_put_stid if\nfail to queue dl_recall.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22025",
"url": "https://www.suse.com/security/cve/CVE-2025-22025"
},
{
"category": "external",
"summary": "SUSE Bug 1241361 for CVE-2025-22025",
"url": "https://bugzilla.suse.com/1241361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22025"
},
{
"cve": "CVE-2025-22027",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22027"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: streamzap: fix race between device disconnection and urb callback\n\nSyzkaller has reported a general protection fault at function\nir_raw_event_store_with_filter(). This crash is caused by a NULL pointer\ndereference of dev-\u003eraw pointer, even though it is checked for NULL in\nthe same function, which means there is a race condition. It occurs due\nto the incorrect order of actions in the streamzap_disconnect() function:\nrc_unregister_device() is called before usb_kill_urb(). The dev-\u003eraw\npointer is freed and set to NULL in rc_unregister_device(), and only\nafter that usb_kill_urb() waits for in-progress requests to finish.\n\nIf rc_unregister_device() is called while streamzap_callback() handler is\nnot finished, this can lead to accessing freed resources. Thus\nrc_unregister_device() should be called after usb_kill_urb().\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22027",
"url": "https://www.suse.com/security/cve/CVE-2025-22027"
},
{
"category": "external",
"summary": "SUSE Bug 1241369 for CVE-2025-22027",
"url": "https://bugzilla.suse.com/1241369"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22027"
},
{
"cve": "CVE-2025-22029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22029"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22029",
"url": "https://www.suse.com/security/cve/CVE-2025-22029"
},
{
"category": "external",
"summary": "SUSE Bug 1241378 for CVE-2025-22029",
"url": "https://bugzilla.suse.com/1241378"
},
{
"category": "external",
"summary": "SUSE Bug 1241379 for CVE-2025-22029",
"url": "https://bugzilla.suse.com/1241379"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2025-22029"
},
{
"cve": "CVE-2025-22030",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22030"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead()\n\nCurrently, zswap_cpu_comp_dead() calls crypto_free_acomp() while holding\nthe per-CPU acomp_ctx mutex. crypto_free_acomp() then holds scomp_lock\n(through crypto_exit_scomp_ops_async()).\n\nOn the other hand, crypto_alloc_acomp_node() holds the scomp_lock (through\ncrypto_scomp_init_tfm()), and then allocates memory. If the allocation\nresults in reclaim, we may attempt to hold the per-CPU acomp_ctx mutex.\n\nThe above dependencies can cause an ABBA deadlock. For example in the\nfollowing scenario:\n\n(1) Task A running on CPU #1:\n crypto_alloc_acomp_node()\n Holds scomp_lock\n Enters reclaim\n Reads per_cpu_ptr(pool-\u003eacomp_ctx, 1)\n\n(2) Task A is descheduled\n\n(3) CPU #1 goes offline\n zswap_cpu_comp_dead(CPU #1)\n Holds per_cpu_ptr(pool-\u003eacomp_ctx, 1))\n Calls crypto_free_acomp()\n Waits for scomp_lock\n\n(4) Task A running on CPU #2:\n Waits for per_cpu_ptr(pool-\u003eacomp_ctx, 1) // Read on CPU #1\n DEADLOCK\n\nSince there is no requirement to call crypto_free_acomp() with the per-CPU\nacomp_ctx mutex held in zswap_cpu_comp_dead(), move it after the mutex is\nunlocked. Also move the acomp_request_free() and kfree() calls for\nconsistency and to avoid any potential sublte locking dependencies in the\nfuture.\n\nWith this, only setting acomp_ctx fields to NULL occurs with the mutex\nheld. This is similar to how zswap_cpu_comp_prepare() only initializes\nacomp_ctx fields with the mutex held, after performing all allocations\nbefore holding the mutex.\n\nOpportunistically, move the NULL check on acomp_ctx so that it takes place\nbefore the mutex dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22030",
"url": "https://www.suse.com/security/cve/CVE-2025-22030"
},
{
"category": "external",
"summary": "SUSE Bug 1241376 for CVE-2025-22030",
"url": "https://bugzilla.suse.com/1241376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22030"
},
{
"cve": "CVE-2025-22033",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22033"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: Don\u0027t call NULL in do_compat_alignment_fixup()\n\ndo_alignment_t32_to_handler() only fixes up alignment faults for\nspecific instructions; it returns NULL otherwise (e.g. LDREX). When\nthat\u0027s the case, signal to the caller that it needs to proceed with the\nregular alignment fault handling (i.e. SIGBUS). Without this patch, the\nkernel panics:\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n Mem abort info:\n ESR = 0x0000000086000006\n EC = 0x21: IABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x06: level 2 translation fault\n user pgtable: 4k pages, 48-bit VAs, pgdp=00000800164aa000\n [0000000000000000] pgd=0800081fdbd22003, p4d=0800081fdbd22003, pud=08000815d51c6003, pmd=0000000000000000\n Internal error: Oops: 0000000086000006 [#1] SMP\n Modules linked in: cfg80211 rfkill xt_nat xt_tcpudp xt_conntrack nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xfrm_user xfrm_algo xt_addrtype nft_compat br_netfilter veth nvme_fa\u003e\n libcrc32c crc32c_generic raid0 multipath linear dm_mod dax raid1 md_mod xhci_pci nvme xhci_hcd nvme_core t10_pi usbcore igb crc64_rocksoft crc64 crc_t10dif crct10dif_generic crct10dif_ce crct10dif_common usb_common i2c_algo_bit i2c\u003e\n CPU: 2 PID: 3932954 Comm: WPEWebProcess Not tainted 6.1.0-31-arm64 #1 Debian 6.1.128-1\n Hardware name: GIGABYTE MP32-AR1-00/MP32-AR1-00, BIOS F18v (SCP: 1.08.20211002) 12/01/2021\n pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : 0x0\n lr : do_compat_alignment_fixup+0xd8/0x3dc\n sp : ffff80000f973dd0\n x29: ffff80000f973dd0 x28: ffff081b42526180 x27: 0000000000000000\n x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n x23: 0000000000000004 x22: 0000000000000000 x21: 0000000000000001\n x20: 00000000e8551f00 x19: ffff80000f973eb0 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\n x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n x11: 0000000000000000 x10: 0000000000000000 x9 : ffffaebc949bc488\n x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n x5 : 0000000000400000 x4 : 0000fffffffffffe x3 : 0000000000000000\n x2 : ffff80000f973eb0 x1 : 00000000e8551f00 x0 : 0000000000000001\n Call trace:\n 0x0\n do_alignment_fault+0x40/0x50\n do_mem_abort+0x4c/0xa0\n el0_da+0x48/0xf0\n el0t_32_sync_handler+0x110/0x140\n el0t_32_sync+0x190/0x194\n Code: bad PC value\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22033",
"url": "https://www.suse.com/security/cve/CVE-2025-22033"
},
{
"category": "external",
"summary": "SUSE Bug 1241436 for CVE-2025-22033",
"url": "https://bugzilla.suse.com/1241436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22033"
},
{
"cve": "CVE-2025-22036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix random stack corruption after get_block\n\nWhen get_block is called with a buffer_head allocated on the stack, such\nas do_mpage_readpage, stack corruption due to buffer_head UAF may occur in\nthe following race condition situation.\n\n \u003cCPU 0\u003e \u003cCPU 1\u003e\nmpage_read_folio\n \u003c\u003cbh on stack\u003e\u003e\n do_mpage_readpage\n exfat_get_block\n bh_read\n __bh_read\n\t get_bh(bh)\n submit_bh\n wait_on_buffer\n ...\n end_buffer_read_sync\n __end_buffer_read_notouch\n unlock_buffer\n \u003c\u003ckeep going\u003e\u003e\n ...\n ...\n ...\n ...\n\u003c\u003cbh is not valid out of mpage_read_folio\u003e\u003e\n .\n .\nanother_function\n \u003c\u003cvariable A on stack\u003e\u003e\n put_bh(bh)\n atomic_dec(bh-\u003eb_count)\n * stack corruption here *\n\nThis patch returns -EAGAIN if a folio does not have buffers when bh_read\nneeds to be called. By doing this, the caller can fallback to functions\nlike block_read_full_folio(), create a buffer_head in the folio, and then\ncall get_block again.\n\nLet\u0027s do not call bh_read() with on-stack buffer_head.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22036",
"url": "https://www.suse.com/security/cve/CVE-2025-22036"
},
{
"category": "external",
"summary": "SUSE Bug 1241426 for CVE-2025-22036",
"url": "https://bugzilla.suse.com/1241426"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22036"
},
{
"cve": "CVE-2025-22044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22044"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nacpi: nfit: fix narrowing conversion in acpi_nfit_ctl\n\nSyzkaller has reported a warning in to_nfit_bus_uuid(): \"only secondary\nbus families can be translated\". This warning is emited if the argument\nis equal to NVDIMM_BUS_FAMILY_NFIT == 0. Function acpi_nfit_ctl() first\nverifies that a user-provided value call_pkg-\u003end_family of type u64 is\nnot equal to 0. Then the value is converted to int, and only after that\nis compared to NVDIMM_BUS_FAMILY_MAX. This can lead to passing an invalid\nargument to acpi_nfit_ctl(), if call_pkg-\u003end_family is non-zero, while\nthe lower 32 bits are zero.\n\nFurthermore, it is best to return EINVAL immediately upon seeing the\ninvalid user input. The WARNING is insufficient to prevent further\nundefined behavior based on other invalid user input.\n\nAll checks of the input value should be applied to the original variable\ncall_pkg-\u003end_family.\n\n[iweiny: update commit message]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22044",
"url": "https://www.suse.com/security/cve/CVE-2025-22044"
},
{
"category": "external",
"summary": "SUSE Bug 1241424 for CVE-2025-22044",
"url": "https://bugzilla.suse.com/1241424"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22044"
},
{
"cve": "CVE-2025-22045",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22045"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Fix flush_tlb_range() when used for zapping normal PMDs\n\nOn the following path, flush_tlb_range() can be used for zapping normal\nPMD entries (PMD entries that point to page tables) together with the PTE\nentries in the pointed-to page table:\n\n collapse_pte_mapped_thp\n pmdp_collapse_flush\n flush_tlb_range\n\nThe arm64 version of flush_tlb_range() has a comment describing that it can\nbe used for page table removal, and does not use any last-level\ninvalidation optimizations. Fix the X86 version by making it behave the\nsame way.\n\nCurrently, X86 only uses this information for the following two purposes,\nwhich I think means the issue doesn\u0027t have much impact:\n\n - In native_flush_tlb_multi() for checking if lazy TLB CPUs need to be\n IPI\u0027d to avoid issues with speculative page table walks.\n - In Hyper-V TLB paravirtualization, again for lazy TLB stuff.\n\nThe patch \"x86/mm: only invalidate final translations with INVLPGB\" which\nis currently under review (see\n\u003chttps://lore.kernel.org/all/20241230175550.4046587-13-riel@surriel.com/\u003e)\nwould probably be making the impact of this a lot worse.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22045",
"url": "https://www.suse.com/security/cve/CVE-2025-22045"
},
{
"category": "external",
"summary": "SUSE Bug 1241433 for CVE-2025-22045",
"url": "https://bugzilla.suse.com/1241433"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22045"
},
{
"cve": "CVE-2025-22050",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22050"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet:fix NPE during rx_complete\n\nMissing usbnet_going_away Check in Critical Path.\nThe usb_submit_urb function lacks a usbnet_going_away\nvalidation, whereas __usbnet_queue_skb includes this check.\n\nThis inconsistency creates a race condition where:\nA URB request may succeed, but the corresponding SKB data\nfails to be queued.\n\nSubsequent processes:\n(e.g., rx_complete \u2192 defer_bh \u2192 __skb_unlink(skb, list))\nattempt to access skb-\u003enext, triggering a NULL pointer\ndereference (Kernel Panic).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22050",
"url": "https://www.suse.com/security/cve/CVE-2025-22050"
},
{
"category": "external",
"summary": "SUSE Bug 1241441 for CVE-2025-22050",
"url": "https://bugzilla.suse.com/1241441"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22050"
},
{
"cve": "CVE-2025-22053",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22053"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ibmveth: make veth_pool_store stop hanging\n\nv2:\n- Created a single error handling unlock and exit in veth_pool_store\n- Greatly expanded commit message with previous explanatory-only text\n\nSummary: Use rtnl_mutex to synchronize veth_pool_store with itself,\nibmveth_close and ibmveth_open, preventing multiple calls in a row to\nnapi_disable.\n\nBackground: Two (or more) threads could call veth_pool_store through\nwriting to /sys/devices/vio/30000002/pool*/*. You can do this easily\nwith a little shell script. This causes a hang.\n\nI configured LOCKDEP, compiled ibmveth.c with DEBUG, and built a new\nkernel. I ran this test again and saw:\n\n Setting pool0/active to 0\n Setting pool1/active to 1\n [ 73.911067][ T4365] ibmveth 30000002 eth0: close starting\n Setting pool1/active to 1\n Setting pool1/active to 0\n [ 73.911367][ T4366] ibmveth 30000002 eth0: close starting\n [ 73.916056][ T4365] ibmveth 30000002 eth0: close complete\n [ 73.916064][ T4365] ibmveth 30000002 eth0: open starting\n [ 110.808564][ T712] systemd-journald[712]: Sent WATCHDOG=1 notification.\n [ 230.808495][ T712] systemd-journald[712]: Sent WATCHDOG=1 notification.\n [ 243.683786][ T123] INFO: task stress.sh:4365 blocked for more than 122 seconds.\n [ 243.683827][ T123] Not tainted 6.14.0-01103-g2df0c02dab82-dirty #8\n [ 243.683833][ T123] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n [ 243.683838][ T123] task:stress.sh state:D stack:28096 pid:4365 tgid:4365 ppid:4364 task_flags:0x400040 flags:0x00042000\n [ 243.683852][ T123] Call Trace:\n [ 243.683857][ T123] [c00000000c38f690] [0000000000000001] 0x1 (unreliable)\n [ 243.683868][ T123] [c00000000c38f840] [c00000000001f908] __switch_to+0x318/0x4e0\n [ 243.683878][ T123] [c00000000c38f8a0] [c000000001549a70] __schedule+0x500/0x12a0\n [ 243.683888][ T123] [c00000000c38f9a0] [c00000000154a878] schedule+0x68/0x210\n [ 243.683896][ T123] [c00000000c38f9d0] [c00000000154ac80] schedule_preempt_disabled+0x30/0x50\n [ 243.683904][ T123] [c00000000c38fa00] [c00000000154dbb0] __mutex_lock+0x730/0x10f0\n [ 243.683913][ T123] [c00000000c38fb10] [c000000001154d40] napi_enable+0x30/0x60\n [ 243.683921][ T123] [c00000000c38fb40] [c000000000f4ae94] ibmveth_open+0x68/0x5dc\n [ 243.683928][ T123] [c00000000c38fbe0] [c000000000f4aa20] veth_pool_store+0x220/0x270\n [ 243.683936][ T123] [c00000000c38fc70] [c000000000826278] sysfs_kf_write+0x68/0xb0\n [ 243.683944][ T123] [c00000000c38fcb0] [c0000000008240b8] kernfs_fop_write_iter+0x198/0x2d0\n [ 243.683951][ T123] [c00000000c38fd00] [c00000000071b9ac] vfs_write+0x34c/0x650\n [ 243.683958][ T123] [c00000000c38fdc0] [c00000000071bea8] ksys_write+0x88/0x150\n [ 243.683966][ T123] [c00000000c38fe10] [c0000000000317f4] system_call_exception+0x124/0x340\n [ 243.683973][ T123] [c00000000c38fe50] [c00000000000d05c] system_call_vectored_common+0x15c/0x2ec\n ...\n [ 243.684087][ T123] Showing all locks held in the system:\n [ 243.684095][ T123] 1 lock held by khungtaskd/123:\n [ 243.684099][ T123] #0: c00000000278e370 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x50/0x248\n [ 243.684114][ T123] 4 locks held by stress.sh/4365:\n [ 243.684119][ T123] #0: c00000003a4cd3f8 (sb_writers#3){.+.+}-{0:0}, at: ksys_write+0x88/0x150\n [ 243.684132][ T123] #1: c000000041aea888 (\u0026of-\u003emutex#2){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x154/0x2d0\n [ 243.684143][ T123] #2: c0000000366fb9a8 (kn-\u003eactive#64){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x160/0x2d0\n [ 243.684155][ T123] #3: c000000035ff4cb8 (\u0026dev-\u003elock){+.+.}-{3:3}, at: napi_enable+0x30/0x60\n [ 243.684166][ T123] 5 locks held by stress.sh/4366:\n [ 243.684170][ T123] #0: c00000003a4cd3f8 (sb_writers#3){.+.+}-{0:0}, at: ksys_write+0x88/0x150\n [ 243.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22053",
"url": "https://www.suse.com/security/cve/CVE-2025-22053"
},
{
"category": "external",
"summary": "SUSE Bug 1241373 for CVE-2025-22053",
"url": "https://bugzilla.suse.com/1241373"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22053"
},
{
"cve": "CVE-2025-22055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix geneve_opt length integer overflow\n\nstruct geneve_opt uses 5 bit length for each single option, which\nmeans every vary size option should be smaller than 128 bytes.\n\nHowever, all current related Netlink policies cannot promise this\nlength condition and the attacker can exploit a exact 128-byte size\noption to *fake* a zero length option and confuse the parsing logic,\nfurther achieve heap out-of-bounds read.\n\nOne example crash log is like below:\n\n[ 3.905425] ==================================================================\n[ 3.905925] BUG: KASAN: slab-out-of-bounds in nla_put+0xa9/0xe0\n[ 3.906255] Read of size 124 at addr ffff888005f291cc by task poc/177\n[ 3.906646]\n[ 3.906775] CPU: 0 PID: 177 Comm: poc-oob-read Not tainted 6.1.132 #1\n[ 3.907131] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n[ 3.907784] Call Trace:\n[ 3.907925] \u003cTASK\u003e\n[ 3.908048] dump_stack_lvl+0x44/0x5c\n[ 3.908258] print_report+0x184/0x4be\n[ 3.909151] kasan_report+0xc5/0x100\n[ 3.909539] kasan_check_range+0xf3/0x1a0\n[ 3.909794] memcpy+0x1f/0x60\n[ 3.909968] nla_put+0xa9/0xe0\n[ 3.910147] tunnel_key_dump+0x945/0xba0\n[ 3.911536] tcf_action_dump_1+0x1c1/0x340\n[ 3.912436] tcf_action_dump+0x101/0x180\n[ 3.912689] tcf_exts_dump+0x164/0x1e0\n[ 3.912905] fw_dump+0x18b/0x2d0\n[ 3.913483] tcf_fill_node+0x2ee/0x460\n[ 3.914778] tfilter_notify+0xf4/0x180\n[ 3.915208] tc_new_tfilter+0xd51/0x10d0\n[ 3.918615] rtnetlink_rcv_msg+0x4a2/0x560\n[ 3.919118] netlink_rcv_skb+0xcd/0x200\n[ 3.919787] netlink_unicast+0x395/0x530\n[ 3.921032] netlink_sendmsg+0x3d0/0x6d0\n[ 3.921987] __sock_sendmsg+0x99/0xa0\n[ 3.922220] __sys_sendto+0x1b7/0x240\n[ 3.922682] __x64_sys_sendto+0x72/0x90\n[ 3.922906] do_syscall_64+0x5e/0x90\n[ 3.923814] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 3.924122] RIP: 0033:0x7e83eab84407\n[ 3.924331] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 \u003c5b\u003e c3 0f 1f 80 00 00 00 00 83 e2 39 83 faf\n[ 3.925330] RSP: 002b:00007ffff505e370 EFLAGS: 00000202 ORIG_RAX: 000000000000002c\n[ 3.925752] RAX: ffffffffffffffda RBX: 00007e83eaafa740 RCX: 00007e83eab84407\n[ 3.926173] RDX: 00000000000001a8 RSI: 00007ffff505e3c0 RDI: 0000000000000003\n[ 3.926587] RBP: 00007ffff505f460 R08: 00007e83eace1000 R09: 000000000000000c\n[ 3.926977] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffff505f3c0\n[ 3.927367] R13: 00007ffff505f5c8 R14: 00007e83ead1b000 R15: 00005d4fbbe6dcb8\n\nFix these issues by enforing correct length condition in related\npolicies.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22055",
"url": "https://www.suse.com/security/cve/CVE-2025-22055"
},
{
"category": "external",
"summary": "SUSE Bug 1241371 for CVE-2025-22055",
"url": "https://bugzilla.suse.com/1241371"
},
{
"category": "external",
"summary": "SUSE Bug 1241372 for CVE-2025-22055",
"url": "https://bugzilla.suse.com/1241372"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2025-22055"
},
{
"cve": "CVE-2025-22056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_tunnel: fix geneve_opt type confusion addition\n\nWhen handling multiple NFTA_TUNNEL_KEY_OPTS_GENEVE attributes, the\nparsing logic should place every geneve_opt structure one by one\ncompactly. Hence, when deciding the next geneve_opt position, the\npointer addition should be in units of char *.\n\nHowever, the current implementation erroneously does type conversion\nbefore the addition, which will lead to heap out-of-bounds write.\n\n[ 6.989857] ==================================================================\n[ 6.990293] BUG: KASAN: slab-out-of-bounds in nft_tunnel_obj_init+0x977/0xa70\n[ 6.990725] Write of size 124 at addr ffff888005f18974 by task poc/178\n[ 6.991162]\n[ 6.991259] CPU: 0 PID: 178 Comm: poc-oob-write Not tainted 6.1.132 #1\n[ 6.991655] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n[ 6.992281] Call Trace:\n[ 6.992423] \u003cTASK\u003e\n[ 6.992586] dump_stack_lvl+0x44/0x5c\n[ 6.992801] print_report+0x184/0x4be\n[ 6.993790] kasan_report+0xc5/0x100\n[ 6.994252] kasan_check_range+0xf3/0x1a0\n[ 6.994486] memcpy+0x38/0x60\n[ 6.994692] nft_tunnel_obj_init+0x977/0xa70\n[ 6.995677] nft_obj_init+0x10c/0x1b0\n[ 6.995891] nf_tables_newobj+0x585/0x950\n[ 6.996922] nfnetlink_rcv_batch+0xdf9/0x1020\n[ 6.998997] nfnetlink_rcv+0x1df/0x220\n[ 6.999537] netlink_unicast+0x395/0x530\n[ 7.000771] netlink_sendmsg+0x3d0/0x6d0\n[ 7.001462] __sock_sendmsg+0x99/0xa0\n[ 7.001707] ____sys_sendmsg+0x409/0x450\n[ 7.002391] ___sys_sendmsg+0xfd/0x170\n[ 7.003145] __sys_sendmsg+0xea/0x170\n[ 7.004359] do_syscall_64+0x5e/0x90\n[ 7.005817] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 7.006127] RIP: 0033:0x7ec756d4e407\n[ 7.006339] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 \u003c5b\u003e c3 0f 1f 80 00 00 00 00 83 e2 39 83 faf\n[ 7.007364] RSP: 002b:00007ffed5d46760 EFLAGS: 00000202 ORIG_RAX: 000000000000002e\n[ 7.007827] RAX: ffffffffffffffda RBX: 00007ec756cc4740 RCX: 00007ec756d4e407\n[ 7.008223] RDX: 0000000000000000 RSI: 00007ffed5d467f0 RDI: 0000000000000003\n[ 7.008620] RBP: 00007ffed5d468a0 R08: 0000000000000000 R09: 0000000000000000\n[ 7.009039] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000\n[ 7.009429] R13: 00007ffed5d478b0 R14: 00007ec756ee5000 R15: 00005cbd4e655cb8\n\nFix this bug with correct pointer addition and conversion in parse\nand dump code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22056",
"url": "https://www.suse.com/security/cve/CVE-2025-22056"
},
{
"category": "external",
"summary": "SUSE Bug 1241525 for CVE-2025-22056",
"url": "https://bugzilla.suse.com/1241525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22056"
},
{
"cve": "CVE-2025-22057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: decrease cached dst counters in dst_release\n\nUpstream fix ac888d58869b (\"net: do not delay dst_entries_add() in\ndst_release()\") moved decrementing the dst count from dst_destroy to\ndst_release to avoid accessing already freed data in case of netns\ndismantle. However in case CONFIG_DST_CACHE is enabled and OvS+tunnels\nare used, this fix is incomplete as the same issue will be seen for\ncached dsts:\n\n Unable to handle kernel paging request at virtual address ffff5aabf6b5c000\n Call trace:\n percpu_counter_add_batch+0x3c/0x160 (P)\n dst_release+0xec/0x108\n dst_cache_destroy+0x68/0xd8\n dst_destroy+0x13c/0x168\n dst_destroy_rcu+0x1c/0xb0\n rcu_do_batch+0x18c/0x7d0\n rcu_core+0x174/0x378\n rcu_core_si+0x18/0x30\n\nFix this by invalidating the cache, and thus decrementing cached dst\ncounters, in dst_release too.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22057",
"url": "https://www.suse.com/security/cve/CVE-2025-22057"
},
{
"category": "external",
"summary": "SUSE Bug 1241533 for CVE-2025-22057",
"url": "https://bugzilla.suse.com/1241533"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22057"
},
{
"cve": "CVE-2025-22058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudp: Fix memory accounting leak.\n\nMatt Dowling reported a weird UDP memory usage issue.\n\nUnder normal operation, the UDP memory usage reported in /proc/net/sockstat\nremains close to zero. However, it occasionally spiked to 524,288 pages\nand never dropped. Moreover, the value doubled when the application was\nterminated. Finally, it caused intermittent packet drops.\n\nWe can reproduce the issue with the script below [0]:\n\n 1. /proc/net/sockstat reports 0 pages\n\n # cat /proc/net/sockstat | grep UDP:\n UDP: inuse 1 mem 0\n\n 2. Run the script till the report reaches 524,288\n\n # python3 test.py \u0026 sleep 5\n # cat /proc/net/sockstat | grep UDP:\n UDP: inuse 3 mem 524288 \u003c-- (INT_MAX + 1) \u003e\u003e PAGE_SHIFT\n\n 3. Kill the socket and confirm the number never drops\n\n # pkill python3 \u0026\u0026 sleep 5\n # cat /proc/net/sockstat | grep UDP:\n UDP: inuse 1 mem 524288\n\n 4. (necessary since v6.0) Trigger proto_memory_pcpu_drain()\n\n # python3 test.py \u0026 sleep 1 \u0026\u0026 pkill python3\n\n 5. The number doubles\n\n # cat /proc/net/sockstat | grep UDP:\n UDP: inuse 1 mem 1048577\n\nThe application set INT_MAX to SO_RCVBUF, which triggered an integer\noverflow in udp_rmem_release().\n\nWhen a socket is close()d, udp_destruct_common() purges its receive\nqueue and sums up skb-\u003etruesize in the queue. This total is calculated\nand stored in a local unsigned integer variable.\n\nThe total size is then passed to udp_rmem_release() to adjust memory\naccounting. However, because the function takes a signed integer\nargument, the total size can wrap around, causing an overflow.\n\nThen, the released amount is calculated as follows:\n\n 1) Add size to sk-\u003esk_forward_alloc.\n 2) Round down sk-\u003esk_forward_alloc to the nearest lower multiple of\n PAGE_SIZE and assign it to amount.\n 3) Subtract amount from sk-\u003esk_forward_alloc.\n 4) Pass amount \u003e\u003e PAGE_SHIFT to __sk_mem_reduce_allocated().\n\nWhen the issue occurred, the total in udp_destruct_common() was 2147484480\n(INT_MAX + 833), which was cast to -2147482816 in udp_rmem_release().\n\nAt 1) sk-\u003esk_forward_alloc is changed from 3264 to -2147479552, and\n2) sets -2147479552 to amount. 3) reverts the wraparound, so we don\u0027t\nsee a warning in inet_sock_destruct(). However, udp_memory_allocated\nends up doubling at 4).\n\nSince commit 3cd3399dd7a8 (\"net: implement per-cpu reserves for\nmemory_allocated\"), memory usage no longer doubles immediately after\na socket is close()d because __sk_mem_reduce_allocated() caches the\namount in udp_memory_per_cpu_fw_alloc. However, the next time a UDP\nsocket receives a packet, the subtraction takes effect, causing UDP\nmemory usage to double.\n\nThis issue makes further memory allocation fail once the socket\u0027s\nsk-\u003esk_rmem_alloc exceeds net.ipv4.udp_rmem_min, resulting in packet\ndrops.\n\nTo prevent this issue, let\u0027s use unsigned int for the calculation and\ncall sk_forward_alloc_add() only once for the small delta.\n\nNote that first_packet_length() also potentially has the same problem.\n\n[0]:\nfrom socket import *\n\nSO_RCVBUFFORCE = 33\nINT_MAX = (2 ** 31) - 1\n\ns = socket(AF_INET, SOCK_DGRAM)\ns.bind((\u0027\u0027, 0))\ns.setsockopt(SOL_SOCKET, SO_RCVBUFFORCE, INT_MAX)\n\nc = socket(AF_INET, SOCK_DGRAM)\nc.connect(s.getsockname())\n\ndata = b\u0027a\u0027 * 100\n\nwhile True:\n c.send(data)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22058",
"url": "https://www.suse.com/security/cve/CVE-2025-22058"
},
{
"category": "external",
"summary": "SUSE Bug 1241332 for CVE-2025-22058",
"url": "https://bugzilla.suse.com/1241332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22058"
},
{
"cve": "CVE-2025-22060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22060"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvpp2: Prevent parser TCAM memory corruption\n\nProtect the parser TCAM/SRAM memory, and the cached (shadow) SRAM\ninformation, from concurrent modifications.\n\nBoth the TCAM and SRAM tables are indirectly accessed by configuring\nan index register that selects the row to read or write to. This means\nthat operations must be atomic in order to, e.g., avoid spreading\nwrites across multiple rows. Since the shadow SRAM array is used to\nfind free rows in the hardware table, it must also be protected in\norder to avoid TOCTOU errors where multiple cores allocate the same\nrow.\n\nThis issue was detected in a situation where `mvpp2_set_rx_mode()` ran\nconcurrently on two CPUs. In this particular case the\nMVPP2_PE_MAC_UC_PROMISCUOUS entry was corrupted, causing the\nclassifier unit to drop all incoming unicast - indicated by the\n`rx_classifier_drops` counter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22060",
"url": "https://www.suse.com/security/cve/CVE-2025-22060"
},
{
"category": "external",
"summary": "SUSE Bug 1241526 for CVE-2025-22060",
"url": "https://bugzilla.suse.com/1241526"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22060"
},
{
"cve": "CVE-2025-22062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22062"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: add mutual exclusion in proc_sctp_do_udp_port()\n\nWe must serialize calls to sctp_udp_sock_stop() and sctp_udp_sock_start()\nor risk a crash as syzbot reported:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]\nCPU: 1 UID: 0 PID: 6551 Comm: syz.1.44 Not tainted 6.14.0-syzkaller-g7f2ff7b62617 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\n RIP: 0010:kernel_sock_shutdown+0x47/0x70 net/socket.c:3653\nCall Trace:\n \u003cTASK\u003e\n udp_tunnel_sock_release+0x68/0x80 net/ipv4/udp_tunnel_core.c:181\n sctp_udp_sock_stop+0x71/0x160 net/sctp/protocol.c:930\n proc_sctp_do_udp_port+0x264/0x450 net/sctp/sysctl.c:553\n proc_sys_call_handler+0x3d0/0x5b0 fs/proc/proc_sysctl.c:601\n iter_file_splice_write+0x91c/0x1150 fs/splice.c:738\n do_splice_from fs/splice.c:935 [inline]\n direct_splice_actor+0x18f/0x6c0 fs/splice.c:1158\n splice_direct_to_actor+0x342/0xa30 fs/splice.c:1102\n do_splice_direct_actor fs/splice.c:1201 [inline]\n do_splice_direct+0x174/0x240 fs/splice.c:1227\n do_sendfile+0xafd/0xe50 fs/read_write.c:1368\n __do_sys_sendfile64 fs/read_write.c:1429 [inline]\n __se_sys_sendfile64 fs/read_write.c:1415 [inline]\n __x64_sys_sendfile64+0x1d8/0x220 fs/read_write.c:1415\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22062",
"url": "https://www.suse.com/security/cve/CVE-2025-22062"
},
{
"category": "external",
"summary": "SUSE Bug 1241412 for CVE-2025-22062",
"url": "https://bugzilla.suse.com/1241412"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22062"
},
{
"cve": "CVE-2025-22063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets\n\nWhen calling netlbl_conn_setattr(), addr-\u003esa_family is used\nto determine the function behavior. If sk is an IPv4 socket,\nbut the connect function is called with an IPv6 address,\nthe function calipso_sock_setattr() is triggered.\nInside this function, the following code is executed:\n\nsk_fullsock(__sk) ? inet_sk(__sk)-\u003epinet6 : NULL;\n\nSince sk is an IPv4 socket, pinet6 is NULL, leading to a\nnull pointer dereference.\n\nThis patch fixes the issue by checking if inet6_sk(sk)\nreturns a NULL pointer before accessing pinet6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22063",
"url": "https://www.suse.com/security/cve/CVE-2025-22063"
},
{
"category": "external",
"summary": "SUSE Bug 1241351 for CVE-2025-22063",
"url": "https://bugzilla.suse.com/1241351"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22063"
},
{
"cve": "CVE-2025-22064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22064"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t unregister hook when table is dormant\n\nWhen nf_tables_updchain encounters an error, hook registration needs to\nbe rolled back.\n\nThis should only be done if the hook has been registered, which won\u0027t\nhappen when the table is flagged as dormant (inactive).\n\nJust move the assignment into the registration block.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22064",
"url": "https://www.suse.com/security/cve/CVE-2025-22064"
},
{
"category": "external",
"summary": "SUSE Bug 1241413 for CVE-2025-22064",
"url": "https://bugzilla.suse.com/1241413"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22064"
},
{
"cve": "CVE-2025-22065",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22065"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix adapter NULL pointer dereference on reboot\n\nWith SRIOV enabled, idpf ends up calling into idpf_remove() twice.\nFirst via idpf_shutdown() and then again when idpf_remove() calls into\nsriov_disable(), because the VF devices use the idpf driver, hence the\nsame remove routine. When that happens, it is possible for the adapter\nto be NULL from the first call to idpf_remove(), leading to a NULL\npointer dereference.\n\necho 1 \u003e /sys/class/net/\u003cnetif\u003e/device/sriov_numvfs\nreboot\n\nBUG: kernel NULL pointer dereference, address: 0000000000000020\n...\nRIP: 0010:idpf_remove+0x22/0x1f0 [idpf]\n...\n? idpf_remove+0x22/0x1f0 [idpf]\n? idpf_remove+0x1e4/0x1f0 [idpf]\npci_device_remove+0x3f/0xb0\ndevice_release_driver_internal+0x19f/0x200\npci_stop_bus_device+0x6d/0x90\npci_stop_and_remove_bus_device+0x12/0x20\npci_iov_remove_virtfn+0xbe/0x120\nsriov_disable+0x34/0xe0\nidpf_sriov_configure+0x58/0x140 [idpf]\nidpf_remove+0x1b9/0x1f0 [idpf]\nidpf_shutdown+0x12/0x30 [idpf]\npci_device_shutdown+0x35/0x60\ndevice_shutdown+0x156/0x200\n...\n\nReplace the direct idpf_remove() call in idpf_shutdown() with\nidpf_vc_core_deinit() and idpf_deinit_dflt_mbx(), which perform\nthe bulk of the cleanup, such as stopping the init task, freeing IRQs,\ndestroying the vports and freeing the mailbox. This avoids the calls to\nsriov_disable() in addition to a small netdev cleanup, and destroying\nworkqueues, which don\u0027t seem to be required on shutdown.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22065",
"url": "https://www.suse.com/security/cve/CVE-2025-22065"
},
{
"category": "external",
"summary": "SUSE Bug 1241333 for CVE-2025-22065",
"url": "https://bugzilla.suse.com/1241333"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22065"
},
{
"cve": "CVE-2025-22070",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22070"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/9p: fix NULL pointer dereference on mkdir\n\nWhen a 9p tree was mounted with option \u0027posixacl\u0027, parent directory had a\ndefault ACL set for its subdirectories, e.g.:\n\n setfacl -m default:group:simpsons:rwx parentdir\n\nthen creating a subdirectory crashed 9p client, as v9fs_fid_add() call in\nfunction v9fs_vfs_mkdir_dotl() sets the passed \u0027fid\u0027 pointer to NULL\n(since dafbe689736) even though the subsequent v9fs_set_create_acl() call\nexpects a valid non-NULL \u0027fid\u0027 pointer:\n\n [ 37.273191] BUG: kernel NULL pointer dereference, address: 0000000000000000\n ...\n [ 37.322338] Call Trace:\n [ 37.323043] \u003cTASK\u003e\n [ 37.323621] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434)\n [ 37.324448] ? page_fault_oops (arch/x86/mm/fault.c:714)\n [ 37.325532] ? search_module_extables (kernel/module/main.c:3733)\n [ 37.326742] ? p9_client_walk (net/9p/client.c:1165) 9pnet\n [ 37.328006] ? search_bpf_extables (kernel/bpf/core.c:804)\n [ 37.329142] ? exc_page_fault (./arch/x86/include/asm/paravirt.h:686 arch/x86/mm/fault.c:1488 arch/x86/mm/fault.c:1538)\n [ 37.330196] ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:574)\n [ 37.331330] ? p9_client_walk (net/9p/client.c:1165) 9pnet\n [ 37.332562] ? v9fs_fid_xattr_get (fs/9p/xattr.c:30) 9p\n [ 37.333824] v9fs_fid_xattr_set (fs/9p/fid.h:23 fs/9p/xattr.c:121) 9p\n [ 37.335077] v9fs_set_acl (fs/9p/acl.c:276) 9p\n [ 37.336112] v9fs_set_create_acl (fs/9p/acl.c:307) 9p\n [ 37.337326] v9fs_vfs_mkdir_dotl (fs/9p/vfs_inode_dotl.c:411) 9p\n [ 37.338590] vfs_mkdir (fs/namei.c:4313)\n [ 37.339535] do_mkdirat (fs/namei.c:4336)\n [ 37.340465] __x64_sys_mkdir (fs/namei.c:4354)\n [ 37.341455] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\n [ 37.342447] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nFix this by simply swapping the sequence of these two calls in\nv9fs_vfs_mkdir_dotl(), i.e. calling v9fs_set_create_acl() before\nv9fs_fid_add().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22070",
"url": "https://www.suse.com/security/cve/CVE-2025-22070"
},
{
"category": "external",
"summary": "SUSE Bug 1241305 for CVE-2025-22070",
"url": "https://bugzilla.suse.com/1241305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22070"
},
{
"cve": "CVE-2025-22075",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22075"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtnetlink: Allocate vfinfo size for VF GUIDs when supported\n\nCommit 30aad41721e0 (\"net/core: Add support for getting VF GUIDs\")\nadded support for getting VF port and node GUIDs in netlink ifinfo\nmessages, but their size was not taken into consideration in the\nfunction that allocates the netlink message, causing the following\nwarning when a netlink message is filled with many VF port and node\nGUIDs:\n # echo 64 \u003e /sys/bus/pci/devices/0000\\:08\\:00.0/sriov_numvfs\n # ip link show dev ib0\n RTNETLINK answers: Message too long\n Cannot send link get request: Message too long\n\nKernel warning:\n\n ------------[ cut here ]------------\n WARNING: CPU: 2 PID: 1930 at net/core/rtnetlink.c:4151 rtnl_getlink+0x586/0x5a0\n Modules linked in: xt_conntrack xt_MASQUERADE nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter overlay mlx5_ib macsec mlx5_core tls rpcrdma rdma_ucm ib_uverbs ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm iw_cm ib_ipoib fuse ib_cm ib_core\n CPU: 2 UID: 0 PID: 1930 Comm: ip Not tainted 6.14.0-rc2+ #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:rtnl_getlink+0x586/0x5a0\n Code: cb 82 e8 3d af 0a 00 4d 85 ff 0f 84 08 ff ff ff 4c 89 ff 41 be ea ff ff ff e8 66 63 5b ff 49 c7 07 80 4f cb 82 e9 36 fc ff ff \u003c0f\u003e 0b e9 16 fe ff ff e8 de a0 56 00 66 66 2e 0f 1f 84 00 00 00 00\n RSP: 0018:ffff888113557348 EFLAGS: 00010246\n RAX: 00000000ffffffa6 RBX: ffff88817e87aa34 RCX: dffffc0000000000\n RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffff88817e87afb8\n RBP: 0000000000000009 R08: ffffffff821f44aa R09: 0000000000000000\n R10: ffff8881260f79a8 R11: ffff88817e87af00 R12: ffff88817e87aa00\n R13: ffffffff8563d300 R14: 00000000ffffffa6 R15: 00000000ffffffff\n FS: 00007f63a5dbf280(0000) GS:ffff88881ee00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f63a5ba4493 CR3: 00000001700fe002 CR4: 0000000000772eb0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0xa5/0x230\n ? rtnl_getlink+0x586/0x5a0\n ? report_bug+0x22d/0x240\n ? handle_bug+0x53/0xa0\n ? exc_invalid_op+0x14/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? skb_trim+0x6a/0x80\n ? rtnl_getlink+0x586/0x5a0\n ? __pfx_rtnl_getlink+0x10/0x10\n ? rtnetlink_rcv_msg+0x1e5/0x860\n ? __pfx___mutex_lock+0x10/0x10\n ? rcu_is_watching+0x34/0x60\n ? __pfx_lock_acquire+0x10/0x10\n ? stack_trace_save+0x90/0xd0\n ? filter_irq_stacks+0x1d/0x70\n ? kasan_save_stack+0x30/0x40\n ? kasan_save_stack+0x20/0x40\n ? kasan_save_track+0x10/0x30\n rtnetlink_rcv_msg+0x21c/0x860\n ? entry_SYSCALL_64_after_hwframe+0x76/0x7e\n ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n ? arch_stack_walk+0x9e/0xf0\n ? rcu_is_watching+0x34/0x60\n ? lock_acquire+0xd5/0x410\n ? rcu_is_watching+0x34/0x60\n netlink_rcv_skb+0xe0/0x210\n ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n ? __pfx_netlink_rcv_skb+0x10/0x10\n ? rcu_is_watching+0x34/0x60\n ? __pfx___netlink_lookup+0x10/0x10\n ? lock_release+0x62/0x200\n ? netlink_deliver_tap+0xfd/0x290\n ? rcu_is_watching+0x34/0x60\n ? lock_release+0x62/0x200\n ? netlink_deliver_tap+0x95/0x290\n netlink_unicast+0x31f/0x480\n ? __pfx_netlink_unicast+0x10/0x10\n ? rcu_is_watching+0x34/0x60\n ? lock_acquire+0xd5/0x410\n netlink_sendmsg+0x369/0x660\n ? lock_release+0x62/0x200\n ? __pfx_netlink_sendmsg+0x10/0x10\n ? import_ubuf+0xb9/0xf0\n ? __import_iovec+0x254/0x2b0\n ? lock_release+0x62/0x200\n ? __pfx_netlink_sendmsg+0x10/0x10\n ____sys_sendmsg+0x559/0x5a0\n ? __pfx_____sys_sendmsg+0x10/0x10\n ? __pfx_copy_msghdr_from_user+0x10/0x10\n ? rcu_is_watching+0x34/0x60\n ? do_read_fault+0x213/0x4a0\n ? rcu_is_watching+0x34/0x60\n ___sys_sendmsg+0xe4/0x150\n ? __pfx____sys_sendmsg+0x10/0x10\n ? do_fault+0x2cc/0x6f0\n ? handle_pte_fault+0x2e3/0x3d0\n ? __pfx_handle_pte_fault+0x10/0x10\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22075",
"url": "https://www.suse.com/security/cve/CVE-2025-22075"
},
{
"category": "external",
"summary": "SUSE Bug 1241402 for CVE-2025-22075",
"url": "https://bugzilla.suse.com/1241402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22075"
},
{
"cve": "CVE-2025-22080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Prevent integer overflow in hdr_first_de()\n\nThe \"de_off\" and \"used\" variables come from the disk so they both need to\ncheck. The problem is that on 32bit systems if they\u0027re both greater than\nUINT_MAX - 16 then the check does work as intended because of an integer\noverflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22080",
"url": "https://www.suse.com/security/cve/CVE-2025-22080"
},
{
"category": "external",
"summary": "SUSE Bug 1241416 for CVE-2025-22080",
"url": "https://bugzilla.suse.com/1241416"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22080"
},
{
"cve": "CVE-2025-22086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22086"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow\n\nWhen cur_qp isn\u0027t NULL, in order to avoid fetching the QP from\nthe radix tree again we check if the next cqe QP is identical to\nthe one we already have.\n\nThe bug however is that we are checking if the QP is identical by\nchecking the QP number inside the CQE against the QP number inside the\nmlx5_ib_qp, but that\u0027s wrong since the QP number from the CQE is from\nFW so it should be matched against mlx5_core_qp which is our FW QP\nnumber.\n\nOtherwise we could use the wrong QP when handling a CQE which could\ncause the kernel trace below.\n\nThis issue is mainly noticeable over QPs 0 \u0026 1, since for now they are\nthe only QPs in our driver whereas the QP number inside mlx5_ib_qp\ndoesn\u0027t match the QP number inside mlx5_core_qp.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000012\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP\n CPU: 0 UID: 0 PID: 7927 Comm: kworker/u62:1 Not tainted 6.14.0-rc3+ #189\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n Workqueue: ib-comp-unb-wq ib_cq_poll_work [ib_core]\n RIP: 0010:mlx5_ib_poll_cq+0x4c7/0xd90 [mlx5_ib]\n Code: 03 00 00 8d 58 ff 21 cb 66 39 d3 74 39 48 c7 c7 3c 89 6e a0 0f b7 db e8 b7 d2 b3 e0 49 8b 86 60 03 00 00 48 c7 c7 4a 89 6e a0 \u003c0f\u003e b7 5c 98 02 e8 9f d2 b3 e0 41 0f b7 86 78 03 00 00 83 e8 01 21\n RSP: 0018:ffff88810511bd60 EFLAGS: 00010046\n RAX: 0000000000000010 RBX: 0000000000000000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffff88885fa1b3c0 RDI: ffffffffa06e894a\n RBP: 00000000000000b0 R08: 0000000000000000 R09: ffff88810511bc10\n R10: 0000000000000001 R11: 0000000000000001 R12: ffff88810d593000\n R13: ffff88810e579108 R14: ffff888105146000 R15: 00000000000000b0\n FS: 0000000000000000(0000) GS:ffff88885fa00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000012 CR3: 00000001077e6001 CR4: 0000000000370eb0\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x20/0x60\n ? page_fault_oops+0x150/0x3e0\n ? exc_page_fault+0x74/0x130\n ? asm_exc_page_fault+0x22/0x30\n ? mlx5_ib_poll_cq+0x4c7/0xd90 [mlx5_ib]\n __ib_process_cq+0x5a/0x150 [ib_core]\n ib_cq_poll_work+0x31/0x90 [ib_core]\n process_one_work+0x169/0x320\n worker_thread+0x288/0x3a0\n ? work_busy+0xb0/0xb0\n kthread+0xd7/0x1f0\n ? kthreads_online_cpu+0x130/0x130\n ? kthreads_online_cpu+0x130/0x130\n ret_from_fork+0x2d/0x50\n ? kthreads_online_cpu+0x130/0x130\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22086",
"url": "https://www.suse.com/security/cve/CVE-2025-22086"
},
{
"category": "external",
"summary": "SUSE Bug 1241458 for CVE-2025-22086",
"url": "https://bugzilla.suse.com/1241458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22086"
},
{
"cve": "CVE-2025-22088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/erdma: Prevent use-after-free in erdma_accept_newconn()\n\nAfter the erdma_cep_put(new_cep) being called, new_cep will be freed,\nand the following dereference will cause a UAF problem. Fix this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22088",
"url": "https://www.suse.com/security/cve/CVE-2025-22088"
},
{
"category": "external",
"summary": "SUSE Bug 1241528 for CVE-2025-22088",
"url": "https://bugzilla.suse.com/1241528"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22088"
},
{
"cve": "CVE-2025-22090",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22090"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range()\n\nIf track_pfn_copy() fails, we already added the dst VMA to the maple\ntree. As fork() fails, we\u0027ll cleanup the maple tree, and stumble over\nthe dst VMA for which we neither performed any reservation nor copied\nany page tables.\n\nConsequently untrack_pfn() will see VM_PAT and try obtaining the\nPAT information from the page table -- which fails because the page\ntable was not copied.\n\nThe easiest fix would be to simply clear the VM_PAT flag of the dst VMA\nif track_pfn_copy() fails. However, the whole thing is about \"simply\"\nclearing the VM_PAT flag is shaky as well: if we passed track_pfn_copy()\nand performed a reservation, but copying the page tables fails, we\u0027ll\nsimply clear the VM_PAT flag, not properly undoing the reservation ...\nwhich is also wrong.\n\nSo let\u0027s fix it properly: set the VM_PAT flag only if the reservation\nsucceeded (leaving it clear initially), and undo the reservation if\nanything goes wrong while copying the page tables: clearing the VM_PAT\nflag after undoing the reservation.\n\nNote that any copied page table entries will get zapped when the VMA will\nget removed later, after copy_page_range() succeeded; as VM_PAT is not set\nthen, we won\u0027t try cleaning VM_PAT up once more and untrack_pfn() will be\nhappy. Note that leaving these page tables in place without a reservation\nis not a problem, as we are aborting fork(); this process will never run.\n\nA reproducer can trigger this usually at the first try:\n\n https://gitlab.com/davidhildenbrand/scratchspace/-/raw/main/reproducers/pat_fork.c\n\n WARNING: CPU: 26 PID: 11650 at arch/x86/mm/pat/memtype.c:983 get_pat_info+0xf6/0x110\n Modules linked in: ...\n CPU: 26 UID: 0 PID: 11650 Comm: repro3 Not tainted 6.12.0-rc5+ #92\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n RIP: 0010:get_pat_info+0xf6/0x110\n ...\n Call Trace:\n \u003cTASK\u003e\n ...\n untrack_pfn+0x52/0x110\n unmap_single_vma+0xa6/0xe0\n unmap_vmas+0x105/0x1f0\n exit_mmap+0xf6/0x460\n __mmput+0x4b/0x120\n copy_process+0x1bf6/0x2aa0\n kernel_clone+0xab/0x440\n __do_sys_clone+0x66/0x90\n do_syscall_64+0x95/0x180\n\nLikely this case was missed in:\n\n d155df53f310 (\"x86/mm/pat: clear VM_PAT if copy_p4d_range failed\")\n\n... and instead of undoing the reservation we simply cleared the VM_PAT flag.\n\nKeep the documentation of these functions in include/linux/pgtable.h,\none place is more than sufficient -- we should clean that up for the other\nfunctions like track_pfn_remap/untrack_pfn separately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22090",
"url": "https://www.suse.com/security/cve/CVE-2025-22090"
},
{
"category": "external",
"summary": "SUSE Bug 1241537 for CVE-2025-22090",
"url": "https://bugzilla.suse.com/1241537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22090"
},
{
"cve": "CVE-2025-22093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22093"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: avoid NPD when ASIC does not support DMUB\n\nctx-\u003edmub_srv will de NULL if the ASIC does not support DMUB, which is\ntested in dm_dmub_sw_init.\n\nHowever, it will be dereferenced in dmub_hw_lock_mgr_cmd if\nshould_use_dmub_lock returns true.\n\nThis has been the case since dmub support has been added for PSR1.\n\nFix this by checking for dmub_srv in should_use_dmub_lock.\n\n[ 37.440832] BUG: kernel NULL pointer dereference, address: 0000000000000058\n[ 37.447808] #PF: supervisor read access in kernel mode\n[ 37.452959] #PF: error_code(0x0000) - not-present page\n[ 37.458112] PGD 0 P4D 0\n[ 37.460662] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 37.465553] CPU: 2 UID: 1000 PID: 1745 Comm: DrmThread Not tainted 6.14.0-rc1-00003-gd62e938120f0 #23 99720e1cb1e0fc4773b8513150932a07de3c6e88\n[ 37.478324] Hardware name: Google Morphius/Morphius, BIOS Google_Morphius.13434.858.0 10/26/2023\n[ 37.487103] RIP: 0010:dmub_hw_lock_mgr_cmd+0x77/0xb0\n[ 37.492074] Code: 44 24 0e 00 00 00 00 48 c7 04 24 45 00 00 0c 40 88 74 24 0d 0f b6 02 88 44 24 0c 8b 01 89 44 24 08 85 f6 75 05 c6 44 24 0e 01 \u003c48\u003e 8b 7f 58 48 89 e6 ba 01 00 00 00 e8 08 3c 2a 00 65 48 8b 04 5\n[ 37.510822] RSP: 0018:ffff969442853300 EFLAGS: 00010202\n[ 37.516052] RAX: 0000000000000000 RBX: ffff92db03000000 RCX: ffff969442853358\n[ 37.523185] RDX: ffff969442853368 RSI: 0000000000000001 RDI: 0000000000000000\n[ 37.530322] RBP: 0000000000000001 R08: 00000000000004a7 R09: 00000000000004a5\n[ 37.537453] R10: 0000000000000476 R11: 0000000000000062 R12: ffff92db0ade8000\n[ 37.544589] R13: ffff92da01180ae0 R14: ffff92da011802a8 R15: ffff92db03000000\n[ 37.551725] FS: 0000784a9cdfc6c0(0000) GS:ffff92db2af00000(0000) knlGS:0000000000000000\n[ 37.559814] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 37.565562] CR2: 0000000000000058 CR3: 0000000112b1c000 CR4: 00000000003506f0\n[ 37.572697] Call Trace:\n[ 37.575152] \u003cTASK\u003e\n[ 37.577258] ? __die_body+0x66/0xb0\n[ 37.580756] ? page_fault_oops+0x3e7/0x4a0\n[ 37.584861] ? exc_page_fault+0x3e/0xe0\n[ 37.588706] ? exc_page_fault+0x5c/0xe0\n[ 37.592550] ? asm_exc_page_fault+0x22/0x30\n[ 37.596742] ? dmub_hw_lock_mgr_cmd+0x77/0xb0\n[ 37.601107] dcn10_cursor_lock+0x1e1/0x240\n[ 37.605211] program_cursor_attributes+0x81/0x190\n[ 37.609923] commit_planes_for_stream+0x998/0x1ef0\n[ 37.614722] update_planes_and_stream_v2+0x41e/0x5c0\n[ 37.619703] dc_update_planes_and_stream+0x78/0x140\n[ 37.624588] amdgpu_dm_atomic_commit_tail+0x4362/0x49f0\n[ 37.629832] ? srso_return_thunk+0x5/0x5f\n[ 37.633847] ? mark_held_locks+0x6d/0xd0\n[ 37.637774] ? _raw_spin_unlock_irq+0x24/0x50\n[ 37.642135] ? srso_return_thunk+0x5/0x5f\n[ 37.646148] ? lockdep_hardirqs_on+0x95/0x150\n[ 37.650510] ? srso_return_thunk+0x5/0x5f\n[ 37.654522] ? _raw_spin_unlock_irq+0x2f/0x50\n[ 37.658883] ? srso_return_thunk+0x5/0x5f\n[ 37.662897] ? wait_for_common+0x186/0x1c0\n[ 37.666998] ? srso_return_thunk+0x5/0x5f\n[ 37.671009] ? drm_crtc_next_vblank_start+0xc3/0x170\n[ 37.675983] commit_tail+0xf5/0x1c0\n[ 37.679478] drm_atomic_helper_commit+0x2a2/0x2b0\n[ 37.684186] drm_atomic_commit+0xd6/0x100\n[ 37.688199] ? __cfi___drm_printfn_info+0x10/0x10\n[ 37.692911] drm_atomic_helper_update_plane+0xe5/0x130\n[ 37.698054] drm_mode_cursor_common+0x501/0x670\n[ 37.702600] ? __cfi_drm_mode_cursor_ioctl+0x10/0x10\n[ 37.707572] drm_mode_cursor_ioctl+0x48/0x70\n[ 37.711851] drm_ioctl_kernel+0xf2/0x150\n[ 37.715781] drm_ioctl+0x363/0x590\n[ 37.719189] ? __cfi_drm_mode_cursor_ioctl+0x10/0x10\n[ 37.724165] amdgpu_drm_ioctl+0x41/0x80\n[ 37.728013] __se_sys_ioctl+0x7f/0xd0\n[ 37.731685] do_syscall_64+0x87/0x100\n[ 37.735355] ? vma_end_read+0x12/0xe0\n[ 37.739024] ? srso_return_thunk+0x5/0x5f\n[ 37.743041] ? find_held_lock+0x47/0xf0\n[ 37.746884] ? vma_end_read+0x12/0xe0\n[ 37.750552] ? srso_return_thunk+0x5/0\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22093",
"url": "https://www.suse.com/security/cve/CVE-2025-22093"
},
{
"category": "external",
"summary": "SUSE Bug 1241545 for CVE-2025-22093",
"url": "https://bugzilla.suse.com/1241545"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22093"
},
{
"cve": "CVE-2025-22097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22097"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vkms: Fix use after free and double free on init error\n\nIf the driver initialization fails, the vkms_exit() function might\naccess an uninitialized or freed default_config pointer and it might\ndouble free it.\n\nFix both possible errors by initializing default_config only when the\ndriver initialization succeeded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22097",
"url": "https://www.suse.com/security/cve/CVE-2025-22097"
},
{
"category": "external",
"summary": "SUSE Bug 1241541 for CVE-2025-22097",
"url": "https://bugzilla.suse.com/1241541"
},
{
"category": "external",
"summary": "SUSE Bug 1241542 for CVE-2025-22097",
"url": "https://bugzilla.suse.com/1241542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2025-22097"
},
{
"cve": "CVE-2025-22102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22102"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix kernel panic during FW release\n\nThis fixes a kernel panic seen during release FW in a stress test\nscenario where WLAN and BT FW download occurs simultaneously, and due to\na HW bug, chip sends out only 1 bootloader signatures.\n\nWhen driver receives the bootloader signature, it enters FW download\nmode, but since no consequtive bootloader signatures seen, FW file is\nnot requested.\n\nAfter 60 seconds, when FW download times out, release_firmware causes a\nkernel panic.\n\n[ 2601.949184] Unable to handle kernel paging request at virtual address 0000312e6f006573\n[ 2601.992076] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000111802000\n[ 2601.992080] [0000312e6f006573] pgd=0000000000000000, p4d=0000000000000000\n[ 2601.992087] Internal error: Oops: 0000000096000021 [#1] PREEMPT SMP\n[ 2601.992091] Modules linked in: algif_hash algif_skcipher af_alg btnxpuart(O) pciexxx(O) mlan(O) overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce snd_soc_fsl_easrc snd_soc_fsl_asoc_card imx8_media_dev(C) snd_soc_fsl_micfil polyval_generic snd_soc_fsl_xcvr snd_soc_fsl_sai snd_soc_imx_audmux snd_soc_fsl_asrc snd_soc_imx_card snd_soc_imx_hdmi snd_soc_fsl_aud2htx snd_soc_fsl_utils imx_pcm_dma dw_hdmi_cec flexcan can_dev\n[ 2602.001825] CPU: 2 PID: 20060 Comm: hciconfig Tainted: G C O 6.6.23-lts-next-06236-gb586a521770e #1\n[ 2602.010182] Hardware name: NXP i.MX8MPlus EVK board (DT)\n[ 2602.010185] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 2602.010191] pc : _raw_spin_lock+0x34/0x68\n[ 2602.010201] lr : free_fw_priv+0x20/0xfc\n[ 2602.020561] sp : ffff800089363b30\n[ 2602.020563] x29: ffff800089363b30 x28: ffff0000d0eb5880 x27: 0000000000000000\n[ 2602.020570] x26: 0000000000000000 x25: ffff0000d728b330 x24: 0000000000000000\n[ 2602.020577] x23: ffff0000dc856f38\n[ 2602.033797] x22: ffff800089363b70 x21: ffff0000dc856000\n[ 2602.033802] x20: ff00312e6f006573 x19: ffff0000d0d9ea80 x18: 0000000000000000\n[ 2602.033809] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaaad80dd480\n[ 2602.083320] x14: 0000000000000000 x13: 00000000000001b9 x12: 0000000000000002\n[ 2602.083326] x11: 0000000000000000 x10: 0000000000000a60 x9 : ffff800089363a30\n[ 2602.083333] x8 : ffff0001793d75c0 x7 : ffff0000d6dbc400 x6 : 0000000000000000\n[ 2602.083339] x5 : 00000000410fd030 x4 : 0000000000000000 x3 : 0000000000000001\n[ 2602.083346] x2 : 0000000000000000 x1 : 0000000000000001 x0 : ff00312e6f006573\n[ 2602.083354] Call trace:\n[ 2602.083356] _raw_spin_lock+0x34/0x68\n[ 2602.083364] release_firmware+0x48/0x6c\n[ 2602.083370] nxp_setup+0x3c4/0x540 [btnxpuart]\n[ 2602.083383] hci_dev_open_sync+0xf0/0xa34\n[ 2602.083391] hci_dev_open+0xd8/0x178\n[ 2602.083399] hci_sock_ioctl+0x3b0/0x590\n[ 2602.083405] sock_do_ioctl+0x60/0x118\n[ 2602.083413] sock_ioctl+0x2f4/0x374\n[ 2602.091430] __arm64_sys_ioctl+0xac/0xf0\n[ 2602.091437] invoke_syscall+0x48/0x110\n[ 2602.091445] el0_svc_common.constprop.0+0xc0/0xe0\n[ 2602.091452] do_el0_svc+0x1c/0x28\n[ 2602.091457] el0_svc+0x40/0xe4\n[ 2602.091465] el0t_64_sync_handler+0x120/0x12c\n[ 2602.091470] el0t_64_sync+0x190/0x194",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22102",
"url": "https://www.suse.com/security/cve/CVE-2025-22102"
},
{
"category": "external",
"summary": "SUSE Bug 1241456 for CVE-2025-22102",
"url": "https://bugzilla.suse.com/1241456"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22102"
},
{
"cve": "CVE-2025-22103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22103"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix NULL pointer dereference in l3mdev_l3_rcv\n\nWhen delete l3s ipvlan:\n\n ip link del link eth0 ipvlan1 type ipvlan mode l3s\n\nThis may cause a null pointer dereference:\n\n Call trace:\n ip_rcv_finish+0x48/0xd0\n ip_rcv+0x5c/0x100\n __netif_receive_skb_one_core+0x64/0xb0\n __netif_receive_skb+0x20/0x80\n process_backlog+0xb4/0x204\n napi_poll+0xe8/0x294\n net_rx_action+0xd8/0x22c\n __do_softirq+0x12c/0x354\n\nThis is because l3mdev_l3_rcv() visit dev-\u003el3mdev_ops after\nipvlan_l3s_unregister() assign the dev-\u003el3mdev_ops to NULL. The process\nlike this:\n\n (CPU1) | (CPU2)\n l3mdev_l3_rcv() |\n check dev-\u003epriv_flags: |\n master = skb-\u003edev; |\n |\n | ipvlan_l3s_unregister()\n | set dev-\u003epriv_flags\n | dev-\u003el3mdev_ops = NULL;\n |\n visit master-\u003el3mdev_ops |\n\nTo avoid this by do not set dev-\u003el3mdev_ops when unregister l3s ipvlan.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22103",
"url": "https://www.suse.com/security/cve/CVE-2025-22103"
},
{
"category": "external",
"summary": "SUSE Bug 1241448 for CVE-2025-22103",
"url": "https://bugzilla.suse.com/1241448"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22103"
},
{
"cve": "CVE-2025-22104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22104"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Use kernel helpers for hex dumps\n\nPreviously, when the driver was printing hex dumps, the buffer was cast\nto an 8 byte long and printed using string formatters. If the buffer\nsize was not a multiple of 8 then a read buffer overflow was possible.\n\nTherefore, create a new ibmvnic function that loops over a buffer and\ncalls hex_dump_to_buffer instead.\n\nThis patch address KASAN reports like the one below:\n ibmvnic 30000003 env3: Login Buffer:\n ibmvnic 30000003 env3: 01000000af000000\n \u003c...\u003e\n ibmvnic 30000003 env3: 2e6d62692e736261\n ibmvnic 30000003 env3: 65050003006d6f63\n ==================================================================\n BUG: KASAN: slab-out-of-bounds in ibmvnic_login+0xacc/0xffc [ibmvnic]\n Read of size 8 at addr c0000001331a9aa8 by task ip/17681\n \u003c...\u003e\n Allocated by task 17681:\n \u003c...\u003e\n ibmvnic_login+0x2f0/0xffc [ibmvnic]\n ibmvnic_open+0x148/0x308 [ibmvnic]\n __dev_open+0x1ac/0x304\n \u003c...\u003e\n The buggy address is located 168 bytes inside of\n allocated 175-byte region [c0000001331a9a00, c0000001331a9aaf)\n \u003c...\u003e\n =================================================================\n ibmvnic 30000003 env3: 000000000033766e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22104",
"url": "https://www.suse.com/security/cve/CVE-2025-22104"
},
{
"category": "external",
"summary": "SUSE Bug 1241550 for CVE-2025-22104",
"url": "https://bugzilla.suse.com/1241550"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22104"
},
{
"cve": "CVE-2025-22105",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22105"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: check xdp prog when set bond mode\n\nFollowing operations can trigger a warning[1]:\n\n ip netns add ns1\n ip netns exec ns1 ip link add bond0 type bond mode balance-rr\n ip netns exec ns1 ip link set dev bond0 xdp obj af_xdp_kern.o sec xdp\n ip netns exec ns1 ip link set bond0 type bond mode broadcast\n ip netns del ns1\n\nWhen delete the namespace, dev_xdp_uninstall() is called to remove xdp\nprogram on bond dev, and bond_xdp_set() will check the bond mode. If bond\nmode is changed after attaching xdp program, the warning may occur.\n\nSome bond modes (broadcast, etc.) do not support native xdp. Set bond mode\nwith xdp program attached is not good. Add check for xdp program when set\nbond mode.\n\n [1]\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 11 at net/core/dev.c:9912 unregister_netdevice_many_notify+0x8d9/0x930\n Modules linked in:\n CPU: 0 UID: 0 PID: 11 Comm: kworker/u4:0 Not tainted 6.14.0-rc4 #107\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\n Workqueue: netns cleanup_net\n RIP: 0010:unregister_netdevice_many_notify+0x8d9/0x930\n Code: 00 00 48 c7 c6 6f e3 a2 82 48 c7 c7 d0 b3 96 82 e8 9c 10 3e ...\n RSP: 0018:ffffc90000063d80 EFLAGS: 00000282\n RAX: 00000000ffffffa1 RBX: ffff888004959000 RCX: 00000000ffffdfff\n RDX: 0000000000000000 RSI: 00000000ffffffea RDI: ffffc90000063b48\n RBP: ffffc90000063e28 R08: ffffffff82d39b28 R09: 0000000000009ffb\n R10: 0000000000000175 R11: ffffffff82d09b40 R12: ffff8880049598e8\n R13: 0000000000000001 R14: dead000000000100 R15: ffffc90000045000\n FS: 0000000000000000(0000) GS:ffff888007a00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000d406b60 CR3: 000000000483e000 CR4: 00000000000006f0\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0x83/0x130\n ? unregister_netdevice_many_notify+0x8d9/0x930\n ? report_bug+0x18e/0x1a0\n ? handle_bug+0x54/0x90\n ? exc_invalid_op+0x18/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? unregister_netdevice_many_notify+0x8d9/0x930\n ? bond_net_exit_batch_rtnl+0x5c/0x90\n cleanup_net+0x237/0x3d0\n process_one_work+0x163/0x390\n worker_thread+0x293/0x3b0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xec/0x1e0\n ? __pfx_kthread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2f/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22105",
"url": "https://www.suse.com/security/cve/CVE-2025-22105"
},
{
"category": "external",
"summary": "SUSE Bug 1241548 for CVE-2025-22105",
"url": "https://bugzilla.suse.com/1241548"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22105"
},
{
"cve": "CVE-2025-22106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22106"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmxnet3: unregister xdp rxq info in the reset path\n\nvmxnet3 does not unregister xdp rxq info in the\nvmxnet3_reset_work() code path as vmxnet3_rq_destroy()\nis not invoked in this code path. So, we get below message with a\nbacktrace.\n\nMissing unregister, handled but fix driver\nWARNING: CPU:48 PID: 500 at net/core/xdp.c:182\n__xdp_rxq_info_reg+0x93/0xf0\n\nThis patch fixes the problem by moving the unregister\ncode of XDP from vmxnet3_rq_destroy() to vmxnet3_rq_cleanup().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22106",
"url": "https://www.suse.com/security/cve/CVE-2025-22106"
},
{
"category": "external",
"summary": "SUSE Bug 1241547 for CVE-2025-22106",
"url": "https://bugzilla.suse.com/1241547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22106"
},
{
"cve": "CVE-2025-22107",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22107"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry()\n\nThere are actually 2 problems:\n- deleting the last element doesn\u0027t require the memmove of elements\n [i + 1, end) over it. Actually, element i+1 is out of bounds.\n- The memmove itself should move size - i - 1 elements, because the last\n element is out of bounds.\n\nThe out-of-bounds element still remains out of bounds after being\naccessed, so the problem is only that we touch it, not that it becomes\nin active use. But I suppose it can lead to issues if the out-of-bounds\nelement is part of an unmapped page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22107",
"url": "https://www.suse.com/security/cve/CVE-2025-22107"
},
{
"category": "external",
"summary": "SUSE Bug 1241575 for CVE-2025-22107",
"url": "https://bugzilla.suse.com/1241575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22107"
},
{
"cve": "CVE-2025-22108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22108"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Mask the bd_cnt field in the TX BD properly\n\nThe bd_cnt field in the TX BD specifies the total number of BDs for\nthe TX packet. The bd_cnt field has 5 bits and the maximum number\nsupported is 32 with the value 0.\n\nCONFIG_MAX_SKB_FRAGS can be modified and the total number of SKB\nfragments can approach or exceed the maximum supported by the chip.\nAdd a macro to properly mask the bd_cnt field so that the value 32\nwill be properly masked and set to 0 in the bd_cnd field.\n\nWithout this patch, the out-of-range bd_cnt value will corrupt the\nTX BD and may cause TX timeout.\n\nThe next patch will check for values exceeding 32.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22108",
"url": "https://www.suse.com/security/cve/CVE-2025-22108"
},
{
"category": "external",
"summary": "SUSE Bug 1241574 for CVE-2025-22108",
"url": "https://bugzilla.suse.com/1241574"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22108"
},
{
"cve": "CVE-2025-22109",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22109"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Remove broken autobind\n\nBinding AX25 socket by using the autobind feature leads to memory leaks\nin ax25_connect() and also refcount leaks in ax25_release(). Memory\nleak was detected with kmemleak:\n\n================================================================\nunreferenced object 0xffff8880253cd680 (size 96):\nbacktrace:\n__kmalloc_node_track_caller_noprof (./include/linux/kmemleak.h:43)\nkmemdup_noprof (mm/util.c:136)\nax25_rt_autobind (net/ax25/ax25_route.c:428)\nax25_connect (net/ax25/af_ax25.c:1282)\n__sys_connect_file (net/socket.c:2045)\n__sys_connect (net/socket.c:2064)\n__x64_sys_connect (net/socket.c:2067)\ndo_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n================================================================\n\nWhen socket is bound, refcounts must be incremented the way it is done\nin ax25_bind() and ax25_setsockopt() (SO_BINDTODEVICE). In case of\nautobind, the refcounts are not incremented.\n\nThis bug leads to the following issue reported by Syzkaller:\n\n================================================================\nax25_connect(): syz-executor318 uses autobind, please contact jreuter@yaina.de\n------------[ cut here ]------------\nrefcount_t: decrement hit 0; leaking memory.\nWARNING: CPU: 0 PID: 5317 at lib/refcount.c:31 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31\nModules linked in:\nCPU: 0 UID: 0 PID: 5317 Comm: syz-executor318 Not tainted 6.14.0-rc4-syzkaller-00278-gece144f151ac #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31\n...\nCall Trace:\n \u003cTASK\u003e\n __refcount_dec include/linux/refcount.h:336 [inline]\n refcount_dec include/linux/refcount.h:351 [inline]\n ref_tracker_free+0x6af/0x7e0 lib/ref_tracker.c:236\n netdev_tracker_free include/linux/netdevice.h:4302 [inline]\n netdev_put include/linux/netdevice.h:4319 [inline]\n ax25_release+0x368/0x960 net/ax25/af_ax25.c:1080\n __sock_release net/socket.c:647 [inline]\n sock_close+0xbc/0x240 net/socket.c:1398\n __fput+0x3e9/0x9f0 fs/file_table.c:464\n __do_sys_close fs/open.c:1580 [inline]\n __se_sys_close fs/open.c:1565 [inline]\n __x64_sys_close+0x7f/0x110 fs/open.c:1565\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n ...\n \u003c/TASK\u003e\n================================================================\n\nConsidering the issues above and the comments left in the code that say:\n\"check if we can remove this feature. It is broken.\"; \"autobinding in this\nmay or may not work\"; - it is better to completely remove this feature than\nto fix it because it is broken and leads to various kinds of memory bugs.\n\nNow calling connect() without first binding socket will result in an\nerror (-EINVAL). Userspace software that relies on the autobind feature\nmight get broken. However, this feature does not seem widely used with\nthis specific driver as it was not reliable at any point of time, and it\nis already broken anyway. E.g. ax25-tools and ax25-apps packages for\npopular distributions do not use the autobind feature for AF_AX25.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22109",
"url": "https://www.suse.com/security/cve/CVE-2025-22109"
},
{
"category": "external",
"summary": "SUSE Bug 1241573 for CVE-2025-22109",
"url": "https://bugzilla.suse.com/1241573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22109"
},
{
"cve": "CVE-2025-22115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix block group refcount race in btrfs_create_pending_block_groups()\n\nBlock group creation is done in two phases, which results in a slightly\nunintuitive property: a block group can be allocated/deallocated from\nafter btrfs_make_block_group() adds it to the space_info with\nbtrfs_add_bg_to_space_info(), but before creation is completely completed\nin btrfs_create_pending_block_groups(). As a result, it is possible for a\nblock group to go unused and have \u0027btrfs_mark_bg_unused\u0027 called on it\nconcurrently with \u0027btrfs_create_pending_block_groups\u0027. This causes a\nnumber of issues, which were fixed with the block group flag\n\u0027BLOCK_GROUP_FLAG_NEW\u0027.\n\nHowever, this fix is not quite complete. Since it does not use the\nunused_bg_lock, it is possible for the following race to occur:\n\nbtrfs_create_pending_block_groups btrfs_mark_bg_unused\n if list_empty // false\n list_del_init\n clear_bit\n else if (test_bit) // true\n list_move_tail\n\nAnd we get into the exact same broken ref count and invalid new_bgs\nstate for transaction cleanup that BLOCK_GROUP_FLAG_NEW was designed to\nprevent.\n\nThe broken refcount aspect will result in a warning like:\n\n [1272.943527] refcount_t: underflow; use-after-free.\n [1272.943967] WARNING: CPU: 1 PID: 61 at lib/refcount.c:28 refcount_warn_saturate+0xba/0x110\n [1272.944731] Modules linked in: btrfs virtio_net xor zstd_compress raid6_pq null_blk [last unloaded: btrfs]\n [1272.945550] CPU: 1 UID: 0 PID: 61 Comm: kworker/u32:1 Kdump: loaded Tainted: G W 6.14.0-rc5+ #108\n [1272.946368] Tainted: [W]=WARN\n [1272.946585] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n [1272.947273] Workqueue: btrfs_discard btrfs_discard_workfn [btrfs]\n [1272.947788] RIP: 0010:refcount_warn_saturate+0xba/0x110\n [1272.949532] RSP: 0018:ffffbf1200247df0 EFLAGS: 00010282\n [1272.949901] RAX: 0000000000000000 RBX: ffffa14b00e3f800 RCX: 0000000000000000\n [1272.950437] RDX: 0000000000000000 RSI: ffffbf1200247c78 RDI: 00000000ffffdfff\n [1272.950986] RBP: ffffa14b00dc2860 R08: 00000000ffffdfff R09: ffffffff90526268\n [1272.951512] R10: ffffffff904762c0 R11: 0000000063666572 R12: ffffa14b00dc28c0\n [1272.952024] R13: 0000000000000000 R14: ffffa14b00dc2868 R15: 000001285dcd12c0\n [1272.952850] FS: 0000000000000000(0000) GS:ffffa14d33c40000(0000) knlGS:0000000000000000\n [1272.953458] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [1272.953931] CR2: 00007f838cbda000 CR3: 000000010104e000 CR4: 00000000000006f0\n [1272.954474] Call Trace:\n [1272.954655] \u003cTASK\u003e\n [1272.954812] ? refcount_warn_saturate+0xba/0x110\n [1272.955173] ? __warn.cold+0x93/0xd7\n [1272.955487] ? refcount_warn_saturate+0xba/0x110\n [1272.955816] ? report_bug+0xe7/0x120\n [1272.956103] ? handle_bug+0x53/0x90\n [1272.956424] ? exc_invalid_op+0x13/0x60\n [1272.956700] ? asm_exc_invalid_op+0x16/0x20\n [1272.957011] ? refcount_warn_saturate+0xba/0x110\n [1272.957399] btrfs_discard_cancel_work.cold+0x26/0x2b [btrfs]\n [1272.957853] btrfs_put_block_group.cold+0x5d/0x8e [btrfs]\n [1272.958289] btrfs_discard_workfn+0x194/0x380 [btrfs]\n [1272.958729] process_one_work+0x130/0x290\n [1272.959026] worker_thread+0x2ea/0x420\n [1272.959335] ? __pfx_worker_thread+0x10/0x10\n [1272.959644] kthread+0xd7/0x1c0\n [1272.959872] ? __pfx_kthread+0x10/0x10\n [1272.960172] ret_from_fork+0x30/0x50\n [1272.960474] ? __pfx_kthread+0x10/0x10\n [1272.960745] ret_from_fork_asm+0x1a/0x30\n [1272.961035] \u003c/TASK\u003e\n [1272.961238] ---[ end trace 0000000000000000 ]---\n\nThough we have seen them in the async discard workfn as well. It is\nmost likely to happen after a relocation finishes which cancels discard,\ntears down the block group, etc.\n\nFix this fully by taking the lock arou\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22115",
"url": "https://www.suse.com/security/cve/CVE-2025-22115"
},
{
"category": "external",
"summary": "SUSE Bug 1241578 for CVE-2025-22115",
"url": "https://bugzilla.suse.com/1241578"
},
{
"category": "external",
"summary": "SUSE Bug 1241579 for CVE-2025-22115",
"url": "https://bugzilla.suse.com/1241579"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2025-22115"
},
{
"cve": "CVE-2025-22116",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22116"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: check error for register_netdev() on init\n\nCurrent init logic ignores the error code from register_netdev(),\nwhich will cause WARN_ON() on attempt to unregister it, if there was one,\nand there is no info for the user that the creation of the netdev failed.\n\nWARNING: CPU: 89 PID: 6902 at net/core/dev.c:11512 unregister_netdevice_many_notify+0x211/0x1a10\n...\n[ 3707.563641] unregister_netdev+0x1c/0x30\n[ 3707.563656] idpf_vport_dealloc+0x5cf/0xce0 [idpf]\n[ 3707.563684] idpf_deinit_task+0xef/0x160 [idpf]\n[ 3707.563712] idpf_vc_core_deinit+0x84/0x320 [idpf]\n[ 3707.563739] idpf_remove+0xbf/0x780 [idpf]\n[ 3707.563769] pci_device_remove+0xab/0x1e0\n[ 3707.563786] device_release_driver_internal+0x371/0x530\n[ 3707.563803] driver_detach+0xbf/0x180\n[ 3707.563816] bus_remove_driver+0x11b/0x2a0\n[ 3707.563829] pci_unregister_driver+0x2a/0x250\n\nIntroduce an error check and log the vport number and error code.\nOn removal make sure to check VPORT_REG_NETDEV flag prior to calling\nunregister and free on the netdev.\n\nAdd local variables for idx, vport_config and netdev for readability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22116",
"url": "https://www.suse.com/security/cve/CVE-2025-22116"
},
{
"category": "external",
"summary": "SUSE Bug 1241459 for CVE-2025-22116",
"url": "https://bugzilla.suse.com/1241459"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22116"
},
{
"cve": "CVE-2025-22121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22121"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()\n\nThere\u0027s issue as follows:\nBUG: KASAN: use-after-free in ext4_xattr_inode_dec_ref_all+0x6ff/0x790\nRead of size 4 at addr ffff88807b003000 by task syz-executor.0/15172\n\nCPU: 3 PID: 15172 Comm: syz-executor.0\nCall Trace:\n __dump_stack lib/dump_stack.c:82 [inline]\n dump_stack+0xbe/0xfd lib/dump_stack.c:123\n print_address_description.constprop.0+0x1e/0x280 mm/kasan/report.c:400\n __kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560\n kasan_report+0x3a/0x50 mm/kasan/report.c:585\n ext4_xattr_inode_dec_ref_all+0x6ff/0x790 fs/ext4/xattr.c:1137\n ext4_xattr_delete_inode+0x4c7/0xda0 fs/ext4/xattr.c:2896\n ext4_evict_inode+0xb3b/0x1670 fs/ext4/inode.c:323\n evict+0x39f/0x880 fs/inode.c:622\n iput_final fs/inode.c:1746 [inline]\n iput fs/inode.c:1772 [inline]\n iput+0x525/0x6c0 fs/inode.c:1758\n ext4_orphan_cleanup fs/ext4/super.c:3298 [inline]\n ext4_fill_super+0x8c57/0xba40 fs/ext4/super.c:5300\n mount_bdev+0x355/0x410 fs/super.c:1446\n legacy_get_tree+0xfe/0x220 fs/fs_context.c:611\n vfs_get_tree+0x8d/0x2f0 fs/super.c:1576\n do_new_mount fs/namespace.c:2983 [inline]\n path_mount+0x119a/0x1ad0 fs/namespace.c:3316\n do_mount+0xfc/0x110 fs/namespace.c:3329\n __do_sys_mount fs/namespace.c:3540 [inline]\n __se_sys_mount+0x219/0x2e0 fs/namespace.c:3514\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nMemory state around the buggy address:\n ffff88807b002f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff88807b002f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n\u003effff88807b003000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n ^\n ffff88807b003080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n ffff88807b003100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n\nAbove issue happens as ext4_xattr_delete_inode() isn\u0027t check xattr\nis valid if xattr is in inode.\nTo solve above issue call xattr_check_inode() check if xattr if valid\nin inode. In fact, we can directly verify in ext4_iget_extra_inode(),\nso that there is no divergent verification.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22121",
"url": "https://www.suse.com/security/cve/CVE-2025-22121"
},
{
"category": "external",
"summary": "SUSE Bug 1241593 for CVE-2025-22121",
"url": "https://bugzilla.suse.com/1241593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22121"
},
{
"cve": "CVE-2025-22125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid1,raid10: don\u0027t ignore IO flags\n\nIf blk-wbt is enabled by default, it\u0027s found that raid write performance\nis quite bad because all IO are throttled by wbt of underlying disks,\ndue to flag REQ_IDLE is ignored. And turns out this behaviour exist since\nblk-wbt is introduced.\n\nOther than REQ_IDLE, other flags should not be ignored as well, for\nexample REQ_META can be set for filesystems, clearing it can cause priority\nreverse problems; And REQ_NOWAIT should not be cleared as well, because\nio will wait instead of failing directly in underlying disks.\n\nFix those problems by keep IO flags from master bio.\n\nFises: f51d46d0e7cb (\"md: add support for REQ_NOWAIT\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22125",
"url": "https://www.suse.com/security/cve/CVE-2025-22125"
},
{
"category": "external",
"summary": "SUSE Bug 1241596 for CVE-2025-22125",
"url": "https://bugzilla.suse.com/1241596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22125"
},
{
"cve": "CVE-2025-22126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22126"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix mddev uaf while iterating all_mddevs list\n\nWhile iterating all_mddevs list from md_notify_reboot() and md_exit(),\nlist_for_each_entry_safe is used, and this can race with deletint the\nnext mddev, causing UAF:\n\nt1:\nspin_lock\n//list_for_each_entry_safe(mddev, n, ...)\n mddev_get(mddev1)\n // assume mddev2 is the next entry\n spin_unlock\n t2:\n //remove mddev2\n ...\n mddev_free\n spin_lock\n list_del\n spin_unlock\n kfree(mddev2)\n mddev_put(mddev1)\n spin_lock\n //continue dereference mddev2-\u003eall_mddevs\n\nThe old helper for_each_mddev() actually grab the reference of mddev2\nwhile holding the lock, to prevent from being freed. This problem can be\nfixed the same way, however, the code will be complex.\n\nHence switch to use list_for_each_entry, in this case mddev_put() can free\nthe mddev1 and it\u0027s not safe as well. Refer to md_seq_show(), also factor\nout a helper mddev_put_locked() to fix this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22126",
"url": "https://www.suse.com/security/cve/CVE-2025-22126"
},
{
"category": "external",
"summary": "SUSE Bug 1241597 for CVE-2025-22126",
"url": "https://bugzilla.suse.com/1241597"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22126"
},
{
"cve": "CVE-2025-22128",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22128"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path\n\nIf a shared IRQ is used by the driver due to platform limitation, then the\nIRQ affinity hint is set right after the allocation of IRQ vectors in\nath12k_pci_msi_alloc(). This does no harm unless one of the functions\nrequesting the IRQ fails and attempt to free the IRQ.\n\nThis may end up with a warning from the IRQ core that is expecting the\naffinity hint to be cleared before freeing the IRQ:\n\nkernel/irq/manage.c:\n\n\t/* make sure affinity_hint is cleaned up */\n\tif (WARN_ON_ONCE(desc-\u003eaffinity_hint))\n\t\tdesc-\u003eaffinity_hint = NULL;\n\nSo to fix this issue, clear the IRQ affinity hint before calling\nath12k_pci_free_irq() in the error path. The affinity will be cleared once\nagain further down the error path due to code organization, but that does\nno harm.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22128",
"url": "https://www.suse.com/security/cve/CVE-2025-22128"
},
{
"category": "external",
"summary": "SUSE Bug 1241598 for CVE-2025-22128",
"url": "https://bugzilla.suse.com/1241598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-22128"
},
{
"cve": "CVE-2025-2312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-2312"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host\u0027s Kerberos credentials cache.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-2312",
"url": "https://www.suse.com/security/cve/CVE-2025-2312"
},
{
"category": "external",
"summary": "SUSE Bug 1239680 for CVE-2025-2312",
"url": "https://bugzilla.suse.com/1239680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-2312"
},
{
"cve": "CVE-2025-23129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23129"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path\n\nIf a shared IRQ is used by the driver due to platform limitation, then the\nIRQ affinity hint is set right after the allocation of IRQ vectors in\nath11k_pci_alloc_msi(). This does no harm unless one of the functions\nrequesting the IRQ fails and attempt to free the IRQ. This results in the\nbelow warning:\n\nWARNING: CPU: 7 PID: 349 at kernel/irq/manage.c:1929 free_irq+0x278/0x29c\nCall trace:\n free_irq+0x278/0x29c\n ath11k_pcic_free_irq+0x70/0x10c [ath11k]\n ath11k_pci_probe+0x800/0x820 [ath11k_pci]\n local_pci_probe+0x40/0xbc\n\nThe warning is due to not clearing the affinity hint before freeing the\nIRQs.\n\nSo to fix this issue, clear the IRQ affinity hint before calling\nath11k_pcic_free_irq() in the error path. The affinity will be cleared once\nagain further down the error path due to code organization, but that does\nno harm.\n\nTested-on: QCA6390 hw2.0 PCI WLAN.HST.1.0.1-05266-QCAHSTSWPLZ_V2_TO_X86-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23129",
"url": "https://www.suse.com/security/cve/CVE-2025-23129"
},
{
"category": "external",
"summary": "SUSE Bug 1241599 for CVE-2025-23129",
"url": "https://bugzilla.suse.com/1241599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-23129"
},
{
"cve": "CVE-2025-23131",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23131"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndlm: prevent NPD when writing a positive value to event_done\n\ndo_uevent returns the value written to event_done. In case it is a\npositive value, new_lockspace would undo all the work, and lockspace\nwould not be set. __dlm_new_lockspace, however, would treat that\npositive value as a success due to commit 8511a2728ab8 (\"dlm: fix use\ncount with multiple joins\").\n\nDown the line, device_create_lockspace would pass that NULL lockspace to\ndlm_find_lockspace_local, leading to a NULL pointer dereference.\n\nTreating such positive values as successes prevents the problem. Given\nthis has been broken for so long, this is unlikely to break userspace\nexpectations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23131",
"url": "https://www.suse.com/security/cve/CVE-2025-23131"
},
{
"category": "external",
"summary": "SUSE Bug 1241601 for CVE-2025-23131",
"url": "https://bugzilla.suse.com/1241601"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-23131"
},
{
"cve": "CVE-2025-23133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23133"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: update channel list in reg notifier instead reg worker\n\nCurrently when ath11k gets a new channel list, it will be processed\naccording to the following steps:\n1. update new channel list to cfg80211 and queue reg_work.\n2. cfg80211 handles new channel list during reg_work.\n3. update cfg80211\u0027s handled channel list to firmware by\nath11k_reg_update_chan_list().\n\nBut ath11k will immediately execute step 3 after reg_work is just\nqueued. Since step 2 is asynchronous, cfg80211 may not have completed\nhandling the new channel list, which may leading to an out-of-bounds\nwrite error:\nBUG: KASAN: slab-out-of-bounds in ath11k_reg_update_chan_list\nCall Trace:\n ath11k_reg_update_chan_list+0xbfe/0xfe0 [ath11k]\n kfree+0x109/0x3a0\n ath11k_regd_update+0x1cf/0x350 [ath11k]\n ath11k_regd_update_work+0x14/0x20 [ath11k]\n process_one_work+0xe35/0x14c0\n\nShould ensure step 2 is completely done before executing step 3. Thus\nWen raised patch[1]. When flag NL80211_REGDOM_SET_BY_DRIVER is set,\ncfg80211 will notify ath11k after step 2 is done.\n\nSo enable the flag NL80211_REGDOM_SET_BY_DRIVER then cfg80211 will\nnotify ath11k after step 2 is done. At this time, there will be no\nKASAN bug during the execution of the step 3.\n\n[1] https://patchwork.kernel.org/project/linux-wireless/patch/20230201065313.27203-1-quic_wgong@quicinc.com/\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23133",
"url": "https://www.suse.com/security/cve/CVE-2025-23133"
},
{
"category": "external",
"summary": "SUSE Bug 1241451 for CVE-2025-23133",
"url": "https://bugzilla.suse.com/1241451"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-23133"
},
{
"cve": "CVE-2025-23136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23136"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: int340x: Add NULL check for adev\n\nNot all devices have an ACPI companion fwnode, so adev might be NULL.\nThis is similar to the commit cd2fd6eab480\n(\"platform/x86: int3472: Check for adev == NULL\").\n\nAdd a check for adev not being set and return -ENODEV in that case to\navoid a possible NULL pointer deref in int3402_thermal_probe().\n\nNote, under the same directory, int3400_thermal_probe() has such a\ncheck.\n\n[ rjw: Subject edit, added Fixes: ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23136",
"url": "https://www.suse.com/security/cve/CVE-2025-23136"
},
{
"category": "external",
"summary": "SUSE Bug 1241357 for CVE-2025-23136",
"url": "https://bugzilla.suse.com/1241357"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-23136"
},
{
"cve": "CVE-2025-23138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23138"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwatch_queue: fix pipe accounting mismatch\n\nCurrently, watch_queue_set_size() modifies the pipe buffers charged to\nuser-\u003epipe_bufs without updating the pipe-\u003enr_accounted on the pipe\nitself, due to the if (!pipe_has_watch_queue()) test in\npipe_resize_ring(). This means that when the pipe is ultimately freed,\nwe decrement user-\u003epipe_bufs by something other than what than we had\ncharged to it, potentially leading to an underflow. This in turn can\ncause subsequent too_many_pipe_buffers_soft() tests to fail with -EPERM.\n\nTo remedy this, explicitly account for the pipe usage in\nwatch_queue_set_size() to match the number set via account_pipe_buffers()\n\n(It\u0027s unclear why watch_queue_set_size() does not update nr_accounted;\nit may be due to intentional overprovisioning in watch_queue_set_size()?)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23138",
"url": "https://www.suse.com/security/cve/CVE-2025-23138"
},
{
"category": "external",
"summary": "SUSE Bug 1241648 for CVE-2025-23138",
"url": "https://bugzilla.suse.com/1241648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-23138"
},
{
"cve": "CVE-2025-23140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error\n\nAfter devm_request_irq() fails with error in pci_endpoint_test_request_irq(),\nthe pci_endpoint_test_free_irq_vectors() is called assuming that all IRQs\nhave been released.\n\nHowever, some requested IRQs remain unreleased, so there are still\n/proc/irq/* entries remaining, and this results in WARN() with the\nfollowing message:\n\n remove_proc_entry: removing non-empty directory \u0027irq/30\u0027, leaking at least \u0027pci-endpoint-test.0\u0027\n WARNING: CPU: 0 PID: 202 at fs/proc/generic.c:719 remove_proc_entry +0x190/0x19c\n\nTo solve this issue, set the number of remaining IRQs to test-\u003enum_irqs,\nand release IRQs in advance by calling pci_endpoint_test_release_irq().\n\n[kwilczynski: commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23140",
"url": "https://www.suse.com/security/cve/CVE-2025-23140"
},
{
"category": "external",
"summary": "SUSE Bug 1242763 for CVE-2025-23140",
"url": "https://bugzilla.suse.com/1242763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-23140"
},
{
"cve": "CVE-2025-23145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23145"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix NULL pointer in can_accept_new_subflow\n\nWhen testing valkey benchmark tool with MPTCP, the kernel panics in\n\u0027mptcp_can_accept_new_subflow\u0027 because subflow_req-\u003emsk is NULL.\n\nCall trace:\n\n mptcp_can_accept_new_subflow (./net/mptcp/subflow.c:63 (discriminator 4)) (P)\n subflow_syn_recv_sock (./net/mptcp/subflow.c:854)\n tcp_check_req (./net/ipv4/tcp_minisocks.c:863)\n tcp_v4_rcv (./net/ipv4/tcp_ipv4.c:2268)\n ip_protocol_deliver_rcu (./net/ipv4/ip_input.c:207)\n ip_local_deliver_finish (./net/ipv4/ip_input.c:234)\n ip_local_deliver (./net/ipv4/ip_input.c:254)\n ip_rcv_finish (./net/ipv4/ip_input.c:449)\n ...\n\nAccording to the debug log, the same req received two SYN-ACK in a very\nshort time, very likely because the client retransmits the syn ack due\nto multiple reasons.\n\nEven if the packets are transmitted with a relevant time interval, they\ncan be processed by the server on different CPUs concurrently). The\n\u0027subflow_req-\u003emsk\u0027 ownership is transferred to the subflow the first,\nand there will be a risk of a null pointer dereference here.\n\nThis patch fixes this issue by moving the \u0027subflow_req-\u003emsk\u0027 under the\n`own_req == true` conditional.\n\nNote that the !msk check in subflow_hmac_valid() can be dropped, because\nthe same check already exists under the own_req mpj branch where the\ncode has been moved to.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23145",
"url": "https://www.suse.com/security/cve/CVE-2025-23145"
},
{
"category": "external",
"summary": "SUSE Bug 1242596 for CVE-2025-23145",
"url": "https://bugzilla.suse.com/1242596"
},
{
"category": "external",
"summary": "SUSE Bug 1242882 for CVE-2025-23145",
"url": "https://bugzilla.suse.com/1242882"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2025-23145"
},
{
"cve": "CVE-2025-23150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23150"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix off-by-one error in do_split\n\nSyzkaller detected a use-after-free issue in ext4_insert_dentry that was\ncaused by out-of-bounds access due to incorrect splitting in do_split.\n\nBUG: KASAN: use-after-free in ext4_insert_dentry+0x36a/0x6d0 fs/ext4/namei.c:2109\nWrite of size 251 at addr ffff888074572f14 by task syz-executor335/5847\n\nCPU: 0 UID: 0 PID: 5847 Comm: syz-executor335 Not tainted 6.12.0-rc6-syzkaller-00318-ga9cda7c0ffed #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n kasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106\n ext4_insert_dentry+0x36a/0x6d0 fs/ext4/namei.c:2109\n add_dirent_to_buf+0x3d9/0x750 fs/ext4/namei.c:2154\n make_indexed_dir+0xf98/0x1600 fs/ext4/namei.c:2351\n ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2455\n ext4_add_nondir+0x8d/0x290 fs/ext4/namei.c:2796\n ext4_symlink+0x920/0xb50 fs/ext4/namei.c:3431\n vfs_symlink+0x137/0x2e0 fs/namei.c:4615\n do_symlinkat+0x222/0x3a0 fs/namei.c:4641\n __do_sys_symlink fs/namei.c:4662 [inline]\n __se_sys_symlink fs/namei.c:4660 [inline]\n __x64_sys_symlink+0x7a/0x90 fs/namei.c:4660\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nThe following loop is located right above \u0027if\u0027 statement.\n\nfor (i = count-1; i \u003e= 0; i--) {\n\t/* is more than half of this entry in 2nd half of the block? */\n\tif (size + map[i].size/2 \u003e blocksize/2)\n\t\tbreak;\n\tsize += map[i].size;\n\tmove++;\n}\n\n\u0027i\u0027 in this case could go down to -1, in which case sum of active entries\nwouldn\u0027t exceed half the block size, but previous behaviour would also do\nsplit in half if sum would exceed at the very last block, which in case of\nhaving too many long name files in a single block could lead to\nout-of-bounds access and following use-after-free.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23150",
"url": "https://www.suse.com/security/cve/CVE-2025-23150"
},
{
"category": "external",
"summary": "SUSE Bug 1242513 for CVE-2025-23150",
"url": "https://bugzilla.suse.com/1242513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-23150"
},
{
"cve": "CVE-2025-23160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23160"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization\n\nOn Mediatek devices with a system companion processor (SCP) the mtk_scp\nstructure has to be removed explicitly to avoid a resource leak.\nFree the structure in case the allocation of the firmware structure fails\nduring the firmware initialization.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23160",
"url": "https://www.suse.com/security/cve/CVE-2025-23160"
},
{
"category": "external",
"summary": "SUSE Bug 1242507 for CVE-2025-23160",
"url": "https://bugzilla.suse.com/1242507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-23160"
},
{
"cve": "CVE-2025-37748",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37748"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group\n\nCurrently, mtk_iommu calls during probe iommu_device_register before\nthe hw_list from driver data is initialized. Since iommu probing issue\nfix, it leads to NULL pointer dereference in mtk_iommu_device_group when\nhw_list is accessed with list_first_entry (not null safe).\n\nSo, change the call order to ensure iommu_device_register is called\nafter the driver data are initialized.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37748",
"url": "https://www.suse.com/security/cve/CVE-2025-37748"
},
{
"category": "external",
"summary": "SUSE Bug 1242523 for CVE-2025-37748",
"url": "https://bugzilla.suse.com/1242523"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37748"
},
{
"cve": "CVE-2025-37749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37749"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ppp: Add bound checking for skb data on ppp_sync_txmung\n\nEnsure we have enough data in linear buffer from skb before accessing\ninitial bytes. This prevents potential out-of-bounds accesses\nwhen processing short packets.\n\nWhen ppp_sync_txmung receives an incoming package with an empty\npayload:\n(remote) gef\u27a4 p *(struct pppoe_hdr *) (skb-\u003ehead + skb-\u003enetwork_header)\n$18 = {\n\ttype = 0x1,\n\tver = 0x1,\n\tcode = 0x0,\n\tsid = 0x2,\n length = 0x0,\n\ttag = 0xffff8880371cdb96\n}\n\nfrom the skb struct (trimmed)\n tail = 0x16,\n end = 0x140,\n head = 0xffff88803346f400 \"4\",\n data = 0xffff88803346f416 \":\\377\",\n truesize = 0x380,\n len = 0x0,\n data_len = 0x0,\n mac_len = 0xe,\n hdr_len = 0x0,\n\nit is not safe to access data[2].\n\n[pabeni@redhat.com: fixed subj typo]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37749",
"url": "https://www.suse.com/security/cve/CVE-2025-37749"
},
{
"category": "external",
"summary": "SUSE Bug 1242859 for CVE-2025-37749",
"url": "https://bugzilla.suse.com/1242859"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37749"
},
{
"cve": "CVE-2025-37750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37750"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix UAF in decryption with multichannel\n\nAfter commit f7025d861694 (\"smb: client: allocate crypto only for\nprimary server\") and commit b0abcd65ec54 (\"smb: client: fix UAF in\nasync decryption\"), the channels started reusing AEAD TFM from primary\nchannel to perform synchronous decryption, but that can\u0027t done as\nthere could be multiple cifsd threads (one per channel) simultaneously\naccessing it to perform decryption.\n\nThis fixes the following KASAN splat when running fstest generic/249\nwith \u0027vers=3.1.1,multichannel,max_channels=4,seal\u0027 against Windows\nServer 2022:\n\nBUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xba/0x110\nRead of size 8 at addr ffff8881046c18a0 by task cifsd/986\nCPU: 3 UID: 0 PID: 986 Comm: cifsd Not tainted 6.15.0-rc1 #1\nPREEMPT(voluntary)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41\n04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n print_report+0x156/0x528\n ? gf128mul_4k_lle+0xba/0x110\n ? __virt_addr_valid+0x145/0x300\n ? __phys_addr+0x46/0x90\n ? gf128mul_4k_lle+0xba/0x110\n kasan_report+0xdf/0x1a0\n ? gf128mul_4k_lle+0xba/0x110\n gf128mul_4k_lle+0xba/0x110\n ghash_update+0x189/0x210\n shash_ahash_update+0x295/0x370\n ? __pfx_shash_ahash_update+0x10/0x10\n ? __pfx_shash_ahash_update+0x10/0x10\n ? __pfx_extract_iter_to_sg+0x10/0x10\n ? ___kmalloc_large_node+0x10e/0x180\n ? __asan_memset+0x23/0x50\n crypto_ahash_update+0x3c/0xc0\n gcm_hash_assoc_remain_continue+0x93/0xc0\n crypt_message+0xe09/0xec0 [cifs]\n ? __pfx_crypt_message+0x10/0x10 [cifs]\n ? _raw_spin_unlock+0x23/0x40\n ? __pfx_cifs_readv_from_socket+0x10/0x10 [cifs]\n decrypt_raw_data+0x229/0x380 [cifs]\n ? __pfx_decrypt_raw_data+0x10/0x10 [cifs]\n ? __pfx_cifs_read_iter_from_socket+0x10/0x10 [cifs]\n smb3_receive_transform+0x837/0xc80 [cifs]\n ? __pfx_smb3_receive_transform+0x10/0x10 [cifs]\n ? __pfx___might_resched+0x10/0x10\n ? __pfx_smb3_is_transform_hdr+0x10/0x10 [cifs]\n cifs_demultiplex_thread+0x692/0x1570 [cifs]\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n ? rcu_is_watching+0x20/0x50\n ? rcu_lockdep_current_cpu_online+0x62/0xb0\n ? find_held_lock+0x32/0x90\n ? kvm_sched_clock_read+0x11/0x20\n ? local_clock_noinstr+0xd/0xd0\n ? trace_irq_enable.constprop.0+0xa8/0xe0\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n kthread+0x1fe/0x380\n ? kthread+0x10f/0x380\n ? __pfx_kthread+0x10/0x10\n ? local_clock_noinstr+0xd/0xd0\n ? ret_from_fork+0x1b/0x60\n ? local_clock+0x15/0x30\n ? lock_release+0x29b/0x390\n ? rcu_is_watching+0x20/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37750",
"url": "https://www.suse.com/security/cve/CVE-2025-37750"
},
{
"category": "external",
"summary": "SUSE Bug 1242510 for CVE-2025-37750",
"url": "https://bugzilla.suse.com/1242510"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37750"
},
{
"cve": "CVE-2025-37755",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37755"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: libwx: handle page_pool_dev_alloc_pages error\n\npage_pool_dev_alloc_pages could return NULL. There was a WARN_ON(!page)\nbut it would still proceed to use the NULL pointer and then crash.\n\nThis is similar to commit 001ba0902046\n(\"net: fec: handle page_pool_dev_alloc_pages error\").\n\nThis is found by our static analysis tool KNighter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37755",
"url": "https://www.suse.com/security/cve/CVE-2025-37755"
},
{
"category": "external",
"summary": "SUSE Bug 1242506 for CVE-2025-37755",
"url": "https://bugzilla.suse.com/1242506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37755"
},
{
"cve": "CVE-2025-37773",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37773"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtiofs: add filesystem context source name check\n\nIn certain scenarios, for example, during fuzz testing, the source\nname may be NULL, which could lead to a kernel panic. Therefore, an\nextra check for the source name should be added.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37773",
"url": "https://www.suse.com/security/cve/CVE-2025-37773"
},
{
"category": "external",
"summary": "SUSE Bug 1242502 for CVE-2025-37773",
"url": "https://bugzilla.suse.com/1242502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37773"
},
{
"cve": "CVE-2025-37780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37780"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nisofs: Prevent the use of too small fid\n\nsyzbot reported a slab-out-of-bounds Read in isofs_fh_to_parent. [1]\n\nThe handle_bytes value passed in by the reproducing program is equal to 12.\nIn handle_to_path(), only 12 bytes of memory are allocated for the structure\nfile_handle-\u003ef_handle member, which causes an out-of-bounds access when\naccessing the member parent_block of the structure isofs_fid in isofs,\nbecause accessing parent_block requires at least 16 bytes of f_handle.\nHere, fh_len is used to indirectly confirm that the value of handle_bytes\nis greater than 3 before accessing parent_block.\n\n[1]\nBUG: KASAN: slab-out-of-bounds in isofs_fh_to_parent+0x1b8/0x210 fs/isofs/export.c:183\nRead of size 4 at addr ffff0000cc030d94 by task syz-executor215/6466\nCPU: 1 UID: 0 PID: 6466 Comm: syz-executor215 Not tainted 6.14.0-rc7-syzkaller-ga2392f333575 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\nCall trace:\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0x198/0x550 mm/kasan/report.c:521\n kasan_report+0xd8/0x138 mm/kasan/report.c:634\n __asan_report_load4_noabort+0x20/0x2c mm/kasan/report_generic.c:380\n isofs_fh_to_parent+0x1b8/0x210 fs/isofs/export.c:183\n exportfs_decode_fh_raw+0x2dc/0x608 fs/exportfs/expfs.c:523\n do_handle_to_path+0xa0/0x198 fs/fhandle.c:257\n handle_to_path fs/fhandle.c:385 [inline]\n do_handle_open+0x8cc/0xb8c fs/fhandle.c:403\n __do_sys_open_by_handle_at fs/fhandle.c:443 [inline]\n __se_sys_open_by_handle_at fs/fhandle.c:434 [inline]\n __arm64_sys_open_by_handle_at+0x80/0x94 fs/fhandle.c:434\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744\n el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\nAllocated by task 6466:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x40/0x50 mm/kasan/generic.c:562\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xac/0xc4 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4294 [inline]\n __kmalloc_noprof+0x32c/0x54c mm/slub.c:4306\n kmalloc_noprof include/linux/slab.h:905 [inline]\n handle_to_path fs/fhandle.c:357 [inline]\n do_handle_open+0x5a4/0xb8c fs/fhandle.c:403\n __do_sys_open_by_handle_at fs/fhandle.c:443 [inline]\n __se_sys_open_by_handle_at fs/fhandle.c:434 [inline]\n __arm64_sys_open_by_handle_at+0x80/0x94 fs/fhandle.c:434\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744\n el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37780",
"url": "https://www.suse.com/security/cve/CVE-2025-37780"
},
{
"category": "external",
"summary": "SUSE Bug 1242786 for CVE-2025-37780",
"url": "https://bugzilla.suse.com/1242786"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37780"
},
{
"cve": "CVE-2025-37785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37785"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix OOB read when checking dotdot dir\n\nMounting a corrupted filesystem with directory which contains \u0027.\u0027 dir\nentry with rec_len == block size results in out-of-bounds read (later\non, when the corrupted directory is removed).\n\next4_empty_dir() assumes every ext4 directory contains at least \u0027.\u0027\nand \u0027..\u0027 as directory entries in the first data block. It first loads\nthe \u0027.\u0027 dir entry, performs sanity checks by calling ext4_check_dir_entry()\nand then uses its rec_len member to compute the location of \u0027..\u0027 dir\nentry (in ext4_next_entry). It assumes the \u0027..\u0027 dir entry fits into the\nsame data block.\n\nIf the rec_len of \u0027.\u0027 is precisely one block (4KB), it slips through the\nsanity checks (it is considered the last directory entry in the data\nblock) and leaves \"struct ext4_dir_entry_2 *de\" point exactly past the\nmemory slot allocated to the data block. The following call to\next4_check_dir_entry() on new value of de then dereferences this pointer\nwhich results in out-of-bounds mem access.\n\nFix this by extending __ext4_check_dir_entry() to check for \u0027.\u0027 dir\nentries that reach the end of data block. Make sure to ignore the phony\ndir entries for checksum (by checking name_len for non-zero).\n\nNote: This is reported by KASAN as use-after-free in case another\nstructure was recently freed from the slot past the bound, but it is\nreally an OOB read.\n\nThis issue was found by syzkaller tool.\n\nCall Trace:\n[ 38.594108] BUG: KASAN: slab-use-after-free in __ext4_check_dir_entry+0x67e/0x710\n[ 38.594649] Read of size 2 at addr ffff88802b41a004 by task syz-executor/5375\n[ 38.595158]\n[ 38.595288] CPU: 0 UID: 0 PID: 5375 Comm: syz-executor Not tainted 6.14.0-rc7 #1\n[ 38.595298] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[ 38.595304] Call Trace:\n[ 38.595308] \u003cTASK\u003e\n[ 38.595311] dump_stack_lvl+0xa7/0xd0\n[ 38.595325] print_address_description.constprop.0+0x2c/0x3f0\n[ 38.595339] ? __ext4_check_dir_entry+0x67e/0x710\n[ 38.595349] print_report+0xaa/0x250\n[ 38.595359] ? __ext4_check_dir_entry+0x67e/0x710\n[ 38.595368] ? kasan_addr_to_slab+0x9/0x90\n[ 38.595378] kasan_report+0xab/0xe0\n[ 38.595389] ? __ext4_check_dir_entry+0x67e/0x710\n[ 38.595400] __ext4_check_dir_entry+0x67e/0x710\n[ 38.595410] ext4_empty_dir+0x465/0x990\n[ 38.595421] ? __pfx_ext4_empty_dir+0x10/0x10\n[ 38.595432] ext4_rmdir.part.0+0x29a/0xd10\n[ 38.595441] ? __dquot_initialize+0x2a7/0xbf0\n[ 38.595455] ? __pfx_ext4_rmdir.part.0+0x10/0x10\n[ 38.595464] ? __pfx___dquot_initialize+0x10/0x10\n[ 38.595478] ? down_write+0xdb/0x140\n[ 38.595487] ? __pfx_down_write+0x10/0x10\n[ 38.595497] ext4_rmdir+0xee/0x140\n[ 38.595506] vfs_rmdir+0x209/0x670\n[ 38.595517] ? lookup_one_qstr_excl+0x3b/0x190\n[ 38.595529] do_rmdir+0x363/0x3c0\n[ 38.595537] ? __pfx_do_rmdir+0x10/0x10\n[ 38.595544] ? strncpy_from_user+0x1ff/0x2e0\n[ 38.595561] __x64_sys_unlinkat+0xf0/0x130\n[ 38.595570] do_syscall_64+0x5b/0x180\n[ 38.595583] entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37785",
"url": "https://www.suse.com/security/cve/CVE-2025-37785"
},
{
"category": "external",
"summary": "SUSE Bug 1241640 for CVE-2025-37785",
"url": "https://bugzilla.suse.com/1241640"
},
{
"category": "external",
"summary": "SUSE Bug 1241698 for CVE-2025-37785",
"url": "https://bugzilla.suse.com/1241698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37785"
},
{
"cve": "CVE-2025-37787",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37787"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered\n\nRussell King reports that a system with mv88e6xxx dereferences a NULL\npointer when unbinding this driver:\nhttps://lore.kernel.org/netdev/Z_lRkMlTJ1KQ0kVX@shell.armlinux.org.uk/\n\nThe crash seems to be in devlink_region_destroy(), which is not NULL\ntolerant but is given a NULL devlink global region pointer.\n\nAt least on some chips, some devlink regions are conditionally registered\nsince the blamed commit, see mv88e6xxx_setup_devlink_regions_global():\n\n\t\tif (cond \u0026\u0026 !cond(chip))\n\t\t\tcontinue;\n\nThese are MV88E6XXX_REGION_STU and MV88E6XXX_REGION_PVT. If the chip\ndoes not have an STU or PVT, it should crash like this.\n\nTo fix the issue, avoid unregistering those regions which are NULL, i.e.\nwere skipped at mv88e6xxx_setup_devlink_regions_global() time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37787",
"url": "https://www.suse.com/security/cve/CVE-2025-37787"
},
{
"category": "external",
"summary": "SUSE Bug 1242585 for CVE-2025-37787",
"url": "https://bugzilla.suse.com/1242585"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37787"
},
{
"cve": "CVE-2025-37789",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37789"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: fix nested key length validation in the set() action\n\nIt\u0027s not safe to access nla_len(ovs_key) if the data is smaller than\nthe netlink header. Check that the attribute is OK first.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37789",
"url": "https://www.suse.com/security/cve/CVE-2025-37789"
},
{
"category": "external",
"summary": "SUSE Bug 1242762 for CVE-2025-37789",
"url": "https://bugzilla.suse.com/1242762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37789"
},
{
"cve": "CVE-2025-37790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37790"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: Set SOCK_RCU_FREE\n\nBind lookup runs under RCU, so ensure that a socket doesn\u0027t go away in\nthe middle of a lookup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37790",
"url": "https://www.suse.com/security/cve/CVE-2025-37790"
},
{
"category": "external",
"summary": "SUSE Bug 1242509 for CVE-2025-37790",
"url": "https://bugzilla.suse.com/1242509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37790"
},
{
"cve": "CVE-2025-37797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a UAF vulnerability in class handling\n\nThis patch fixes a Use-After-Free vulnerability in the HFSC qdisc class\nhandling. The issue occurs due to a time-of-check/time-of-use condition\nin hfsc_change_class() when working with certain child qdiscs like netem\nor codel.\n\nThe vulnerability works as follows:\n1. hfsc_change_class() checks if a class has packets (q.qlen != 0)\n2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g.,\n codel, netem) might drop packets and empty the queue\n3. The code continues assuming the queue is still non-empty, adding\n the class to vttree\n4. This breaks HFSC scheduler assumptions that only non-empty classes\n are in vttree\n5. Later, when the class is destroyed, this can lead to a Use-After-Free\n\nThe fix adds a second queue length check after qdisc_peek_len() to verify\nthe queue wasn\u0027t emptied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37797",
"url": "https://www.suse.com/security/cve/CVE-2025-37797"
},
{
"category": "external",
"summary": "SUSE Bug 1242417 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1242417"
},
{
"category": "external",
"summary": "SUSE Bug 1245793 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1245793"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2025-37797"
},
{
"cve": "CVE-2025-37798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37798"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncodel: remove sch-\u003eq.qlen check before qdisc_tree_reduce_backlog()\n\nAfter making all -\u003eqlen_notify() callbacks idempotent, now it is safe to\nremove the check of qlen!=0 from both fq_codel_dequeue() and\ncodel_qdisc_dequeue().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37798",
"url": "https://www.suse.com/security/cve/CVE-2025-37798"
},
{
"category": "external",
"summary": "SUSE Bug 1242414 for CVE-2025-37798",
"url": "https://bugzilla.suse.com/1242414"
},
{
"category": "external",
"summary": "SUSE Bug 1242417 for CVE-2025-37798",
"url": "https://bugzilla.suse.com/1242417"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "important"
}
],
"title": "CVE-2025-37798"
},
{
"cve": "CVE-2025-37799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37799"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp\n\nvmxnet3 driver\u0027s XDP handling is buggy for packet sizes using ring0 (that\nis, packet sizes between 128 - 3k bytes).\n\nWe noticed MTU-related connectivity issues with Cilium\u0027s service load-\nbalancing in case of vmxnet3 as NIC underneath. A simple curl to a HTTP\nbackend service where the XDP LB was doing IPIP encap led to overly large\npacket sizes but only for *some* of the packets (e.g. HTTP GET request)\nwhile others (e.g. the prior TCP 3WHS) looked completely fine on the wire.\n\nIn fact, the pcap recording on the backend node actually revealed that the\nnode with the XDP LB was leaking uninitialized kernel data onto the wire\nfor the affected packets, for example, while the packets should have been\n152 bytes their actual size was 1482 bytes, so the remainder after 152 bytes\nwas padded with whatever other data was in that page at the time (e.g. we\nsaw user/payload data from prior processed packets).\n\nWe only noticed this through an MTU issue, e.g. when the XDP LB node and\nthe backend node both had the same MTU (e.g. 1500) then the curl request\ngot dropped on the backend node\u0027s NIC given the packet was too large even\nthough the IPIP-encapped packet normally would never even come close to\nthe MTU limit. Lowering the MTU on the XDP LB (e.g. 1480) allowed to let\nthe curl request succeed (which also indicates that the kernel ignored the\npadding, and thus the issue wasn\u0027t very user-visible).\n\nCommit e127ce7699c1 (\"vmxnet3: Fix missing reserved tailroom\") was too eager\nto also switch xdp_prepare_buff() from rcd-\u003elen to rbi-\u003elen. It really needs\nto stick to rcd-\u003elen which is the actual packet length from the descriptor.\nThe latter we also feed into vmxnet3_process_xdp_small(), by the way, and\nit indicates the correct length needed to initialize the xdp-\u003e{data,data_end}\nparts. For e127ce7699c1 (\"vmxnet3: Fix missing reserved tailroom\") the\nrelevant part was adapting xdp_init_buff() to address the warning given the\nxdp_data_hard_end() depends on xdp-\u003eframe_sz. With that fixed, traffic on\nthe wire looks good again.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37799",
"url": "https://www.suse.com/security/cve/CVE-2025-37799"
},
{
"category": "external",
"summary": "SUSE Bug 1242283 for CVE-2025-37799",
"url": "https://bugzilla.suse.com/1242283"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37799"
},
{
"cve": "CVE-2025-37803",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37803"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudmabuf: fix a buf size overflow issue during udmabuf creation\n\nby casting size_limit_mb to u64 when calculate pglimit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37803",
"url": "https://www.suse.com/security/cve/CVE-2025-37803"
},
{
"category": "external",
"summary": "SUSE Bug 1242852 for CVE-2025-37803",
"url": "https://bugzilla.suse.com/1242852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37803"
},
{
"cve": "CVE-2025-37804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37804"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37804",
"url": "https://www.suse.com/security/cve/CVE-2025-37804"
},
{
"category": "external",
"summary": "SUSE Bug 1242854 for CVE-2025-37804",
"url": "https://bugzilla.suse.com/1242854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37804"
},
{
"cve": "CVE-2025-37809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37809"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: class: Fix NULL pointer access\n\nConcurrent calls to typec_partner_unlink_device can lead to a NULL pointer\ndereference. This patch adds a mutex to protect USB device pointers and\nprevent this issue. The same mutex protects both the device pointers and\nthe partner device registration.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37809",
"url": "https://www.suse.com/security/cve/CVE-2025-37809"
},
{
"category": "external",
"summary": "SUSE Bug 1242856 for CVE-2025-37809",
"url": "https://bugzilla.suse.com/1242856"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37809"
},
{
"cve": "CVE-2025-37820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37820"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen-netfront: handle NULL returned by xdp_convert_buff_to_frame()\n\nThe function xdp_convert_buff_to_frame() may return NULL if it fails\nto correctly convert the XDP buffer into an XDP frame due to memory\nconstraints, internal errors, or invalid data. Failing to check for NULL\nmay lead to a NULL pointer dereference if the result is used later in\nprocessing, potentially causing crashes, data corruption, or undefined\nbehavior.\n\nOn XDP redirect failure, the associated page must be released explicitly\nif it was previously retained via get_page(). Failing to do so may result\nin a memory leak, as the pages reference count is not decremented.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37820",
"url": "https://www.suse.com/security/cve/CVE-2025-37820"
},
{
"category": "external",
"summary": "SUSE Bug 1242866 for CVE-2025-37820",
"url": "https://bugzilla.suse.com/1242866"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37820"
},
{
"cve": "CVE-2025-37823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37823"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too\n\nSimilarly to the previous patch, we need to safe guard hfsc_dequeue()\ntoo. But for this one, we don\u0027t have a reliable reproducer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37823",
"url": "https://www.suse.com/security/cve/CVE-2025-37823"
},
{
"category": "external",
"summary": "SUSE Bug 1242924 for CVE-2025-37823",
"url": "https://bugzilla.suse.com/1242924"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37823"
},
{
"cve": "CVE-2025-37824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37824"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix NULL pointer dereference in tipc_mon_reinit_self()\n\nsyzbot reported:\n\ntipc: Node number set to 1055423674\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 3 UID: 0 PID: 6017 Comm: kworker/3:5 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: events tipc_net_finalize_work\nRIP: 0010:tipc_mon_reinit_self+0x11c/0x210 net/tipc/monitor.c:719\n...\nRSP: 0018:ffffc9000356fb68 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000003ee87cba\nRDX: 0000000000000000 RSI: ffffffff8dbc56a7 RDI: ffff88804c2cc010\nRBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000007\nR13: fffffbfff2111097 R14: ffff88804ead8000 R15: ffff88804ead9010\nFS: 0000000000000000(0000) GS:ffff888097ab9000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000f720eb00 CR3: 000000000e182000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n tipc_net_finalize+0x10b/0x180 net/tipc/net.c:140\n process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238\n process_scheduled_works kernel/workqueue.c:3319 [inline]\n worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400\n kthread+0x3c2/0x780 kernel/kthread.c:464\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n...\nRIP: 0010:tipc_mon_reinit_self+0x11c/0x210 net/tipc/monitor.c:719\n...\nRSP: 0018:ffffc9000356fb68 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000003ee87cba\nRDX: 0000000000000000 RSI: ffffffff8dbc56a7 RDI: ffff88804c2cc010\nRBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000007\nR13: fffffbfff2111097 R14: ffff88804ead8000 R15: ffff88804ead9010\nFS: 0000000000000000(0000) GS:ffff888097ab9000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000f720eb00 CR3: 000000000e182000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n\nThere is a racing condition between workqueue created when enabling\nbearer and another thread created when disabling bearer right after\nthat as follow:\n\nenabling_bearer | disabling_bearer\n--------------- | ----------------\ntipc_disc_timeout() |\n{ | bearer_disable()\n ... | {\n schedule_work(\u0026tn-\u003ework); | tipc_mon_delete()\n ... | {\n} | ...\n | write_lock_bh(\u0026mon-\u003elock);\n | mon-\u003eself = NULL;\n | write_unlock_bh(\u0026mon-\u003elock);\n | ...\n | }\ntipc_net_finalize_work() | }\n{ |\n ... |\n tipc_net_finalize() |\n { |\n ... |\n tipc_mon_reinit_self() |\n { |\n ... |\n write_lock_bh(\u0026mon-\u003elock); |\n mon-\u003eself-\u003eaddr = tipc_own_addr(net); |\n write_unlock_bh(\u0026mon-\u003elock); |\n ... \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37824",
"url": "https://www.suse.com/security/cve/CVE-2025-37824"
},
{
"category": "external",
"summary": "SUSE Bug 1242867 for CVE-2025-37824",
"url": "https://bugzilla.suse.com/1242867"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37824"
},
{
"cve": "CVE-2025-37829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37829"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()\n\ncpufreq_cpu_get_raw() can return NULL when the target CPU is not present\nin the policy-\u003ecpus mask. scpi_cpufreq_get_rate() does not check for\nthis case, which results in a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37829",
"url": "https://www.suse.com/security/cve/CVE-2025-37829"
},
{
"category": "external",
"summary": "SUSE Bug 1242875 for CVE-2025-37829",
"url": "https://bugzilla.suse.com/1242875"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37829"
},
{
"cve": "CVE-2025-37830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37830"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()\n\ncpufreq_cpu_get_raw() can return NULL when the target CPU is not present\nin the policy-\u003ecpus mask. scmi_cpufreq_get_rate() does not check for\nthis case, which results in a NULL pointer dereference.\n\nAdd NULL check after cpufreq_cpu_get_raw() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37830",
"url": "https://www.suse.com/security/cve/CVE-2025-37830"
},
{
"category": "external",
"summary": "SUSE Bug 1242860 for CVE-2025-37830",
"url": "https://bugzilla.suse.com/1242860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37830"
},
{
"cve": "CVE-2025-37831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate()\n\ncpufreq_cpu_get_raw() can return NULL when the target CPU is not present\nin the policy-\u003ecpus mask. apple_soc_cpufreq_get_rate() does not check\nfor this case, which results in a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37831",
"url": "https://www.suse.com/security/cve/CVE-2025-37831"
},
{
"category": "external",
"summary": "SUSE Bug 1242861 for CVE-2025-37831",
"url": "https://bugzilla.suse.com/1242861"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37831"
},
{
"cve": "CVE-2025-37833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37833"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads\n\nFix niu_try_msix() to not cause a fatal trap on sparc systems.\n\nSet PCI_DEV_FLAGS_MSIX_TOUCH_ENTRY_DATA_FIRST on the struct pci_dev to\nwork around a bug in the hardware or firmware.\n\nFor each vector entry in the msix table, niu chips will cause a fatal\ntrap if any registers in that entry are read before that entries\u0027\nENTRY_DATA register is written to. Testing indicates writes to other\nregisters are not sufficient to prevent the fatal trap, however the value\ndoes not appear to matter. This only needs to happen once after power up,\nso simply rebooting into a kernel lacking this fix will NOT cause the\ntrap.\n\nNON-RESUMABLE ERROR: Reporting on cpu 64\nNON-RESUMABLE ERROR: TPC [0x00000000005f6900] \u003cmsix_prepare_msi_desc+0x90/0xa0\u003e\nNON-RESUMABLE ERROR: RAW [4010000000000016:00000e37f93e32ff:0000000202000080:ffffffffffffffff\nNON-RESUMABLE ERROR: 0000000800000000:0000000000000000:0000000000000000:0000000000000000]\nNON-RESUMABLE ERROR: handle [0x4010000000000016] stick [0x00000e37f93e32ff]\nNON-RESUMABLE ERROR: type [precise nonresumable]\nNON-RESUMABLE ERROR: attrs [0x02000080] \u003c ASI sp-faulted priv \u003e\nNON-RESUMABLE ERROR: raddr [0xffffffffffffffff]\nNON-RESUMABLE ERROR: insn effective address [0x000000c50020000c]\nNON-RESUMABLE ERROR: size [0x8]\nNON-RESUMABLE ERROR: asi [0x00]\nCPU: 64 UID: 0 PID: 745 Comm: kworker/64:1 Not tainted 6.11.5 #63\nWorkqueue: events work_for_cpu_fn\nTSTATE: 0000000011001602 TPC: 00000000005f6900 TNPC: 00000000005f6904 Y: 00000000 Not tainted\nTPC: \u003cmsix_prepare_msi_desc+0x90/0xa0\u003e\ng0: 00000000000002e9 g1: 000000000000000c g2: 000000c50020000c g3: 0000000000000100\ng4: ffff8000470307c0 g5: ffff800fec5be000 g6: ffff800047a08000 g7: 0000000000000000\no0: ffff800014feb000 o1: ffff800047a0b620 o2: 0000000000000011 o3: ffff800047a0b620\no4: 0000000000000080 o5: 0000000000000011 sp: ffff800047a0ad51 ret_pc: 00000000005f7128\nRPC: \u003c__pci_enable_msix_range+0x3cc/0x460\u003e\nl0: 000000000000000d l1: 000000000000c01f l2: ffff800014feb0a8 l3: 0000000000000020\nl4: 000000000000c000 l5: 0000000000000001 l6: 0000000020000000 l7: ffff800047a0b734\ni0: ffff800014feb000 i1: ffff800047a0b730 i2: 0000000000000001 i3: 000000000000000d\ni4: 0000000000000000 i5: 0000000000000000 i6: ffff800047a0ae81 i7: 00000000101888b0\nI7: \u003cniu_try_msix.constprop.0+0xc0/0x130 [niu]\u003e\nCall Trace:\n[\u003c00000000101888b0\u003e] niu_try_msix.constprop.0+0xc0/0x130 [niu]\n[\u003c000000001018f840\u003e] niu_get_invariants+0x183c/0x207c [niu]\n[\u003c00000000101902fc\u003e] niu_pci_init_one+0x27c/0x2fc [niu]\n[\u003c00000000005ef3e4\u003e] local_pci_probe+0x28/0x74\n[\u003c0000000000469240\u003e] work_for_cpu_fn+0x8/0x1c\n[\u003c000000000046b008\u003e] process_scheduled_works+0x144/0x210\n[\u003c000000000046b518\u003e] worker_thread+0x13c/0x1c0\n[\u003c00000000004710e0\u003e] kthread+0xb8/0xc8\n[\u003c00000000004060c8\u003e] ret_from_fork+0x1c/0x2c\n[\u003c0000000000000000\u003e] 0x0\nKernel panic - not syncing: Non-resumable error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37833",
"url": "https://www.suse.com/security/cve/CVE-2025-37833"
},
{
"category": "external",
"summary": "SUSE Bug 1242868 for CVE-2025-37833",
"url": "https://bugzilla.suse.com/1242868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37833"
},
{
"cve": "CVE-2025-37842",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37842"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: fsl-qspi: use devm function instead of driver remove\n\nDriver use devm APIs to manage clk/irq/resources and register the spi\ncontroller, but the legacy remove function will be called first during\ndevice detach and trigger kernel panic. Drop the remove function and use\ndevm_add_action_or_reset() for driver cleanup to ensure the release\nsequence.\n\nTrigger kernel panic on i.MX8MQ by\necho 30bb0000.spi \u003e/sys/bus/platform/drivers/fsl-quadspi/unbind",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37842",
"url": "https://www.suse.com/security/cve/CVE-2025-37842"
},
{
"category": "external",
"summary": "SUSE Bug 1242951 for CVE-2025-37842",
"url": "https://bugzilla.suse.com/1242951"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37842"
},
{
"cve": "CVE-2025-37860",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37860"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsfc: fix NULL dereferences in ef100_process_design_param()\n\nSince cited commit, ef100_probe_main() and hence also\n ef100_check_design_params() run before efx-\u003enet_dev is created;\n consequently, we cannot netif_set_tso_max_size() or _segs() at this\n point.\nMove those netif calls to ef100_probe_netdev(), and also replace\n netif_err within the design params code with pci_err.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37860",
"url": "https://www.suse.com/security/cve/CVE-2025-37860"
},
{
"category": "external",
"summary": "SUSE Bug 1241452 for CVE-2025-37860",
"url": "https://bugzilla.suse.com/1241452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37860"
},
{
"cve": "CVE-2025-37870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37870"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: prevent hang on link training fail\n\n[Why]\nWhen link training fails, the phy clock will be disabled. However, in\nenable_streams, it is assumed that link training succeeded and the\nmux selects the phy clock, causing a hang when a register write is made.\n\n[How]\nWhen enable_stream is hit, check if link training failed. If it did, fall\nback to the ref clock to avoid a hang and keep the system in a recoverable\nstate.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37870",
"url": "https://www.suse.com/security/cve/CVE-2025-37870"
},
{
"category": "external",
"summary": "SUSE Bug 1243056 for CVE-2025-37870",
"url": "https://bugzilla.suse.com/1243056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37870"
},
{
"cve": "CVE-2025-37879",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37879"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\n9p/net: fix improper handling of bogus negative read/write replies\n\nIn p9_client_write() and p9_client_read_once(), if the server\nincorrectly replies with success but a negative write/read count then we\nwould consider written (negative) \u003c= rsize (positive) because both\nvariables were signed.\n\nMake variables unsigned to avoid this problem.\n\nThe reproducer linked below now fails with the following error instead\nof a null pointer deref:\n9pnet: bogus RWRITE count (4294967295 \u003e 3)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37879",
"url": "https://www.suse.com/security/cve/CVE-2025-37879"
},
{
"category": "external",
"summary": "SUSE Bug 1243077 for CVE-2025-37879",
"url": "https://bugzilla.suse.com/1243077"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37879"
},
{
"cve": "CVE-2025-37886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37886"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npds_core: make wait_context part of q_info\n\nMake the wait_context a full part of the q_info struct rather\nthan a stack variable that goes away after pdsc_adminq_post()\nis done so that the context is still available after the wait\nloop has given up.\n\nThere was a case where a slow development firmware caused\nthe adminq request to time out, but then later the FW finally\nfinished the request and sent the interrupt. The handler tried\nto complete_all() the completion context that had been created\non the stack in pdsc_adminq_post() but no longer existed.\nThis caused bad pointer usage, kernel crashes, and much wailing\nand gnashing of teeth.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37886",
"url": "https://www.suse.com/security/cve/CVE-2025-37886"
},
{
"category": "external",
"summary": "SUSE Bug 1242944 for CVE-2025-37886",
"url": "https://bugzilla.suse.com/1242944"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37886"
},
{
"cve": "CVE-2025-37887",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37887"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result\n\nIf the FW doesn\u0027t support the PDS_CORE_CMD_FW_CONTROL command\nthe driver might at the least print garbage and at the worst\ncrash when the user runs the \"devlink dev info\" devlink command.\n\nThis happens because the stack variable fw_list is not 0\ninitialized which results in fw_list.num_fw_slots being a\ngarbage value from the stack. Then the driver tries to access\nfw_list.fw_names[i] with i \u003e= ARRAY_SIZE and runs off the end\nof the array.\n\nFix this by initializing the fw_list and by not failing\ncompletely if the devcmd fails because other useful information\nis printed via devlink dev info even if the devcmd fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37887",
"url": "https://www.suse.com/security/cve/CVE-2025-37887"
},
{
"category": "external",
"summary": "SUSE Bug 1242962 for CVE-2025-37887",
"url": "https://bugzilla.suse.com/1242962"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37887"
},
{
"cve": "CVE-2025-37949",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37949"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxenbus: Use kref to track req lifetime\n\nMarek reported seeing a NULL pointer fault in the xenbus_thread\ncallstack:\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nRIP: e030:__wake_up_common+0x4c/0x180\nCall Trace:\n \u003cTASK\u003e\n __wake_up_common_lock+0x82/0xd0\n process_msg+0x18e/0x2f0\n xenbus_thread+0x165/0x1c0\n\nprocess_msg+0x18e is req-\u003ecb(req). req-\u003ecb is set to xs_wake_up(), a\nthin wrapper around wake_up(), or xenbus_dev_queue_reply(). It seems\nlike it was xs_wake_up() in this case.\n\nIt seems like req may have woken up the xs_wait_for_reply(), which\nkfree()ed the req. When xenbus_thread resumes, it faults on the zero-ed\ndata.\n\nLinux Device Drivers 2nd edition states:\n\"Normally, a wake_up call can cause an immediate reschedule to happen,\nmeaning that other processes might run before wake_up returns.\"\n... which would match the behaviour observed.\n\nChange to keeping two krefs on each request. One for the caller, and\none for xenbus_thread. Each will kref_put() when finished, and the last\nwill free it.\n\nThis use of kref matches the description in\nDocumentation/core-api/kref.rst",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37949",
"url": "https://www.suse.com/security/cve/CVE-2025-37949"
},
{
"category": "external",
"summary": "SUSE Bug 1243541 for CVE-2025-37949",
"url": "https://bugzilla.suse.com/1243541"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37949"
},
{
"cve": "CVE-2025-37957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37957"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception\n\nPreviously, commit ed129ec9057f (\"KVM: x86: forcibly leave nested mode\non vCPU reset\") addressed an issue where a triple fault occurring in\nnested mode could lead to use-after-free scenarios. However, the commit\ndid not handle the analogous situation for System Management Mode (SMM).\n\nThis omission results in triggering a WARN when KVM forces a vCPU INIT\nafter SHUTDOWN interception while the vCPU is in SMM. This situation was\nreprodused using Syzkaller by:\n\n 1) Creating a KVM VM and vCPU\n 2) Sending a KVM_SMI ioctl to explicitly enter SMM\n 3) Executing invalid instructions causing consecutive exceptions and\n eventually a triple fault\n\nThe issue manifests as follows:\n\n WARNING: CPU: 0 PID: 25506 at arch/x86/kvm/x86.c:12112\n kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112\n Modules linked in:\n CPU: 0 PID: 25506 Comm: syz-executor.0 Not tainted\n 6.1.130-syzkaller-00157-g164fe5dde9b6 #0\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),\n BIOS 1.12.0-1 04/01/2014\n RIP: 0010:kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112\n Call Trace:\n \u003cTASK\u003e\n shutdown_interception+0x66/0xb0 arch/x86/kvm/svm/svm.c:2136\n svm_invoke_exit_handler+0x110/0x530 arch/x86/kvm/svm/svm.c:3395\n svm_handle_exit+0x424/0x920 arch/x86/kvm/svm/svm.c:3457\n vcpu_enter_guest arch/x86/kvm/x86.c:10959 [inline]\n vcpu_run+0x2c43/0x5a90 arch/x86/kvm/x86.c:11062\n kvm_arch_vcpu_ioctl_run+0x50f/0x1cf0 arch/x86/kvm/x86.c:11283\n kvm_vcpu_ioctl+0x570/0xf00 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4122\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl fs/ioctl.c:856 [inline]\n __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nArchitecturally, INIT is blocked when the CPU is in SMM, hence KVM\u0027s WARN()\nin kvm_vcpu_reset() to guard against KVM bugs, e.g. to detect improper\nemulation of INIT. SHUTDOWN on SVM is a weird edge case where KVM needs to\ndo _something_ sane with the VMCB, since it\u0027s technically undefined, and\nINIT is the least awful choice given KVM\u0027s ABI.\n\nSo, double down on stuffing INIT on SHUTDOWN, and force the vCPU out of\nSMM to avoid any weirdness (and the WARN).\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.\n\n[sean: massage changelog, make it clear this isn\u0027t architectural behavior]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37957",
"url": "https://www.suse.com/security/cve/CVE-2025-37957"
},
{
"category": "external",
"summary": "SUSE Bug 1243513 for CVE-2025-37957",
"url": "https://bugzilla.suse.com/1243513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37957"
},
{
"cve": "CVE-2025-37958",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37958"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/huge_memory: fix dereferencing invalid pmd migration entry\n\nWhen migrating a THP, concurrent access to the PMD migration entry during\na deferred split scan can lead to an invalid address access, as\nillustrated below. To prevent this invalid access, it is necessary to\ncheck the PMD migration entry and return early. In this context, there is\nno need to use pmd_to_swp_entry and pfn_swap_entry_to_page to verify the\nequality of the target folio. Since the PMD migration entry is locked, it\ncannot be served as the target.\n\nMailing list discussion and explanation from Hugh Dickins: \"An anon_vma\nlookup points to a location which may contain the folio of interest, but\nmight instead contain another folio: and weeding out those other folios is\nprecisely what the \"folio != pmd_folio((*pmd)\" check (and the \"risk of\nreplacing the wrong folio\" comment a few lines above it) is for.\"\n\nBUG: unable to handle page fault for address: ffffea60001db008\nCPU: 0 UID: 0 PID: 2199114 Comm: tee Not tainted 6.14.0+ #4 NONE\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:split_huge_pmd_locked+0x3b5/0x2b60\nCall Trace:\n\u003cTASK\u003e\ntry_to_migrate_one+0x28c/0x3730\nrmap_walk_anon+0x4f6/0x770\nunmap_folio+0x196/0x1f0\nsplit_huge_page_to_list_to_order+0x9f6/0x1560\ndeferred_split_scan+0xac5/0x12a0\nshrinker_debugfs_scan_write+0x376/0x470\nfull_proxy_write+0x15c/0x220\nvfs_write+0x2fc/0xcb0\nksys_write+0x146/0x250\ndo_syscall_64+0x6a/0x120\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe bug is found by syzkaller on an internal kernel, then confirmed on\nupstream.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37958",
"url": "https://www.suse.com/security/cve/CVE-2025-37958"
},
{
"category": "external",
"summary": "SUSE Bug 1243539 for CVE-2025-37958",
"url": "https://bugzilla.suse.com/1243539"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37958"
},
{
"cve": "CVE-2025-37960",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37960"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemblock: Accept allocated memory before use in memblock_double_array()\n\nWhen increasing the array size in memblock_double_array() and the slab\nis not yet available, a call to memblock_find_in_range() is used to\nreserve/allocate memory. However, the range returned may not have been\naccepted, which can result in a crash when booting an SNP guest:\n\n RIP: 0010:memcpy_orig+0x68/0x130\n Code: ...\n RSP: 0000:ffffffff9cc03ce8 EFLAGS: 00010006\n RAX: ff11001ff83e5000 RBX: 0000000000000000 RCX: fffffffffffff000\n RDX: 0000000000000bc0 RSI: ffffffff9dba8860 RDI: ff11001ff83e5c00\n RBP: 0000000000002000 R08: 0000000000000000 R09: 0000000000002000\n R10: 000000207fffe000 R11: 0000040000000000 R12: ffffffff9d06ef78\n R13: ff11001ff83e5000 R14: ffffffff9dba7c60 R15: 0000000000000c00\n memblock_double_array+0xff/0x310\n memblock_add_range+0x1fb/0x2f0\n memblock_reserve+0x4f/0xa0\n memblock_alloc_range_nid+0xac/0x130\n memblock_alloc_internal+0x53/0xc0\n memblock_alloc_try_nid+0x3d/0xa0\n swiotlb_init_remap+0x149/0x2f0\n mem_init+0xb/0xb0\n mm_core_init+0x8f/0x350\n start_kernel+0x17e/0x5d0\n x86_64_start_reservations+0x14/0x30\n x86_64_start_kernel+0x92/0xa0\n secondary_startup_64_no_verify+0x194/0x19b\n\nMitigate this by calling accept_memory() on the memory range returned\nbefore the slab is available.\n\nPrior to v6.12, the accept_memory() interface used a \u0027start\u0027 and \u0027end\u0027\nparameter instead of \u0027start\u0027 and \u0027size\u0027, therefore the accept_memory()\ncall must be adjusted to specify \u0027start + size\u0027 for \u0027end\u0027 when applying\nto kernels prior to v6.12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37960",
"url": "https://www.suse.com/security/cve/CVE-2025-37960"
},
{
"category": "external",
"summary": "SUSE Bug 1243519 for CVE-2025-37960",
"url": "https://bugzilla.suse.com/1243519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37960"
},
{
"cve": "CVE-2025-37974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pci: Fix missing check for zpci_create_device() error return\n\nThe zpci_create_device() function returns an error pointer that needs to\nbe checked before dereferencing it as a struct zpci_dev pointer. Add the\nmissing check in __clp_add() where it was missed when adding the\nscan_list in the fixed commit. Simply not adding the device to the scan\nlist results in the previous behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37974",
"url": "https://www.suse.com/security/cve/CVE-2025-37974"
},
{
"category": "external",
"summary": "SUSE Bug 1243547 for CVE-2025-37974",
"url": "https://bugzilla.suse.com/1243547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-37974"
},
{
"cve": "CVE-2025-38152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38152"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: core: Clear table_sz when rproc_shutdown\n\nThere is case as below could trigger kernel dump:\nUse U-Boot to start remote processor(rproc) with resource table\npublished to a fixed address by rproc. After Kernel boots up,\nstop the rproc, load a new firmware which doesn\u0027t have resource table\n,and start rproc.\n\nWhen starting rproc with a firmware not have resource table,\n`memcpy(loaded_table, rproc-\u003ecached_table, rproc-\u003etable_sz)` will\ntrigger dump, because rproc-\u003ecache_table is set to NULL during the last\nstop operation, but rproc-\u003etable_sz is still valid.\n\nThis issue is found on i.MX8MP and i.MX9.\n\nDump as below:\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000000\nMem abort info:\n ESR = 0x0000000096000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=000000010af63000\n[0000000000000000] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 0000000096000004 [#1] PREEMPT SMP\nModules linked in:\nCPU: 2 UID: 0 PID: 1060 Comm: sh Not tainted 6.14.0-rc7-next-20250317-dirty #38\nHardware name: NXP i.MX8MPlus EVK board (DT)\npstate: a0000005 (NzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : __pi_memcpy_generic+0x110/0x22c\nlr : rproc_start+0x88/0x1e0\nCall trace:\n __pi_memcpy_generic+0x110/0x22c (P)\n rproc_boot+0x198/0x57c\n state_store+0x40/0x104\n dev_attr_store+0x18/0x2c\n sysfs_kf_write+0x7c/0x94\n kernfs_fop_write_iter+0x120/0x1cc\n vfs_write+0x240/0x378\n ksys_write+0x70/0x108\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x48/0x10c\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x30/0xcc\n el0t_64_sync_handler+0x10c/0x138\n el0t_64_sync+0x198/0x19c\n\nClear rproc-\u003etable_sz to address the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38152",
"url": "https://www.suse.com/security/cve/CVE-2025-38152"
},
{
"category": "external",
"summary": "SUSE Bug 1241627 for CVE-2025-38152",
"url": "https://bugzilla.suse.com/1241627"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-38152"
},
{
"cve": "CVE-2025-38637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38637"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: skbprio: Remove overly strict queue assertions\n\nIn the current implementation, skbprio enqueue/dequeue contains an assertion\nthat fails under certain conditions when SKBPRIO is used as a child qdisc under\nTBF with specific parameters. The failure occurs because TBF sometimes peeks at\npackets in the child qdisc without actually dequeuing them when tokens are\nunavailable.\n\nThis peek operation creates a discrepancy between the parent and child qdisc\nqueue length counters. When TBF later receives a high-priority packet,\nSKBPRIO\u0027s queue length may show a different value than what\u0027s reflected in its\ninternal priority queue tracking, triggering the assertion.\n\nThe fix removes this overly strict assertions in SKBPRIO, they are not\nnecessary at all.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38637",
"url": "https://www.suse.com/security/cve/CVE-2025-38637"
},
{
"category": "external",
"summary": "SUSE Bug 1241657 for CVE-2025-38637",
"url": "https://bugzilla.suse.com/1241657"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-38637"
},
{
"cve": "CVE-2025-39728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: samsung: Fix UBSAN panic in samsung_clk_init()\n\nWith UBSAN_ARRAY_BOUNDS=y, I\u0027m hitting the below panic due to\ndereferencing `ctx-\u003eclk_data.hws` before setting\n`ctx-\u003eclk_data.num = nr_clks`. Move that up to fix the crash.\n\n UBSAN: array index out of bounds: 00000000f2005512 [#1] PREEMPT SMP\n \u003csnip\u003e\n Call trace:\n samsung_clk_init+0x110/0x124 (P)\n samsung_clk_init+0x48/0x124 (L)\n samsung_cmu_register_one+0x3c/0xa0\n exynos_arm64_register_cmu+0x54/0x64\n __gs101_cmu_top_of_clk_init_declare+0x28/0x60\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39728",
"url": "https://www.suse.com/security/cve/CVE-2025-39728"
},
{
"category": "external",
"summary": "SUSE Bug 1241626 for CVE-2025-39728",
"url": "https://bugzilla.suse.com/1241626"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-39728"
},
{
"cve": "CVE-2025-40325",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40325"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid10: wait barrier before returning discard request with REQ_NOWAIT\n\nraid10_handle_discard should wait barrier before returning a discard bio\nwhich has REQ_NOWAIT. And there is no need to print warning calltrace\nif a discard bio has REQ_NOWAIT flag. Quality engineer usually checks\ndmesg and reports error if dmesg has warning/error calltrace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40325",
"url": "https://www.suse.com/security/cve/CVE-2025-40325"
},
{
"category": "external",
"summary": "SUSE Bug 1241638 for CVE-2025-40325",
"url": "https://bugzilla.suse.com/1241638"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.21.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.21.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.21.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-12T06:29:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-40325"
}
]
}
suse-su-2025:20190-1
Vulnerability from csaf_suse
Published
2025-04-17 10:48
Modified
2025-04-17 10:48
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- CVE-2024-35910: tcp: properly terminate timers for kernel sockets (bsc#1224489).
- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).
- CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858).
- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).
- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).
- CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439).
- CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769).
- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).
- CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711).
- CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712).
- CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733).
- CVE-2024-49940: kABI fix for l2tp: prevent possible tunnel refcount underflow (bsc#1232812).
- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).
- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).
- CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389).
- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).
- CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060).
- CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028).
- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).
- CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248).
- CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221).
- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).
- CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).
- CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222).
- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).
- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).
- CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715).
- CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729).
- CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244).
- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).
- CVE-2024-56638: kABI fix for "netfilter: nft_inner: incorrect percpu area handling under softirq" (bsc#1235524).
- CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436).
- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501).
- CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455).
- CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589).
- CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591).
- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).
- CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936).
- CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621).
- CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637).
- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).
- CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973).
- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).
- CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532).
- CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).
- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).
- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
- CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104).
- CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997).
- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).
- CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111).
- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113).
- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114).
- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115).
- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122).
- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123).
- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).
- CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206).
- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).
- CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680).
- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).
- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).
- CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).
- CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).
- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).
- CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).
- CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698).
- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).
- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).
- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).
- CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).
- CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528).
- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).
- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).
- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).
- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).
- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).
- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).
- CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494).
- CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506).
- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).
- CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496).
- CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738).
- CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763).
- CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775).
- CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780).
- CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897).
- CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906).
- CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754).
- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).
- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).
- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).
- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).
- CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971).
- CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512).
- CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479).
- CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486).
- CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478).
- CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483).
- CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474).
- CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482).
- CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481).
- CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191).
- CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183).
- CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189).
- CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173).
- CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186).
The following non-security bugs were fixed:
- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).
- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).
- ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes).
- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).
- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).
- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).
- ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes).
- ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes).
- ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes).
- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).
- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).
- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).
- ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes).
- ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes).
- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes).
- ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes).
- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).
- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes).
- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes).
- ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes).
- ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes).
- ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes).
- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).
- ALSA: seq: Make dependency on UMP clearer (git-fixes).
- ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes).
- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes).
- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).
- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).
- ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes).
- ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes).
- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).
- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).
- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).
- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).
- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes).
- ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes).
- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).
- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).
- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).
- ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes).
- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes).
- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes).
- ASoC: cs35l41: check the return value from spi_setup() (git-fixes).
- ASoC: es8328: fix route from DAC to output (git-fixes).
- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).
- ASoC: ops: Consistently treat platform_max as control value (git-fixes).
- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).
- ASoC: rt722-sdca: add missing readable registers (git-fixes).
- ASoC: tas2764: Fix power control mask (stable-fixes).
- ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes).
- ASoC: tas2770: Fix volume scale (stable-fixes).
- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).
- Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes).
- Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes).
- Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes).
- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).
- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).
- Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes).
- Bluetooth: hci_event: Fix enabling passive scanning (git-fixes).
- Documentation: qat: fix auto_reset attribute details (git-fixes).
- Documentation: qat: fix auto_reset section (git-fixes).
- Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes).
- Fix memory-hotplug regression (bsc#1237504)
- Grab mm lock before grabbing pt lock (git-fixes).
- HID: Enable playstation driver independently of sony driver (git-fixes).
- HID: Wacom: Add PCI Wacom device support (stable-fixes).
- HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes).
- HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes).
- HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes).
- HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes).
- HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes).
- HID: hid-steam: Add Deck IMU support (stable-fixes).
- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).
- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).
- HID: hid-steam: Clean up locking (stable-fixes).
- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).
- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).
- HID: hid-steam: Fix cleanup in probe() (git-fixes).
- HID: hid-steam: Fix use-after-free when detaching device (git-fixes).
- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).
- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).
- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).
- HID: hid-steam: remove pointless error message (stable-fixes).
- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).
- HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes).
- HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes).
- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes).
- HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes).
- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes).
- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).
- HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes).
- HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes).
- IB/mad: Check available slots before posting receive WRs (git-fixes)
- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)
- Input: ads7846 - fix gpiod allocation (git-fixes).
- Input: allocate keycode for phone linking (stable-fixes).
- Input: i8042 - add required quirks for missing old boardnames (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes).
- Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes).
- Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes).
- Input: iqs7222 - preserve system status register (git-fixes).
- Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes).
- Input: xpad - add multiple supported devices (stable-fixes).
- Input: xpad - add support for TECNO Pocket Go (stable-fixes).
- Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes).
- Input: xpad - rename QH controller to Legion Go S (stable-fixes).
- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).
- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).
- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).
- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).
- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).
- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).
- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).
- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)
- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).
- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).
- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).
- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).
- KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf SPTE (git-fixes).
- KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes).
- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).
- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).
- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).
- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).
- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).
- KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes).
- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).
- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).
- Move upstreamed ACPI patch into sorted section
- Move upstreamed PCI and initramfs patches into sorted section
- Move upstreamed nfsd and sunrpc patches into sorted section
- Move upstreamed powerpc and SCSI patches into sorted section
- PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes).
- PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes).
- PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853)
- PCI/DOE: Support discovery version 2 (bsc#1237853)
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).
- PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes).
- PCI: Avoid reset when disabled via sysfs (git-fixes).
- PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes).
- PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes).
- PCI: Use downstream bridges for distributing resources (bsc#1237325).
- PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes).
- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes).
- PCI: brcmstb: Fix potential premature regulator disabling (git-fixes).
- PCI: brcmstb: Set generation limit before PCIe link up (git-fixes).
- PCI: brcmstb: Use internal register to change link capability (git-fixes).
- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes).
- PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes).
- PCI: hookup irq_get_affinity callback (bsc#1236896).
- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).
- PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes).
- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).
- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes).
- PM: sleep: Adjust check before setting power.must_resume (git-fixes).
- PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes).
- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).
- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes)
- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes)
- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)
- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)
- RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes)
- RDMA/efa: Reset device on probe failure (git-fixes)
- RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes)
- RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes)
- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)
- RDMA/hns: Fix missing xa_destroy() (git-fixes)
- RDMA/hns: Fix soft lockup during bt pages loop (git-fixes)
- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes)
- RDMA/hns: Fix wrong value of max_sge_rd (git-fixes)
- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).
- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).
- RDMA/mlx5: Fix AH static rate parsing (git-fixes)
- RDMA/mlx5: Fix MR cache initialization error flow (git-fixes)
- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)
- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)
- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)
- RDMA/mlx5: Fix cache entry update on dereg error (git-fixes)
- RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes)
- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)
- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes)
- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)
- RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes)
- RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes)
- RDMA/rxe: Improve newline in printing messages (git-fixes)
- Reapply "wifi: ath11k: restore country code during resume" (bsc#1207948).
- Revert "blk-throttle: Fix IO hang for a corner case" (git-fixes).
- Revert "dm: requeue IO if mapping table not yet available" (git-fixes).
- Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" (git-fixes).
- Revert "drm/amd/display: Use HW lock mgr for PSR1" (stable-fixes).
- Revert "leds-pca955x: Remove the unused function pca95xx_num_led_regs()" (stable-fixes).
- Revert "wifi: ath11k: restore country code during resume" (bsc#1207948).
- Revert "wifi: ath11k: support hibernation" (bsc#1207948).
- SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes).
- SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes).
- SUNRPC: convert RPC_TASK_* constants to enum (git-fixes).
- UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes).
- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).
- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).
- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).
- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).
- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).
- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).
- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).
- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes).
- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).
- USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes).
- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).
- USB: serial: option: drop MeiG Smart defines (stable-fixes).
- USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes).
- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).
- USB: serial: option: match on interface class for Telit FN990B (stable-fixes).
- Update "drm/mgag200: Added support for the new device G200eH5" (jsc#PED-12094)
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes).
- accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes).
- acct: block access to kernel internal filesystems (git-fixes).
- acct: perform last write from workqueue (git-fixes).
- add nf_tables for iptables non-legacy network handling.
- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).
- af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435).
- af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435).
- af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334).
- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).
- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)
- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)
- arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes)
- arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes)
- arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes)
- arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes)
- arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes)
- arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes)
- arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes)
- arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes)
- arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes)
- arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes)
- arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes)
- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes)
- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes)
- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes)
- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes)
- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)
- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)
- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)
- arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes)
- arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes)
- ata: ahci: Add mask_port_map module parameter (git-fixes).
- ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes).
- ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes).
- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).
- ata: libata: Fix NCQ Non-Data log not supported print (git-fixes).
- ata: pata_parport: add custom version of wait_after_reset (git-fixes).
- ata: pata_parport: fit3: implement IDE command set registers (git-fixes).
- ata: pata_serverworks: Do not use the term blacklist (git-fixes).
- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes).
- ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes).
- auxdisplay: panel: Fix an API misuse in panel.c (git-fixes).
- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes).
- batman-adv: Drop unmanaged ELP metric worker (git-fixes).
- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).
- batman-adv: Ignore own maximum aggregation size during RX (git-fixes).
- batman-adv: fix panic during interface removal (git-fixes).
- bio-integrity: do not restrict the size of integrity metadata (git-fixes).
- bitmap: introduce generic optimized bitmap_size() (git-fixes).
- blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558).
- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).
- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).
- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).
- blk-mq: add number of queue calc helper (bsc#1236897).
- blk-mq: create correct map for fallback case (bsc#1236896).
- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).
- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).
- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).
- blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes).
- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).
- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).
- blk_iocost: remove some duplicate irq disable/enables (git-fixes).
- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).
- block: Clear zone limits for a non-zoned stacked queue (git-fixes).
- block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes).
- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).
- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).
- block: Provide bdev_open_* functions (git-fixes).
- block: Remove special-casing of compound pages (git-fixes).
- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).
- block: add a disk_has_partscan helper (git-fixes).
- block: add a partscan sysfs attribute for disks (git-fixes).
- block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes).
- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).
- block: change rq_integrity_vec to respect the iterator (git-fixes).
- block: cleanup and fix batch completion adding conditions (git-fixes).
- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).
- block: do not revert iter for -EIOCBQUEUED (git-fixes).
- block: ensure we hold a queue reference when using queue limits (git-fixes).
- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).
- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).
- block: fix integer overflow in BLKSECDISCARD (git-fixes).
- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).
- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).
- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).
- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).
- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).
- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).
- block: retry call probe after request_module in blk_request_module (git-fixes).
- block: return unsigned int from bdev_io_min (git-fixes).
- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).
- block: support to account io_ticks precisely (git-fixes).
- block: use the right type for stub rq_integrity_vec() (git-fixes).
- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).
- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).
- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).
- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).
- bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes).
- bpf: Fix a verifier verbose message (git-fixes).
- bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes).
- bpf: Use -Wno-error in certain tests when building with GCC (git-fixes).
- bpf: prevent r10 register from being marked as precise (git-fixes).
- broadcom: fix supported flag check in periodic output function (git-fixes).
- btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605).
- btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045).
- btrfs: drop the backref cache during relocation if we commit (bsc#1239605).
- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).
- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).
- btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045).
- btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045).
- btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045).
- bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes).
- bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes).
- bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes).
- bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes).
- bus: simple-pm-bus: fix forced runtime PM use (git-fixes).
- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).
- can: ctucanfd: handle skb allocation failure (git-fixes).
- can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes).
- can: flexcan: disable transceiver during system PM (git-fixes).
- can: flexcan: only change CAN state when link up in system PM (git-fixes).
- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).
- can: rcar_canfd: Fix page entries in the AFL list (git-fixes).
- can: ucan: fix out of bound read in strscpy() source (git-fixes).
- cdx: Fix possible UAF error in driver_override_show() (git-fixes).
- char: misc: deallocate static minor in error path (git-fixes).
- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).
- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).
- cifs: Remove intermediate object of failed create reparse call (git-fixes).
- cifs: commands that are retried should have replay flag set (bsc#1231432).
- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).
- cifs: helper function to check replayable error codes (bsc#1231432).
- cifs: new mount option called retrans (bsc#1231432).
- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).
- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).
- cifs: update desired access while requesting for directory lease (git-fixes).
- cifs: update the same create_guid on replay (git-fixes).
- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).
- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).
- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).
- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).
- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).
- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).
- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).
- clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes).
- config: Set gcc version (jsc#PED-12251).
- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).
- cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856)
- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).
- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).
- cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707).
- cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856)
- cpufreq/cppc: Move and rename (bsc#1237856)
- cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856)
- cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856)
- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).
- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).
- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).
- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).
- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).
- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).
- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).
- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).
- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).
- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).
- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).
- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).
- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).
- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).
- cpumask: add cpumask_weight_andnot() (bsc#1239015).
- cpumask: define cleanup function for cpumasks (bsc#1239015).
- crypto: ccp - Fix check for the primary ASP device (git-fixes).
- crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes).
- crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes).
- crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes).
- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).
- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).
- crypto: hisilicon/sec2 - fix for sec spec check (git-fixes).
- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).
- crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416).
- crypto: iaa - Change desc->priv to 0 (jsc#PED-12416).
- crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416).
- crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416).
- crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416).
- crypto: iaa - Remove header table code (jsc#PED-12416).
- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416).
- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416).
- crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416).
- crypto: iaa - Test the correct request flag (git-fixes).
- crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416).
- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416).
- crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416).
- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416).
- crypto: iaa - remove unneeded semicolon (jsc#PED-12416).
- crypto: nx - Fix uninitialised hv_nxc on error (git-fixes).
- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416).
- crypto: qat - Constify struct pm_status_row (jsc#PED-12416).
- crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416).
- crypto: qat - Fix spelling mistake "Invalide" -> "Invalid" (jsc#PED-12416).
- crypto: qat - Fix typo "accelaration" (jsc#PED-12416).
- crypto: qat - Fix typo (jsc#PED-12416).
- crypto: qat - Remove trailing space after \n newline (jsc#PED-12416).
- crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416).
- crypto: qat - add admin msgs for telemetry (jsc#PED-12416).
- crypto: qat - add auto reset on error (jsc#PED-12416).
- crypto: qat - add bank save and restore flows (jsc#PED-12416).
- crypto: qat - add fatal error notification (jsc#PED-12416).
- crypto: qat - add fatal error notify method (jsc#PED-12416).
- crypto: qat - add heartbeat error simulator (jsc#PED-12416).
- crypto: qat - add interface for live migration (jsc#PED-12416).
- crypto: qat - add support for 420xx devices (jsc#PED-12416).
- crypto: qat - add support for device telemetry (jsc#PED-12416).
- crypto: qat - add support for ring pair level telemetry (jsc#PED-12416).
- crypto: qat - adf_get_etr_base() helper (jsc#PED-12416).
- crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416).
- crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416).
- crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416).
- crypto: qat - disable arbitration before reset (jsc#PED-12416).
- crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416).
- crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416).
- crypto: qat - fix "Full Going True" macro definition (jsc#PED-12416).
- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416).
- crypto: qat - fix comment structure (jsc#PED-12416).
- crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416).
- crypto: qat - fix recovery flow for VFs (jsc#PED-12416).
- crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416).
- crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416).
- crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416).
- crypto: qat - implement interface for live migration (jsc#PED-12416).
- crypto: qat - improve aer error reset handling (jsc#PED-12416).
- crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416).
- crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416).
- crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416).
- crypto: qat - limit heartbeat notifications (jsc#PED-12416).
- crypto: qat - make adf_ctl_class constant (jsc#PED-12416).
- crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416).
- crypto: qat - move PFVF compat checker to a function (jsc#PED-12416).
- crypto: qat - move fw config related structures (jsc#PED-12416).
- crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416).
- crypto: qat - re-enable sriov after pf reset (jsc#PED-12416).
- crypto: qat - relocate CSR access code (jsc#PED-12416).
- crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416).
- crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416).
- crypto: qat - remove access to parity register for QAT GEN4 (git-fixes).
- crypto: qat - remove unnecessary description from comment (jsc#PED-12416).
- crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416).
- crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416).
- crypto: qat - set parity error mask for qat_420xx (git-fixes).
- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416).
- crypto: qat - update PFVF protocol for recovery (jsc#PED-12416).
- crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416).
- crypto: qat - validate slices count returned by FW (jsc#PED-12416).
- crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416).
- cxgb4: Avoid removal of uninserted tid (git-fixes).
- cxgb4: use port number to set mac addr (git-fixes).
- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).
- dlm: fix srcu_read_lock() return type to int (git-fixes).
- dlm: prevent NPD when writing a positive value to event_done (git-fixes).
- dm array: fix cursor index when skipping across block boundaries (git-fixes).
- dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes).
- dm init: Handle minors larger than 255 (git-fixes).
- dm integrity: fix out-of-range warning (git-fixes).
- dm persistent data: fix memory allocation failure (git-fixes).
- dm resume: do not return EINVAL when signalled (git-fixes).
- dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes).
- dm thin: Add missing destroy_work_on_stack() (git-fixes).
- dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes).
- dm-crypt: track tag_offset in convert_context (git-fixes).
- dm-delay: fix hung task introduced by kthread mode (git-fixes).
- dm-delay: fix max_delay calculations (git-fixes).
- dm-delay: fix workqueue delay_timer race (git-fixes).
- dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes).
- dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes).
- dm-integrity: align the outgoing bio in integrity_recheck (git-fixes).
- dm-integrity: fix a race condition when accessing recalc_sector (git-fixes).
- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes).
- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes).
- dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes).
- dm: Fix typo in error message (git-fixes).
- dma: kmsan: export kmsan_handle_dma() for modules (git-fixes).
- doc/README.SUSE: Point to the updated version of LKMPG
- doc: update managed_irq documentation (bsc#1236897).
- driver core: Remove needless return in void API device_remove_group() (git-fixes).
- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).
- drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes).
- drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes).
- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes).
- drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes).
- drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes).
- drm/amd/display: Fix HPD after gpu reset (stable-fixes).
- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes).
- drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes).
- drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes).
- drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes).
- drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes).
- drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes).
- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).
- drm/amdgpu/umsch: declare umsch firmware (git-fixes).
- drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes).
- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes).
- drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes).
- drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes).
- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).
- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).
- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).
- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).
- drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes).
- drm/amdkfd: only flush the validate MES contex (stable-fixes).
- drm/atomic: Filter out redundant DPMS calls (stable-fixes).
- drm/bridge: Fix spelling mistake "gettin" -> "getting" (git-fixes).
- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).
- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).
- drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes).
- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).
- drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes).
- drm/dp_mst: Fix drm RAD print (git-fixes).
- drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes).
- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes).
- drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes).
- drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes).
- drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes).
- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).
- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).
- drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes).
- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).
- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).
- drm/i915/selftests: avoid using uninitialized context (git-fixes).
- drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes).
- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).
- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).
- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).
- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).
- drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes).
- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes).
- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes).
- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes).
- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)
- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).
- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes).
- drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes).
- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).
- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).
- drm/msm/dpu: do not use active in atomic_check() (git-fixes).
- drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes).
- drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes).
- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).
- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).
- drm/msm: Avoid rounding up to one jiffy (git-fixes).
- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).
- drm/nouveau: Do not override forced connector status (stable-fixes).
- drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes).
- drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes).
- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes).
- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes).
- drm/repaper: fix integer overflows in repeat functions (git-fixes).
- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).
- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).
- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).
- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).
- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).
- drm/sched: Fix fence reference count leak (git-fixes).
- drm/sched: Fix preprocessor guard (git-fixes).
- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes).
- drm/ssd130x: ensure ssd132x pitch is correct (git-fixes).
- drm/ssd130x: fix ssd132x encoding (git-fixes).
- drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes).
- drm/virtio: New fence for every plane update (stable-fixes).
- drm/vkms: Fix use after free and double free on init error (git-fixes).
- drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes).
- drm: xlnx: zynqmp: Fix max dma segment size (git-fixes).
- dummycon: fix default rows/cols (git-fixes).
- eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes).
- efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349).
- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).
- efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes).
- eth: gve: use appropriate helper to set xdp_features (git-fixes).
- exfat: convert to ctime accessor functions (git-fixes).
- exfat: do not zero the extended part (bsc#1237356).
- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).
- exfat: fix file being changed by unaligned direct write (git-fixes).
- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).
- exfat: fix zero the unwritten part for dio read (git-fixes).
- fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes).
- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).
- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).
- fbdev: sm501fb: Add some geometry checks (git-fixes).
- firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes).
- firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes).
- firmware: cs_dsp: Remove async regmap writes (git-fixes).
- firmware: imx-scu: fix OF node leak in .probe() (git-fixes).
- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).
- flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994).
- futex: Do not include process MM in futex key on no-MMU (git-fixes).
- gpio: aggregator: protect driver attr handlers against module unload (git-fixes).
- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).
- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).
- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).
- gpio: pca953x: Improve interrupt support (git-fixes).
- gpio: rcar: Fix missing of_node_put() call (git-fixes).
- gpio: rcar: Use raw_spinlock to protect register access (stable-fixes).
- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).
- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).
- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).
- gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes).
- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes).
- gup: make the stack expansion warning a bit more targeted (bsc#1238214).
- hfs: Sanity check the root record (git-fixes).
- hwmon: (ad7314) Validate leading zero bits and return error (git-fixes).
- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes).
- hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes).
- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes).
- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).
- i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes).
- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes).
- i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes).
- i2c: ls2x: Fix frequency division register access (git-fixes).
- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).
- i2c: omap: fix IRQ storms (git-fixes).
- i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes).
- i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes).
- i3c: master: svc: Fix missing the IBI rules (git-fixes).
- i3c: master: svc: Use readsb helper for reading MDB (git-fixes).
- iavf: allow changing VLAN state without calling PF (git-fixes).
- ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518).
- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).
- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).
- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).
- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).
- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).
- ice: fix max values for dpll pin phase adjust (git-fixes).
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).
- ice: gather page_count()'s of each frag right before XDP prog call (git-fixes).
- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).
- ice: put Rx buffers after being done with current frame (git-fixes).
- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).
- ice: use internal pf id instead of function number (git-fixes).
- idpf: add read memory barrier when checking descriptor done bit (git-fixes).
- idpf: call set_real_num_queues in idpf_open (bsc#1236661).
- idpf: convert workqueues to unbound (git-fixes).
- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).
- idpf: fix handling rsc packet with a single segment (git-fixes).
- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).
- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).
- igc: return early when failing to read EECD register (git-fixes).
- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes).
- iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes).
- iio: adc: ad4130: Fix comparison of channel setups (git-fixes).
- iio: adc: ad7124: Fix comparison of channel configs (git-fixes).
- iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes).
- iio: dac: ad3552r: clear reset status flag (git-fixes).
- iio: filter: admv8818: Force initialization of SDO (git-fixes).
- include/linux/mmzone.h: clean up watermark accessors (bsc#1239600).
- include: net: add static inline dst_dev_overhead() to dst.h (git-fixes).
- init: add initramfs_internal.h (bsc#1232848).
- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).
- initramfs: allocate heap buffers together (bsc#1232848).
- initramfs: fix hardlink hash leak without TRAILER (bsc#1232848).
- intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes).
- intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes).
- intel_th: pci: Add Arrow Lake support (stable-fixes).
- intel_th: pci: Add Panther Lake-H support (stable-fixes).
- intel_th: pci: Add Panther Lake-P/U support (stable-fixes).
- ioam6: improve checks on user data (git-fixes).
- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).
- iommu/vt-d: Fix suspicious RCU usage (git-fixes).
- ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994).
- ipv4: use RCU protection in inet_select_addr() (bsc#1239994).
- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994).
- ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994).
- ipv4: use RCU protection in rt_is_expired() (bsc#1239994).
- ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes).
- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes).
- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes).
- ipv6: Use RCU in ip6_input() (bsc#1239994).
- ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes).
- ipv6: avoid atomic fragment on GSO packets (git-fixes).
- ipv6: fib6_rules: flush route cache when rule is changed (git-fixes).
- ipv6: fib: hide unused 'pn' variable (git-fixes).
- ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes).
- ipv6: fix potential NULL deref in fib6_add() (git-fixes).
- ipv6: icmp: convert to dev_net_rcu() (bsc#1239994).
- ipv6: introduce dst_rt6_info() helper (git-fixes).
- ipv6: ioam: block BH from ioam6_output() (git-fixes).
- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes).
- ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).
- ipv6: sr: add missing seg6_local_exit (git-fixes).
- ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes).
- ipv6: take care of scope when choosing the src addr (git-fixes).
- jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes).
- jfs: add check read-only before txBeginAnon() call (git-fixes).
- jfs: add index corruption check to DT_GETPAGE() (git-fixes).
- jfs: fix slab-out-of-bounds read in ea_get() (git-fixes).
- jfs: reject on-disk inodes of an unsupported type (git-fixes).
- kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes)
- kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).
- kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).
- kABI fix for netlink: terminate outstanding dump on socket close (git-fixes).
- kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes).
- kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes).
- kABI workaround for intel-ish-hid (git-fixes).
- kABI workaround for soc_mixer_control changes (git-fixes).
- kabi: fix bus type (bsc#1236896).
- kabi: fix group_cpus_evenly (bsc#1236897).
- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).
- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).
- kbuild: hdrcheck: fix cross build with clang (git-fixes).
- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).
- kernel-source: Also replace bin/env
- kunit: qemu_configs: sparc: use Zilog console (git-fixes).
- l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes).
- l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes).
- l2tp: fix lockdep splat (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes).
- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).
- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).
- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).
- lib: 842: Improve error handling in sw842_compress() (git-fixes).
- lib: stackinit: hide never-taken branch from compiler (stable-fixes).
- lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes).
- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).
- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).
- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).
- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).
- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).
- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).
- md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes).
- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).
- md/md-cluster: fix spares warnings for __le64 (git-fixes).
- md/raid0: do not free conf on raid0_run failure (git-fixes).
- md/raid1: do not free conf on raid0_run failure (git-fixes).
- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).
- md: Do not flush sync_work in md_write_start() (git-fixes).
- md: convert comma to semicolon (git-fixes).
- mdacon: rework dependency list (git-fixes).
- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).
- media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes).
- media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes).
- media: i2c: adv748x: Fix test pattern selection mask (git-fixes).
- media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes).
- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes).
- media: i2c: ov7251: Set enable GPIO low in probe (git-fixes).
- media: ov08x40: Fix hblank out of range issue (git-fixes).
- media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes).
- media: platform: stm32: Add check for clk_enable() (git-fixes).
- media: siano: Fix error handling in smsdvb_module_init() (git-fixes).
- media: streamzap: fix race between device disconnection and urb callback (git-fixes).
- media: streamzap: prevent processing IR data on URB failure (git-fixes).
- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).
- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).
- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).
- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes).
- media: venus: hfi: add a check to handle OOB in sfr region (git-fixes).
- media: venus: hfi: add check to handle incorrect queue size (git-fixes).
- media: venus: hfi_parser: add check to avoid out of bound access (git-fixes).
- media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes).
- media: verisilicon: HEVC: Initialize start_bit field (git-fixes).
- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).
- media: vim2m: print device name after registering device (git-fixes).
- media: visl: Fix ERANGE error when setting enum controls (git-fixes).
- mei: me: add panther lake P DID (stable-fixes).
- memblock tests: fix warning: "__ALIGN_KERNEL" redefined (git-fixes).
- memory: mtk-smi: Add ostd setting for mt8192 (git-fixes).
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes).
- mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes).
- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).
- mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes).
- mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes).
- mfd: syscon: Fix race in device_node_get_regmap() (git-fixes).
- mfd: syscon: Remove extern from function prototypes (stable-fixes).
- mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes).
- mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)).
- mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600).
- mm: accept to promo watermark (bsc#1239600).
- mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600).
- mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600).
- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)
- mm: zswap: move allocations during CPU init outside the lock (git-fixes).
- mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes).
- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).
- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).
- mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes).
- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes).
- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).
- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes).
- mptcp: export local_address (git-fixes)
- mptcp: fix NL PM announced address accounting (git-fixes)
- mptcp: fix data races on local_id (git-fixes)
- mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)
- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)
- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)
- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)
- mptcp: pm: deny endp with signal + subflow + port (git-fixes)
- mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes)
- mptcp: pm: do not try to create sf if alloc failed (git-fixes)
- mptcp: pm: fullmesh: select the right ID later (git-fixes)
- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)
- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)
- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)
- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)
- mptcp: pm: re-using ID of unused removed subflows (git-fixes)
- mptcp: pm: reduce indentation blocks (git-fixes)
- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)
- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)
- mptcp: unify pm get_local_id interfaces (git-fixes)
- mptcp: unify pm set_flags interfaces (git-fixes)
- mtd: Add check for devm_kcalloc() (git-fixes).
- mtd: Replace kcalloc() with devm_kcalloc() (git-fixes).
- mtd: nand: Fix a kdoc comment (git-fixes).
- mtd: rawnand: brcmnand: fix PM resume warning (git-fixes).
- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).
- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).
- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).
- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).
- nbd: Fix signal handling (git-fixes).
- nbd: Improve the documentation of the locking assumptions (git-fixes).
- nbd: do not allow reconnect after disconnect (git-fixes).
- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994).
- ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994).
- net l2tp: drop flow hash on forward (git-fixes).
- net/mlx5: Correct TASR typo into TSAR (git-fixes).
- net/mlx5: Fix RDMA TX steering prio (git-fixes).
- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).
- net/mlx5: SF, Fix add port error handling (git-fixes).
- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).
- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).
- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).
- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).
- net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes).
- net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes).
- net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes).
- net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes).
- net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes).
- net/sched: flower: Add lock protection when remove filter handle (git-fixes).
- net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes).
- net/sched: tbf: correct backlog statistic for GSO packets (git-fixes).
- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).
- net: Fix undefined behavior in netdev name allocation (bsc#1233749).
- net: add dev_net_rcu() helper (bsc#1239994).
- net: avoid UAF on deleted altname (bsc#1233749).
- net: check for altname conflicts when changing netdev's netns (bsc#1233749).
- net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes).
- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).
- net: do not send a MOVE event when netdev changes netns (bsc#1233749).
- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).
- net: fix ifname in netlink ntf during netns move (bsc#1233749).
- net: fix removing a namespace with conflicting altnames (bsc#1233749).
- net: free altname using an RCU callback (bsc#1233749).
- net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes).
- net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes).
- net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes).
- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes).
- net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes).
- net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes).
- net: ipv6: ioam6: code alignment (git-fixes).
- net: ipv6: ioam6: new feature tunsrc (git-fixes).
- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes).
- net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes).
- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes).
- net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).
- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).
- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: mana: Allow variable size indirection table (bsc#1239016).
- net: mana: Assigning IRQ affinity on HT cores (bsc#1239015).
- net: mana: Avoid open coded arithmetic (bsc#1239016).
- net: mana: Cleanup "mana" debugfs dir after cleanup of all children (bsc#1236760).
- net: mana: Enable debugfs files for MANA device (bsc#1236758).
- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015).
- net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015).
- net: mana: Support holes in device list reply msg (git-fixes).
- net: mana: add a function to spread IRQs per CPUs (bsc#1239015).
- net: mana: cleanup mana struct after debugfs_remove() (git-fixes).
- net: move altnames together with the netdevice (bsc#1233749).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- net: reduce indentation of __dev_alloc_name() (bsc#1233749).
- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).
- net: remove else after return in dev_prep_valid_name() (bsc#1233749).
- net: rose: lock the socket in rose_bind() (git-fixes).
- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).
- net: smc: fix spurious error message from __sock_release() (bsc#1237126).
- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).
- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480).
- net: use unrcu_pointer() helper (git-fixes).
- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).
- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes).
- net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes).
- net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes).
- net_sched: sch_sfq: handle bigger packets (git-fixes).
- nfsd: clear acl_access/acl_default after releasing them (git-fixes).
- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).
- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).
- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).
- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).
- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).
- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).
- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).
- null_blk: fix validation of block size (git-fixes).
- nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649).
- nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649).
- nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649).
- nvme-fc: use ctrl state getter (git-fixes).
- nvme-ioctl: fix leaked requests on mapping error (git-fixes).
- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).
- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).
- nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes).
- nvme-pci: remove stale comment (git-fixes).
- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).
- nvme-tcp: Fix a C2HTermReq error message (git-fixes).
- nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes).
- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).
- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes).
- nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes).
- nvme/ioctl: add missing space in err message (git-fixes).
- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).
- nvme: introduce nvme_disk_is_ns_head helper (git-fixes).
- nvme: make nvme_tls_attrs_group static (git-fixes).
- nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes).
- nvme: move passthrough logging attribute to head (git-fixes).
- nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649).
- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- nvme: tcp: Fix compilation warning with W=1 (git-fixes).
- nvmet-fc: Remove unused functions (git-fixes).
- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes).
- nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes).
- nvmet: Fix crash when a namespace is disabled (git-fixes).
- nvmet: remove old function prototype (git-fixes).
- ocfs2: check dir i_size in ocfs2_find_entry (git-fixes).
- ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes).
- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).
- ocfs2: handle a symlink read error correctly (git-fixes).
- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes).
- ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes).
- orangefs: fix a oob in orangefs_debug_write (git-fixes).
- padata: Clean up in padata_do_multithreaded() (bsc#1237563).
- padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563).
- padata: fix sysfs store callback check (git-fixes).
- partitions: ldm: remove the initial kernel-doc notation (git-fixes).
- partitions: mac: fix handling of bogus partition table (git-fixes).
- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).
- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).
- phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes).
- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes).
- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).
- pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes).
- pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes).
- pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes).
- pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes).
- pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes).
- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).
- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).
- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).
- platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes).
- platform/x86: ISST: Ignore minor version change (bsc#1237452).
- platform/x86: acer-wmi: Ignore AC events (stable-fixes).
- platform/x86: dell-ddv: Fix temperature calculation (git-fixes).
- platform/x86: int3472: Check for adev == NULL (stable-fixes).
- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes).
- platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes).
- platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes).
- pnfs/flexfiles: retry getting layout segment for reads (git-fixes).
- power: supply: da9150-fg: fix potential overflow (git-fixes).
- power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes).
- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).
- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).
- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).
- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).
- powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573).
- powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573).
- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896
bsc#1235932).
- powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055).
- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).
- powerpc: Stop using no_llseek (bsc#1239573).
- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).
- r8169: enable SG/TSO on selected chip versions per default (bsc#1235874).
- rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes).
- rapidio: fix an API misues when rio_add_net() fails (git-fixes).
- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).
- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).
- rbd: do not move requests to the running list on errors (git-fixes).
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).
- regmap-irq: Add missing kfree() (git-fixes).
- regulator: check that dummy regulator has been probed before using it (stable-fixes).
- regulator: core: Fix deadlock in create_regulator() (git-fixes).
- regulator: dummy: force synchronous probing (git-fixes).
- rndis_host: Flag RNDIS modems as WWAN devices (git-fixes).
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- rpm/release-projects: Update the ALP projects again (bsc#1231293).
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205).
- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).
- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).
- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).
- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).
- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).
- s390/pci: Ignore RID for isolated VFs (bsc#1236752).
- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).
- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).
- s390/pci: Use topology ID for multi-function devices (bsc#1236752).
- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).
- s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594).
- s390/topology: Improve topology detection (bsc#1236591).
- s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595).
- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).
- sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743).
- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).
- scsi: core: Clear driver private data when retrying request (git-fixes).
- scsi: core: Do not retry I/Os during depopulation (git-fixes).
- scsi: core: Handle depopulation and restoration in progress (git-fixes).
- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).
- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).
- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).
- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).
- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).
- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).
- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).
- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).
- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).
- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).
- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).
- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).
- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).
- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).
- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).
- scsi: myrb: Remove dead code (git-fixes).
- scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).
- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).
- scsi: sg: Enable runtime power management (git-fixes).
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).
- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- selftest: hugetlb_dio: fix test naming (git-fixes).
- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).
- selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes).
- selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes).
- selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes).
- selftests/bpf: add fp-leaking precise subprog result tests (git-fixes).
- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).
- selftests/mm/cow: fix the incorrect error handling (git-fixes).
- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).
- selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes).
- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).
- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).
- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).
- selftests: mptcp: close fd_in before returning in main_loop (git-fixes).
- selftests: mptcp: connect: -f: no reconnect (git-fixes).
- selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes).
- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).
- seq_file: add helper macro to define attribute for rw file (jsc#PED-12416).
- serial: 8250: Fix fifo underflow on flush (git-fixes).
- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).
- slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes).
- smb3: fix creating FIFOs when mounting with "sfu" mount option (git-fixes).
- smb3: request handle caching when caching directories (bsc#1231432).
- smb3: retrying on failed server close (bsc#1231432).
- smb: cached directories can be more than root file handle (bsc#1231432).
- smb: cilent: set reparse mount points as automounts (git-fixes).
- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).
- smb: client: Fix minor whitespace errors and warnings (git-fixes).
- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).
- smb: client: add support for WSL reparse points (git-fixes).
- smb: client: allow creating special files via reparse points (git-fixes).
- smb: client: allow creating symlinks via reparse points (git-fixes).
- smb: client: cleanup smb2_query_reparse_point() (git-fixes).
- smb: client: destroy cfid_put_wq on module exit (git-fixes).
- smb: client: do not query reparse points twice on symlinks (git-fixes).
- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).
- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).
- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).
- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).
- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).
- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).
- smb: client: fix hardlinking of reparse points (git-fixes).
- smb: client: fix missing mode bits for SMB symlinks (git-fixes).
- smb: client: fix possible double free in smb2_set_ea() (git-fixes).
- smb: client: fix potential broken compound request (git-fixes).
- smb: client: fix renaming of reparse points (git-fixes).
- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).
- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).
- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).
- smb: client: handle path separator of created SMB symlinks (git-fixes).
- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).
- smb: client: ignore unhandled reparse tags (git-fixes).
- smb: client: implement ->query_reparse_point() for SMB1 (git-fixes).
- smb: client: instantiate when creating SFU files (git-fixes).
- smb: client: introduce ->parse_reparse_point() (git-fixes).
- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).
- smb: client: introduce cifs_sfu_make_node() (git-fixes).
- smb: client: introduce reparse mount option (git-fixes).
- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).
- smb: client: move most of reparse point handling code to common file (git-fixes).
- smb: client: move some params to cifs_open_info_data (bsc#1231432).
- smb: client: optimise reparse point querying (git-fixes).
- smb: client: parse owner/group when creating reparse points (git-fixes).
- smb: client: parse reparse point flag in create response (bsc#1231432).
- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).
- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).
- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).
- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).
- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).
- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).
- smb: client: retry compound request without reusing lease (git-fixes).
- smb: client: return reparse type in /proc/mounts (git-fixes).
- smb: client: reuse file lease key in compound operations (git-fixes).
- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).
- smb: client: set correct file type from NFS reparse points (git-fixes).
- smb: client: stop revalidating reparse points unnecessarily (git-fixes).
- smb: use kernel_connect() and kernel_bind() (git-fixes).
- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).
- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).
- soc: imx8m: Remove global soc_uid (stable-fixes).
- soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes).
- soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes).
- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).
- soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes).
- soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes).
- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).
- soc: qcom: pdr: Fix the potential deadlock (git-fixes).
- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).
- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).
- soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes).
- soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes).
- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).
- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).
- spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes).
- spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes).
- spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes).
- spi: sn-f-ospi: Fix division by zero (git-fixes).
- splice: do not checksum AF_UNIX sockets (bsc#1240333).
- sunrpc: suppress warnings for unused procfs functions (git-fixes).
- supported.conf: add now-included qat_420xx (external, intel)
- tcp: Add memory barrier to tcp_push() (git-fixes).
- tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes).
- tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes).
- tcp: Defer ts_recent changes until req is owned (git-fixes).
- tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes).
- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes).
- tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes).
- tcp: Update window clamping condition (git-fixes).
- tcp: add tcp_done_with_error() helper (git-fixes).
- tcp: adjust rcvq_space after updating scaling ratio (git-fixes).
- tcp: annotate data-races around tp->window_clamp (git-fixes).
- tcp: avoid premature drops in tcp_add_backlog() (git-fixes).
- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes).
- tcp: check mptcp-level constraints for backlog coalescing (git-fixes).
- tcp: check space before adding MPTCP SYN options (git-fixes).
- tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes).
- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes).
- tcp: define initial scaling factor value as a macro (git-fixes).
- tcp: derive delack_max from rto_min (git-fixes).
- tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes).
- tcp: fix cookie_init_timestamp() overflows (git-fixes).
- tcp: fix forever orphan socket caused by tcp_abort (git-fixes).
- tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes).
- tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes).
- tcp: fix mid stream window clamp (git-fixes).
- tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes).
- tcp: fix race in tcp_write_err() (git-fixes).
- tcp: fix races in tcp_abort() (git-fixes).
- tcp: fix races in tcp_v_err() (git-fixes).
- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes).
- tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes).
- tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes).
- tcp: increase the default TCP scaling ratio (git-fixes).
- tcp: introduce tcp_clock_ms() (git-fixes).
- tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes).
- tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes).
- tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes).
- tcp: replace tcp_time_stamp_raw() (git-fixes).
- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).
- thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes).
- thermal: int340x: Add NULL check for adev (git-fixes).
- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).
- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes).
- tools: fix annoying "mkdir -p ..." logs when building tools in parallel (git-fixes).
- tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes).
- tpm: do not start chip while suspended (git-fixes).
- tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870).
- tty: xilinx_uartps: split sysrq handling (git-fixes).
- ubi: Add a check for ubi_num (git-fixes).
- ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes).
- ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes).
- ubi: correct the calculation of fastmap size (stable-fixes).
- ubi: eba: properly rollback inside self_check_eba (git-fixes).
- ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes).
- ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes).
- ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes).
- ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes).
- ublk: fix error code for unsupported command (git-fixes).
- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).
- ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes).
- ublk: move zone report data out of request pdu (git-fixes).
- usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes).
- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).
- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes).
- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).
- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).
- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).
- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).
- usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes).
- usb: gadget: Check bmAttributes only if configuration is valid (git-fixes).
- usb: gadget: Fix setting self-powered state on suspend (git-fixes).
- usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes).
- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).
- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).
- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).
- usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).
- usb: hub: lack of clearing xHC resources (git-fixes).
- usb: phy: generic: Use proper helper for property detection (stable-fixes).
- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes).
- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).
- usb: renesas_usbhs: Call clk_put() (git-fixes).
- usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes).
- usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes).
- usb: roles: set switch registered flag early on (git-fixes).
- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes).
- usb: typec: ucsi: Fix NULL pointer access (git-fixes).
- usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes).
- usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes).
- usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes).
- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).
- usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes).
- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).
- usbnet: ipheth: document scope of NCM implementation (stable-fixes).
- util_macros.h: fix/rework find_closest() macros (git-fixes).
- vboxsf: fix building with GCC 15 (stable-fixes).
- vfio/pci: Lock external INTx masking ops (bsc#1222803).
- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).
- virtio-mem: check if the config changed before fake offlining memory (git-fixes).
- virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes).
- virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes).
- virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes).
- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- virtio: hookup irq_get_affinity callback (bsc#1236896).
- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).
- vsock/virtio: cancel close work in the destructor (git-fixes)
- vsock: Keep the binding until socket destruction (git-fixes)
- vsock: reset socket state when de-assigning the transport (git-fixes)
- wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes).
- wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes).
- wifi: ath11k: choose default PM policy for hibernation (bsc#1207948).
- wifi: ath11k: determine PM policy based on machine model (bsc#1207948).
- wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes).
- wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes).
- wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948).
- wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948).
- wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948).
- wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes).
- wifi: ath12k: encode max Tx power in scan channel list command (git-fixes).
- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).
- wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes).
- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).
- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).
- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).
- wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes).
- wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes).
- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).
- wifi: iwlwifi: avoid memory leak (stable-fixes).
- wifi: iwlwifi: limit printed string from FW file (git-fixes).
- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).
- wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes).
- wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes).
- wifi: mt76: Add check for devm_kstrdup() (git-fixes).
- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).
- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).
- wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes).
- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).
- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).
- wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes).
- wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes).
- wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes).
- wifi: mwifiex: Fix premature release of RF calibration data (git-fixes).
- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).
- wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes).
- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).
- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).
- wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes).
- wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes).
- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).
- x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes).
- x86/asm: Make serialize() always_inline (git-fixes).
- x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Temporarily map initrd for microcode loading (git-fixes).
- x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes).
- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).
- x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes).
- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes).
- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).
- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).
- x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes).
- x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes).
- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).
- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes).
- x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes).
- x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes).
- x86/microcode/32: Move early loading after paging enable (git-fixes).
- x86/microcode/amd: Cache builtin microcode too (git-fixes).
- x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes).
- x86/microcode/amd: Use cached microcode for AP load (git-fixes).
- x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes).
- x86/microcode/intel: Add a minimum required revision for late loading (git-fixes).
- x86/microcode/intel: Cleanup code further (git-fixes).
- x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes).
- x86/microcode/intel: Remove debug code (git-fixes).
- x86/microcode/intel: Remove pointless mutex (git-fixes).
- x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes).
- x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes).
- x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes).
- x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes).
- x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes).
- x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes).
- x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes).
- x86/microcode/intel: Simplify early loading (git-fixes).
- x86/microcode/intel: Simplify scan_microcode() (git-fixes).
- x86/microcode/intel: Switch to kvmalloc() (git-fixes).
- x86/microcode/intel: Unify microcode apply() functions (git-fixes).
- x86/microcode: Add per CPU control field (git-fixes).
- x86/microcode: Add per CPU result state (git-fixes).
- x86/microcode: Clarify the late load logic (git-fixes).
- x86/microcode: Clean up mc_cpu_down_prep() (git-fixes).
- x86/microcode: Get rid of the schedule work indirection (git-fixes).
- x86/microcode: Handle "nosmt" correctly (git-fixes).
- x86/microcode: Handle "offline" CPUs correctly (git-fixes).
- x86/microcode: Hide the config knob (git-fixes).
- x86/microcode: Include vendor headers into microcode.h (git-fixes).
- x86/microcode: Make reload_early_microcode() static (git-fixes).
- x86/microcode: Mop up early loading leftovers (git-fixes).
- x86/microcode: Move core specific defines to local header (git-fixes).
- x86/microcode: Prepare for minimal revision check (git-fixes).
- x86/microcode: Protect against instrumentation (git-fixes).
- x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes).
- x86/microcode: Provide new control functions (git-fixes).
- x86/microcode: Remove microcode_mutex (git-fixes).
- x86/microcode: Remove pointless apply() invocation (git-fixes).
- x86/microcode: Rendezvous and load in NMI (git-fixes).
- x86/microcode: Replace the all-in-one rendevous handler (git-fixes).
- x86/microcode: Sanitize __wait_for_cpus() (git-fixes).
- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).
- x86/mm: Remove unused microcode.h include (git-fixes).
- x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes).
- x86/speculation: Add __update_spec_ctrl() helper (git-fixes).
- x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
- xen/swiotlb: relax alignment requirements (git-fixes).
- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes).
- xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes).
- xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701).
- xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701).
- xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes).
- xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes).
- xhci: dbc: Convert to use sysfs_streq() (git-fixes).
- xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes).
- xhci: dbc: Fix STALL transfer event handling (git-fixes).
- xhci: dbc: Replace custom return value with proper Linux error code (git-fixes).
- xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes).
- xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes).
- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).
- xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes).
- xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes).
- xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes).
- xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes).
- xhci: pci: Use standard pattern for device IDs (git-fixes).
- zram: clear IDLE flag after recompression (git-fixes).
- zram: clear IDLE flag in mark_idle() (git-fixes).
- zram: do not mark idle slots that cannot be idle (git-fixes).
- zram: fix potential UAF of zram table (git-fixes).
- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).
- zram: refuse to use zero sized block device as backing device (git-fixes).
- zram: split memory-tracking and ac-time tracking (git-fixes).
Patchnames
SUSE-SLE-Micro-6.0-kernel-8
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).\n- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- CVE-2024-35910: tcp: properly terminate timers for kernel sockets (bsc#1224489).\n- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).\n- CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858).\n- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).\n- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).\n- CVE-2024-45010: mptcp: pm: only mark \u0027subflow\u0027 endp as available (bsc#1230439).\n- CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769).\n- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).\n- CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711).\n- CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712).\n- CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733).\n- CVE-2024-49940: kABI fix for l2tp: prevent possible tunnel refcount underflow (bsc#1232812).\n- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).\n- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).\n- CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389).\n- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).\n- CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060).\n- CVE-2024-50142: xfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset (bsc#1233028).\n- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).\n- CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248).\n- CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221).\n- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).\n- CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522).\n- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).\n- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).\n- CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222).\n- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).\n- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).\n- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).\n- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).\n- CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715).\n- CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729).\n- CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244).\n- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).\n- CVE-2024-56638: kABI fix for \"netfilter: nft_inner: incorrect percpu area handling under softirq\" (bsc#1235524).\n- CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436).\n- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).\n- CVE-2024-56658: net: defer final \u0027struct net\u0027 free in netns dismantle (bsc#1235441).\n- CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501).\n- CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455).\n- CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589).\n- CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591).\n- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).\n- CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936).\n- CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621).\n- CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637).\n- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).\n- CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973).\n- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).\n- CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532).\n- CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).\n- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).\n- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).\n- CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104).\n- CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997).\n- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).\n- CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current-\u003ensproxy (bsc#1236111).\n- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy (bsc#1236113).\n- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current-\u003ensproxy (bsc#1236114).\n- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current-\u003ensproxy (bsc#1236115).\n- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current-\u003ensproxy (bsc#1236122).\n- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy (bsc#1236123).\n- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).\n- CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206).\n- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).\n- CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680).\n- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).\n- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).\n- CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).\n- CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).\n- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).\n- CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).\n- CVE-2025-21678: gtp: Destroy device along with udp socket\u0027s netns dismantle (bsc#1236698).\n- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).\n- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).\n- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).\n- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).\n- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).\n- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).\n- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).\n- CVE-2025-21703: netem: Update sch-\u003eq.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).\n- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).\n- CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528).\n- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).\n- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).\n- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).\n- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).\n- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).\n- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).\n- CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494).\n- CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506).\n- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).\n- CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496).\n- CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738).\n- CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763).\n- CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775).\n- CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780).\n- CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897).\n- CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906).\n- CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754).\n- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).\n- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).\n- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).\n- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).\n- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).\n- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).\n- CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971).\n- CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512).\n- CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479).\n- CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486).\n- CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478).\n- CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483).\n- CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474).\n- CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482).\n- CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481).\n- CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191).\n- CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183).\n- CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189).\n- CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173).\n- CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186).\n\nThe following non-security bugs were fixed:\n\n- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).\n- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).\n- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).\n- ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes).\n- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).\n- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).\n- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).\n- ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes).\n- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes).\n- ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes).\n- ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes).\n- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).\n- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).\n- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).\n- ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes).\n- ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes).\n- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes).\n- ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes).\n- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).\n- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes).\n- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes).\n- ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes).\n- ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes).\n- ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes).\n- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).\n- ALSA: seq: Make dependency on UMP clearer (git-fixes).\n- ALSA: seq: remove redundant \u0027tristate\u0027 for SND_SEQ_UMP_CLIENT (stable-fixes).\n- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes).\n- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).\n- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).\n- ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes).\n- ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes).\n- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).\n- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).\n- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).\n- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).\n- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).\n- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes).\n- ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes).\n- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).\n- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).\n- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).\n- ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes).\n- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes).\n- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes).\n- ASoC: cs35l41: check the return value from spi_setup() (git-fixes).\n- ASoC: es8328: fix route from DAC to output (git-fixes).\n- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).\n- ASoC: ops: Consistently treat platform_max as control value (git-fixes).\n- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).\n- ASoC: rt722-sdca: add missing readable registers (git-fixes).\n- ASoC: tas2764: Fix power control mask (stable-fixes).\n- ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes).\n- ASoC: tas2770: Fix volume scale (stable-fixes).\n- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).\n- Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes).\n- Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes).\n- Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes).\n- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).\n- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).\n- Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes).\n- Bluetooth: hci_event: Fix enabling passive scanning (git-fixes).\n- Documentation: qat: fix auto_reset attribute details (git-fixes).\n- Documentation: qat: fix auto_reset section (git-fixes).\n- Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes).\n- Fix memory-hotplug regression (bsc#1237504)\n- Grab mm lock before grabbing pt lock (git-fixes).\n- HID: Enable playstation driver independently of sony driver (git-fixes).\n- HID: Wacom: Add PCI Wacom device support (stable-fixes).\n- HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes).\n- HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes).\n- HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes).\n- HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes).\n- HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes).\n- HID: hid-steam: Add Deck IMU support (stable-fixes).\n- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).\n- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).\n- HID: hid-steam: Clean up locking (stable-fixes).\n- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).\n- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).\n- HID: hid-steam: Fix cleanup in probe() (git-fixes).\n- HID: hid-steam: Fix use-after-free when detaching device (git-fixes).\n- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).\n- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).\n- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).\n- HID: hid-steam: remove pointless error message (stable-fixes).\n- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).\n- HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes).\n- HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes).\n- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes).\n- HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes).\n- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes).\n- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).\n- HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes).\n- HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes).\n- IB/mad: Check available slots before posting receive WRs (git-fixes)\n- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)\n- Input: ads7846 - fix gpiod allocation (git-fixes).\n- Input: allocate keycode for phone linking (stable-fixes).\n- Input: i8042 - add required quirks for missing old boardnames (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes).\n- Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes).\n- Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes).\n- Input: iqs7222 - preserve system status register (git-fixes).\n- Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes).\n- Input: xpad - add multiple supported devices (stable-fixes).\n- Input: xpad - add support for TECNO Pocket Go (stable-fixes).\n- Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes).\n- Input: xpad - rename QH controller to Legion Go S (stable-fixes).\n- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).\n- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).\n- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).\n- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).\n- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).\n- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).\n- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).\n- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)\n- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).\n- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).\n- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).\n- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).\n- KVM: x86/mmu: Skip the \"try unsync\" path iff the old SPTE was a leaf SPTE (git-fixes).\n- KVM: x86: AMD\u0027s IBPB is not equivalent to Intel\u0027s IBPB (git-fixes).\n- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).\n- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).\n- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).\n- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).\n- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).\n- KVM: x86: Reject Hyper-V\u0027s SEND_IPI hypercalls if local APIC isn\u0027t in-kernel (git-fixes).\n- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).\n- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).\n- Move upstreamed ACPI patch into sorted section\n- Move upstreamed PCI and initramfs patches into sorted section\n- Move upstreamed nfsd and sunrpc patches into sorted section\n- Move upstreamed powerpc and SCSI patches into sorted section\n- PCI/ACS: Fix \u0027pci=config_acs=\u0027 parameter (git-fixes).\n- PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes).\n- PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853)\n- PCI/DOE: Support discovery version 2 (bsc#1237853)\n- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).\n- PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes).\n- PCI: Avoid reset when disabled via sysfs (git-fixes).\n- PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes).\n- PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes).\n- PCI: Use downstream bridges for distributing resources (bsc#1237325).\n- PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes).\n- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes).\n- PCI: brcmstb: Fix potential premature regulator disabling (git-fixes).\n- PCI: brcmstb: Set generation limit before PCIe link up (git-fixes).\n- PCI: brcmstb: Use internal register to change link capability (git-fixes).\n- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes).\n- PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes).\n- PCI: hookup irq_get_affinity callback (bsc#1236896).\n- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).\n- PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes).\n- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).\n- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes).\n- PM: sleep: Adjust check before setting power.must_resume (git-fixes).\n- PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes).\n- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).\n- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes)\n- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes)\n- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)\n- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)\n- RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes)\n- RDMA/efa: Reset device on probe failure (git-fixes)\n- RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes)\n- RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes)\n- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)\n- RDMA/hns: Fix missing xa_destroy() (git-fixes)\n- RDMA/hns: Fix soft lockup during bt pages loop (git-fixes)\n- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes)\n- RDMA/hns: Fix wrong value of max_sge_rd (git-fixes)\n- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).\n- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).\n- RDMA/mlx5: Fix AH static rate parsing (git-fixes)\n- RDMA/mlx5: Fix MR cache initialization error flow (git-fixes)\n- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)\n- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)\n- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)\n- RDMA/mlx5: Fix cache entry update on dereg error (git-fixes)\n- RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes)\n- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)\n- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes)\n- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)\n- RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes)\n- RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes)\n- RDMA/rxe: Improve newline in printing messages (git-fixes)\n- Reapply \"wifi: ath11k: restore country code during resume\" (bsc#1207948).\n- Revert \"blk-throttle: Fix IO hang for a corner case\" (git-fixes).\n- Revert \"dm: requeue IO if mapping table not yet available\" (git-fixes).\n- Revert \"drivers/card_reader/rtsx_usb: Restore interrupt based detection\" (git-fixes).\n- Revert \"drm/amd/display: Use HW lock mgr for PSR1\" (stable-fixes).\n- Revert \"leds-pca955x: Remove the unused function pca95xx_num_led_regs()\" (stable-fixes).\n- Revert \"wifi: ath11k: restore country code during resume\" (bsc#1207948).\n- Revert \"wifi: ath11k: support hibernation\" (bsc#1207948).\n- SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes).\n- SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes).\n- SUNRPC: convert RPC_TASK_* constants to enum (git-fixes).\n- UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes).\n- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).\n- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).\n- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).\n- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).\n- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).\n- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).\n- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).\n- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes).\n- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).\n- USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes).\n- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).\n- USB: serial: option: drop MeiG Smart defines (stable-fixes).\n- USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes).\n- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).\n- USB: serial: option: match on interface class for Telit FN990B (stable-fixes).\n- Update \"drm/mgag200: Added support for the new device G200eH5\" (jsc#PED-12094)\n- Use gcc-13 for build on SLE16 (jsc#PED-10028).\n- accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes).\n- accel/qaic: Fix possible data corruption in BOs \u003e 2G (git-fixes).\n- acct: block access to kernel internal filesystems (git-fixes).\n- acct: perform last write from workqueue (git-fixes).\n- add nf_tables for iptables non-legacy network handling.\n- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).\n- af_unix: Annotate data-race of sk-\u003esk_state in unix_stream_read_skb() (bsc#1239435).\n- af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435).\n- af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334).\n- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).\n- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)\n- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)\n- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)\n- arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes)\n- arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes)\n- arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes)\n- arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes)\n- arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes)\n- arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes)\n- arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes)\n- arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes)\n- arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes)\n- arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes)\n- arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes)\n- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes)\n- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes)\n- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes)\n- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes)\n- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)\n- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)\n- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)\n- arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes)\n- arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes)\n- ata: ahci: Add mask_port_map module parameter (git-fixes).\n- ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes).\n- ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes).\n- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).\n- ata: libata: Fix NCQ Non-Data log not supported print (git-fixes).\n- ata: pata_parport: add custom version of wait_after_reset (git-fixes).\n- ata: pata_parport: fit3: implement IDE command set registers (git-fixes).\n- ata: pata_serverworks: Do not use the term blacklist (git-fixes).\n- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes).\n- ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes).\n- auxdisplay: panel: Fix an API misuse in panel.c (git-fixes).\n- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes).\n- batman-adv: Drop unmanaged ELP metric worker (git-fixes).\n- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).\n- batman-adv: Ignore own maximum aggregation size during RX (git-fixes).\n- batman-adv: fix panic during interface removal (git-fixes).\n- bio-integrity: do not restrict the size of integrity metadata (git-fixes).\n- bitmap: introduce generic optimized bitmap_size() (git-fixes).\n- blk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage (bsc#1237558).\n- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).\n- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).\n- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).\n- blk-mq: add number of queue calc helper (bsc#1236897).\n- blk-mq: create correct map for fallback case (bsc#1236896).\n- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).\n- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).\n- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).\n- blk-mq: move cpuhp callback registering out of q-\u003esysfs_lock (git-fixes).\n- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).\n- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).\n- blk_iocost: remove some duplicate irq disable/enables (git-fixes).\n- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).\n- block: Clear zone limits for a non-zoned stacked queue (git-fixes).\n- block: Fix elevator_get_default() checking for NULL q-\u003etag_set (git-fixes).\n- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).\n- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).\n- block: Provide bdev_open_* functions (git-fixes).\n- block: Remove special-casing of compound pages (git-fixes).\n- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).\n- block: add a disk_has_partscan helper (git-fixes).\n- block: add a partscan sysfs attribute for disks (git-fixes).\n- block: add check of \u0027minors\u0027 and \u0027first_minor\u0027 in device_add_disk() (git-fixes).\n- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).\n- block: change rq_integrity_vec to respect the iterator (git-fixes).\n- block: cleanup and fix batch completion adding conditions (git-fixes).\n- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).\n- block: do not revert iter for -EIOCBQUEUED (git-fixes).\n- block: ensure we hold a queue reference when using queue limits (git-fixes).\n- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).\n- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).\n- block: fix integer overflow in BLKSECDISCARD (git-fixes).\n- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).\n- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).\n- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).\n- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).\n- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).\n- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).\n- block: retry call probe after request_module in blk_request_module (git-fixes).\n- block: return unsigned int from bdev_io_min (git-fixes).\n- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).\n- block: support to account io_ticks precisely (git-fixes).\n- block: use the right type for stub rq_integrity_vec() (git-fixes).\n- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).\n- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).\n- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).\n- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).\n- bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes).\n- bpf: Fix a verifier verbose message (git-fixes).\n- bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes).\n- bpf: Use -Wno-error in certain tests when building with GCC (git-fixes).\n- bpf: prevent r10 register from being marked as precise (git-fixes).\n- broadcom: fix supported flag check in periodic output function (git-fixes).\n- btrfs: check delayed refs when we\u0027re checking if a ref exists (bsc#1239605).\n- btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045).\n- btrfs: drop the backref cache during relocation if we commit (bsc#1239605).\n- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).\n- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).\n- btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045).\n- btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045).\n- btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045).\n- bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes).\n- bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes).\n- bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes).\n- bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes).\n- bus: simple-pm-bus: fix forced runtime PM use (git-fixes).\n- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).\n- can: ctucanfd: handle skb allocation failure (git-fixes).\n- can: etas_es58x: fix potential NULL pointer dereference on udev-\u003eserial (git-fixes).\n- can: flexcan: disable transceiver during system PM (git-fixes).\n- can: flexcan: only change CAN state when link up in system PM (git-fixes).\n- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).\n- can: rcar_canfd: Fix page entries in the AFL list (git-fixes).\n- can: ucan: fix out of bound read in strscpy() source (git-fixes).\n- cdx: Fix possible UAF error in driver_override_show() (git-fixes).\n- char: misc: deallocate static minor in error path (git-fixes).\n- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).\n- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).\n- cifs: Remove intermediate object of failed create reparse call (git-fixes).\n- cifs: commands that are retried should have replay flag set (bsc#1231432).\n- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).\n- cifs: helper function to check replayable error codes (bsc#1231432).\n- cifs: new mount option called retrans (bsc#1231432).\n- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).\n- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).\n- cifs: update desired access while requesting for directory lease (git-fixes).\n- cifs: update the same create_guid on replay (git-fixes).\n- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).\n- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).\n- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).\n- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).\n- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).\n- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).\n- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).\n- clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes).\n- config: Set gcc version (jsc#PED-12251).\n- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).\n- cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856)\n- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).\n- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).\n- cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707).\n- cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856)\n- cpufreq/cppc: Move and rename (bsc#1237856)\n- cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856)\n- cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856)\n- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).\n- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).\n- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).\n- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).\n- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).\n- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).\n- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).\n- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).\n- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).\n- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).\n- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).\n- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).\n- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).\n- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).\n- cpumask: add cpumask_weight_andnot() (bsc#1239015).\n- cpumask: define cleanup function for cpumasks (bsc#1239015).\n- crypto: ccp - Fix check for the primary ASP device (git-fixes).\n- crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).\n- crypto: hisilicon/sec2 - fix for sec spec check (git-fixes).\n- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).\n- crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416).\n- crypto: iaa - Change desc-\u003epriv to 0 (jsc#PED-12416).\n- crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416).\n- crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416).\n- crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416).\n- crypto: iaa - Remove header table code (jsc#PED-12416).\n- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416).\n- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416).\n- crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416).\n- crypto: iaa - Test the correct request flag (git-fixes).\n- crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416).\n- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416).\n- crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416).\n- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416).\n- crypto: iaa - remove unneeded semicolon (jsc#PED-12416).\n- crypto: nx - Fix uninitialised hv_nxc on error (git-fixes).\n- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416).\n- crypto: qat - Constify struct pm_status_row (jsc#PED-12416).\n- crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416).\n- crypto: qat - Fix spelling mistake \"Invalide\" -\u003e \"Invalid\" (jsc#PED-12416).\n- crypto: qat - Fix typo \"accelaration\" (jsc#PED-12416).\n- crypto: qat - Fix typo (jsc#PED-12416).\n- crypto: qat - Remove trailing space after \\n newline (jsc#PED-12416).\n- crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416).\n- crypto: qat - add admin msgs for telemetry (jsc#PED-12416).\n- crypto: qat - add auto reset on error (jsc#PED-12416).\n- crypto: qat - add bank save and restore flows (jsc#PED-12416).\n- crypto: qat - add fatal error notification (jsc#PED-12416).\n- crypto: qat - add fatal error notify method (jsc#PED-12416).\n- crypto: qat - add heartbeat error simulator (jsc#PED-12416).\n- crypto: qat - add interface for live migration (jsc#PED-12416).\n- crypto: qat - add support for 420xx devices (jsc#PED-12416).\n- crypto: qat - add support for device telemetry (jsc#PED-12416).\n- crypto: qat - add support for ring pair level telemetry (jsc#PED-12416).\n- crypto: qat - adf_get_etr_base() helper (jsc#PED-12416).\n- crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416).\n- crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416).\n- crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416).\n- crypto: qat - disable arbitration before reset (jsc#PED-12416).\n- crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416).\n- crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416).\n- crypto: qat - fix \"Full Going True\" macro definition (jsc#PED-12416).\n- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416).\n- crypto: qat - fix comment structure (jsc#PED-12416).\n- crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416).\n- crypto: qat - fix recovery flow for VFs (jsc#PED-12416).\n- crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416).\n- crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416).\n- crypto: qat - implement dh fallback for primes \u003e 4K (jsc#PED-12416).\n- crypto: qat - implement interface for live migration (jsc#PED-12416).\n- crypto: qat - improve aer error reset handling (jsc#PED-12416).\n- crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416).\n- crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416).\n- crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416).\n- crypto: qat - limit heartbeat notifications (jsc#PED-12416).\n- crypto: qat - make adf_ctl_class constant (jsc#PED-12416).\n- crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416).\n- crypto: qat - move PFVF compat checker to a function (jsc#PED-12416).\n- crypto: qat - move fw config related structures (jsc#PED-12416).\n- crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416).\n- crypto: qat - re-enable sriov after pf reset (jsc#PED-12416).\n- crypto: qat - relocate CSR access code (jsc#PED-12416).\n- crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416).\n- crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416).\n- crypto: qat - remove access to parity register for QAT GEN4 (git-fixes).\n- crypto: qat - remove unnecessary description from comment (jsc#PED-12416).\n- crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416).\n- crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416).\n- crypto: qat - set parity error mask for qat_420xx (git-fixes).\n- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416).\n- crypto: qat - update PFVF protocol for recovery (jsc#PED-12416).\n- crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416).\n- crypto: qat - validate slices count returned by FW (jsc#PED-12416).\n- crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416).\n- cxgb4: Avoid removal of uninserted tid (git-fixes).\n- cxgb4: use port number to set mac addr (git-fixes).\n- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).\n- dlm: fix srcu_read_lock() return type to int (git-fixes).\n- dlm: prevent NPD when writing a positive value to event_done (git-fixes).\n- dm array: fix cursor index when skipping across block boundaries (git-fixes).\n- dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes).\n- dm init: Handle minors larger than 255 (git-fixes).\n- dm integrity: fix out-of-range warning (git-fixes).\n- dm persistent data: fix memory allocation failure (git-fixes).\n- dm resume: do not return EINVAL when signalled (git-fixes).\n- dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes).\n- dm thin: Add missing destroy_work_on_stack() (git-fixes).\n- dm-crypt: do not update io-\u003esector after kcryptd_crypt_write_io_submit() (git-fixes).\n- dm-crypt: track tag_offset in convert_context (git-fixes).\n- dm-delay: fix hung task introduced by kthread mode (git-fixes).\n- dm-delay: fix max_delay calculations (git-fixes).\n- dm-delay: fix workqueue delay_timer race (git-fixes).\n- dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes).\n- dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes).\n- dm-integrity: align the outgoing bio in integrity_recheck (git-fixes).\n- dm-integrity: fix a race condition when accessing recalc_sector (git-fixes).\n- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes).\n- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes).\n- dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes).\n- dm: Fix typo in error message (git-fixes).\n- dma: kmsan: export kmsan_handle_dma() for modules (git-fixes).\n- doc/README.SUSE: Point to the updated version of LKMPG\n- doc: update managed_irq documentation (bsc#1236897).\n- driver core: Remove needless return in void API device_remove_group() (git-fixes).\n- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).\n- drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes).\n- drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes).\n- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes).\n- drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes).\n- drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes).\n- drm/amd/display: Fix HPD after gpu reset (stable-fixes).\n- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).\n- drm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in resource_build_scaling_params (git-fixes).\n- drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes).\n- drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes).\n- drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes).\n- drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes).\n- drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes).\n- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).\n- drm/amdgpu/umsch: declare umsch firmware (git-fixes).\n- drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes).\n- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes).\n- drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes).\n- drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes).\n- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).\n- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).\n- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).\n- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).\n- drm/amdkfd: Fix Circular Locking Dependency in \u0027svm_range_cpu_invalidate_pagetables\u0027 (git-fixes).\n- drm/amdkfd: only flush the validate MES contex (stable-fixes).\n- drm/atomic: Filter out redundant DPMS calls (stable-fixes).\n- drm/bridge: Fix spelling mistake \"gettin\" -\u003e \"getting\" (git-fixes).\n- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).\n- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).\n- drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes).\n- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).\n- drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes).\n- drm/dp_mst: Fix drm RAD print (git-fixes).\n- drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes).\n- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes).\n- drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes).\n- drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes).\n- drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes).\n- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).\n- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).\n- drm/i915/dsi: Use TRANS_DDI_FUNC_CTL\u0027s own port width macro (git-fixes).\n- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).\n- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).\n- drm/i915/selftests: avoid using uninitialized context (git-fixes).\n- drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes).\n- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).\n- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).\n- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).\n- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).\n- drm/mediatek: dp: drm_err =\u003e dev_err in HPD path to avoid NULL ptr (git-fixes).\n- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes).\n- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes).\n- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes).\n- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)\n- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).\n- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes).\n- drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes).\n- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).\n- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).\n- drm/msm/dpu: do not use active in atomic_check() (git-fixes).\n- drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes).\n- drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes).\n- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).\n- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).\n- drm/msm: Avoid rounding up to one jiffy (git-fixes).\n- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).\n- drm/nouveau: Do not override forced connector status (stable-fixes).\n- drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes).\n- drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes).\n- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes).\n- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes).\n- drm/repaper: fix integer overflows in repeat functions (git-fixes).\n- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).\n- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).\n- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).\n- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).\n- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).\n- drm/sched: Fix fence reference count leak (git-fixes).\n- drm/sched: Fix preprocessor guard (git-fixes).\n- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes).\n- drm/ssd130x: ensure ssd132x pitch is correct (git-fixes).\n- drm/ssd130x: fix ssd132x encoding (git-fixes).\n- drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes).\n- drm/virtio: New fence for every plane update (stable-fixes).\n- drm/vkms: Fix use after free and double free on init error (git-fixes).\n- drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes).\n- drm: xlnx: zynqmp: Fix max dma segment size (git-fixes).\n- dummycon: fix default rows/cols (git-fixes).\n- eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes).\n- efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349).\n- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).\n- efi: libstub: Use \u0027-std=gnu11\u0027 to fix build with GCC 15 (stable-fixes).\n- eth: gve: use appropriate helper to set xdp_features (git-fixes).\n- exfat: convert to ctime accessor functions (git-fixes).\n- exfat: do not zero the extended part (bsc#1237356).\n- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).\n- exfat: fix file being changed by unaligned direct write (git-fixes).\n- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).\n- exfat: fix zero the unwritten part for dio read (git-fixes).\n- fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes).\n- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).\n- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).\n- fbdev: sm501fb: Add some geometry checks (git-fixes).\n- firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes).\n- firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes).\n- firmware: cs_dsp: Remove async regmap writes (git-fixes).\n- firmware: imx-scu: fix OF node leak in .probe() (git-fixes).\n- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).\n- flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994).\n- futex: Do not include process MM in futex key on no-MMU (git-fixes).\n- gpio: aggregator: protect driver attr handlers against module unload (git-fixes).\n- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).\n- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).\n- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).\n- gpio: pca953x: Improve interrupt support (git-fixes).\n- gpio: rcar: Fix missing of_node_put() call (git-fixes).\n- gpio: rcar: Use raw_spinlock to protect register access (stable-fixes).\n- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).\n- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).\n- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).\n- gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes).\n- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes).\n- gup: make the stack expansion warning a bit more targeted (bsc#1238214).\n- hfs: Sanity check the root record (git-fixes).\n- hwmon: (ad7314) Validate leading zero bits and return error (git-fixes).\n- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes).\n- hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes).\n- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes).\n- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).\n- i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes).\n- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes).\n- i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes).\n- i2c: ls2x: Fix frequency division register access (git-fixes).\n- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).\n- i2c: omap: fix IRQ storms (git-fixes).\n- i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes).\n- i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes).\n- i3c: master: svc: Fix missing the IBI rules (git-fixes).\n- i3c: master: svc: Use readsb helper for reading MDB (git-fixes).\n- iavf: allow changing VLAN state without calling PF (git-fixes).\n- ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518).\n- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).\n- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).\n- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).\n- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).\n- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).\n- ice: fix max values for dpll pin phase adjust (git-fixes).\n- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).\n- ice: gather page_count()\u0027s of each frag right before XDP prog call (git-fixes).\n- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).\n- ice: put Rx buffers after being done with current frame (git-fixes).\n- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).\n- ice: use internal pf id instead of function number (git-fixes).\n- idpf: add read memory barrier when checking descriptor done bit (git-fixes).\n- idpf: call set_real_num_queues in idpf_open (bsc#1236661).\n- idpf: convert workqueues to unbound (git-fixes).\n- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).\n- idpf: fix handling rsc packet with a single segment (git-fixes).\n- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).\n- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).\n- igc: return early when failing to read EECD register (git-fixes).\n- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes).\n- iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes).\n- iio: adc: ad4130: Fix comparison of channel setups (git-fixes).\n- iio: adc: ad7124: Fix comparison of channel configs (git-fixes).\n- iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes).\n- iio: dac: ad3552r: clear reset status flag (git-fixes).\n- iio: filter: admv8818: Force initialization of SDO (git-fixes).\n- include/linux/mmzone.h: clean up watermark accessors (bsc#1239600).\n- include: net: add static inline dst_dev_overhead() to dst.h (git-fixes).\n- init: add initramfs_internal.h (bsc#1232848).\n- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).\n- initramfs: allocate heap buffers together (bsc#1232848).\n- initramfs: fix hardlink hash leak without TRAILER (bsc#1232848).\n- intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes).\n- intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes).\n- intel_th: pci: Add Arrow Lake support (stable-fixes).\n- intel_th: pci: Add Panther Lake-H support (stable-fixes).\n- intel_th: pci: Add Panther Lake-P/U support (stable-fixes).\n- ioam6: improve checks on user data (git-fixes).\n- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).\n- iommu/vt-d: Fix suspicious RCU usage (git-fixes).\n- ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994).\n- ipv4: use RCU protection in inet_select_addr() (bsc#1239994).\n- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994).\n- ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994).\n- ipv4: use RCU protection in rt_is_expired() (bsc#1239994).\n- ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes).\n- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes).\n- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes).\n- ipv6: Use RCU in ip6_input() (bsc#1239994).\n- ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes).\n- ipv6: avoid atomic fragment on GSO packets (git-fixes).\n- ipv6: fib6_rules: flush route cache when rule is changed (git-fixes).\n- ipv6: fib: hide unused \u0027pn\u0027 variable (git-fixes).\n- ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes).\n- ipv6: fix potential NULL deref in fib6_add() (git-fixes).\n- ipv6: icmp: convert to dev_net_rcu() (bsc#1239994).\n- ipv6: introduce dst_rt6_info() helper (git-fixes).\n- ipv6: ioam: block BH from ioam6_output() (git-fixes).\n- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes).\n- ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).\n- ipv6: sr: add missing seg6_local_exit (git-fixes).\n- ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes).\n- ipv6: take care of scope when choosing the src addr (git-fixes).\n- jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes).\n- jfs: add check read-only before txBeginAnon() call (git-fixes).\n- jfs: add index corruption check to DT_GETPAGE() (git-fixes).\n- jfs: fix slab-out-of-bounds read in ea_get() (git-fixes).\n- jfs: reject on-disk inodes of an unsupported type (git-fixes).\n- kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes)\n- kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).\n- kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).\n- kABI fix for netlink: terminate outstanding dump on socket close (git-fixes).\n- kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes).\n- kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes).\n- kABI workaround for intel-ish-hid (git-fixes).\n- kABI workaround for soc_mixer_control changes (git-fixes).\n- kabi: fix bus type (bsc#1236896).\n- kabi: fix group_cpus_evenly (bsc#1236897).\n- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).\n- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).\n- kbuild: hdrcheck: fix cross build with clang (git-fixes).\n- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).\n- kernel-source: Also replace bin/env\n- kunit: qemu_configs: sparc: use Zilog console (git-fixes).\n- l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes).\n- l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes).\n- l2tp: fix lockdep splat (git-fixes).\n- leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes).\n- leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes).\n- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).\n- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).\n- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).\n- lib: 842: Improve error handling in sw842_compress() (git-fixes).\n- lib: stackinit: hide never-taken branch from compiler (stable-fixes).\n- lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes).\n- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).\n- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).\n- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).\n- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).\n- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).\n- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).\n- md/md-bitmap: add \u0027sync_size\u0027 into struct md_bitmap_stats (git-fixes).\n- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).\n- md/md-cluster: fix spares warnings for __le64 (git-fixes).\n- md/raid0: do not free conf on raid0_run failure (git-fixes).\n- md/raid1: do not free conf on raid0_run failure (git-fixes).\n- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).\n- md: Do not flush sync_work in md_write_start() (git-fixes).\n- md: convert comma to semicolon (git-fixes).\n- mdacon: rework dependency list (git-fixes).\n- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).\n- media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes).\n- media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes).\n- media: i2c: adv748x: Fix test pattern selection mask (git-fixes).\n- media: i2c: ccs: Set the device\u0027s runtime PM status correctly in remove (git-fixes).\n- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes).\n- media: i2c: ov7251: Set enable GPIO low in probe (git-fixes).\n- media: ov08x40: Fix hblank out of range issue (git-fixes).\n- media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes).\n- media: platform: stm32: Add check for clk_enable() (git-fixes).\n- media: siano: Fix error handling in smsdvb_module_init() (git-fixes).\n- media: streamzap: fix race between device disconnection and urb callback (git-fixes).\n- media: streamzap: prevent processing IR data on URB failure (git-fixes).\n- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).\n- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).\n- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).\n- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes).\n- media: venus: hfi: add a check to handle OOB in sfr region (git-fixes).\n- media: venus: hfi: add check to handle incorrect queue size (git-fixes).\n- media: venus: hfi_parser: add check to avoid out of bound access (git-fixes).\n- media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes).\n- media: verisilicon: HEVC: Initialize start_bit field (git-fixes).\n- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).\n- media: vim2m: print device name after registering device (git-fixes).\n- media: visl: Fix ERANGE error when setting enum controls (git-fixes).\n- mei: me: add panther lake P DID (stable-fixes).\n- memblock tests: fix warning: \"__ALIGN_KERNEL\" redefined (git-fixes).\n- memory: mtk-smi: Add ostd setting for mt8192 (git-fixes).\n- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes).\n- mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes).\n- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).\n- mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes).\n- mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes).\n- mfd: syscon: Fix race in device_node_get_regmap() (git-fixes).\n- mfd: syscon: Remove extern from function prototypes (stable-fixes).\n- mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes).\n- mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)).\n- mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600).\n- mm: accept to promo watermark (bsc#1239600).\n- mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600).\n- mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600).\n- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)\n- mm: zswap: move allocations during CPU init outside the lock (git-fixes).\n- mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes).\n- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).\n- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).\n- mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes).\n- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes).\n- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).\n- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes).\n- mptcp: export local_address (git-fixes)\n- mptcp: fix NL PM announced address accounting (git-fixes)\n- mptcp: fix data races on local_id (git-fixes)\n- mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)\n- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)\n- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)\n- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)\n- mptcp: pm: deny endp with signal + subflow + port (git-fixes)\n- mptcp: pm: do not ignore \u0027subflow\u0027 if \u0027signal\u0027 flag is also set (git-fixes)\n- mptcp: pm: do not try to create sf if alloc failed (git-fixes)\n- mptcp: pm: fullmesh: select the right ID later (git-fixes)\n- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)\n- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)\n- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)\n- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)\n- mptcp: pm: re-using ID of unused removed subflows (git-fixes)\n- mptcp: pm: reduce indentation blocks (git-fixes)\n- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)\n- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)\n- mptcp: unify pm get_local_id interfaces (git-fixes)\n- mptcp: unify pm set_flags interfaces (git-fixes)\n- mtd: Add check for devm_kcalloc() (git-fixes).\n- mtd: Replace kcalloc() with devm_kcalloc() (git-fixes).\n- mtd: nand: Fix a kdoc comment (git-fixes).\n- mtd: rawnand: brcmnand: fix PM resume warning (git-fixes).\n- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).\n- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).\n- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).\n- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).\n- nbd: Fix signal handling (git-fixes).\n- nbd: Improve the documentation of the locking assumptions (git-fixes).\n- nbd: do not allow reconnect after disconnect (git-fixes).\n- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994).\n- ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994).\n- net l2tp: drop flow hash on forward (git-fixes).\n- net/mlx5: Correct TASR typo into TSAR (git-fixes).\n- net/mlx5: Fix RDMA TX steering prio (git-fixes).\n- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).\n- net/mlx5: SF, Fix add port error handling (git-fixes).\n- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).\n- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).\n- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).\n- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).\n- net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes).\n- net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes).\n- net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes).\n- net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes).\n- net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes).\n- net/sched: flower: Add lock protection when remove filter handle (git-fixes).\n- net/sched: taprio: make q-\u003epicos_per_byte available to fill_sched_entry() (git-fixes).\n- net/sched: tbf: correct backlog statistic for GSO packets (git-fixes).\n- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).\n- net: Fix undefined behavior in netdev name allocation (bsc#1233749).\n- net: add dev_net_rcu() helper (bsc#1239994).\n- net: avoid UAF on deleted altname (bsc#1233749).\n- net: check for altname conflicts when changing netdev\u0027s netns (bsc#1233749).\n- net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes).\n- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).\n- net: do not send a MOVE event when netdev changes netns (bsc#1233749).\n- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).\n- net: fix ifname in netlink ntf during netns move (bsc#1233749).\n- net: fix removing a namespace with conflicting altnames (bsc#1233749).\n- net: free altname using an RCU callback (bsc#1233749).\n- net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes).\n- net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes).\n- net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes).\n- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes).\n- net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes).\n- net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes).\n- net: ipv6: ioam6: code alignment (git-fixes).\n- net: ipv6: ioam6: new feature tunsrc (git-fixes).\n- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes).\n- net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes).\n- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes).\n- net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).\n- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).\n- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).\n- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).\n- net: mana: Allow variable size indirection table (bsc#1239016).\n- net: mana: Assigning IRQ affinity on HT cores (bsc#1239015).\n- net: mana: Avoid open coded arithmetic (bsc#1239016).\n- net: mana: Cleanup \"mana\" debugfs dir after cleanup of all children (bsc#1236760).\n- net: mana: Enable debugfs files for MANA device (bsc#1236758).\n- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015).\n- net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015).\n- net: mana: Support holes in device list reply msg (git-fixes).\n- net: mana: add a function to spread IRQs per CPUs (bsc#1239015).\n- net: mana: cleanup mana struct after debugfs_remove() (git-fixes).\n- net: move altnames together with the netdevice (bsc#1233749).\n- net: netvsc: Update default VMBus channels (bsc#1236757).\n- net: reduce indentation of __dev_alloc_name() (bsc#1233749).\n- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).\n- net: remove else after return in dev_prep_valid_name() (bsc#1233749).\n- net: rose: lock the socket in rose_bind() (git-fixes).\n- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).\n- net: smc: fix spurious error message from __sock_release() (bsc#1237126).\n- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).\n- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480).\n- net: use unrcu_pointer() helper (git-fixes).\n- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).\n- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes).\n- net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes).\n- net_sched: sch_sfq: annotate data-races around q-\u003eperturb_period (git-fixes).\n- net_sched: sch_sfq: handle bigger packets (git-fixes).\n- nfsd: clear acl_access/acl_default after releasing them (git-fixes).\n- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).\n- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).\n- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).\n- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).\n- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).\n- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).\n- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).\n- null_blk: fix validation of block size (git-fixes).\n- nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649).\n- nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649).\n- nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649).\n- nvme-fc: use ctrl state getter (git-fixes).\n- nvme-ioctl: fix leaked requests on mapping error (git-fixes).\n- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).\n- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).\n- nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes).\n- nvme-pci: remove stale comment (git-fixes).\n- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).\n- nvme-tcp: Fix a C2HTermReq error message (git-fixes).\n- nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes).\n- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).\n- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes).\n- nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes).\n- nvme/ioctl: add missing space in err message (git-fixes).\n- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).\n- nvme: introduce nvme_disk_is_ns_head helper (git-fixes).\n- nvme: make nvme_tls_attrs_group static (git-fixes).\n- nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes).\n- nvme: move passthrough logging attribute to head (git-fixes).\n- nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649).\n- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- nvme: tcp: Fix compilation warning with W=1 (git-fixes).\n- nvmet-fc: Remove unused functions (git-fixes).\n- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes).\n- nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes).\n- nvmet: Fix crash when a namespace is disabled (git-fixes).\n- nvmet: remove old function prototype (git-fixes).\n- ocfs2: check dir i_size in ocfs2_find_entry (git-fixes).\n- ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes).\n- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).\n- ocfs2: handle a symlink read error correctly (git-fixes).\n- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes).\n- ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes).\n- orangefs: fix a oob in orangefs_debug_write (git-fixes).\n- padata: Clean up in padata_do_multithreaded() (bsc#1237563).\n- padata: Honor the caller\u0027s alignment in case of chunk_size 0 (bsc#1237563).\n- padata: fix sysfs store callback check (git-fixes).\n- partitions: ldm: remove the initial kernel-doc notation (git-fixes).\n- partitions: mac: fix handling of bogus partition table (git-fixes).\n- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).\n- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).\n- phy: tegra: xusb: reset VBUS \u0026 ID OVERRIDE (git-fixes).\n- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes).\n- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).\n- pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes).\n- pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes).\n- pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes).\n- pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes).\n- pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes).\n- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).\n- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).\n- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).\n- platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes).\n- platform/x86: ISST: Ignore minor version change (bsc#1237452).\n- platform/x86: acer-wmi: Ignore AC events (stable-fixes).\n- platform/x86: dell-ddv: Fix temperature calculation (git-fixes).\n- platform/x86: int3472: Check for adev == NULL (stable-fixes).\n- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes).\n- platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes).\n- platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes).\n- pnfs/flexfiles: retry getting layout segment for reads (git-fixes).\n- power: supply: da9150-fg: fix potential overflow (git-fixes).\n- power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes).\n- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).\n- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).\n- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).\n- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).\n- powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573).\n- powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573).\n- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896\n bsc#1235932).\n- powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055).\n- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).\n- powerpc: Stop using no_llseek (bsc#1239573).\n- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).\n- r8169: enable SG/TSO on selected chip versions per default (bsc#1235874).\n- rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes).\n- rapidio: fix an API misues when rio_add_net() fails (git-fixes).\n- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).\n- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).\n- rbd: do not move requests to the running list on errors (git-fixes).\n- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).\n- regmap-irq: Add missing kfree() (git-fixes).\n- regulator: check that dummy regulator has been probed before using it (stable-fixes).\n- regulator: core: Fix deadlock in create_regulator() (git-fixes).\n- regulator: dummy: force synchronous probing (git-fixes).\n- rndis_host: Flag RNDIS modems as WWAN devices (git-fixes).\n- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)\n- rpm/release-projects: Update the ALP projects again (bsc#1231293).\n- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)\n- s390/cio: rename bitmap_size() -\u003e idset_bitmap_size() (git-fixes bsc#1236205).\n- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).\n- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).\n- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).\n- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).\n- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).\n- s390/pci: Ignore RID for isolated VFs (bsc#1236752).\n- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).\n- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).\n- s390/pci: Use topology ID for multi-function devices (bsc#1236752).\n- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).\n- s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594).\n- s390/topology: Improve topology detection (bsc#1236591).\n- s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595).\n- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).\n- sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743).\n- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).\n- scsi: core: Clear driver private data when retrying request (git-fixes).\n- scsi: core: Do not retry I/Os during depopulation (git-fixes).\n- scsi: core: Handle depopulation and restoration in progress (git-fixes).\n- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).\n- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).\n- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).\n- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).\n- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).\n- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).\n- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).\n- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).\n- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).\n- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).\n- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).\n- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).\n- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).\n- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).\n- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).\n- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).\n- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).\n- scsi: myrb: Remove dead code (git-fixes).\n- scsi: qedi: Fix potential deadlock on \u0026qedi_percpu-\u003ep_work_lock (git-fixes).\n- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).\n- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).\n- scsi: sg: Enable runtime power management (git-fixes).\n- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).\n- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).\n- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).\n- scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- selftest: hugetlb_dio: fix test naming (git-fixes).\n- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).\n- selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes).\n- selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes).\n- selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes).\n- selftests/bpf: add fp-leaking precise subprog result tests (git-fixes).\n- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).\n- selftests/mm/cow: fix the incorrect error handling (git-fixes).\n- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).\n- selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes).\n- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).\n- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).\n- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).\n- selftests: mptcp: close fd_in before returning in main_loop (git-fixes).\n- selftests: mptcp: connect: -f: no reconnect (git-fixes).\n- selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes).\n- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).\n- seq_file: add helper macro to define attribute for rw file (jsc#PED-12416).\n- serial: 8250: Fix fifo underflow on flush (git-fixes).\n- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).\n- slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes).\n- smb3: fix creating FIFOs when mounting with \"sfu\" mount option (git-fixes).\n- smb3: request handle caching when caching directories (bsc#1231432).\n- smb3: retrying on failed server close (bsc#1231432).\n- smb: cached directories can be more than root file handle (bsc#1231432).\n- smb: cilent: set reparse mount points as automounts (git-fixes).\n- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).\n- smb: client: Fix minor whitespace errors and warnings (git-fixes).\n- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).\n- smb: client: add support for WSL reparse points (git-fixes).\n- smb: client: allow creating special files via reparse points (git-fixes).\n- smb: client: allow creating symlinks via reparse points (git-fixes).\n- smb: client: cleanup smb2_query_reparse_point() (git-fixes).\n- smb: client: destroy cfid_put_wq on module exit (git-fixes).\n- smb: client: do not query reparse points twice on symlinks (git-fixes).\n- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).\n- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).\n- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).\n- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).\n- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).\n- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).\n- smb: client: fix hardlinking of reparse points (git-fixes).\n- smb: client: fix missing mode bits for SMB symlinks (git-fixes).\n- smb: client: fix possible double free in smb2_set_ea() (git-fixes).\n- smb: client: fix potential broken compound request (git-fixes).\n- smb: client: fix renaming of reparse points (git-fixes).\n- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).\n- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).\n- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).\n- smb: client: handle path separator of created SMB symlinks (git-fixes).\n- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).\n- smb: client: ignore unhandled reparse tags (git-fixes).\n- smb: client: implement -\u003equery_reparse_point() for SMB1 (git-fixes).\n- smb: client: instantiate when creating SFU files (git-fixes).\n- smb: client: introduce -\u003eparse_reparse_point() (git-fixes).\n- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).\n- smb: client: introduce cifs_sfu_make_node() (git-fixes).\n- smb: client: introduce reparse mount option (git-fixes).\n- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).\n- smb: client: move most of reparse point handling code to common file (git-fixes).\n- smb: client: move some params to cifs_open_info_data (bsc#1231432).\n- smb: client: optimise reparse point querying (git-fixes).\n- smb: client: parse owner/group when creating reparse points (git-fixes).\n- smb: client: parse reparse point flag in create response (bsc#1231432).\n- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).\n- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).\n- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).\n- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).\n- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).\n- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).\n- smb: client: retry compound request without reusing lease (git-fixes).\n- smb: client: return reparse type in /proc/mounts (git-fixes).\n- smb: client: reuse file lease key in compound operations (git-fixes).\n- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).\n- smb: client: set correct file type from NFS reparse points (git-fixes).\n- smb: client: stop revalidating reparse points unnecessarily (git-fixes).\n- smb: use kernel_connect() and kernel_bind() (git-fixes).\n- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).\n- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).\n- soc: imx8m: Remove global soc_uid (stable-fixes).\n- soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes).\n- soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes).\n- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).\n- soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes).\n- soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes).\n- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).\n- soc: qcom: pdr: Fix the potential deadlock (git-fixes).\n- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).\n- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).\n- soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes).\n- soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes).\n- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).\n- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).\n- spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes).\n- spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes).\n- spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes).\n- spi: sn-f-ospi: Fix division by zero (git-fixes).\n- splice: do not checksum AF_UNIX sockets (bsc#1240333).\n- sunrpc: suppress warnings for unused procfs functions (git-fixes).\n- supported.conf: add now-included qat_420xx (external, intel)\n- tcp: Add memory barrier to tcp_push() (git-fixes).\n- tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes).\n- tcp: Annotate data-race around sk-\u003esk_mark in tcp_v4_send_reset (git-fixes).\n- tcp: Defer ts_recent changes until req is owned (git-fixes).\n- tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes).\n- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes).\n- tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes).\n- tcp: Update window clamping condition (git-fixes).\n- tcp: add tcp_done_with_error() helper (git-fixes).\n- tcp: adjust rcvq_space after updating scaling ratio (git-fixes).\n- tcp: annotate data-races around tp-\u003ewindow_clamp (git-fixes).\n- tcp: avoid premature drops in tcp_add_backlog() (git-fixes).\n- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes).\n- tcp: check mptcp-level constraints for backlog coalescing (git-fixes).\n- tcp: check space before adding MPTCP SYN options (git-fixes).\n- tcp: clear tp-\u003eretrans_stamp in tcp_rcv_fastopen_synack() (git-fixes).\n- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes).\n- tcp: define initial scaling factor value as a macro (git-fixes).\n- tcp: derive delack_max from rto_min (git-fixes).\n- tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes).\n- tcp: fix cookie_init_timestamp() overflows (git-fixes).\n- tcp: fix forever orphan socket caused by tcp_abort (git-fixes).\n- tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes).\n- tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes).\n- tcp: fix mid stream window clamp (git-fixes).\n- tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes).\n- tcp: fix race in tcp_write_err() (git-fixes).\n- tcp: fix races in tcp_abort() (git-fixes).\n- tcp: fix races in tcp_v_err() (git-fixes).\n- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it\u0027s safe (git-fixes).\n- tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes).\n- tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes).\n- tcp: increase the default TCP scaling ratio (git-fixes).\n- tcp: introduce tcp_clock_ms() (git-fixes).\n- tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes).\n- tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes).\n- tcp: remove 64 KByte limit for initial tp-\u003ercv_wnd value (git-fixes).\n- tcp: replace tcp_time_stamp_raw() (git-fixes).\n- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).\n- thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes).\n- thermal: int340x: Add NULL check for adev (git-fixes).\n- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).\n- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes).\n- tools: fix annoying \"mkdir -p ...\" logs when building tools in parallel (git-fixes).\n- tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes).\n- tpm: do not start chip while suspended (git-fixes).\n- tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870).\n- tty: xilinx_uartps: split sysrq handling (git-fixes).\n- ubi: Add a check for ubi_num (git-fixes).\n- ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes).\n- ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes).\n- ubi: correct the calculation of fastmap size (stable-fixes).\n- ubi: eba: properly rollback inside self_check_eba (git-fixes).\n- ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes).\n- ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes).\n- ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes).\n- ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes).\n- ublk: fix error code for unsupported command (git-fixes).\n- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).\n- ublk: move ublk_cancel_dev() out of ub-\u003emutex (git-fixes).\n- ublk: move zone report data out of request pdu (git-fixes).\n- usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes).\n- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).\n- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).\n- usb: chipidea: ci_hdrc_imx: decrement device\u0027s refcount in .remove() and in the error path of .probe() (git-fixes).\n- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).\n- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).\n- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).\n- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).\n- usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes).\n- usb: gadget: Check bmAttributes only if configuration is valid (git-fixes).\n- usb: gadget: Fix setting self-powered state on suspend (git-fixes).\n- usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes).\n- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).\n- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).\n- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).\n- usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes).\n- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).\n- usb: hub: lack of clearing xHC resources (git-fixes).\n- usb: phy: generic: Use proper helper for property detection (stable-fixes).\n- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes).\n- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).\n- usb: renesas_usbhs: Call clk_put() (git-fixes).\n- usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes).\n- usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes).\n- usb: roles: set switch registered flag early on (git-fixes).\n- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes).\n- usb: typec: ucsi: Fix NULL pointer access (git-fixes).\n- usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes).\n- usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes).\n- usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes).\n- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).\n- usb: xhci: remove \u0027retval\u0027 from xhci_pci_resume() (git-fixes).\n- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).\n- usbnet: ipheth: document scope of NCM implementation (stable-fixes).\n- util_macros.h: fix/rework find_closest() macros (git-fixes).\n- vboxsf: fix building with GCC 15 (stable-fixes).\n- vfio/pci: Lock external INTx masking ops (bsc#1222803).\n- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).\n- virtio-mem: check if the config changed before fake offlining memory (git-fixes).\n- virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes).\n- virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes).\n- virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes).\n- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- virtio: hookup irq_get_affinity callback (bsc#1236896).\n- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).\n- vsock/virtio: cancel close work in the destructor (git-fixes)\n- vsock: Keep the binding until socket destruction (git-fixes)\n- vsock: reset socket state when de-assigning the transport (git-fixes)\n- wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes).\n- wifi: ath11k: add srng-\u003elock for ath11k_hal_srng_* in monitor mode (git-fixes).\n- wifi: ath11k: choose default PM policy for hibernation (bsc#1207948).\n- wifi: ath11k: determine PM policy based on machine model (bsc#1207948).\n- wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes).\n- wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes).\n- wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948).\n- wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948).\n- wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948).\n- wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes).\n- wifi: ath12k: encode max Tx power in scan channel list command (git-fixes).\n- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).\n- wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes).\n- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).\n- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).\n- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).\n- wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes).\n- wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes).\n- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).\n- wifi: iwlwifi: avoid memory leak (stable-fixes).\n- wifi: iwlwifi: limit printed string from FW file (git-fixes).\n- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).\n- wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes).\n- wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes).\n- wifi: mt76: Add check for devm_kstrdup() (git-fixes).\n- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).\n- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).\n- wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes).\n- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).\n- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).\n- wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes).\n- wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes).\n- wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes).\n- wifi: mwifiex: Fix premature release of RF calibration data (git-fixes).\n- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).\n- wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes).\n- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).\n- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).\n- wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes).\n- wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes).\n- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).\n- x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes).\n- x86/asm: Make serialize() always_inline (git-fixes).\n- x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Temporarily map initrd for microcode loading (git-fixes).\n- x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes).\n- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).\n- x86/coco: Replace \u0027static const cc_mask\u0027 with the newly introduced cc_get_mask() function (git-fixes).\n- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes).\n- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).\n- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).\n- x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes).\n- x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes).\n- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).\n- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes).\n- x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes).\n- x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes).\n- x86/microcode/32: Move early loading after paging enable (git-fixes).\n- x86/microcode/amd: Cache builtin microcode too (git-fixes).\n- x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes).\n- x86/microcode/amd: Use cached microcode for AP load (git-fixes).\n- x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes).\n- x86/microcode/intel: Add a minimum required revision for late loading (git-fixes).\n- x86/microcode/intel: Cleanup code further (git-fixes).\n- x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes).\n- x86/microcode/intel: Remove debug code (git-fixes).\n- x86/microcode/intel: Remove pointless mutex (git-fixes).\n- x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes).\n- x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes).\n- x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes).\n- x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes).\n- x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes).\n- x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes).\n- x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes).\n- x86/microcode/intel: Simplify early loading (git-fixes).\n- x86/microcode/intel: Simplify scan_microcode() (git-fixes).\n- x86/microcode/intel: Switch to kvmalloc() (git-fixes).\n- x86/microcode/intel: Unify microcode apply() functions (git-fixes).\n- x86/microcode: Add per CPU control field (git-fixes).\n- x86/microcode: Add per CPU result state (git-fixes).\n- x86/microcode: Clarify the late load logic (git-fixes).\n- x86/microcode: Clean up mc_cpu_down_prep() (git-fixes).\n- x86/microcode: Get rid of the schedule work indirection (git-fixes).\n- x86/microcode: Handle \"nosmt\" correctly (git-fixes).\n- x86/microcode: Handle \"offline\" CPUs correctly (git-fixes).\n- x86/microcode: Hide the config knob (git-fixes).\n- x86/microcode: Include vendor headers into microcode.h (git-fixes).\n- x86/microcode: Make reload_early_microcode() static (git-fixes).\n- x86/microcode: Mop up early loading leftovers (git-fixes).\n- x86/microcode: Move core specific defines to local header (git-fixes).\n- x86/microcode: Prepare for minimal revision check (git-fixes).\n- x86/microcode: Protect against instrumentation (git-fixes).\n- x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes).\n- x86/microcode: Provide new control functions (git-fixes).\n- x86/microcode: Remove microcode_mutex (git-fixes).\n- x86/microcode: Remove pointless apply() invocation (git-fixes).\n- x86/microcode: Rendezvous and load in NMI (git-fixes).\n- x86/microcode: Replace the all-in-one rendevous handler (git-fixes).\n- x86/microcode: Sanitize __wait_for_cpus() (git-fixes).\n- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).\n- x86/mm: Remove unused microcode.h include (git-fixes).\n- x86/platform/olpc: Remove unused variable \u0027len\u0027 in olpc_dt_compatible_match() (git-fixes).\n- x86/speculation: Add __update_spec_ctrl() helper (git-fixes).\n- x86/usercopy: Fix kernel-doc func param name in clean_cache_range()\u0027s description (git-fixes).\n- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).\n- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).\n- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).\n- xen/swiotlb: relax alignment requirements (git-fixes).\n- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes).\n- xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes).\n- xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701).\n- xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701).\n- xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes).\n- xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes).\n- xhci: dbc: Convert to use sysfs_streq() (git-fixes).\n- xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes).\n- xhci: dbc: Fix STALL transfer event handling (git-fixes).\n- xhci: dbc: Replace custom return value with proper Linux error code (git-fixes).\n- xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes).\n- xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes).\n- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).\n- xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes).\n- xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes).\n- xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes).\n- xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes).\n- xhci: pci: Use standard pattern for device IDs (git-fixes).\n- zram: clear IDLE flag after recompression (git-fixes).\n- zram: clear IDLE flag in mark_idle() (git-fixes).\n- zram: do not mark idle slots that cannot be idle (git-fixes).\n- zram: fix potential UAF of zram table (git-fixes).\n- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).\n- zram: refuse to use zero sized block device as backing device (git-fixes).\n- zram: split memory-tracking and ac-time tracking (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-kernel-8",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20190-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20190-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520190-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20190-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021154.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1207948",
"url": "https://bugzilla.suse.com/1207948"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1215211",
"url": "https://bugzilla.suse.com/1215211"
},
{
"category": "self",
"summary": "SUSE Bug 1218470",
"url": "https://bugzilla.suse.com/1218470"
},
{
"category": "self",
"summary": "SUSE Bug 1219367",
"url": "https://bugzilla.suse.com/1219367"
},
{
"category": "self",
"summary": "SUSE Bug 1221651",
"url": "https://bugzilla.suse.com/1221651"
},
{
"category": "self",
"summary": "SUSE Bug 1222649",
"url": "https://bugzilla.suse.com/1222649"
},
{
"category": "self",
"summary": "SUSE Bug 1222672",
"url": "https://bugzilla.suse.com/1222672"
},
{
"category": "self",
"summary": "SUSE Bug 1222803",
"url": "https://bugzilla.suse.com/1222803"
},
{
"category": "self",
"summary": "SUSE Bug 1223047",
"url": "https://bugzilla.suse.com/1223047"
},
{
"category": "self",
"summary": "SUSE Bug 1224049",
"url": "https://bugzilla.suse.com/1224049"
},
{
"category": "self",
"summary": "SUSE Bug 1224489",
"url": "https://bugzilla.suse.com/1224489"
},
{
"category": "self",
"summary": "SUSE Bug 1224610",
"url": "https://bugzilla.suse.com/1224610"
},
{
"category": "self",
"summary": "SUSE Bug 1225533",
"url": "https://bugzilla.suse.com/1225533"
},
{
"category": "self",
"summary": "SUSE Bug 1225606",
"url": "https://bugzilla.suse.com/1225606"
},
{
"category": "self",
"summary": "SUSE Bug 1225742",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "self",
"summary": "SUSE Bug 1225770",
"url": "https://bugzilla.suse.com/1225770"
},
{
"category": "self",
"summary": "SUSE Bug 1225981",
"url": "https://bugzilla.suse.com/1225981"
},
{
"category": "self",
"summary": "SUSE Bug 1226871",
"url": "https://bugzilla.suse.com/1226871"
},
{
"category": "self",
"summary": "SUSE Bug 1227858",
"url": "https://bugzilla.suse.com/1227858"
},
{
"category": "self",
"summary": "SUSE Bug 1227937",
"url": "https://bugzilla.suse.com/1227937"
},
{
"category": "self",
"summary": "SUSE Bug 1228521",
"url": "https://bugzilla.suse.com/1228521"
},
{
"category": "self",
"summary": "SUSE Bug 1228653",
"url": "https://bugzilla.suse.com/1228653"
},
{
"category": "self",
"summary": "SUSE Bug 1229311",
"url": "https://bugzilla.suse.com/1229311"
},
{
"category": "self",
"summary": "SUSE Bug 1229361",
"url": "https://bugzilla.suse.com/1229361"
},
{
"category": "self",
"summary": "SUSE Bug 1230235",
"url": "https://bugzilla.suse.com/1230235"
},
{
"category": "self",
"summary": "SUSE Bug 1230438",
"url": "https://bugzilla.suse.com/1230438"
},
{
"category": "self",
"summary": "SUSE Bug 1230439",
"url": "https://bugzilla.suse.com/1230439"
},
{
"category": "self",
"summary": "SUSE Bug 1230497",
"url": "https://bugzilla.suse.com/1230497"
},
{
"category": "self",
"summary": "SUSE Bug 1230728",
"url": "https://bugzilla.suse.com/1230728"
},
{
"category": "self",
"summary": "SUSE Bug 1230769",
"url": "https://bugzilla.suse.com/1230769"
},
{
"category": "self",
"summary": "SUSE Bug 1230832",
"url": "https://bugzilla.suse.com/1230832"
},
{
"category": "self",
"summary": "SUSE Bug 1231088",
"url": "https://bugzilla.suse.com/1231088"
},
{
"category": "self",
"summary": "SUSE Bug 1231293",
"url": "https://bugzilla.suse.com/1231293"
},
{
"category": "self",
"summary": "SUSE Bug 1231432",
"url": "https://bugzilla.suse.com/1231432"
},
{
"category": "self",
"summary": "SUSE Bug 1231912",
"url": "https://bugzilla.suse.com/1231912"
},
{
"category": "self",
"summary": "SUSE Bug 1231920",
"url": "https://bugzilla.suse.com/1231920"
},
{
"category": "self",
"summary": "SUSE Bug 1231949",
"url": "https://bugzilla.suse.com/1231949"
},
{
"category": "self",
"summary": "SUSE Bug 1232159",
"url": "https://bugzilla.suse.com/1232159"
},
{
"category": "self",
"summary": "SUSE Bug 1232198",
"url": "https://bugzilla.suse.com/1232198"
},
{
"category": "self",
"summary": "SUSE Bug 1232201",
"url": "https://bugzilla.suse.com/1232201"
},
{
"category": "self",
"summary": "SUSE Bug 1232299",
"url": "https://bugzilla.suse.com/1232299"
},
{
"category": "self",
"summary": "SUSE Bug 1232364",
"url": "https://bugzilla.suse.com/1232364"
},
{
"category": "self",
"summary": "SUSE Bug 1232389",
"url": "https://bugzilla.suse.com/1232389"
},
{
"category": "self",
"summary": "SUSE Bug 1232421",
"url": "https://bugzilla.suse.com/1232421"
},
{
"category": "self",
"summary": "SUSE Bug 1232508",
"url": "https://bugzilla.suse.com/1232508"
},
{
"category": "self",
"summary": "SUSE Bug 1232520",
"url": "https://bugzilla.suse.com/1232520"
},
{
"category": "self",
"summary": "SUSE Bug 1232743",
"url": "https://bugzilla.suse.com/1232743"
},
{
"category": "self",
"summary": "SUSE Bug 1232812",
"url": "https://bugzilla.suse.com/1232812"
},
{
"category": "self",
"summary": "SUSE Bug 1232848",
"url": "https://bugzilla.suse.com/1232848"
},
{
"category": "self",
"summary": "SUSE Bug 1232895",
"url": "https://bugzilla.suse.com/1232895"
},
{
"category": "self",
"summary": "SUSE Bug 1232919",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "self",
"summary": "SUSE Bug 1233028",
"url": "https://bugzilla.suse.com/1233028"
},
{
"category": "self",
"summary": "SUSE Bug 1233033",
"url": "https://bugzilla.suse.com/1233033"
},
{
"category": "self",
"summary": "SUSE Bug 1233060",
"url": "https://bugzilla.suse.com/1233060"
},
{
"category": "self",
"summary": "SUSE Bug 1233109",
"url": "https://bugzilla.suse.com/1233109"
},
{
"category": "self",
"summary": "SUSE Bug 1233221",
"url": "https://bugzilla.suse.com/1233221"
},
{
"category": "self",
"summary": "SUSE Bug 1233248",
"url": "https://bugzilla.suse.com/1233248"
},
{
"category": "self",
"summary": "SUSE Bug 1233259",
"url": "https://bugzilla.suse.com/1233259"
},
{
"category": "self",
"summary": "SUSE Bug 1233260",
"url": "https://bugzilla.suse.com/1233260"
},
{
"category": "self",
"summary": "SUSE Bug 1233479",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "self",
"summary": "SUSE Bug 1233483",
"url": "https://bugzilla.suse.com/1233483"
},
{
"category": "self",
"summary": "SUSE Bug 1233522",
"url": "https://bugzilla.suse.com/1233522"
},
{
"category": "self",
"summary": "SUSE Bug 1233551",
"url": "https://bugzilla.suse.com/1233551"
},
{
"category": "self",
"summary": "SUSE Bug 1233557",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "self",
"summary": "SUSE Bug 1233749",
"url": "https://bugzilla.suse.com/1233749"
},
{
"category": "self",
"summary": "SUSE Bug 1234070",
"url": "https://bugzilla.suse.com/1234070"
},
{
"category": "self",
"summary": "SUSE Bug 1234222",
"url": "https://bugzilla.suse.com/1234222"
},
{
"category": "self",
"summary": "SUSE Bug 1234480",
"url": "https://bugzilla.suse.com/1234480"
},
{
"category": "self",
"summary": "SUSE Bug 1234828",
"url": "https://bugzilla.suse.com/1234828"
},
{
"category": "self",
"summary": "SUSE Bug 1234853",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "self",
"summary": "SUSE Bug 1234857",
"url": "https://bugzilla.suse.com/1234857"
},
{
"category": "self",
"summary": "SUSE Bug 1234891",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "self",
"summary": "SUSE Bug 1234894",
"url": "https://bugzilla.suse.com/1234894"
},
{
"category": "self",
"summary": "SUSE Bug 1234895",
"url": "https://bugzilla.suse.com/1234895"
},
{
"category": "self",
"summary": "SUSE Bug 1234896",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "self",
"summary": "SUSE Bug 1234936",
"url": "https://bugzilla.suse.com/1234936"
},
{
"category": "self",
"summary": "SUSE Bug 1234963",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "self",
"summary": "SUSE Bug 1235054",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "self",
"summary": "SUSE Bug 1235061",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "self",
"summary": "SUSE Bug 1235073",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "self",
"summary": "SUSE Bug 1235244",
"url": "https://bugzilla.suse.com/1235244"
},
{
"category": "self",
"summary": "SUSE Bug 1235435",
"url": "https://bugzilla.suse.com/1235435"
},
{
"category": "self",
"summary": "SUSE Bug 1235436",
"url": "https://bugzilla.suse.com/1235436"
},
{
"category": "self",
"summary": "SUSE Bug 1235441",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "self",
"summary": "SUSE Bug 1235455",
"url": "https://bugzilla.suse.com/1235455"
},
{
"category": "self",
"summary": "SUSE Bug 1235485",
"url": "https://bugzilla.suse.com/1235485"
},
{
"category": "self",
"summary": "SUSE Bug 1235501",
"url": "https://bugzilla.suse.com/1235501"
},
{
"category": "self",
"summary": "SUSE Bug 1235524",
"url": "https://bugzilla.suse.com/1235524"
},
{
"category": "self",
"summary": "SUSE Bug 1235589",
"url": "https://bugzilla.suse.com/1235589"
},
{
"category": "self",
"summary": "SUSE Bug 1235591",
"url": "https://bugzilla.suse.com/1235591"
},
{
"category": "self",
"summary": "SUSE Bug 1235592",
"url": "https://bugzilla.suse.com/1235592"
},
{
"category": "self",
"summary": "SUSE Bug 1235599",
"url": "https://bugzilla.suse.com/1235599"
},
{
"category": "self",
"summary": "SUSE Bug 1235609",
"url": "https://bugzilla.suse.com/1235609"
},
{
"category": "self",
"summary": "SUSE Bug 1235621",
"url": "https://bugzilla.suse.com/1235621"
},
{
"category": "self",
"summary": "SUSE Bug 1235637",
"url": "https://bugzilla.suse.com/1235637"
},
{
"category": "self",
"summary": "SUSE Bug 1235698",
"url": "https://bugzilla.suse.com/1235698"
},
{
"category": "self",
"summary": "SUSE Bug 1235711",
"url": "https://bugzilla.suse.com/1235711"
},
{
"category": "self",
"summary": "SUSE Bug 1235712",
"url": "https://bugzilla.suse.com/1235712"
},
{
"category": "self",
"summary": "SUSE Bug 1235715",
"url": "https://bugzilla.suse.com/1235715"
},
{
"category": "self",
"summary": "SUSE Bug 1235729",
"url": "https://bugzilla.suse.com/1235729"
},
{
"category": "self",
"summary": "SUSE Bug 1235733",
"url": "https://bugzilla.suse.com/1235733"
},
{
"category": "self",
"summary": "SUSE Bug 1235761",
"url": "https://bugzilla.suse.com/1235761"
},
{
"category": "self",
"summary": "SUSE Bug 1235870",
"url": "https://bugzilla.suse.com/1235870"
},
{
"category": "self",
"summary": "SUSE Bug 1235874",
"url": "https://bugzilla.suse.com/1235874"
},
{
"category": "self",
"summary": "SUSE Bug 1235914",
"url": "https://bugzilla.suse.com/1235914"
},
{
"category": "self",
"summary": "SUSE Bug 1235932",
"url": "https://bugzilla.suse.com/1235932"
},
{
"category": "self",
"summary": "SUSE Bug 1235933",
"url": "https://bugzilla.suse.com/1235933"
},
{
"category": "self",
"summary": "SUSE Bug 1235973",
"url": "https://bugzilla.suse.com/1235973"
},
{
"category": "self",
"summary": "SUSE Bug 1236099",
"url": "https://bugzilla.suse.com/1236099"
},
{
"category": "self",
"summary": "SUSE Bug 1236111",
"url": "https://bugzilla.suse.com/1236111"
},
{
"category": "self",
"summary": "SUSE Bug 1236113",
"url": "https://bugzilla.suse.com/1236113"
},
{
"category": "self",
"summary": "SUSE Bug 1236114",
"url": "https://bugzilla.suse.com/1236114"
},
{
"category": "self",
"summary": "SUSE Bug 1236115",
"url": "https://bugzilla.suse.com/1236115"
},
{
"category": "self",
"summary": "SUSE Bug 1236122",
"url": "https://bugzilla.suse.com/1236122"
},
{
"category": "self",
"summary": "SUSE Bug 1236123",
"url": "https://bugzilla.suse.com/1236123"
},
{
"category": "self",
"summary": "SUSE Bug 1236133",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "self",
"summary": "SUSE Bug 1236138",
"url": "https://bugzilla.suse.com/1236138"
},
{
"category": "self",
"summary": "SUSE Bug 1236199",
"url": "https://bugzilla.suse.com/1236199"
},
{
"category": "self",
"summary": "SUSE Bug 1236200",
"url": "https://bugzilla.suse.com/1236200"
},
{
"category": "self",
"summary": "SUSE Bug 1236203",
"url": "https://bugzilla.suse.com/1236203"
},
{
"category": "self",
"summary": "SUSE Bug 1236205",
"url": "https://bugzilla.suse.com/1236205"
},
{
"category": "self",
"summary": "SUSE Bug 1236206",
"url": "https://bugzilla.suse.com/1236206"
},
{
"category": "self",
"summary": "SUSE Bug 1236333",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "self",
"summary": "SUSE Bug 1236573",
"url": "https://bugzilla.suse.com/1236573"
},
{
"category": "self",
"summary": "SUSE Bug 1236575",
"url": "https://bugzilla.suse.com/1236575"
},
{
"category": "self",
"summary": "SUSE Bug 1236576",
"url": "https://bugzilla.suse.com/1236576"
},
{
"category": "self",
"summary": "SUSE Bug 1236591",
"url": "https://bugzilla.suse.com/1236591"
},
{
"category": "self",
"summary": "SUSE Bug 1236661",
"url": "https://bugzilla.suse.com/1236661"
},
{
"category": "self",
"summary": "SUSE Bug 1236677",
"url": "https://bugzilla.suse.com/1236677"
},
{
"category": "self",
"summary": "SUSE Bug 1236680",
"url": "https://bugzilla.suse.com/1236680"
},
{
"category": "self",
"summary": "SUSE Bug 1236681",
"url": "https://bugzilla.suse.com/1236681"
},
{
"category": "self",
"summary": "SUSE Bug 1236682",
"url": "https://bugzilla.suse.com/1236682"
},
{
"category": "self",
"summary": "SUSE Bug 1236683",
"url": "https://bugzilla.suse.com/1236683"
},
{
"category": "self",
"summary": "SUSE Bug 1236684",
"url": "https://bugzilla.suse.com/1236684"
},
{
"category": "self",
"summary": "SUSE Bug 1236685",
"url": "https://bugzilla.suse.com/1236685"
},
{
"category": "self",
"summary": "SUSE Bug 1236689",
"url": "https://bugzilla.suse.com/1236689"
},
{
"category": "self",
"summary": "SUSE Bug 1236692",
"url": "https://bugzilla.suse.com/1236692"
},
{
"category": "self",
"summary": "SUSE Bug 1236694",
"url": "https://bugzilla.suse.com/1236694"
},
{
"category": "self",
"summary": "SUSE Bug 1236698",
"url": "https://bugzilla.suse.com/1236698"
},
{
"category": "self",
"summary": "SUSE Bug 1236700",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "self",
"summary": "SUSE Bug 1236702",
"url": "https://bugzilla.suse.com/1236702"
},
{
"category": "self",
"summary": "SUSE Bug 1236752",
"url": "https://bugzilla.suse.com/1236752"
},
{
"category": "self",
"summary": "SUSE Bug 1236757",
"url": "https://bugzilla.suse.com/1236757"
},
{
"category": "self",
"summary": "SUSE Bug 1236758",
"url": "https://bugzilla.suse.com/1236758"
},
{
"category": "self",
"summary": "SUSE Bug 1236759",
"url": "https://bugzilla.suse.com/1236759"
},
{
"category": "self",
"summary": "SUSE Bug 1236760",
"url": "https://bugzilla.suse.com/1236760"
},
{
"category": "self",
"summary": "SUSE Bug 1236761",
"url": "https://bugzilla.suse.com/1236761"
},
{
"category": "self",
"summary": "SUSE Bug 1236821",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "self",
"summary": "SUSE Bug 1236822",
"url": "https://bugzilla.suse.com/1236822"
},
{
"category": "self",
"summary": "SUSE Bug 1236896",
"url": "https://bugzilla.suse.com/1236896"
},
{
"category": "self",
"summary": "SUSE Bug 1236897",
"url": "https://bugzilla.suse.com/1236897"
},
{
"category": "self",
"summary": "SUSE Bug 1236952",
"url": "https://bugzilla.suse.com/1236952"
},
{
"category": "self",
"summary": "SUSE Bug 1236967",
"url": "https://bugzilla.suse.com/1236967"
},
{
"category": "self",
"summary": "SUSE Bug 1236994",
"url": "https://bugzilla.suse.com/1236994"
},
{
"category": "self",
"summary": "SUSE Bug 1237007",
"url": "https://bugzilla.suse.com/1237007"
},
{
"category": "self",
"summary": "SUSE Bug 1237017",
"url": "https://bugzilla.suse.com/1237017"
},
{
"category": "self",
"summary": "SUSE Bug 1237025",
"url": "https://bugzilla.suse.com/1237025"
},
{
"category": "self",
"summary": "SUSE Bug 1237028",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "self",
"summary": "SUSE Bug 1237029",
"url": "https://bugzilla.suse.com/1237029"
},
{
"category": "self",
"summary": "SUSE Bug 1237045",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "self",
"summary": "SUSE Bug 1237126",
"url": "https://bugzilla.suse.com/1237126"
},
{
"category": "self",
"summary": "SUSE Bug 1237132",
"url": "https://bugzilla.suse.com/1237132"
},
{
"category": "self",
"summary": "SUSE Bug 1237139",
"url": "https://bugzilla.suse.com/1237139"
},
{
"category": "self",
"summary": "SUSE Bug 1237155",
"url": "https://bugzilla.suse.com/1237155"
},
{
"category": "self",
"summary": "SUSE Bug 1237158",
"url": "https://bugzilla.suse.com/1237158"
},
{
"category": "self",
"summary": "SUSE Bug 1237159",
"url": "https://bugzilla.suse.com/1237159"
},
{
"category": "self",
"summary": "SUSE Bug 1237164",
"url": "https://bugzilla.suse.com/1237164"
},
{
"category": "self",
"summary": "SUSE Bug 1237232",
"url": "https://bugzilla.suse.com/1237232"
},
{
"category": "self",
"summary": "SUSE Bug 1237234",
"url": "https://bugzilla.suse.com/1237234"
},
{
"category": "self",
"summary": "SUSE Bug 1237313",
"url": "https://bugzilla.suse.com/1237313"
},
{
"category": "self",
"summary": "SUSE Bug 1237325",
"url": "https://bugzilla.suse.com/1237325"
},
{
"category": "self",
"summary": "SUSE Bug 1237356",
"url": "https://bugzilla.suse.com/1237356"
},
{
"category": "self",
"summary": "SUSE Bug 1237415",
"url": "https://bugzilla.suse.com/1237415"
},
{
"category": "self",
"summary": "SUSE Bug 1237452",
"url": "https://bugzilla.suse.com/1237452"
},
{
"category": "self",
"summary": "SUSE Bug 1237504",
"url": "https://bugzilla.suse.com/1237504"
},
{
"category": "self",
"summary": "SUSE Bug 1237521",
"url": "https://bugzilla.suse.com/1237521"
},
{
"category": "self",
"summary": "SUSE Bug 1237530",
"url": "https://bugzilla.suse.com/1237530"
},
{
"category": "self",
"summary": "SUSE Bug 1237558",
"url": "https://bugzilla.suse.com/1237558"
},
{
"category": "self",
"summary": "SUSE Bug 1237562",
"url": "https://bugzilla.suse.com/1237562"
},
{
"category": "self",
"summary": "SUSE Bug 1237563",
"url": "https://bugzilla.suse.com/1237563"
},
{
"category": "self",
"summary": "SUSE Bug 1237565",
"url": "https://bugzilla.suse.com/1237565"
},
{
"category": "self",
"summary": "SUSE Bug 1237571",
"url": "https://bugzilla.suse.com/1237571"
},
{
"category": "self",
"summary": "SUSE Bug 1237848",
"url": "https://bugzilla.suse.com/1237848"
},
{
"category": "self",
"summary": "SUSE Bug 1237849",
"url": "https://bugzilla.suse.com/1237849"
},
{
"category": "self",
"summary": "SUSE Bug 1237853",
"url": "https://bugzilla.suse.com/1237853"
},
{
"category": "self",
"summary": "SUSE Bug 1237856",
"url": "https://bugzilla.suse.com/1237856"
},
{
"category": "self",
"summary": "SUSE Bug 1237873",
"url": "https://bugzilla.suse.com/1237873"
},
{
"category": "self",
"summary": "SUSE Bug 1237875",
"url": "https://bugzilla.suse.com/1237875"
},
{
"category": "self",
"summary": "SUSE Bug 1237876",
"url": "https://bugzilla.suse.com/1237876"
},
{
"category": "self",
"summary": "SUSE Bug 1237877",
"url": "https://bugzilla.suse.com/1237877"
},
{
"category": "self",
"summary": "SUSE Bug 1237879",
"url": "https://bugzilla.suse.com/1237879"
},
{
"category": "self",
"summary": "SUSE Bug 1237881",
"url": "https://bugzilla.suse.com/1237881"
},
{
"category": "self",
"summary": "SUSE Bug 1237885",
"url": "https://bugzilla.suse.com/1237885"
},
{
"category": "self",
"summary": "SUSE Bug 1237889",
"url": "https://bugzilla.suse.com/1237889"
},
{
"category": "self",
"summary": "SUSE Bug 1237890",
"url": "https://bugzilla.suse.com/1237890"
},
{
"category": "self",
"summary": "SUSE Bug 1237891",
"url": "https://bugzilla.suse.com/1237891"
},
{
"category": "self",
"summary": "SUSE Bug 1237894",
"url": "https://bugzilla.suse.com/1237894"
},
{
"category": "self",
"summary": "SUSE Bug 1237897",
"url": "https://bugzilla.suse.com/1237897"
},
{
"category": "self",
"summary": "SUSE Bug 1237900",
"url": "https://bugzilla.suse.com/1237900"
},
{
"category": "self",
"summary": "SUSE Bug 1237901",
"url": "https://bugzilla.suse.com/1237901"
},
{
"category": "self",
"summary": "SUSE Bug 1237906",
"url": "https://bugzilla.suse.com/1237906"
},
{
"category": "self",
"summary": "SUSE Bug 1237907",
"url": "https://bugzilla.suse.com/1237907"
},
{
"category": "self",
"summary": "SUSE Bug 1237911",
"url": "https://bugzilla.suse.com/1237911"
},
{
"category": "self",
"summary": "SUSE Bug 1237912",
"url": "https://bugzilla.suse.com/1237912"
},
{
"category": "self",
"summary": "SUSE Bug 1237950",
"url": "https://bugzilla.suse.com/1237950"
},
{
"category": "self",
"summary": "SUSE Bug 1238212",
"url": "https://bugzilla.suse.com/1238212"
},
{
"category": "self",
"summary": "SUSE Bug 1238214",
"url": "https://bugzilla.suse.com/1238214"
},
{
"category": "self",
"summary": "SUSE Bug 1238303",
"url": "https://bugzilla.suse.com/1238303"
},
{
"category": "self",
"summary": "SUSE Bug 1238347",
"url": "https://bugzilla.suse.com/1238347"
},
{
"category": "self",
"summary": "SUSE Bug 1238368",
"url": "https://bugzilla.suse.com/1238368"
},
{
"category": "self",
"summary": "SUSE Bug 1238474",
"url": "https://bugzilla.suse.com/1238474"
},
{
"category": "self",
"summary": "SUSE Bug 1238475",
"url": "https://bugzilla.suse.com/1238475"
},
{
"category": "self",
"summary": "SUSE Bug 1238479",
"url": "https://bugzilla.suse.com/1238479"
},
{
"category": "self",
"summary": "SUSE Bug 1238494",
"url": "https://bugzilla.suse.com/1238494"
},
{
"category": "self",
"summary": "SUSE Bug 1238496",
"url": "https://bugzilla.suse.com/1238496"
},
{
"category": "self",
"summary": "SUSE Bug 1238497",
"url": "https://bugzilla.suse.com/1238497"
},
{
"category": "self",
"summary": "SUSE Bug 1238500",
"url": "https://bugzilla.suse.com/1238500"
},
{
"category": "self",
"summary": "SUSE Bug 1238501",
"url": "https://bugzilla.suse.com/1238501"
},
{
"category": "self",
"summary": "SUSE Bug 1238502",
"url": "https://bugzilla.suse.com/1238502"
},
{
"category": "self",
"summary": "SUSE Bug 1238503",
"url": "https://bugzilla.suse.com/1238503"
},
{
"category": "self",
"summary": "SUSE Bug 1238506",
"url": "https://bugzilla.suse.com/1238506"
},
{
"category": "self",
"summary": "SUSE Bug 1238507",
"url": "https://bugzilla.suse.com/1238507"
},
{
"category": "self",
"summary": "SUSE Bug 1238509",
"url": "https://bugzilla.suse.com/1238509"
},
{
"category": "self",
"summary": "SUSE Bug 1238510",
"url": "https://bugzilla.suse.com/1238510"
},
{
"category": "self",
"summary": "SUSE Bug 1238511",
"url": "https://bugzilla.suse.com/1238511"
},
{
"category": "self",
"summary": "SUSE Bug 1238512",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "self",
"summary": "SUSE Bug 1238521",
"url": "https://bugzilla.suse.com/1238521"
},
{
"category": "self",
"summary": "SUSE Bug 1238523",
"url": "https://bugzilla.suse.com/1238523"
},
{
"category": "self",
"summary": "SUSE Bug 1238525",
"url": "https://bugzilla.suse.com/1238525"
},
{
"category": "self",
"summary": "SUSE Bug 1238526",
"url": "https://bugzilla.suse.com/1238526"
},
{
"category": "self",
"summary": "SUSE Bug 1238528",
"url": "https://bugzilla.suse.com/1238528"
},
{
"category": "self",
"summary": "SUSE Bug 1238529",
"url": "https://bugzilla.suse.com/1238529"
},
{
"category": "self",
"summary": "SUSE Bug 1238531",
"url": "https://bugzilla.suse.com/1238531"
},
{
"category": "self",
"summary": "SUSE Bug 1238532",
"url": "https://bugzilla.suse.com/1238532"
},
{
"category": "self",
"summary": "SUSE Bug 1238570",
"url": "https://bugzilla.suse.com/1238570"
},
{
"category": "self",
"summary": "SUSE Bug 1238715",
"url": "https://bugzilla.suse.com/1238715"
},
{
"category": "self",
"summary": "SUSE Bug 1238716",
"url": "https://bugzilla.suse.com/1238716"
},
{
"category": "self",
"summary": "SUSE Bug 1238734",
"url": "https://bugzilla.suse.com/1238734"
},
{
"category": "self",
"summary": "SUSE Bug 1238735",
"url": "https://bugzilla.suse.com/1238735"
},
{
"category": "self",
"summary": "SUSE Bug 1238736",
"url": "https://bugzilla.suse.com/1238736"
},
{
"category": "self",
"summary": "SUSE Bug 1238738",
"url": "https://bugzilla.suse.com/1238738"
},
{
"category": "self",
"summary": "SUSE Bug 1238739",
"url": "https://bugzilla.suse.com/1238739"
},
{
"category": "self",
"summary": "SUSE Bug 1238747",
"url": "https://bugzilla.suse.com/1238747"
},
{
"category": "self",
"summary": "SUSE Bug 1238751",
"url": "https://bugzilla.suse.com/1238751"
},
{
"category": "self",
"summary": "SUSE Bug 1238753",
"url": "https://bugzilla.suse.com/1238753"
},
{
"category": "self",
"summary": "SUSE Bug 1238754",
"url": "https://bugzilla.suse.com/1238754"
},
{
"category": "self",
"summary": "SUSE Bug 1238757",
"url": "https://bugzilla.suse.com/1238757"
},
{
"category": "self",
"summary": "SUSE Bug 1238759",
"url": "https://bugzilla.suse.com/1238759"
},
{
"category": "self",
"summary": "SUSE Bug 1238760",
"url": "https://bugzilla.suse.com/1238760"
},
{
"category": "self",
"summary": "SUSE Bug 1238762",
"url": "https://bugzilla.suse.com/1238762"
},
{
"category": "self",
"summary": "SUSE Bug 1238763",
"url": "https://bugzilla.suse.com/1238763"
},
{
"category": "self",
"summary": "SUSE Bug 1238767",
"url": "https://bugzilla.suse.com/1238767"
},
{
"category": "self",
"summary": "SUSE Bug 1238768",
"url": "https://bugzilla.suse.com/1238768"
},
{
"category": "self",
"summary": "SUSE Bug 1238771",
"url": "https://bugzilla.suse.com/1238771"
},
{
"category": "self",
"summary": "SUSE Bug 1238772",
"url": "https://bugzilla.suse.com/1238772"
},
{
"category": "self",
"summary": "SUSE Bug 1238773",
"url": "https://bugzilla.suse.com/1238773"
},
{
"category": "self",
"summary": "SUSE Bug 1238775",
"url": "https://bugzilla.suse.com/1238775"
},
{
"category": "self",
"summary": "SUSE Bug 1238780",
"url": "https://bugzilla.suse.com/1238780"
},
{
"category": "self",
"summary": "SUSE Bug 1238781",
"url": "https://bugzilla.suse.com/1238781"
},
{
"category": "self",
"summary": "SUSE Bug 1238785",
"url": "https://bugzilla.suse.com/1238785"
},
{
"category": "self",
"summary": "SUSE Bug 1238860",
"url": "https://bugzilla.suse.com/1238860"
},
{
"category": "self",
"summary": "SUSE Bug 1238863",
"url": "https://bugzilla.suse.com/1238863"
},
{
"category": "self",
"summary": "SUSE Bug 1238864",
"url": "https://bugzilla.suse.com/1238864"
},
{
"category": "self",
"summary": "SUSE Bug 1238865",
"url": "https://bugzilla.suse.com/1238865"
},
{
"category": "self",
"summary": "SUSE Bug 1238876",
"url": "https://bugzilla.suse.com/1238876"
},
{
"category": "self",
"summary": "SUSE Bug 1238877",
"url": "https://bugzilla.suse.com/1238877"
},
{
"category": "self",
"summary": "SUSE Bug 1238903",
"url": "https://bugzilla.suse.com/1238903"
},
{
"category": "self",
"summary": "SUSE Bug 1238904",
"url": "https://bugzilla.suse.com/1238904"
},
{
"category": "self",
"summary": "SUSE Bug 1238905",
"url": "https://bugzilla.suse.com/1238905"
},
{
"category": "self",
"summary": "SUSE Bug 1238909",
"url": "https://bugzilla.suse.com/1238909"
},
{
"category": "self",
"summary": "SUSE Bug 1238911",
"url": "https://bugzilla.suse.com/1238911"
},
{
"category": "self",
"summary": "SUSE Bug 1238917",
"url": "https://bugzilla.suse.com/1238917"
},
{
"category": "self",
"summary": "SUSE Bug 1238958",
"url": "https://bugzilla.suse.com/1238958"
},
{
"category": "self",
"summary": "SUSE Bug 1238959",
"url": "https://bugzilla.suse.com/1238959"
},
{
"category": "self",
"summary": "SUSE Bug 1238963",
"url": "https://bugzilla.suse.com/1238963"
},
{
"category": "self",
"summary": "SUSE Bug 1238964",
"url": "https://bugzilla.suse.com/1238964"
},
{
"category": "self",
"summary": "SUSE Bug 1238969",
"url": "https://bugzilla.suse.com/1238969"
},
{
"category": "self",
"summary": "SUSE Bug 1238971",
"url": "https://bugzilla.suse.com/1238971"
},
{
"category": "self",
"summary": "SUSE Bug 1238973",
"url": "https://bugzilla.suse.com/1238973"
},
{
"category": "self",
"summary": "SUSE Bug 1238975",
"url": "https://bugzilla.suse.com/1238975"
},
{
"category": "self",
"summary": "SUSE Bug 1238978",
"url": "https://bugzilla.suse.com/1238978"
},
{
"category": "self",
"summary": "SUSE Bug 1238979",
"url": "https://bugzilla.suse.com/1238979"
},
{
"category": "self",
"summary": "SUSE Bug 1238981",
"url": "https://bugzilla.suse.com/1238981"
},
{
"category": "self",
"summary": "SUSE Bug 1238984",
"url": "https://bugzilla.suse.com/1238984"
},
{
"category": "self",
"summary": "SUSE Bug 1238986",
"url": "https://bugzilla.suse.com/1238986"
},
{
"category": "self",
"summary": "SUSE Bug 1238993",
"url": "https://bugzilla.suse.com/1238993"
},
{
"category": "self",
"summary": "SUSE Bug 1238994",
"url": "https://bugzilla.suse.com/1238994"
},
{
"category": "self",
"summary": "SUSE Bug 1238997",
"url": "https://bugzilla.suse.com/1238997"
},
{
"category": "self",
"summary": "SUSE Bug 1239015",
"url": "https://bugzilla.suse.com/1239015"
},
{
"category": "self",
"summary": "SUSE Bug 1239016",
"url": "https://bugzilla.suse.com/1239016"
},
{
"category": "self",
"summary": "SUSE Bug 1239027",
"url": "https://bugzilla.suse.com/1239027"
},
{
"category": "self",
"summary": "SUSE Bug 1239029",
"url": "https://bugzilla.suse.com/1239029"
},
{
"category": "self",
"summary": "SUSE Bug 1239030",
"url": "https://bugzilla.suse.com/1239030"
},
{
"category": "self",
"summary": "SUSE Bug 1239033",
"url": "https://bugzilla.suse.com/1239033"
},
{
"category": "self",
"summary": "SUSE Bug 1239034",
"url": "https://bugzilla.suse.com/1239034"
},
{
"category": "self",
"summary": "SUSE Bug 1239036",
"url": "https://bugzilla.suse.com/1239036"
},
{
"category": "self",
"summary": "SUSE Bug 1239037",
"url": "https://bugzilla.suse.com/1239037"
},
{
"category": "self",
"summary": "SUSE Bug 1239038",
"url": "https://bugzilla.suse.com/1239038"
},
{
"category": "self",
"summary": "SUSE Bug 1239039",
"url": "https://bugzilla.suse.com/1239039"
},
{
"category": "self",
"summary": "SUSE Bug 1239045",
"url": "https://bugzilla.suse.com/1239045"
},
{
"category": "self",
"summary": "SUSE Bug 1239065",
"url": "https://bugzilla.suse.com/1239065"
},
{
"category": "self",
"summary": "SUSE Bug 1239068",
"url": "https://bugzilla.suse.com/1239068"
},
{
"category": "self",
"summary": "SUSE Bug 1239073",
"url": "https://bugzilla.suse.com/1239073"
},
{
"category": "self",
"summary": "SUSE Bug 1239076",
"url": "https://bugzilla.suse.com/1239076"
},
{
"category": "self",
"summary": "SUSE Bug 1239080",
"url": "https://bugzilla.suse.com/1239080"
},
{
"category": "self",
"summary": "SUSE Bug 1239085",
"url": "https://bugzilla.suse.com/1239085"
},
{
"category": "self",
"summary": "SUSE Bug 1239087",
"url": "https://bugzilla.suse.com/1239087"
},
{
"category": "self",
"summary": "SUSE Bug 1239095",
"url": "https://bugzilla.suse.com/1239095"
},
{
"category": "self",
"summary": "SUSE Bug 1239104",
"url": "https://bugzilla.suse.com/1239104"
},
{
"category": "self",
"summary": "SUSE Bug 1239105",
"url": "https://bugzilla.suse.com/1239105"
},
{
"category": "self",
"summary": "SUSE Bug 1239109",
"url": "https://bugzilla.suse.com/1239109"
},
{
"category": "self",
"summary": "SUSE Bug 1239112",
"url": "https://bugzilla.suse.com/1239112"
},
{
"category": "self",
"summary": "SUSE Bug 1239114",
"url": "https://bugzilla.suse.com/1239114"
},
{
"category": "self",
"summary": "SUSE Bug 1239115",
"url": "https://bugzilla.suse.com/1239115"
},
{
"category": "self",
"summary": "SUSE Bug 1239117",
"url": "https://bugzilla.suse.com/1239117"
},
{
"category": "self",
"summary": "SUSE Bug 1239167",
"url": "https://bugzilla.suse.com/1239167"
},
{
"category": "self",
"summary": "SUSE Bug 1239174",
"url": "https://bugzilla.suse.com/1239174"
},
{
"category": "self",
"summary": "SUSE Bug 1239346",
"url": "https://bugzilla.suse.com/1239346"
},
{
"category": "self",
"summary": "SUSE Bug 1239349",
"url": "https://bugzilla.suse.com/1239349"
},
{
"category": "self",
"summary": "SUSE Bug 1239435",
"url": "https://bugzilla.suse.com/1239435"
},
{
"category": "self",
"summary": "SUSE Bug 1239467",
"url": "https://bugzilla.suse.com/1239467"
},
{
"category": "self",
"summary": "SUSE Bug 1239468",
"url": "https://bugzilla.suse.com/1239468"
},
{
"category": "self",
"summary": "SUSE Bug 1239471",
"url": "https://bugzilla.suse.com/1239471"
},
{
"category": "self",
"summary": "SUSE Bug 1239473",
"url": "https://bugzilla.suse.com/1239473"
},
{
"category": "self",
"summary": "SUSE Bug 1239474",
"url": "https://bugzilla.suse.com/1239474"
},
{
"category": "self",
"summary": "SUSE Bug 1239477",
"url": "https://bugzilla.suse.com/1239477"
},
{
"category": "self",
"summary": "SUSE Bug 1239478",
"url": "https://bugzilla.suse.com/1239478"
},
{
"category": "self",
"summary": "SUSE Bug 1239479",
"url": "https://bugzilla.suse.com/1239479"
},
{
"category": "self",
"summary": "SUSE Bug 1239481",
"url": "https://bugzilla.suse.com/1239481"
},
{
"category": "self",
"summary": "SUSE Bug 1239482",
"url": "https://bugzilla.suse.com/1239482"
},
{
"category": "self",
"summary": "SUSE Bug 1239483",
"url": "https://bugzilla.suse.com/1239483"
},
{
"category": "self",
"summary": "SUSE Bug 1239484",
"url": "https://bugzilla.suse.com/1239484"
},
{
"category": "self",
"summary": "SUSE Bug 1239486",
"url": "https://bugzilla.suse.com/1239486"
},
{
"category": "self",
"summary": "SUSE Bug 1239508",
"url": "https://bugzilla.suse.com/1239508"
},
{
"category": "self",
"summary": "SUSE Bug 1239512",
"url": "https://bugzilla.suse.com/1239512"
},
{
"category": "self",
"summary": "SUSE Bug 1239518",
"url": "https://bugzilla.suse.com/1239518"
},
{
"category": "self",
"summary": "SUSE Bug 1239573",
"url": "https://bugzilla.suse.com/1239573"
},
{
"category": "self",
"summary": "SUSE Bug 1239594",
"url": "https://bugzilla.suse.com/1239594"
},
{
"category": "self",
"summary": "SUSE Bug 1239595",
"url": "https://bugzilla.suse.com/1239595"
},
{
"category": "self",
"summary": "SUSE Bug 1239600",
"url": "https://bugzilla.suse.com/1239600"
},
{
"category": "self",
"summary": "SUSE Bug 1239605",
"url": "https://bugzilla.suse.com/1239605"
},
{
"category": "self",
"summary": "SUSE Bug 1239615",
"url": "https://bugzilla.suse.com/1239615"
},
{
"category": "self",
"summary": "SUSE Bug 1239644",
"url": "https://bugzilla.suse.com/1239644"
},
{
"category": "self",
"summary": "SUSE Bug 1239707",
"url": "https://bugzilla.suse.com/1239707"
},
{
"category": "self",
"summary": "SUSE Bug 1239986",
"url": "https://bugzilla.suse.com/1239986"
},
{
"category": "self",
"summary": "SUSE Bug 1239994",
"url": "https://bugzilla.suse.com/1239994"
},
{
"category": "self",
"summary": "SUSE Bug 1240169",
"url": "https://bugzilla.suse.com/1240169"
},
{
"category": "self",
"summary": "SUSE Bug 1240172",
"url": "https://bugzilla.suse.com/1240172"
},
{
"category": "self",
"summary": "SUSE Bug 1240173",
"url": "https://bugzilla.suse.com/1240173"
},
{
"category": "self",
"summary": "SUSE Bug 1240175",
"url": "https://bugzilla.suse.com/1240175"
},
{
"category": "self",
"summary": "SUSE Bug 1240177",
"url": "https://bugzilla.suse.com/1240177"
},
{
"category": "self",
"summary": "SUSE Bug 1240179",
"url": "https://bugzilla.suse.com/1240179"
},
{
"category": "self",
"summary": "SUSE Bug 1240182",
"url": "https://bugzilla.suse.com/1240182"
},
{
"category": "self",
"summary": "SUSE Bug 1240183",
"url": "https://bugzilla.suse.com/1240183"
},
{
"category": "self",
"summary": "SUSE Bug 1240186",
"url": "https://bugzilla.suse.com/1240186"
},
{
"category": "self",
"summary": "SUSE Bug 1240188",
"url": "https://bugzilla.suse.com/1240188"
},
{
"category": "self",
"summary": "SUSE Bug 1240189",
"url": "https://bugzilla.suse.com/1240189"
},
{
"category": "self",
"summary": "SUSE Bug 1240191",
"url": "https://bugzilla.suse.com/1240191"
},
{
"category": "self",
"summary": "SUSE Bug 1240192",
"url": "https://bugzilla.suse.com/1240192"
},
{
"category": "self",
"summary": "SUSE Bug 1240333",
"url": "https://bugzilla.suse.com/1240333"
},
{
"category": "self",
"summary": "SUSE Bug 1240334",
"url": "https://bugzilla.suse.com/1240334"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52831 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52924 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52925 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52926 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52926/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52927 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26634 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26634/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26708 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26810 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26873 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35826 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35910 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35910/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38606 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41005 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41077 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41149 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41149/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42307 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43820 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45010 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46736 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46782 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46796 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46858 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47408 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47408/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47701 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47794 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49571 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49884 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49924 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49940 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49940/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49950 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50029 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50036 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50073 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50115 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50126 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50140 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50142 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50152 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50185 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50251 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50251/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50258 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50290 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50294 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50294/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50304 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-52559 page",
"url": "https://www.suse.com/security/cve/CVE-2024-52559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53057 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53123 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53140 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53147 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53163 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53173 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53177 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53178 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53226 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53239 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53680 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-54683 page",
"url": "https://www.suse.com/security/cve/CVE-2024-54683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56539 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56548 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56579 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56592 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56592/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56605 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56605/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56633 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56638 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56640 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56647 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56658 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56702 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56703 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56718 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56719 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56720 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56751 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56758 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56758/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56770 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56770/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57807 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57834 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57882 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57889 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57900 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57947 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57948 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57973 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57978 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57979 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57979/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57981 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57986 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57990 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57990/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57993 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57996 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57997 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57999 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58002 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58005 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58006 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58007 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58011 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58012 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58013 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58014 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58017 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58019 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58020 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58034 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58034/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58051 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58052 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58054 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58054/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58057 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58058 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58061 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58069 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58072 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58072/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58076 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58078 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58079 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58080 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58083 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58086 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21631 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21635 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21635/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21636 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21637 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21638 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21639 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21640 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21647 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21659 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21665 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21666 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21667 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21668 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21669 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21670 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21671 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21675 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21675/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21678 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21680 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21681 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21684 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21687 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21688 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21689 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21689/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21690 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21693 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21699 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21701 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21703 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21704 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21705 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21706 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21708 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21711 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21714 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21715 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21716 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21718 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21719 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21723 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21727 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21731 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21732 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21733 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21734 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21735 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21736 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21738 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21739 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21741 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21742 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21743 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21743/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21744 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21745 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21745/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21749 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21750 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21753 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21756 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21759 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21759/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21760 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21760/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21761 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21762 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21762/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21763 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21764 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21765 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21765/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21766 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21767 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21772 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21773 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21773/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21775 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21776 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21776/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21779 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21780 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21780/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21781 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21782 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21784 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21784/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21785 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21790 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21793 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21793/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21794 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21796 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21799 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21802 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21804 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21804/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21810 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21815 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21819 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21820 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21821 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21823 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21825 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21828 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21829 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21830 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21831 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21832 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21835 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21838 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21838/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21844 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21846 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21847 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21848 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21848/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21850 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21855 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21856 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21857 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21858 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21859 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21861 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21862 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21864 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21865 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21866 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21871 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21876 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21877 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21878 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21883 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21883/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21885 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21886 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21888 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21890 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21891 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21892 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21892/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-04-17T10:48:21Z",
"generator": {
"date": "2025-04-17T10:48:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20190-1",
"initial_release_date": "2025-04-17T10:48:21Z",
"revision_history": [
{
"date": "2025-04-17T10:48:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-6.4.0-28.1.noarch",
"product": {
"name": "kernel-devel-rt-6.4.0-28.1.noarch",
"product_id": "kernel-devel-rt-6.4.0-28.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-6.4.0-28.1.noarch",
"product": {
"name": "kernel-source-rt-6.4.0-28.1.noarch",
"product_id": "kernel-source-rt-6.4.0-28.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-rt-6.4.0-28.1.x86_64",
"product_id": "kernel-rt-6.4.0-28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-6.4.0-28.1.x86_64",
"product_id": "kernel-rt-livepatch-6.4.0-28.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-6.4.0-28.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch"
},
"product_reference": "kernel-devel-rt-6.4.0-28.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-rt-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-livepatch-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-rt-livepatch-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-6.4.0-28.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
},
"product_reference": "kernel-source-rt-6.4.0-28.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpu/hotplug: Don\u0027t offline the last non-isolated CPU\n\nIf a system has isolated CPUs via the \"isolcpus=\" command line parameter,\nthen an attempt to offline the last housekeeping CPU will result in a\nWARN_ON() when rebuilding the scheduler domains and a subsequent panic due\nto and unhandled empty CPU mas in partition_sched_domains_locked().\n\ncpuset_hotplug_workfn()\n rebuild_sched_domains_locked()\n ndoms = generate_sched_domains(\u0026doms, \u0026attr);\n cpumask_and(doms[0], top_cpuset.effective_cpus, housekeeping_cpumask(HK_FLAG_DOMAIN));\n\nThus results in an empty CPU mask which triggers the warning and then the\nsubsequent crash:\n\nWARNING: CPU: 4 PID: 80 at kernel/sched/topology.c:2366 build_sched_domains+0x120c/0x1408\nCall trace:\n build_sched_domains+0x120c/0x1408\n partition_sched_domains_locked+0x234/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n rebuild_sched_domains+0x30/0x58\n cpuset_hotplug_workfn+0x2a8/0x930\n\nUnable to handle kernel paging request at virtual address fffe80027ab37080\n partition_sched_domains_locked+0x318/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n\nAside of the resulting crash, it does not make any sense to offline the last\nlast housekeeping CPU.\n\nPrevent this by masking out the non-housekeeping CPUs when selecting a\ntarget CPU for initiating the CPU unplug operation via the work queue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52831",
"url": "https://www.suse.com/security/cve/CVE-2023-52831"
},
{
"category": "external",
"summary": "SUSE Bug 1225533 for CVE-2023-52831",
"url": "https://bugzilla.suse.com/1225533"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2023-52831"
},
{
"cve": "CVE-2023-52924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t skip expired elements during walk\n\nThere is an asymmetry between commit/abort and preparation phase if the\nfollowing conditions are met:\n\n1. set is a verdict map (\"1.2.3.4 : jump foo\")\n2. timeouts are enabled\n\nIn this case, following sequence is problematic:\n\n1. element E in set S refers to chain C\n2. userspace requests removal of set S\n3. kernel does a set walk to decrement chain-\u003euse count for all elements\n from preparation phase\n4. kernel does another set walk to remove elements from the commit phase\n (or another walk to do a chain-\u003euse increment for all elements from\n abort phase)\n\nIf E has already expired in 1), it will be ignored during list walk, so its use count\nwon\u0027t have been changed.\n\nThen, when set is culled, -\u003edestroy callback will zap the element via\nnf_tables_set_elem_destroy(), but this function is only safe for\nelements that have been deactivated earlier from the preparation phase:\nlack of earlier deactivate removes the element but leaks the chain use\ncount, which results in a WARN splat when the chain gets removed later,\nplus a leak of the nft_chain structure.\n\nUpdate pipapo_get() not to skip expired elements, otherwise flush\ncommand reports bogus ENOENT errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52924",
"url": "https://www.suse.com/security/cve/CVE-2023-52924"
},
{
"category": "external",
"summary": "SUSE Bug 1236821 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "external",
"summary": "SUSE Bug 1244630 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1244630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2023-52924"
},
{
"cve": "CVE-2023-52925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t fail inserts if duplicate has expired\n\nnftables selftests fail:\nrun-tests.sh testcases/sets/0044interval_overlap_0\nExpected: 0-2 . 0-3, got:\nW: [FAILED] ./testcases/sets/0044interval_overlap_0: got 1\n\nInsertion must ignore duplicate but expired entries.\n\nMoreover, there is a strange asymmetry in nft_pipapo_activate:\n\nIt refetches the current element, whereas the other -\u003eactivate callbacks\n(bitmap, hash, rhash, rbtree) use elem-\u003epriv.\nSame for .remove: other set implementations take elem-\u003epriv,\nnft_pipapo_remove fetches elem-\u003epriv, then does a relookup,\nremove this.\n\nI suspect this was the reason for the change that prompted the\nremoval of the expired check in pipapo_get() in the first place,\nbut skipping exired elements there makes no sense to me, this helper\nis used for normal get requests, insertions (duplicate check)\nand deactivate callback.\n\nIn first two cases expired elements must be skipped.\n\nFor -\u003edeactivate(), this gets called for DELSETELEM, so it\nseems to me that expired elements should be skipped as well, i.e.\ndelete request should fail with -ENOENT error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52925",
"url": "https://www.suse.com/security/cve/CVE-2023-52925"
},
{
"category": "external",
"summary": "SUSE Bug 1236822 for CVE-2023-52925",
"url": "https://bugzilla.suse.com/1236822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2023-52925"
},
{
"cve": "CVE-2023-52926",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52926"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIORING_OP_READ did not correctly consume the provided buffer list when\nread i/o returned \u003c 0 (except for -EAGAIN and -EIOCBQUEUED return).\nThis can lead to a potential use-after-free when the completion via\nio_rw_done runs at separate context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52926",
"url": "https://www.suse.com/security/cve/CVE-2023-52926"
},
{
"category": "external",
"summary": "SUSE Bug 1237565 for CVE-2023-52926",
"url": "https://bugzilla.suse.com/1237565"
},
{
"category": "external",
"summary": "SUSE Bug 1237567 for CVE-2023-52926",
"url": "https://bugzilla.suse.com/1237567"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2023-52926"
},
{
"cve": "CVE-2023-52927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: allow exp not to be removed in nf_ct_find_expectation\n\nCurrently nf_conntrack_in() calling nf_ct_find_expectation() will\nremove the exp from the hash table. However, in some scenario, we\nexpect the exp not to be removed when the created ct will not be\nconfirmed, like in OVS and TC conntrack in the following patches.\n\nThis patch allows exp not to be removed by setting IPS_CONFIRMED\nin the status of the tmpl.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52927",
"url": "https://www.suse.com/security/cve/CVE-2023-52927"
},
{
"category": "external",
"summary": "SUSE Bug 1239644 for CVE-2023-52927",
"url": "https://bugzilla.suse.com/1239644"
},
{
"category": "external",
"summary": "SUSE Bug 1246016 for CVE-2023-52927",
"url": "https://bugzilla.suse.com/1246016"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2023-52927"
},
{
"cve": "CVE-2024-26634",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26634"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix removing a namespace with conflicting altnames\n\nMark reports a BUG() when a net namespace is removed.\n\n kernel BUG at net/core/dev.c:11520!\n\nPhysical interfaces moved outside of init_net get \"refunded\"\nto init_net when that namespace disappears. The main interface\nname may get overwritten in the process if it would have\nconflicted. We need to also discard all conflicting altnames.\nRecent fixes addressed ensuring that altnames get moved\nwith the main interface, which surfaced this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26634",
"url": "https://www.suse.com/security/cve/CVE-2024-26634"
},
{
"category": "external",
"summary": "SUSE Bug 1221651 for CVE-2024-26634",
"url": "https://bugzilla.suse.com/1221651"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-26634"
},
{
"cve": "CVE-2024-26708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: really cope with fastopen race\n\nFastopen and PM-trigger subflow shutdown can race, as reported by\nsyzkaller.\n\nIn my first attempt to close such race, I missed the fact that\nthe subflow status can change again before the subflow_state_change\ncallback is invoked.\n\nAddress the issue additionally copying with all the states directly\nreachable from TCP_FIN_WAIT1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26708",
"url": "https://www.suse.com/security/cve/CVE-2024-26708"
},
{
"category": "external",
"summary": "SUSE Bug 1222672 for CVE-2024-26708",
"url": "https://bugzilla.suse.com/1222672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-26708"
},
{
"cve": "CVE-2024-26810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Lock external INTx masking ops\n\nMask operations through config space changes to DisINTx may race INTx\nconfiguration changes via ioctl. Create wrappers that add locking for\npaths outside of the core interrupt code.\n\nIn particular, irq_type is updated holding igate, therefore testing\nis_intx() requires holding igate. For example clearing DisINTx from\nconfig space can otherwise race changes of the interrupt configuration.\n\nThis aligns interfaces which may trigger the INTx eventfd into two\ncamps, one side serialized by igate and the other only enabled while\nINTx is configured. A subsequent patch introduces synchronization for\nthe latter flows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26810",
"url": "https://www.suse.com/security/cve/CVE-2024-26810"
},
{
"category": "external",
"summary": "SUSE Bug 1222803 for CVE-2024-26810",
"url": "https://bugzilla.suse.com/1222803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-26810"
},
{
"cve": "CVE-2024-26873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26873"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hisi_sas: Fix a deadlock issue related to automatic dump\n\nIf we issue a disabling PHY command, the device attached with it will go\noffline, if a 2 bit ECC error occurs at the same time, a hung task may be\nfound:\n\n[ 4613.652388] INFO: task kworker/u256:0:165233 blocked for more than 120 seconds.\n[ 4613.666297] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.674809] task:kworker/u256:0 state:D stack: 0 pid:165233 ppid: 2 flags:0x00000208\n[ 4613.683959] Workqueue: 0000:74:02.0_disco_q sas_revalidate_domain [libsas]\n[ 4613.691518] Call trace:\n[ 4613.694678] __switch_to+0xf8/0x17c\n[ 4613.698872] __schedule+0x660/0xee0\n[ 4613.703063] schedule+0xac/0x240\n[ 4613.706994] schedule_timeout+0x500/0x610\n[ 4613.711705] __down+0x128/0x36c\n[ 4613.715548] down+0x240/0x2d0\n[ 4613.719221] hisi_sas_internal_abort_timeout+0x1bc/0x260 [hisi_sas_main]\n[ 4613.726618] sas_execute_internal_abort+0x144/0x310 [libsas]\n[ 4613.732976] sas_execute_internal_abort_dev+0x44/0x60 [libsas]\n[ 4613.739504] hisi_sas_internal_task_abort_dev.isra.0+0xbc/0x1b0 [hisi_sas_main]\n[ 4613.747499] hisi_sas_dev_gone+0x174/0x250 [hisi_sas_main]\n[ 4613.753682] sas_notify_lldd_dev_gone+0xec/0x2e0 [libsas]\n[ 4613.759781] sas_unregister_common_dev+0x4c/0x7a0 [libsas]\n[ 4613.765962] sas_destruct_devices+0xb8/0x120 [libsas]\n[ 4613.771709] sas_do_revalidate_domain.constprop.0+0x1b8/0x31c [libsas]\n[ 4613.778930] sas_revalidate_domain+0x60/0xa4 [libsas]\n[ 4613.784716] process_one_work+0x248/0x950\n[ 4613.789424] worker_thread+0x318/0x934\n[ 4613.793878] kthread+0x190/0x200\n[ 4613.797810] ret_from_fork+0x10/0x18\n[ 4613.802121] INFO: task kworker/u256:4:316722 blocked for more than 120 seconds.\n[ 4613.816026] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.824538] task:kworker/u256:4 state:D stack: 0 pid:316722 ppid: 2 flags:0x00000208\n[ 4613.833670] Workqueue: 0000:74:02.0 hisi_sas_rst_work_handler [hisi_sas_main]\n[ 4613.841491] Call trace:\n[ 4613.844647] __switch_to+0xf8/0x17c\n[ 4613.848852] __schedule+0x660/0xee0\n[ 4613.853052] schedule+0xac/0x240\n[ 4613.856984] schedule_timeout+0x500/0x610\n[ 4613.861695] __down+0x128/0x36c\n[ 4613.865542] down+0x240/0x2d0\n[ 4613.869216] hisi_sas_controller_prereset+0x58/0x1fc [hisi_sas_main]\n[ 4613.876324] hisi_sas_rst_work_handler+0x40/0x8c [hisi_sas_main]\n[ 4613.883019] process_one_work+0x248/0x950\n[ 4613.887732] worker_thread+0x318/0x934\n[ 4613.892204] kthread+0x190/0x200\n[ 4613.896118] ret_from_fork+0x10/0x18\n[ 4613.900423] INFO: task kworker/u256:1:348985 blocked for more than 121 seconds.\n[ 4613.914341] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.922852] task:kworker/u256:1 state:D stack: 0 pid:348985 ppid: 2 flags:0x00000208\n[ 4613.931984] Workqueue: 0000:74:02.0_event_q sas_port_event_worker [libsas]\n[ 4613.939549] Call trace:\n[ 4613.942702] __switch_to+0xf8/0x17c\n[ 4613.946892] __schedule+0x660/0xee0\n[ 4613.951083] schedule+0xac/0x240\n[ 4613.955015] schedule_timeout+0x500/0x610\n[ 4613.959725] wait_for_common+0x200/0x610\n[ 4613.964349] wait_for_completion+0x3c/0x5c\n[ 4613.969146] flush_workqueue+0x198/0x790\n[ 4613.973776] sas_porte_broadcast_rcvd+0x1e8/0x320 [libsas]\n[ 4613.979960] sas_port_event_worker+0x54/0xa0 [libsas]\n[ 4613.985708] process_one_work+0x248/0x950\n[ 4613.990420] worker_thread+0x318/0x934\n[ 4613.994868] kthread+0x190/0x200\n[ 4613.998800] ret_from_fork+0x10/0x18\n\nThis is because when the device goes offline, we obtain the hisi_hba\nsemaphore and send the ABORT_DEV command to the device. However, the\ninternal abort timed out due to the 2 bit ECC error and triggers automatic\ndump. In addition, since the hisi_hba semaphore has been obtained, the dump\ncannot be executed and the controller cannot be reset.\n\nTherefore, the deadlocks occur on the following circular dependencies\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26873",
"url": "https://www.suse.com/security/cve/CVE-2024-26873"
},
{
"category": "external",
"summary": "SUSE Bug 1223047 for CVE-2024-26873",
"url": "https://bugzilla.suse.com/1223047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-26873"
},
{
"cve": "CVE-2024-35826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35826"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix page refcounts for unaligned buffers in __bio_release_pages()\n\nFix an incorrect number of pages being released for buffers that do not\nstart at the beginning of a page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35826",
"url": "https://www.suse.com/security/cve/CVE-2024-35826"
},
{
"category": "external",
"summary": "SUSE Bug 1224610 for CVE-2024-35826",
"url": "https://bugzilla.suse.com/1224610"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-35826"
},
{
"cve": "CVE-2024-35910",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35910"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: properly terminate timers for kernel sockets\n\nWe had various syzbot reports about tcp timers firing after\nthe corresponding netns has been dismantled.\n\nFortunately Josef Bacik could trigger the issue more often,\nand could test a patch I wrote two years ago.\n\nWhen TCP sockets are closed, we call inet_csk_clear_xmit_timers()\nto \u0027stop\u0027 the timers.\n\ninet_csk_clear_xmit_timers() can be called from any context,\nincluding when socket lock is held.\nThis is the reason it uses sk_stop_timer(), aka del_timer().\nThis means that ongoing timers might finish much later.\n\nFor user sockets, this is fine because each running timer\nholds a reference on the socket, and the user socket holds\na reference on the netns.\n\nFor kernel sockets, we risk that the netns is freed before\ntimer can complete, because kernel sockets do not hold\nreference on the netns.\n\nThis patch adds inet_csk_clear_xmit_timers_sync() function\nthat using sk_stop_timer_sync() to make sure all timers\nare terminated before the kernel socket is released.\nModules using kernel sockets close them in their netns exit()\nhandler.\n\nAlso add sock_not_owned_by_me() helper to get LOCKDEP\nsupport : inet_csk_clear_xmit_timers_sync() must not be called\nwhile socket lock is held.\n\nIt is very possible we can revert in the future commit\n3a58f13a881e (\"net: rds: acquire refcount on TCP sockets\")\nwhich attempted to solve the issue in rds only.\n(net/smc/af_smc.c and net/mptcp/subflow.c have similar code)\n\nWe probably can remove the check_net() tests from\ntcp_out_of_resources() and __tcp_close() in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35910",
"url": "https://www.suse.com/security/cve/CVE-2024-35910"
},
{
"category": "external",
"summary": "SUSE Bug 1224489 for CVE-2024-35910",
"url": "https://bugzilla.suse.com/1224489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-35910"
},
{
"cve": "CVE-2024-38606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38606"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - validate slices count returned by FW\n\nThe function adf_send_admin_tl_start() enables the telemetry (TL)\nfeature on a QAT device by sending the ICP_QAT_FW_TL_START message to\nthe firmware. This triggers the FW to start writing TL data to a DMA\nbuffer in memory and returns an array containing the number of\naccelerators of each type (slices) supported by this HW.\nThe pointer to this array is stored in the adf_tl_hw_data data\nstructure called slice_cnt.\n\nThe array slice_cnt is then used in the function tl_print_dev_data()\nto report in debugfs only statistics about the supported accelerators.\nAn incorrect value of the elements in slice_cnt might lead to an out\nof bounds memory read.\nAt the moment, there isn\u0027t an implementation of FW that returns a wrong\nvalue, but for robustness validate the slice count array returned by FW.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38606",
"url": "https://www.suse.com/security/cve/CVE-2024-38606"
},
{
"category": "external",
"summary": "SUSE Bug 1226871 for CVE-2024-38606",
"url": "https://bugzilla.suse.com/1226871"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-38606"
},
{
"cve": "CVE-2024-40980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: replace spin_lock by raw_spin_lock\n\ntrace_drop_common() is called with preemption disabled, and it acquires\na spin_lock. This is problematic for RT kernels because spin_locks are\nsleeping locks in this configuration, which causes the following splat:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47\npreempt_count: 1, expected: 0\nRCU nest depth: 2, expected: 2\n5 locks held by rcuc/47/449:\n #0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210\n #1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130\n #2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210\n #3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70\n #4: ff1100086ee07520 (\u0026data-\u003elock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290\nirq event stamp: 139909\nhardirqs last enabled at (139908): [\u003cffffffffb1df2b33\u003e] _raw_spin_unlock_irqrestore+0x63/0x80\nhardirqs last disabled at (139909): [\u003cffffffffb19bd03d\u003e] trace_drop_common.constprop.0+0x26d/0x290\nsoftirqs last enabled at (139892): [\u003cffffffffb07a1083\u003e] __local_bh_enable_ip+0x103/0x170\nsoftirqs last disabled at (139898): [\u003cffffffffb0909b33\u003e] rcu_cpu_kthread+0x93/0x1f0\nPreemption disabled at:\n[\u003cffffffffb1de786b\u003e] rt_mutex_slowunlock+0xab/0x2e0\nCPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7\nHardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x8c/0xd0\n dump_stack+0x14/0x20\n __might_resched+0x21e/0x2f0\n rt_spin_lock+0x5e/0x130\n ? trace_drop_common.constprop.0+0xb5/0x290\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_drop_common.constprop.0+0xb5/0x290\n ? preempt_count_sub+0x1c/0xd0\n ? _raw_spin_unlock_irqrestore+0x4a/0x80\n ? __pfx_trace_drop_common.constprop.0+0x10/0x10\n ? rt_mutex_slowunlock+0x26a/0x2e0\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_rt_mutex_slowunlock+0x10/0x10\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_kfree_skb_hit+0x15/0x20\n trace_kfree_skb+0xe9/0x150\n kfree_skb_reason+0x7b/0x110\n skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_skb_queue_purge_reason.part.0+0x10/0x10\n ? mark_lock.part.0+0x8a/0x520\n...\n\ntrace_drop_common() also disables interrupts, but this is a minor issue\nbecause we could easily replace it with a local_lock.\n\nReplace the spin_lock with raw_spin_lock to avoid sleeping in atomic\ncontext.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40980",
"url": "https://www.suse.com/security/cve/CVE-2024-40980"
},
{
"category": "external",
"summary": "SUSE Bug 1227937 for CVE-2024-40980",
"url": "https://bugzilla.suse.com/1227937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-40980"
},
{
"cve": "CVE-2024-41005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetpoll: Fix race condition in netpoll_owner_active\n\nKCSAN detected a race condition in netpoll:\n\n\tBUG: KCSAN: data-race in net_rx_action / netpoll_send_skb\n\twrite (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10:\n\tnet_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)\n\u003csnip\u003e\n\tread to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2:\n\tnetpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393)\n\tnetpoll_send_udp (net/core/netpoll.c:?)\n\u003csnip\u003e\n\tvalue changed: 0x0000000a -\u003e 0xffffffff\n\nThis happens because netpoll_owner_active() needs to check if the\ncurrent CPU is the owner of the lock, touching napi-\u003epoll_owner\nnon atomically. The -\u003epoll_owner field contains the current CPU holding\nthe lock.\n\nUse an atomic read to check if the poll owner is the current CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41005",
"url": "https://www.suse.com/security/cve/CVE-2024-41005"
},
{
"category": "external",
"summary": "SUSE Bug 1227858 for CVE-2024-41005",
"url": "https://bugzilla.suse.com/1227858"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-41005"
},
{
"cve": "CVE-2024-41055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: prevent derefencing NULL ptr in pfn_section_valid()\n\nCommit 5ec8e8ea8b77 (\"mm/sparsemem: fix race in accessing\nmemory_section-\u003eusage\") changed pfn_section_valid() to add a READ_ONCE()\ncall around \"ms-\u003eusage\" to fix a race with section_deactivate() where\nms-\u003eusage can be cleared. The READ_ONCE() call, by itself, is not enough\nto prevent NULL pointer dereference. We need to check its value before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41055",
"url": "https://www.suse.com/security/cve/CVE-2024-41055"
},
{
"category": "external",
"summary": "SUSE Bug 1228521 for CVE-2024-41055",
"url": "https://bugzilla.suse.com/1228521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-41055"
},
{
"cve": "CVE-2024-41077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41077"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnull_blk: fix validation of block size\n\nBlock size should be between 512 and PAGE_SIZE and be a power of 2. The current\ncheck does not validate this, so update the check.\n\nWithout this patch, null_blk would Oops due to a null pointer deref when\nloaded with bs=1536 [1].\n\n\n[axboe: remove unnecessary braces and != 0 check]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41077",
"url": "https://www.suse.com/security/cve/CVE-2024-41077"
},
{
"category": "external",
"summary": "SUSE Bug 1228653 for CVE-2024-41077",
"url": "https://bugzilla.suse.com/1228653"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-41077"
},
{
"cve": "CVE-2024-41149",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41149"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: avoid to reuse `hctx` not removed from cpuhp callback list\n\nIf the \u0027hctx\u0027 isn\u0027t removed from cpuhp callback list, we can\u0027t reuse it,\notherwise use-after-free may be triggered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41149",
"url": "https://www.suse.com/security/cve/CVE-2024-41149"
},
{
"category": "external",
"summary": "SUSE Bug 1235698 for CVE-2024-41149",
"url": "https://bugzilla.suse.com/1235698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-41149"
},
{
"cve": "CVE-2024-42307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42307"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential null pointer use in destroy_workqueue in init_cifs error path\n\nDan Carpenter reported a Smack static checker warning:\n fs/smb/client/cifsfs.c:1981 init_cifs()\n error: we previously assumed \u0027serverclose_wq\u0027 could be null (see line 1895)\n\nThe patch which introduced the serverclose workqueue used the wrong\noredering in error paths in init_cifs() for freeing it on errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42307",
"url": "https://www.suse.com/security/cve/CVE-2024-42307"
},
{
"category": "external",
"summary": "SUSE Bug 1229361 for CVE-2024-42307",
"url": "https://bugzilla.suse.com/1229361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-42307"
},
{
"cve": "CVE-2024-43820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43820"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume\n\nrm-raid devices will occasionally trigger the following warning when\nbeing resumed after a table load because DM_RECOVERY_RUNNING is set:\n\nWARNING: CPU: 7 PID: 5660 at drivers/md/dm-raid.c:4105 raid_resume+0xee/0x100 [dm_raid]\n\nThe failing check is:\nWARN_ON_ONCE(test_bit(MD_RECOVERY_RUNNING, \u0026mddev-\u003erecovery));\n\nThis check is designed to make sure that the sync thread isn\u0027t\nregistered, but md_check_recovery can set MD_RECOVERY_RUNNING without\nthe sync_thread ever getting registered. Instead of checking if\nMD_RECOVERY_RUNNING is set, check if sync_thread is non-NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43820",
"url": "https://www.suse.com/security/cve/CVE-2024-43820"
},
{
"category": "external",
"summary": "SUSE Bug 1229311 for CVE-2024-43820",
"url": "https://bugzilla.suse.com/1229311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-43820"
},
{
"cve": "CVE-2024-44974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44974",
"url": "https://www.suse.com/security/cve/CVE-2024-44974"
},
{
"category": "external",
"summary": "SUSE Bug 1230235 for CVE-2024-44974",
"url": "https://bugzilla.suse.com/1230235"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-44974"
},
{
"cve": "CVE-2024-45009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the \"remove single subflow\" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \u0027subflow\u0027 endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\u0027s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45009",
"url": "https://www.suse.com/security/cve/CVE-2024-45009"
},
{
"category": "external",
"summary": "SUSE Bug 1230438 for CVE-2024-45009",
"url": "https://bugzilla.suse.com/1230438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-45009"
},
{
"cve": "CVE-2024-45010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \u0027subflow\u0027 endp as available\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the \"remove single address\" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \u0027signal\u0027 endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\u0027subflow\u0027 endpoints, and here it is a \u0027signal\u0027 endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \u0027subflow\u0027 endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45010",
"url": "https://www.suse.com/security/cve/CVE-2024-45010"
},
{
"category": "external",
"summary": "SUSE Bug 1230439 for CVE-2024-45010",
"url": "https://bugzilla.suse.com/1230439"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-45010"
},
{
"cve": "CVE-2024-46736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46736"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double put of @cfile in smb2_rename_path()\n\nIf smb2_set_path_attr() is called with a valid @cfile and returned\n-EINVAL, we need to call cifs_get_writable_path() again as the\nreference of @cfile was already dropped by previous smb2_compound_op()\ncall.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46736",
"url": "https://www.suse.com/security/cve/CVE-2024-46736"
},
{
"category": "external",
"summary": "SUSE Bug 1230728 for CVE-2024-46736",
"url": "https://bugzilla.suse.com/1230728"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46736"
},
{
"cve": "CVE-2024-46782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: call nf_unregister_net_hooks() sooner\n\nsyzbot found an use-after-free Read in ila_nf_input [1]\n\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\nthen call nf_unregister_net_hooks().\n\nIt should be done in the reverse way, with a synchronize_rcu().\n\nThis is a good match for a pre_exit() method.\n\n[1]\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\n\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\n __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\n process_backlog+0x662/0x15b0 net/core/dev.c:6108\n __napi_poll+0xcb/0x490 net/core/dev.c:6772\n napi_poll net/core/dev.c:6841 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:6963\n handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\n run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\n smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xbfffffff(buddy)\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\n set_page_owner include/linux/page_owner.h:32 [inline]\n post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\n prep_new_page mm/page_alloc.c:1501 [inline]\n get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\n __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\n __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\n alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\n ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\n __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\n __do_kmalloc_node mm/slub.c:4146 [inline]\n __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\n __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\n bucket_table_alloc lib/rhashtable.c:186 [inline]\n rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\n ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\n ops_ini\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46782",
"url": "https://www.suse.com/security/cve/CVE-2024-46782"
},
{
"category": "external",
"summary": "SUSE Bug 1230769 for CVE-2024-46782",
"url": "https://bugzilla.suse.com/1230769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46782"
},
{
"cve": "CVE-2024-46796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46796"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double put of @cfile in smb2_set_path_size()\n\nIf smb2_compound_op() is called with a valid @cfile and returned\n-EINVAL, we need to call cifs_get_writable_path() before retrying it\nas the reference of @cfile was already dropped by previous call.\n\nThis fixes the following KASAN splat when running fstests generic/013\nagainst Windows Server 2022:\n\n CIFS: Attempting to mount //w22-fs0/scratch\n run fstests generic/013 at 2024-09-02 19:48:59\n ==================================================================\n BUG: KASAN: slab-use-after-free in detach_if_pending+0xab/0x200\n Write of size 8 at addr ffff88811f1a3730 by task kworker/3:2/176\n\n CPU: 3 UID: 0 PID: 176 Comm: kworker/3:2 Not tainted 6.11.0-rc6 #2\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40\n 04/01/2014\n Workqueue: cifsoplockd cifs_oplock_break [cifs]\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ? detach_if_pending+0xab/0x200\n print_report+0x156/0x4d9\n ? detach_if_pending+0xab/0x200\n ? __virt_addr_valid+0x145/0x300\n ? __phys_addr+0x46/0x90\n ? detach_if_pending+0xab/0x200\n kasan_report+0xda/0x110\n ? detach_if_pending+0xab/0x200\n detach_if_pending+0xab/0x200\n timer_delete+0x96/0xe0\n ? __pfx_timer_delete+0x10/0x10\n ? rcu_is_watching+0x20/0x50\n try_to_grab_pending+0x46/0x3b0\n __cancel_work+0x89/0x1b0\n ? __pfx___cancel_work+0x10/0x10\n ? kasan_save_track+0x14/0x30\n cifs_close_deferred_file+0x110/0x2c0 [cifs]\n ? __pfx_cifs_close_deferred_file+0x10/0x10 [cifs]\n ? __pfx_down_read+0x10/0x10\n cifs_oplock_break+0x4c1/0xa50 [cifs]\n ? __pfx_cifs_oplock_break+0x10/0x10 [cifs]\n ? lock_is_held_type+0x85/0xf0\n ? mark_held_locks+0x1a/0x90\n process_one_work+0x4c6/0x9f0\n ? find_held_lock+0x8a/0xa0\n ? __pfx_process_one_work+0x10/0x10\n ? lock_acquired+0x220/0x550\n ? __list_add_valid_or_report+0x37/0x100\n worker_thread+0x2e4/0x570\n ? __kthread_parkme+0xd1/0xf0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x17f/0x1c0\n ? kthread+0xda/0x1c0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\n Allocated by task 1118:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n cifs_new_fileinfo+0xc8/0x9d0 [cifs]\n cifs_atomic_open+0x467/0x770 [cifs]\n lookup_open.isra.0+0x665/0x8b0\n path_openat+0x4c3/0x1380\n do_filp_open+0x167/0x270\n do_sys_openat2+0x129/0x160\n __x64_sys_creat+0xad/0xe0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 83:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x70\n poison_slab_object+0xe9/0x160\n __kasan_slab_free+0x32/0x50\n kfree+0xf2/0x300\n process_one_work+0x4c6/0x9f0\n worker_thread+0x2e4/0x570\n kthread+0x17f/0x1c0\n ret_from_fork+0x31/0x60\n ret_from_fork_asm+0x1a/0x30\n\n Last potentially related work creation:\n kasan_save_stack+0x30/0x50\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x29/0xe0\n __queue_work+0x5ea/0x760\n queue_work_on+0x6d/0x90\n _cifsFileInfo_put+0x3f6/0x770 [cifs]\n smb2_compound_op+0x911/0x3940 [cifs]\n smb2_set_path_size+0x228/0x270 [cifs]\n cifs_set_file_size+0x197/0x460 [cifs]\n cifs_setattr+0xd9c/0x14b0 [cifs]\n notify_change+0x4e3/0x740\n do_truncate+0xfa/0x180\n vfs_truncate+0x195/0x200\n __x64_sys_truncate+0x109/0x150\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46796",
"url": "https://www.suse.com/security/cve/CVE-2024-46796"
},
{
"category": "external",
"summary": "SUSE Bug 1230832 for CVE-2024-46796",
"url": "https://bugzilla.suse.com/1230832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46796"
},
{
"cve": "CVE-2024-46858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: Fix uaf in __timer_delete_sync\n\nThere are two paths to access mptcp_pm_del_add_timer, result in a race\ncondition:\n\n CPU1\t\t\t\tCPU2\n ==== ====\n net_rx_action\n napi_poll netlink_sendmsg\n __napi_poll netlink_unicast\n process_backlog netlink_unicast_kernel\n __netif_receive_skb genl_rcv\n __netif_receive_skb_one_core netlink_rcv_skb\n NF_HOOK genl_rcv_msg\n ip_local_deliver_finish genl_family_rcv_msg\n ip_protocol_deliver_rcu genl_family_rcv_msg_doit\n tcp_v4_rcv mptcp_pm_nl_flush_addrs_doit\n tcp_v4_do_rcv mptcp_nl_remove_addrs_list\n tcp_rcv_established mptcp_pm_remove_addrs_and_subflows\n tcp_data_queue remove_anno_list_by_saddr\n mptcp_incoming_options mptcp_pm_del_add_timer\n mptcp_pm_del_add_timer kfree(entry)\n\nIn remove_anno_list_by_saddr(running on CPU2), after leaving the critical\nzone protected by \"pm.lock\", the entry will be released, which leads to the\noccurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1).\n\nKeeping a reference to add_timer inside the lock, and calling\nsk_stop_timer_sync() with this reference, instead of \"entry-\u003eadd_timer\".\n\nMove list_del(\u0026entry-\u003elist) to mptcp_pm_del_add_timer and inside the pm lock,\ndo not directly access any members of the entry outside the pm lock, which\ncan avoid similar \"entry-\u003ex\" uaf.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46858",
"url": "https://www.suse.com/security/cve/CVE-2024-46858"
},
{
"category": "external",
"summary": "SUSE Bug 1231088 for CVE-2024-46858",
"url": "https://bugzilla.suse.com/1231088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46858"
},
{
"cve": "CVE-2024-47408",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47408"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check smcd_v2_ext_offset when receiving proposal msg\n\nWhen receiving proposal msg in server, the field smcd_v2_ext_offset in\nproposal msg is from the remote client and can not be fully trusted.\nOnce the value of smcd_v2_ext_offset exceed the max value, there has\nthe chance to access wrong address, and crash may happen.\n\nThis patch checks the value of smcd_v2_ext_offset before using it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47408",
"url": "https://www.suse.com/security/cve/CVE-2024-47408"
},
{
"category": "external",
"summary": "SUSE Bug 1235711 for CVE-2024-47408",
"url": "https://bugzilla.suse.com/1235711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47408"
},
{
"cve": "CVE-2024-47701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid OOB when system.data xattr changes underneath the filesystem\n\nWhen looking up for an entry in an inlined directory, if e_value_offs is\nchanged underneath the filesystem by some change in the block device, it\nwill lead to an out-of-bounds access that KASAN detects as an UAF.\n\nEXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.\nloop0: detected capacity change from 2048 to 2047\n==================================================================\nBUG: KASAN: use-after-free in ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\nRead of size 1 at addr ffff88803e91130f by task syz-executor269/5103\n\nCPU: 0 UID: 0 PID: 5103 Comm: syz-executor269 Not tainted 6.11.0-rc4-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\n ext4_find_inline_entry+0x4be/0x5e0 fs/ext4/inline.c:1697\n __ext4_find_entry+0x2b4/0x1b30 fs/ext4/namei.c:1573\n ext4_lookup_entry fs/ext4/namei.c:1727 [inline]\n ext4_lookup+0x15f/0x750 fs/ext4/namei.c:1795\n lookup_one_qstr_excl+0x11f/0x260 fs/namei.c:1633\n filename_create+0x297/0x540 fs/namei.c:3980\n do_symlinkat+0xf9/0x3a0 fs/namei.c:4587\n __do_sys_symlinkat fs/namei.c:4610 [inline]\n __se_sys_symlinkat fs/namei.c:4607 [inline]\n __x64_sys_symlinkat+0x95/0xb0 fs/namei.c:4607\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f3e73ced469\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff4d40c258 EFLAGS: 00000246 ORIG_RAX: 000000000000010a\nRAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f3e73ced469\nRDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0\nRBP: 0000000000000000 R08: 00007fff4d40c290 R09: 00007fff4d40c290\nR10: 0023706f6f6c2f76 R11: 0000000000000246 R12: 00007fff4d40c27c\nR13: 0000000000000003 R14: 431bde82d7b634db R15: 00007fff4d40c2b0\n \u003c/TASK\u003e\n\nCalling ext4_xattr_ibody_find right after reading the inode with\next4_get_inode_loc will lead to a check of the validity of the xattrs,\navoiding this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47701",
"url": "https://www.suse.com/security/cve/CVE-2024-47701"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1231920 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1231920"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47701"
},
{
"cve": "CVE-2024-47794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Prevent tailcall infinite loop caused by freplace\n\nThere is a potential infinite loop issue that can occur when using a\ncombination of tail calls and freplace.\n\nIn an upcoming selftest, the attach target for entry_freplace of\ntailcall_freplace.c is subprog_tc of tc_bpf2bpf.c, while the tail call in\nentry_freplace leads to entry_tc. This results in an infinite loop:\n\nentry_tc -\u003e subprog_tc -\u003e entry_freplace --tailcall-\u003e entry_tc.\n\nThe problem arises because the tail_call_cnt in entry_freplace resets to\nzero each time entry_freplace is executed, causing the tail call mechanism\nto never terminate, eventually leading to a kernel panic.\n\nTo fix this issue, the solution is twofold:\n\n1. Prevent updating a program extended by an freplace program to a\n prog_array map.\n2. Prevent extending a program that is already part of a prog_array map\n with an freplace program.\n\nThis ensures that:\n\n* If a program or its subprogram has been extended by an freplace program,\n it can no longer be updated to a prog_array map.\n* If a program has been added to a prog_array map, neither it nor its\n subprograms can be extended by an freplace program.\n\nMoreover, an extension program should not be tailcalled. As such, return\n-EINVAL if the program has a type of BPF_PROG_TYPE_EXT when adding it to a\nprog_array map.\n\nAdditionally, fix a minor code style issue by replacing eight spaces with a\ntab for proper formatting.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47794",
"url": "https://www.suse.com/security/cve/CVE-2024-47794"
},
{
"category": "external",
"summary": "SUSE Bug 1235712 for CVE-2024-47794",
"url": "https://bugzilla.suse.com/1235712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47794"
},
{
"cve": "CVE-2024-49571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49571"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg\n\nWhen receiving proposal msg in server, the field iparea_offset\nand the field ipv6_prefixes_cnt in proposal msg are from the\nremote client and can not be fully trusted. Especially the\nfield iparea_offset, once exceed the max value, there has the\nchance to access wrong address, and crash may happen.\n\nThis patch checks iparea_offset and ipv6_prefixes_cnt before using them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49571",
"url": "https://www.suse.com/security/cve/CVE-2024-49571"
},
{
"category": "external",
"summary": "SUSE Bug 1235733 for CVE-2024-49571",
"url": "https://bugzilla.suse.com/1235733"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49571"
},
{
"cve": "CVE-2024-49884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix slab-use-after-free in ext4_split_extent_at()\n\nWe hit the following use-after-free:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_split_extent_at+0xba8/0xcc0\nRead of size 2 at addr ffff88810548ed08 by task kworker/u20:0/40\nCPU: 0 PID: 40 Comm: kworker/u20:0 Not tainted 6.9.0-dirty #724\nCall Trace:\n \u003cTASK\u003e\n kasan_report+0x93/0xc0\n ext4_split_extent_at+0xba8/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nAllocated by task 40:\n __kmalloc_noprof+0x1ac/0x480\n ext4_find_extent+0xf3b/0x1e70\n ext4_ext_map_blocks+0x188/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nFreed by task 40:\n kfree+0xf1/0x2b0\n ext4_find_extent+0xa71/0x1e70\n ext4_ext_insert_extent+0xa22/0x3260\n ext4_split_extent_at+0x3ef/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n==================================================================\n\nThe flow of issue triggering is as follows:\n\next4_split_extent_at\n path = *ppath\n ext4_ext_insert_extent(ppath)\n ext4_ext_create_new_leaf(ppath)\n ext4_find_extent(orig_path)\n path = *orig_path\n read_extent_tree_block\n // return -ENOMEM or -EIO\n ext4_free_ext_path(path)\n kfree(path)\n *orig_path = NULL\n a. If err is -ENOMEM:\n ext4_ext_dirty(path + path-\u003ep_depth)\n // path use-after-free !!!\n b. If err is -EIO and we have EXT_DEBUG defined:\n ext4_ext_show_leaf(path)\n eh = path[depth].p_hdr\n // path also use-after-free !!!\n\nSo when trying to zeroout or fix the extent length, call ext4_find_extent()\nto update the path.\n\nIn addition we use *ppath directly as an ext4_ext_show_leaf() input to\navoid possible use-after-free when EXT_DEBUG is defined, and to avoid\nunnecessary path updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49884",
"url": "https://www.suse.com/security/cve/CVE-2024-49884"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232198 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1232198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49884"
},
{
"cve": "CVE-2024-49924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: pxafb: Fix possible use after free in pxafb_task()\n\nIn the pxafb_probe function, it calls the pxafb_init_fbinfo function,\nafter which \u0026fbi-\u003etask is associated with pxafb_task. Moreover,\nwithin this pxafb_init_fbinfo function, the pxafb_blank function\nwithin the \u0026pxafb_ops struct is capable of scheduling work.\n\nIf we remove the module which will call pxafb_remove to make cleanup,\nit will call unregister_framebuffer function which can call\ndo_unregister_framebuffer to free fbi-\u003efb through\nput_fb_info(fb_info), while the work mentioned above will be used.\nThe sequence of operations that may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | pxafb_task\npxafb_remove |\nunregister_framebuffer(info) |\ndo_unregister_framebuffer(fb_info) |\nput_fb_info(fb_info) |\n// free fbi-\u003efb | set_ctrlr_state(fbi, state)\n | __pxafb_lcd_power(fbi, 0)\n | fbi-\u003elcd_power(on, \u0026fbi-\u003efb.var)\n | //use fbi-\u003efb\n\nFix it by ensuring that the work is canceled before proceeding\nwith the cleanup in pxafb_remove.\n\nNote that only root user can remove the driver at runtime.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49924",
"url": "https://www.suse.com/security/cve/CVE-2024-49924"
},
{
"category": "external",
"summary": "SUSE Bug 1232364 for CVE-2024-49924",
"url": "https://bugzilla.suse.com/1232364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49924"
},
{
"cve": "CVE-2024-49940",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49940"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: prevent possible tunnel refcount underflow\n\nWhen a session is created, it sets a backpointer to its tunnel. When\nthe session refcount drops to 0, l2tp_session_free drops the tunnel\nrefcount if session-\u003etunnel is non-NULL. However, session-\u003etunnel is\nset in l2tp_session_create, before the tunnel refcount is incremented\nby l2tp_session_register, which leaves a small window where\nsession-\u003etunnel is non-NULL when the tunnel refcount hasn\u0027t been\nbumped.\n\nMoving the assignment to l2tp_session_register is trivial but\nl2tp_session_create calls l2tp_session_set_header_len which uses\nsession-\u003etunnel to get the tunnel\u0027s encap. Add an encap arg to\nl2tp_session_set_header_len to avoid using session-\u003etunnel.\n\nIf l2tpv3 sessions have colliding IDs, it is possible for\nl2tp_v3_session_get to race with l2tp_session_register and fetch a\nsession which doesn\u0027t yet have session-\u003etunnel set. Add a check for\nthis case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49940",
"url": "https://www.suse.com/security/cve/CVE-2024-49940"
},
{
"category": "external",
"summary": "SUSE Bug 1232812 for CVE-2024-49940",
"url": "https://bugzilla.suse.com/1232812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49940"
},
{
"cve": "CVE-2024-49950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49950"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix uaf in l2cap_connect\n\n[Syzbot reported]\nBUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\nRead of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nWorkqueue: hci2 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\n l2cap_connect_req net/bluetooth/l2cap_core.c:4080 [inline]\n l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline]\n l2cap_recv_frame+0xf0b/0x8eb0 net/bluetooth/l2cap_core.c:6825\n l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514\n hci_acldata_packet net/bluetooth/hci_core.c:3791 [inline]\n hci_rx_work+0xaab/0x1610 net/bluetooth/hci_core.c:4028\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n...\n\nFreed by task 5245:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579\n poison_slab_object+0xf7/0x160 mm/kasan/common.c:240\n __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2256 [inline]\n slab_free mm/slub.c:4477 [inline]\n kfree+0x12a/0x3b0 mm/slub.c:4598\n l2cap_conn_free net/bluetooth/l2cap_core.c:1810 [inline]\n kref_put include/linux/kref.h:65 [inline]\n l2cap_conn_put net/bluetooth/l2cap_core.c:1822 [inline]\n l2cap_conn_del+0x59d/0x730 net/bluetooth/l2cap_core.c:1802\n l2cap_connect_cfm+0x9e6/0xf80 net/bluetooth/l2cap_core.c:7241\n hci_connect_cfm include/net/bluetooth/hci_core.h:1960 [inline]\n hci_conn_failed+0x1c3/0x370 net/bluetooth/hci_conn.c:1265\n hci_abort_conn_sync+0x75a/0xb50 net/bluetooth/hci_sync.c:5583\n abort_conn_sync+0x197/0x360 net/bluetooth/hci_conn.c:2917\n hci_cmd_sync_work+0x1a4/0x410 net/bluetooth/hci_sync.c:328\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49950",
"url": "https://www.suse.com/security/cve/CVE-2024-49950"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232159 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1232159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49950"
},
{
"cve": "CVE-2024-49994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix integer overflow in BLKSECDISCARD\n\nI independently rediscovered\n\n\tcommit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155\n\tblock: fix overflow in blk_ioctl_discard()\n\nbut for secure erase.\n\nSame problem:\n\n\tuint64_t r[2] = {512, 18446744073709551104ULL};\n\tioctl(fd, BLKSECDISCARD, r);\n\nwill enter near infinite loop inside blkdev_issue_secure_erase():\n\n\ta.out: attempt to access beyond end of device\n\tloop0: rw=5, sector=3399043073, nr_sectors = 1024 limit=2048\n\tbio_check_eod: 3286214 callbacks suppressed",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49994",
"url": "https://www.suse.com/security/cve/CVE-2024-49994"
},
{
"category": "external",
"summary": "SUSE Bug 1237757 for CVE-2024-49994",
"url": "https://bugzilla.suse.com/1237757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49994"
},
{
"cve": "CVE-2024-50029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50029"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync\n\nThis checks if the ACL connection remains valid as it could be destroyed\nwhile hci_enhanced_setup_sync is pending on cmd_sync leading to the\nfollowing trace:\n\nBUG: KASAN: slab-use-after-free in hci_enhanced_setup_sync+0x91b/0xa60\nRead of size 1 at addr ffff888002328ffd by task kworker/u5:2/37\n\nCPU: 0 UID: 0 PID: 37 Comm: kworker/u5:2 Not tainted 6.11.0-rc6-01300-g810be445d8d6 #7099\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ? hci_enhanced_setup_sync+0x91b/0xa60\n print_report+0x152/0x4c0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n ? __virt_addr_valid+0x1fa/0x420\n ? hci_enhanced_setup_sync+0x91b/0xa60\n kasan_report+0xda/0x1b0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n hci_enhanced_setup_sync+0x91b/0xa60\n ? __pfx_hci_enhanced_setup_sync+0x10/0x10\n ? __pfx___mutex_lock+0x10/0x10\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n ? __pfx_lock_acquire+0x10/0x10\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x167/0x240\n worker_thread+0x5b7/0xf60\n ? __kthread_parkme+0xac/0x1c0\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x293/0x360\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2f/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 34:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n __hci_conn_add+0x187/0x17d0\n hci_connect_sco+0x2e1/0xb90\n sco_sock_connect+0x2a2/0xb80\n __sys_connect+0x227/0x2a0\n __x64_sys_connect+0x6d/0xb0\n do_syscall_64+0x71/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 37:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x101/0x160\n kfree+0xd0/0x250\n device_release+0x9a/0x210\n kobject_put+0x151/0x280\n hci_conn_del+0x448/0xbf0\n hci_abort_conn_sync+0x46f/0x980\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n worker_thread+0x5b7/0xf60\n kthread+0x293/0x360\n ret_from_fork+0x2f/0x70\n ret_from_fork_asm+0x1a/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50029",
"url": "https://www.suse.com/security/cve/CVE-2024-50029"
},
{
"category": "external",
"summary": "SUSE Bug 1231949 for CVE-2024-50029",
"url": "https://bugzilla.suse.com/1231949"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50029"
},
{
"cve": "CVE-2024-50036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not delay dst_entries_add() in dst_release()\n\ndst_entries_add() uses per-cpu data that might be freed at netns\ndismantle from ip6_route_net_exit() calling dst_entries_destroy()\n\nBefore ip6_route_net_exit() can be called, we release all\nthe dsts associated with this netns, via calls to dst_release(),\nwhich waits an rcu grace period before calling dst_destroy()\n\ndst_entries_add() use in dst_destroy() is racy, because\ndst_entries_destroy() could have been called already.\n\nDecrementing the number of dsts must happen sooner.\n\nNotes:\n\n1) in CONFIG_XFRM case, dst_destroy() can call\n dst_release_immediate(child), this might also cause UAF\n if the child does not have DST_NOCOUNT set.\n IPSEC maintainers might take a look and see how to address this.\n\n2) There is also discussion about removing this count of dst,\n which might happen in future kernels.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50036",
"url": "https://www.suse.com/security/cve/CVE-2024-50036"
},
{
"category": "external",
"summary": "SUSE Bug 1231912 for CVE-2024-50036",
"url": "https://bugzilla.suse.com/1231912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50036"
},
{
"cve": "CVE-2024-50056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c\n\nFix potential dereferencing of ERR_PTR() in find_format_by_pix()\nand uvc_v4l2_enum_format().\n\nFix the following smatch errors:\n\ndrivers/usb/gadget/function/uvc_v4l2.c:124 find_format_by_pix()\nerror: \u0027fmtdesc\u0027 dereferencing possible ERR_PTR()\n\ndrivers/usb/gadget/function/uvc_v4l2.c:392 uvc_v4l2_enum_format()\nerror: \u0027fmtdesc\u0027 dereferencing possible ERR_PTR()\n\nAlso, fix similar issue in uvc_v4l2_try_format() for potential\ndereferencing of ERR_PTR().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50056",
"url": "https://www.suse.com/security/cve/CVE-2024-50056"
},
{
"category": "external",
"summary": "SUSE Bug 1232389 for CVE-2024-50056",
"url": "https://bugzilla.suse.com/1232389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50056"
},
{
"cve": "CVE-2024-50073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50073"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Fix use-after-free in gsm_cleanup_mux\n\nBUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0\ndrivers/tty/n_gsm.c:3160 [n_gsm]\nRead of size 8 at addr ffff88815fe99c00 by task poc/3379\nCPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56\nHardware name: VMware, Inc. VMware Virtual Platform/440BX\nDesktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n \u003cTASK\u003e\n gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]\n __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389\n update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500\n __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846\n __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107\n __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]\n ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195\n ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79\n __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338\n __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\nAllocated by task 65:\n gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]\n gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]\n gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]\n gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]\n tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391\n tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39\n flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445\n process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229\n worker_thread+0x3dc/0x950 kernel/workqueue.c:3391\n kthread+0x2a3/0x370 kernel/kthread.c:389\n ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257\n\nFreed by task 3367:\n kfree+0x126/0x420 mm/slub.c:4580\n gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\n[Analysis]\ngsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux\ncan be freed by multi threads through ioctl,which leads\nto the occurrence of uaf. Protect it by gsm tx lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50073",
"url": "https://www.suse.com/security/cve/CVE-2024-50073"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232520 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1232520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-50073"
},
{
"cve": "CVE-2024-50085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow\n\nSyzkaller reported this splat:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n Read of size 4 at addr ffff8880569ac858 by task syz.1.2799/14662\n\n CPU: 0 UID: 0 PID: 14662 Comm: syz.1.2799 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:914 [inline]\n mptcp_nl_remove_id_zero_address+0x305/0x4a0 net/mptcp/pm_netlink.c:1572\n mptcp_pm_nl_del_addr_doit+0x5c9/0x770 net/mptcp/pm_netlink.c:1603\n genl_family_rcv_msg_doit+0x202/0x2f0 net/netlink/genetlink.c:1115\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0x565/0x800 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x165/0x410 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg net/socket.c:744 [inline]\n ____sys_sendmsg+0x9ae/0xb40 net/socket.c:2607\n ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661\n __sys_sendmsg+0x117/0x1f0 net/socket.c:2690\n do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]\n __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386\n do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411\n entry_SYSENTER_compat_after_hwframe+0x84/0x8e\n RIP: 0023:0xf7fe4579\n Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 \u003c5d\u003e 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00\n RSP: 002b:00000000f574556c EFLAGS: 00000296 ORIG_RAX: 0000000000000172\n RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000020000140\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\n Allocated by task 5387:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kmalloc_noprof include/linux/slab.h:878 [inline]\n kzalloc_noprof include/linux/slab.h:1014 [inline]\n subflow_create_ctx+0x87/0x2a0 net/mptcp/subflow.c:1803\n subflow_ulp_init+0xc3/0x4d0 net/mptcp/subflow.c:1956\n __tcp_set_ulp net/ipv4/tcp_ulp.c:146 [inline]\n tcp_set_ulp+0x326/0x7f0 net/ipv4/tcp_ulp.c:167\n mptcp_subflow_create_socket+0x4ae/0x10a0 net/mptcp/subflow.c:1764\n __mptcp_subflow_connect+0x3cc/0x1490 net/mptcp/subflow.c:1592\n mptcp_pm_create_subflow_or_signal_addr+0xbda/0x23a0 net/mptcp/pm_netlink.c:642\n mptcp_pm_nl_fully_established net/mptcp/pm_netlink.c:650 [inline]\n mptcp_pm_nl_work+0x3a1/0x4f0 net/mptcp/pm_netlink.c:943\n mptcp_worker+0x15a/0x1240 net/mptcp/protocol.c:2777\n process_one_work+0x958/0x1b30 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/ke\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50085",
"url": "https://www.suse.com/security/cve/CVE-2024-50085"
},
{
"category": "external",
"summary": "SUSE Bug 1232508 for CVE-2024-50085",
"url": "https://bugzilla.suse.com/1232508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50085"
},
{
"cve": "CVE-2024-50115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory\n\nIgnore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits\n4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn\u0027t\nenforce 32-byte alignment of nCR3.\n\nIn the absolute worst case scenario, failure to ignore bits 4:0 can result\nin an out-of-bounds read, e.g. if the target page is at the end of a\nmemslot, and the VMM isn\u0027t using guard pages.\n\nPer the APM:\n\n The CR3 register points to the base address of the page-directory-pointer\n table. The page-directory-pointer table is aligned on a 32-byte boundary,\n with the low 5 address bits 4:0 assumed to be 0.\n\nAnd the SDM\u0027s much more explicit:\n\n 4:0 Ignored\n\nNote, KVM gets this right when loading PDPTRs, it\u0027s only the nSVM flow\nthat is broken.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50115",
"url": "https://www.suse.com/security/cve/CVE-2024-50115"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232919 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "external",
"summary": "SUSE Bug 1233019 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1233019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-50115"
},
{
"cve": "CVE-2024-50126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50126"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: use RCU read-side critical section in taprio_dump()\n\nFix possible use-after-free in \u0027taprio_dump()\u0027 by adding RCU\nread-side critical section there. Never seen on x86 but\nfound on a KASAN-enabled arm64 system when investigating\nhttps://syzkaller.appspot.com/bug?extid=b65e0af58423fc8a73aa:\n\n[T15862] BUG: KASAN: slab-use-after-free in taprio_dump+0xa0c/0xbb0\n[T15862] Read of size 4 at addr ffff0000d4bb88f8 by task repro/15862\n[T15862]\n[T15862] CPU: 0 UID: 0 PID: 15862 Comm: repro Not tainted 6.11.0-rc1-00293-gdefaf1a2113a-dirty #2\n[T15862] Hardware name: QEMU QEMU Virtual Machine, BIOS edk2-20240524-5.fc40 05/24/2024\n[T15862] Call trace:\n[T15862] dump_backtrace+0x20c/0x220\n[T15862] show_stack+0x2c/0x40\n[T15862] dump_stack_lvl+0xf8/0x174\n[T15862] print_report+0x170/0x4d8\n[T15862] kasan_report+0xb8/0x1d4\n[T15862] __asan_report_load4_noabort+0x20/0x2c\n[T15862] taprio_dump+0xa0c/0xbb0\n[T15862] tc_fill_qdisc+0x540/0x1020\n[T15862] qdisc_notify.isra.0+0x330/0x3a0\n[T15862] tc_modify_qdisc+0x7b8/0x1838\n[T15862] rtnetlink_rcv_msg+0x3c8/0xc20\n[T15862] netlink_rcv_skb+0x1f8/0x3d4\n[T15862] rtnetlink_rcv+0x28/0x40\n[T15862] netlink_unicast+0x51c/0x790\n[T15862] netlink_sendmsg+0x79c/0xc20\n[T15862] __sock_sendmsg+0xe0/0x1a0\n[T15862] ____sys_sendmsg+0x6c0/0x840\n[T15862] ___sys_sendmsg+0x1ac/0x1f0\n[T15862] __sys_sendmsg+0x110/0x1d0\n[T15862] __arm64_sys_sendmsg+0x74/0xb0\n[T15862] invoke_syscall+0x88/0x2e0\n[T15862] el0_svc_common.constprop.0+0xe4/0x2a0\n[T15862] do_el0_svc+0x44/0x60\n[T15862] el0_svc+0x50/0x184\n[T15862] el0t_64_sync_handler+0x120/0x12c\n[T15862] el0t_64_sync+0x190/0x194\n[T15862]\n[T15862] Allocated by task 15857:\n[T15862] kasan_save_stack+0x3c/0x70\n[T15862] kasan_save_track+0x20/0x3c\n[T15862] kasan_save_alloc_info+0x40/0x60\n[T15862] __kasan_kmalloc+0xd4/0xe0\n[T15862] __kmalloc_cache_noprof+0x194/0x334\n[T15862] taprio_change+0x45c/0x2fe0\n[T15862] tc_modify_qdisc+0x6a8/0x1838\n[T15862] rtnetlink_rcv_msg+0x3c8/0xc20\n[T15862] netlink_rcv_skb+0x1f8/0x3d4\n[T15862] rtnetlink_rcv+0x28/0x40\n[T15862] netlink_unicast+0x51c/0x790\n[T15862] netlink_sendmsg+0x79c/0xc20\n[T15862] __sock_sendmsg+0xe0/0x1a0\n[T15862] ____sys_sendmsg+0x6c0/0x840\n[T15862] ___sys_sendmsg+0x1ac/0x1f0\n[T15862] __sys_sendmsg+0x110/0x1d0\n[T15862] __arm64_sys_sendmsg+0x74/0xb0\n[T15862] invoke_syscall+0x88/0x2e0\n[T15862] el0_svc_common.constprop.0+0xe4/0x2a0\n[T15862] do_el0_svc+0x44/0x60\n[T15862] el0_svc+0x50/0x184\n[T15862] el0t_64_sync_handler+0x120/0x12c\n[T15862] el0t_64_sync+0x190/0x194\n[T15862]\n[T15862] Freed by task 6192:\n[T15862] kasan_save_stack+0x3c/0x70\n[T15862] kasan_save_track+0x20/0x3c\n[T15862] kasan_save_free_info+0x4c/0x80\n[T15862] poison_slab_object+0x110/0x160\n[T15862] __kasan_slab_free+0x3c/0x74\n[T15862] kfree+0x134/0x3c0\n[T15862] taprio_free_sched_cb+0x18c/0x220\n[T15862] rcu_core+0x920/0x1b7c\n[T15862] rcu_core_si+0x10/0x1c\n[T15862] handle_softirqs+0x2e8/0xd64\n[T15862] __do_softirq+0x14/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50126",
"url": "https://www.suse.com/security/cve/CVE-2024-50126"
},
{
"category": "external",
"summary": "SUSE Bug 1232895 for CVE-2024-50126",
"url": "https://bugzilla.suse.com/1232895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50126"
},
{
"cve": "CVE-2024-50140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/core: Disable page allocation in task_tick_mm_cid()\n\nWith KASAN and PREEMPT_RT enabled, calling task_work_add() in\ntask_tick_mm_cid() may cause the following splat.\n\n[ 63.696416] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n[ 63.696416] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 610, name: modprobe\n[ 63.696416] preempt_count: 10001, expected: 0\n[ 63.696416] RCU nest depth: 1, expected: 1\n\nThis problem is caused by the following call trace.\n\n sched_tick() [ acquire rq-\u003e__lock ]\n -\u003e task_tick_mm_cid()\n -\u003e task_work_add()\n -\u003e __kasan_record_aux_stack()\n -\u003e kasan_save_stack()\n -\u003e stack_depot_save_flags()\n -\u003e alloc_pages_mpol_noprof()\n -\u003e __alloc_pages_noprof()\n\t -\u003e get_page_from_freelist()\n\t -\u003e rmqueue()\n\t -\u003e rmqueue_pcplist()\n\t -\u003e __rmqueue_pcplist()\n\t -\u003e rmqueue_bulk()\n\t -\u003e rt_spin_lock()\n\nThe rq lock is a raw_spinlock_t. We can\u0027t sleep while holding\nit. IOW, we can\u0027t call alloc_pages() in stack_depot_save_flags().\n\nThe task_tick_mm_cid() function with its task_work_add() call was\nintroduced by commit 223baf9d17f2 (\"sched: Fix performance regression\nintroduced by mm_cid\") in v6.4 kernel.\n\nFortunately, there is a kasan_record_aux_stack_noalloc() variant that\ncalls stack_depot_save_flags() while not allowing it to allocate\nnew pages. To allow task_tick_mm_cid() to use task_work without\npage allocation, a new TWAF_NO_ALLOC flag is added to enable calling\nkasan_record_aux_stack_noalloc() instead of kasan_record_aux_stack()\nif set. The task_tick_mm_cid() function is modified to add this new flag.\n\nThe possible downside is the missing stack trace in a KASAN report due\nto new page allocation required when task_work_add_noallloc() is called\nwhich should be rare.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50140",
"url": "https://www.suse.com/security/cve/CVE-2024-50140"
},
{
"category": "external",
"summary": "SUSE Bug 1233060 for CVE-2024-50140",
"url": "https://bugzilla.suse.com/1233060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50140"
},
{
"cve": "CVE-2024-50142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset\n\nThis expands the validation introduced in commit 07bf7908950a (\"xfrm:\nValidate address prefix lengths in the xfrm selector.\")\n\nsyzbot created an SA with\n usersa.sel.family = AF_UNSPEC\n usersa.sel.prefixlen_s = 128\n usersa.family = AF_INET\n\nBecause of the AF_UNSPEC selector, verify_newsa_info doesn\u0027t put\nlimits on prefixlen_{s,d}. But then copy_from_user_state sets\nx-\u003esel.family to usersa.family (AF_INET). Do the same conversion in\nverify_newsa_info before validating prefixlen_{s,d}, since that\u0027s how\nprefixlen is going to be used later on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50142",
"url": "https://www.suse.com/security/cve/CVE-2024-50142"
},
{
"category": "external",
"summary": "SUSE Bug 1233028 for CVE-2024-50142",
"url": "https://bugzilla.suse.com/1233028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50142"
},
{
"cve": "CVE-2024-50152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50152"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix possible double free in smb2_set_ea()\n\nClang static checker(scan-build) warning:\nfs/smb/client/smb2ops.c:1304:2: Attempt to free released memory.\n 1304 | kfree(ea);\n | ^~~~~~~~~\n\nThere is a double free in such case:\n\u0027ea is initialized to NULL\u0027 -\u003e \u0027first successful memory allocation for\nea\u0027 -\u003e \u0027something failed, goto sea_exit\u0027 -\u003e \u0027first memory release for ea\u0027\n-\u003e \u0027goto replay_again\u0027 -\u003e \u0027second goto sea_exit before allocate memory\nfor ea\u0027 -\u003e \u0027second memory release for ea resulted in double free\u0027.\n\nRe-initialie \u0027ea\u0027 to NULL near to the replay_again label, it can fix this\ndouble free problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50152",
"url": "https://www.suse.com/security/cve/CVE-2024-50152"
},
{
"category": "external",
"summary": "SUSE Bug 1233033 for CVE-2024-50152",
"url": "https://bugzilla.suse.com/1233033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50152"
},
{
"cve": "CVE-2024-50185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50185"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle consistently DSS corruption\n\nBugged peer implementation can send corrupted DSS options, consistently\nhitting a few warning in the data path. Use DEBUG_NET assertions, to\navoid the splat on some builds and handle consistently the error, dumping\nrelated MIBs and performing fallback and/or reset according to the\nsubflow type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50185",
"url": "https://www.suse.com/security/cve/CVE-2024-50185"
},
{
"category": "external",
"summary": "SUSE Bug 1233109 for CVE-2024-50185",
"url": "https://bugzilla.suse.com/1233109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50185"
},
{
"cve": "CVE-2024-50251",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50251"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_payload: sanitize offset and length before calling skb_checksum()\n\nIf access to offset + length is larger than the skbuff length, then\nskb_checksum() triggers BUG_ON().\n\nskb_checksum() internally subtracts the length parameter while iterating\nover skbuff, BUG_ON(len) at the end of it checks that the expected\nlength to be included in the checksum calculation is fully consumed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50251",
"url": "https://www.suse.com/security/cve/CVE-2024-50251"
},
{
"category": "external",
"summary": "SUSE Bug 1233248 for CVE-2024-50251",
"url": "https://bugzilla.suse.com/1233248"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50251"
},
{
"cve": "CVE-2024-50258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix crash when config small gso_max_size/gso_ipv4_max_size\n\nConfig a small gso_max_size/gso_ipv4_max_size will lead to an underflow\nin sk_dst_gso_max_size(), which may trigger a BUG_ON crash,\nbecause sk-\u003esk_gso_max_size would be much bigger than device limits.\nCall Trace:\ntcp_write_xmit\n tso_segs = tcp_init_tso_segs(skb, mss_now);\n tcp_set_skb_tso_segs\n tcp_skb_pcount_set\n // skb-\u003elen = 524288, mss_now = 8\n // u16 tso_segs = 524288/8 = 65535 -\u003e 0\n tso_segs = DIV_ROUND_UP(skb-\u003elen, mss_now)\n BUG_ON(!tso_segs)\nAdd check for the minimum value of gso_max_size and gso_ipv4_max_size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50258",
"url": "https://www.suse.com/security/cve/CVE-2024-50258"
},
{
"category": "external",
"summary": "SUSE Bug 1233221 for CVE-2024-50258",
"url": "https://bugzilla.suse.com/1233221"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50258"
},
{
"cve": "CVE-2024-50290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50290"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx24116: prevent overflows on SNR calculus\n\nas reported by Coverity, if reading SNR registers fail, a negative\nnumber will be returned, causing an underflow when reading SNR\nregisters.\n\nPrevent that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50290",
"url": "https://www.suse.com/security/cve/CVE-2024-50290"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233479 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "external",
"summary": "SUSE Bug 1233681 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-50290"
},
{
"cve": "CVE-2024-50294",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50294"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix missing locking causing hanging calls\n\nIf a call gets aborted (e.g. because kafs saw a signal) between it being\nqueued for connection and the I/O thread picking up the call, the abort\nwill be prioritised over the connection and it will be removed from\nlocal-\u003enew_client_calls by rxrpc_disconnect_client_call() without a lock\nbeing held. This may cause other calls on the list to disappear if a race\noccurs.\n\nFix this by taking the client_call_lock when removing a call from whatever\nlist its -\u003ewait_link happens to be on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50294",
"url": "https://www.suse.com/security/cve/CVE-2024-50294"
},
{
"category": "external",
"summary": "SUSE Bug 1233483 for CVE-2024-50294",
"url": "https://bugzilla.suse.com/1233483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50294"
},
{
"cve": "CVE-2024-50304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()\n\nThe per-netns IP tunnel hash table is protected by the RTNL mutex and\nip_tunnel_find() is only called from the control path where the mutex is\ntaken.\n\nAdd a lockdep expression to hlist_for_each_entry_rcu() in\nip_tunnel_find() in order to validate that the mutex is held and to\nsilence the suspicious RCU usage warning [1].\n\n[1]\nWARNING: suspicious RCU usage\n6.12.0-rc3-custom-gd95d9a31aceb #139 Not tainted\n-----------------------------\nnet/ipv4/ip_tunnel.c:221 RCU-list traversed in non-reader section!!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n1 lock held by ip/362:\n #0: ffffffff86fc7cb0 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x377/0xf60\n\nstack backtrace:\nCPU: 12 UID: 0 PID: 362 Comm: ip Not tainted 6.12.0-rc3-custom-gd95d9a31aceb #139\nHardware name: Bochs Bochs, BIOS Bochs 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xba/0x110\n lockdep_rcu_suspicious.cold+0x4f/0xd6\n ip_tunnel_find+0x435/0x4d0\n ip_tunnel_newlink+0x517/0x7a0\n ipgre_newlink+0x14c/0x170\n __rtnl_newlink+0x1173/0x19c0\n rtnl_newlink+0x6c/0xa0\n rtnetlink_rcv_msg+0x3cc/0xf60\n netlink_rcv_skb+0x171/0x450\n netlink_unicast+0x539/0x7f0\n netlink_sendmsg+0x8c1/0xd80\n ____sys_sendmsg+0x8f9/0xc20\n ___sys_sendmsg+0x197/0x1e0\n __sys_sendmsg+0x122/0x1f0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50304",
"url": "https://www.suse.com/security/cve/CVE-2024-50304"
},
{
"category": "external",
"summary": "SUSE Bug 1233522 for CVE-2024-50304",
"url": "https://bugzilla.suse.com/1233522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50304"
},
{
"cve": "CVE-2024-52559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-52559"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()\n\nThe \"submit-\u003ecmd[i].size\" and \"submit-\u003ecmd[i].offset\" variables are u32\nvalues that come from the user via the submit_lookup_cmds() function.\nThis addition could lead to an integer wrapping bug so use size_add()\nto prevent that.\n\nPatchwork: https://patchwork.freedesktop.org/patch/624696/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-52559",
"url": "https://www.suse.com/security/cve/CVE-2024-52559"
},
{
"category": "external",
"summary": "SUSE Bug 1238507 for CVE-2024-52559",
"url": "https://bugzilla.suse.com/1238507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-52559"
},
{
"cve": "CVE-2024-53057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT\n\nIn qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed\nto be either root or ingress. This assumption is bogus since it\u0027s valid\nto create egress qdiscs with major handle ffff:\nBudimir Markovic found that for qdiscs like DRR that maintain an active\nclass list, it will cause a UAF with a dangling class pointer.\n\nIn 066a3b5b2346, the concern was to avoid iterating over the ingress\nqdisc since its parent is itself. The proper fix is to stop when parent\nTC_H_ROOT is reached because the only way to retrieve ingress is when a\nhierarchy which does not contain a ffff: major handle call into\nqdisc_lookup with TC_H_MAJ(TC_H_ROOT).\n\nIn the scenario where major ffff: is an egress qdisc in any of the tree\nlevels, the updates will also propagate to TC_H_ROOT, which then the\niteration must stop.\n\n\n net/sched/sch_api.c | 2 +-\n 1 file changed, 1 insertion(+), 1 deletion(-)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53057",
"url": "https://www.suse.com/security/cve/CVE-2024-53057"
},
{
"category": "external",
"summary": "SUSE Bug 1233551 for CVE-2024-53057",
"url": "https://bugzilla.suse.com/1233551"
},
{
"category": "external",
"summary": "SUSE Bug 1245816 for CVE-2024-53057",
"url": "https://bugzilla.suse.com/1245816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-53057"
},
{
"cve": "CVE-2024-53063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvbdev: prevent the risk of out of memory access\n\nThe dvbdev contains a static variable used to store dvb minors.\n\nThe behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set\nor not. When not set, dvb_register_device() won\u0027t check for\nboundaries, as it will rely that a previous call to\ndvb_register_adapter() would already be enforcing it.\n\nOn a similar way, dvb_device_open() uses the assumption\nthat the register functions already did the needed checks.\n\nThis can be fragile if some device ends using different\ncalls. This also generate warnings on static check analysers\nlike Coverity.\n\nSo, add explicit guards to prevent potential risk of OOM issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53063",
"url": "https://www.suse.com/security/cve/CVE-2024-53063"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233557 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "external",
"summary": "SUSE Bug 1233619 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233619"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-53063"
},
{
"cve": "CVE-2024-53123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: error out earlier on disconnect\n\nEric reported a division by zero splat in the MPTCP protocol:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainted\n6.12.0-rc5-syzkaller-00291-g05b92660cdfe #0\nHardware name: Google Google Compute Engine/Google Compute Engine,\nBIOS Google 09/13/2024\nRIP: 0010:__tcp_select_window+0x5b4/0x1310 net/ipv4/tcp_output.c:3163\nCode: f6 44 01 e3 89 df e8 9b 75 09 f8 44 39 f3 0f 8d 11 ff ff ff e8\n0d 74 09 f8 45 89 f4 e9 04 ff ff ff e8 00 74 09 f8 44 89 f0 99 \u003cf7\u003e 7c\n24 14 41 29 d6 45 89 f4 e9 ec fe ff ff e8 e8 73 09 f8 48 89\nRSP: 0018:ffffc900041f7930 EFLAGS: 00010293\nRAX: 0000000000017e67 RBX: 0000000000017e67 RCX: ffffffff8983314b\nRDX: 0000000000000000 RSI: ffffffff898331b0 RDI: 0000000000000004\nRBP: 00000000005d6000 R08: 0000000000000004 R09: 0000000000017e67\nR10: 0000000000003e80 R11: 0000000000000000 R12: 0000000000003e80\nR13: ffff888031d9b440 R14: 0000000000017e67 R15: 00000000002eb000\nFS: 00007feb5d7f16c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007feb5d8adbb8 CR3: 0000000074e4c000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n__tcp_cleanup_rbuf+0x3e7/0x4b0 net/ipv4/tcp.c:1493\nmptcp_rcv_space_adjust net/mptcp/protocol.c:2085 [inline]\nmptcp_recvmsg+0x2156/0x2600 net/mptcp/protocol.c:2289\ninet_recvmsg+0x469/0x6a0 net/ipv4/af_inet.c:885\nsock_recvmsg_nosec net/socket.c:1051 [inline]\nsock_recvmsg+0x1b2/0x250 net/socket.c:1073\n__sys_recvfrom+0x1a5/0x2e0 net/socket.c:2265\n__do_sys_recvfrom net/socket.c:2283 [inline]\n__se_sys_recvfrom net/socket.c:2279 [inline]\n__x64_sys_recvfrom+0xe0/0x1c0 net/socket.c:2279\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7feb5d857559\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d\n01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007feb5d7f1208 EFLAGS: 00000246 ORIG_RAX: 000000000000002d\nRAX: ffffffffffffffda RBX: 00007feb5d8e1318 RCX: 00007feb5d857559\nRDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 00007feb5d8e1310 R08: 0000000000000000 R09: ffffffff81000000\nR10: 0000000000000100 R11: 0000000000000246 R12: 00007feb5d8e131c\nR13: 00007feb5d8ae074 R14: 000000800000000e R15: 00000000fffffdef\n\nand provided a nice reproducer.\n\nThe root cause is the current bad handling of racing disconnect.\nAfter the blamed commit below, sk_wait_data() can return (with\nerror) with the underlying socket disconnected and a zero rcv_mss.\n\nCatch the error and return without performing any additional\noperations on the current socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53123",
"url": "https://www.suse.com/security/cve/CVE-2024-53123"
},
{
"category": "external",
"summary": "SUSE Bug 1234070 for CVE-2024-53123",
"url": "https://bugzilla.suse.com/1234070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53123"
},
{
"cve": "CVE-2024-53140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: terminate outstanding dump on socket close\n\nNetlink supports iterative dumping of data. It provides the families\nthe following ops:\n - start - (optional) kicks off the dumping process\n - dump - actual dump helper, keeps getting called until it returns 0\n - done - (optional) pairs with .start, can be used for cleanup\nThe whole process is asynchronous and the repeated calls to .dump\ndon\u0027t actually happen in a tight loop, but rather are triggered\nin response to recvmsg() on the socket.\n\nThis gives the user full control over the dump, but also means that\nthe user can close the socket without getting to the end of the dump.\nTo make sure .start is always paired with .done we check if there\nis an ongoing dump before freeing the socket, and if so call .done.\n\nThe complication is that sockets can get freed from BH and .done\nis allowed to sleep. So we use a workqueue to defer the call, when\nneeded.\n\nUnfortunately this does not work correctly. What we defer is not\nthe cleanup but rather releasing a reference on the socket.\nWe have no guarantee that we own the last reference, if someone\nelse holds the socket they may release it in BH and we\u0027re back\nto square one.\n\nThe whole dance, however, appears to be unnecessary. Only the user\ncan interact with dumps, so we can clean up when socket is closed.\nAnd close always happens in process context. Some async code may\nstill access the socket after close, queue notification skbs to it etc.\nbut no dumps can start, end or otherwise make progress.\n\nDelete the workqueue and flush the dump state directly from the release\nhandler. Note that further cleanup is possible in -next, for instance\nwe now always call .done before releasing the main module reference,\nso dump doesn\u0027t have to take a reference of its own.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53140",
"url": "https://www.suse.com/security/cve/CVE-2024-53140"
},
{
"category": "external",
"summary": "SUSE Bug 1234222 for CVE-2024-53140",
"url": "https://bugzilla.suse.com/1234222"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53140"
},
{
"cve": "CVE-2024-53147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix out-of-bounds access of directory entries\n\nIn the case of the directory size is greater than or equal to\nthe cluster size, if start_clu becomes an EOF cluster(an invalid\ncluster) due to file system corruption, then the directory entry\nwhere ei-\u003ehint_femp.eidx hint is outside the directory, resulting\nin an out-of-bounds access, which may cause further file system\ncorruption.\n\nThis commit adds a check for start_clu, if it is an invalid cluster,\nthe file or directory will be treated as empty.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53147",
"url": "https://www.suse.com/security/cve/CVE-2024-53147"
},
{
"category": "external",
"summary": "SUSE Bug 1234857 for CVE-2024-53147",
"url": "https://bugzilla.suse.com/1234857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53147"
},
{
"cve": "CVE-2024-53163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53163"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat/qat_420xx - fix off by one in uof_get_name()\n\nThis is called from uof_get_name_420xx() where \"num_objs\" is the\nARRAY_SIZE() of fw_objs[]. The \u003e needs to be \u003e= to prevent an out of\nbounds access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53163",
"url": "https://www.suse.com/security/cve/CVE-2024-53163"
},
{
"category": "external",
"summary": "SUSE Bug 1234828 for CVE-2024-53163",
"url": "https://bugzilla.suse.com/1234828"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53163"
},
{
"cve": "CVE-2024-53173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.0: Fix a use-after-free problem in the asynchronous open()\n\nYang Erkun reports that when two threads are opening files at the same\ntime, and are forced to abort before a reply is seen, then the call to\nnfs_release_seqid() in nfs4_opendata_free() can result in a\nuse-after-free of the pointer to the defunct rpc task of the other\nthread.\nThe fix is to ensure that if the RPC call is aborted before the call to\nnfs_wait_on_sequence() is complete, then we must call nfs_release_seqid()\nin nfs4_open_release() before the rpc_task is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53173",
"url": "https://www.suse.com/security/cve/CVE-2024-53173"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234891 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "external",
"summary": "SUSE Bug 1234892 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-53173"
},
{
"cve": "CVE-2024-53176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53176"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: During unmount, ensure all cached dir instances drop their dentry\n\nThe unmount process (cifs_kill_sb() calling close_all_cached_dirs()) can\nrace with various cached directory operations, which ultimately results\nin dentries not being dropped and these kernel BUGs:\n\nBUG: Dentry ffff88814f37e358{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nVFS: Busy inodes after unmount of cifs (cifs)\n------------[ cut here ]------------\nkernel BUG at fs/super.c:661!\n\nThis happens when a cfid is in the process of being cleaned up when, and\nhas been removed from the cfids-\u003eentries list, including:\n\n- Receiving a lease break from the server\n- Server reconnection triggers invalidate_all_cached_dirs(), which\n removes all the cfids from the list\n- The laundromat thread decides to expire an old cfid.\n\nTo solve these problems, dropping the dentry is done in queued work done\nin a newly-added cfid_put_wq workqueue, and close_all_cached_dirs()\nflushes that workqueue after it drops all the dentries of which it\u0027s\naware. This is a global workqueue (rather than scoped to a mount), but\nthe queued work is minimal.\n\nThe final cleanup work for cleaning up a cfid is performed via work\nqueued in the serverclose_wq workqueue; this is done separate from\ndropping the dentries so that close_all_cached_dirs() doesn\u0027t block on\nany server operations.\n\nBoth of these queued works expect to invoked with a cfid reference and\na tcon reference to avoid those objects from being freed while the work\nis ongoing.\n\nWhile we\u0027re here, add proper locking to close_all_cached_dirs(), and\nlocking around the freeing of cfid-\u003edentry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53176",
"url": "https://www.suse.com/security/cve/CVE-2024-53176"
},
{
"category": "external",
"summary": "SUSE Bug 1234894 for CVE-2024-53176",
"url": "https://bugzilla.suse.com/1234894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53176"
},
{
"cve": "CVE-2024-53177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: prevent use-after-free due to open_cached_dir error paths\n\nIf open_cached_dir() encounters an error parsing the lease from the\nserver, the error handling may race with receiving a lease break,\nresulting in open_cached_dir() freeing the cfid while the queued work is\npending.\n\nUpdate open_cached_dir() to drop refs rather than directly freeing the\ncfid.\n\nHave cached_dir_lease_break(), cfids_laundromat_worker(), and\ninvalidate_all_cached_dirs() clear has_lease immediately while still\nholding cfids-\u003ecfid_list_lock, and then use this to also simplify the\nreference counting in cfids_laundromat_worker() and\ninvalidate_all_cached_dirs().\n\nFixes this KASAN splat (which manually injects an error and lease break\nin open_cached_dir()):\n\n==================================================================\nBUG: KASAN: slab-use-after-free in smb2_cached_lease_break+0x27/0xb0\nRead of size 8 at addr ffff88811cc24c10 by task kworker/3:1/65\n\nCPU: 3 UID: 0 PID: 65 Comm: kworker/3:1 Not tainted 6.12.0-rc6-g255cf264e6e5-dirty #87\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nWorkqueue: cifsiod smb2_cached_lease_break\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x77/0xb0\n print_report+0xce/0x660\n kasan_report+0xd3/0x110\n smb2_cached_lease_break+0x27/0xb0\n process_one_work+0x50a/0xc50\n worker_thread+0x2ba/0x530\n kthread+0x17c/0x1c0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n open_cached_dir+0xa7d/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x51/0x70\n kfree+0x174/0x520\n open_cached_dir+0x97f/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nLast potentially related work creation:\n kasan_save_stack+0x33/0x60\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x32/0x100\n __queue_work+0x5c9/0x870\n queue_work_on+0x82/0x90\n open_cached_dir+0x1369/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe buggy address belongs to the object at ffff88811cc24c00\n which belongs to the cache kmalloc-1k of size 1024\nThe buggy address is located 16 bytes inside of\n freed 1024-byte region [ffff88811cc24c00, ffff88811cc25000)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53177",
"url": "https://www.suse.com/security/cve/CVE-2024-53177"
},
{
"category": "external",
"summary": "SUSE Bug 1234896 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "external",
"summary": "SUSE Bug 1235103 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1235103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-53177"
},
{
"cve": "CVE-2024-53178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53178"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: Don\u0027t leak cfid when reconnect races with open_cached_dir\n\nopen_cached_dir() may either race with the tcon reconnection even before\ncompound_send_recv() or directly trigger a reconnection via\nSMB2_open_init() or SMB_query_info_init().\n\nThe reconnection process invokes invalidate_all_cached_dirs() via\ncifs_mark_open_files_invalid(), which removes all cfids from the\ncfids-\u003eentries list but doesn\u0027t drop a ref if has_lease isn\u0027t true. This\nresults in the currently-being-constructed cfid not being on the list,\nbut still having a refcount of 2. It leaks if returned from\nopen_cached_dir().\n\nFix this by setting cfid-\u003ehas_lease when the ref is actually taken; the\ncfid will not be used by other threads until it has a valid time.\n\nAddresses these kmemleaks:\n\nunreferenced object 0xffff8881090c4000 (size 1024):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 32 bytes):\n 00 01 00 00 00 00 ad de 22 01 00 00 00 00 ad de ........\".......\n 00 ca 45 22 81 88 ff ff f8 dc 4f 04 81 88 ff ff ..E\"......O.....\n backtrace (crc 6f58c20f):\n [\u003cffffffff8b895a1e\u003e] __kmalloc_cache_noprof+0x2be/0x350\n [\u003cffffffff8bda06e3\u003e] open_cached_dir+0x993/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\nunreferenced object 0xffff8881044fdcf8 (size 8):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 8 bytes):\n 00 cc cc cc cc cc cc cc ........\n backtrace (crc 10c106a9):\n [\u003cffffffff8b89a3d3\u003e] __kmalloc_node_track_caller_noprof+0x363/0x480\n [\u003cffffffff8b7d7256\u003e] kstrdup+0x36/0x60\n [\u003cffffffff8bda0700\u003e] open_cached_dir+0x9b0/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAnd addresses these BUG splats when unmounting the SMB filesystem:\n\nBUG: Dentry ffff888140590ba0{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nWARNING: CPU: 3 PID: 3433 at fs/dcache.c:1536 umount_check+0xd0/0x100\nModules linked in:\nCPU: 3 UID: 0 PID: 3433 Comm: bash Not tainted 6.12.0-rc4-g850925a8133c-dirty #49\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nRIP: 0010:umount_check+0xd0/0x100\nCode: 8d 7c 24 40 e8 31 5a f4 ff 49 8b 54 24 40 41 56 49 89 e9 45 89 e8 48 89 d9 41 57 48 89 de 48 c7 c7 80 e7 db ac e8 f0 72 9a ff \u003c0f\u003e 0b 58 31 c0 5a 5b 5d 41 5c 41 5d 41 5e 41 5f e9 2b e5 5d 01 41\nRSP: 0018:ffff88811cc27978 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888140590ba0 RCX: ffffffffaaf20bae\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881f6fb6f40\nRBP: ffff8881462ec000 R08: 0000000000000001 R09: ffffed1023984ee3\nR10: ffff88811cc2771f R11: 00000000016cfcc0 R12: ffff888134383e08\nR13: 0000000000000002 R14: ffff8881462ec668 R15: ffffffffaceab4c0\nFS: 00007f23bfa98740(0000) GS:ffff8881f6f80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556de4a6f808 CR3: 0000000123c80000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n d_walk+0x6a/0x530\n shrink_dcache_for_umount+0x6a/0x200\n generic_shutdown_super+0x52/0x2a0\n kill_anon_super+0x22/0x40\n cifs_kill_sb+0x159/0x1e0\n deactivate_locked_super+0x66/0xe0\n cleanup_mnt+0x140/0x210\n task_work_run+0xfb/0x170\n syscall_exit_to_user_mode+0x29f/0x2b0\n do_syscall_64+0xa1/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f23bfb93ae7\nCode: ff ff ff ff c3 66 0f 1f 44 00 00 48 8b 0d 11 93 0d 00 f7 d8 64 89 01 b8 ff ff ff ff eb bf 0f 1f 44 00 00 b8 50 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d e9 92 0d 00 f7 d8 64 89 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53178",
"url": "https://www.suse.com/security/cve/CVE-2024-53178"
},
{
"category": "external",
"summary": "SUSE Bug 1234895 for CVE-2024-53178",
"url": "https://bugzilla.suse.com/1234895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53178"
},
{
"cve": "CVE-2024-53226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53226"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()\n\nib_map_mr_sg() allows ULPs to specify NULL as the sg_offset argument.\nThe driver needs to check whether it is a NULL pointer before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53226",
"url": "https://www.suse.com/security/cve/CVE-2024-53226"
},
{
"category": "external",
"summary": "SUSE Bug 1236576 for CVE-2024-53226",
"url": "https://bugzilla.suse.com/1236576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53226"
},
{
"cve": "CVE-2024-53239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: 6fire: Release resources at card release\n\nThe current 6fire code tries to release the resources right after the\ncall of usb6fire_chip_abort(). But at this moment, the card object\nmight be still in use (as we\u0027re calling snd_card_free_when_closed()).\n\nFor avoid potential UAFs, move the release of resources to the card\u0027s\nprivate_free instead of the manual call of usb6fire_chip_destroy() at\nthe USB disconnect callback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53239",
"url": "https://www.suse.com/security/cve/CVE-2024-53239"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235054 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "external",
"summary": "SUSE Bug 1235055 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-53239"
},
{
"cve": "CVE-2024-53680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()\n\nUnder certain kernel configurations when building with Clang/LLVM, the\ncompiler does not generate a return or jump as the terminator\ninstruction for ip_vs_protocol_init(), triggering the following objtool\nwarning during build time:\n\n vmlinux.o: warning: objtool: ip_vs_protocol_init() falls through to next function __initstub__kmod_ip_vs_rr__935_123_ip_vs_rr_init6()\n\nAt runtime, this either causes an oops when trying to load the ipvs\nmodule or a boot-time panic if ipvs is built-in. This same issue has\nbeen reported by the Intel kernel test robot previously.\n\nDigging deeper into both LLVM and the kernel code reveals this to be a\nundefined behavior problem. ip_vs_protocol_init() uses a on-stack buffer\nof 64 chars to store the registered protocol names and leaves it\nuninitialized after definition. The function calls strnlen() when\nconcatenating protocol names into the buffer. With CONFIG_FORTIFY_SOURCE\nstrnlen() performs an extra step to check whether the last byte of the\ninput char buffer is a null character (commit 3009f891bb9f (\"fortify:\nAllow strlen() and strnlen() to pass compile-time known lengths\")).\nThis, together with possibly other configurations, cause the following\nIR to be generated:\n\n define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #5 section \".init.text\" align 16 !kcfi_type !29 {\n %1 = alloca [64 x i8], align 16\n ...\n\n 14: ; preds = %11\n %15 = getelementptr inbounds i8, ptr %1, i64 63\n %16 = load i8, ptr %15, align 1\n %17 = tail call i1 @llvm.is.constant.i8(i8 %16)\n %18 = icmp eq i8 %16, 0\n %19 = select i1 %17, i1 %18, i1 false\n br i1 %19, label %20, label %23\n\n 20: ; preds = %14\n %21 = call i64 @strlen(ptr noundef nonnull dereferenceable(1) %1) #23\n ...\n\n 23: ; preds = %14, %11, %20\n %24 = call i64 @strnlen(ptr noundef nonnull dereferenceable(1) %1, i64 noundef 64) #24\n ...\n }\n\nThe above code calculates the address of the last char in the buffer\n(value %15) and then loads from it (value %16). Because the buffer is\nnever initialized, the LLVM GVN pass marks value %16 as undefined:\n\n %13 = getelementptr inbounds i8, ptr %1, i64 63\n br i1 undef, label %14, label %17\n\nThis gives later passes (SCCP, in particular) more DCE opportunities by\npropagating the undef value further, and eventually removes everything\nafter the load on the uninitialized stack location:\n\n define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #0 section \".init.text\" align 16 !kcfi_type !11 {\n %1 = alloca [64 x i8], align 16\n ...\n\n 12: ; preds = %11\n %13 = getelementptr inbounds i8, ptr %1, i64 63\n unreachable\n }\n\nIn this way, the generated native code will just fall through to the\nnext function, as LLVM does not generate any code for the unreachable IR\ninstruction and leaves the function without a terminator.\n\nZero the on-stack buffer to avoid this possible UB.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53680",
"url": "https://www.suse.com/security/cve/CVE-2024-53680"
},
{
"category": "external",
"summary": "SUSE Bug 1235715 for CVE-2024-53680",
"url": "https://bugzilla.suse.com/1235715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53680"
},
{
"cve": "CVE-2024-54683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-54683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: IDLETIMER: Fix for possible ABBA deadlock\n\nDeletion of the last rule referencing a given idletimer may happen at\nthe same time as a read of its file in sysfs:\n\n| ======================================================\n| WARNING: possible circular locking dependency detected\n| 6.12.0-rc7-01692-g5e9a28f41134-dirty #594 Not tainted\n| ------------------------------------------------------\n| iptables/3303 is trying to acquire lock:\n| ffff8881057e04b8 (kn-\u003eactive#48){++++}-{0:0}, at: __kernfs_remove+0x20\n|\n| but task is already holding lock:\n| ffffffffa0249068 (list_mutex){+.+.}-{3:3}, at: idletimer_tg_destroy_v]\n|\n| which lock already depends on the new lock.\n\nA simple reproducer is:\n\n| #!/bin/bash\n|\n| while true; do\n| iptables -A INPUT -i foo -j IDLETIMER --timeout 10 --label \"testme\"\n| iptables -D INPUT -i foo -j IDLETIMER --timeout 10 --label \"testme\"\n| done \u0026\n| while true; do\n| cat /sys/class/xt_idletimer/timers/testme \u003e/dev/null\n| done\n\nAvoid this by freeing list_mutex right after deleting the element from\nthe list, then continuing with the teardown.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-54683",
"url": "https://www.suse.com/security/cve/CVE-2024-54683"
},
{
"category": "external",
"summary": "SUSE Bug 1235729 for CVE-2024-54683",
"url": "https://bugzilla.suse.com/1235729"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-54683"
},
{
"cve": "CVE-2024-56539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()\n\nReplace one-element array with a flexible-array member in `struct\nmwifiex_ie_types_wildcard_ssid_params` to fix the following warning\non a MT8173 Chromebook (mt8173-elm-hana):\n\n[ 356.775250] ------------[ cut here ]------------\n[ 356.784543] memcpy: detected field-spanning write (size 6) of single field \"wildcard_ssid_tlv-\u003essid\" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1)\n[ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex]\n\nThe \"(size 6)\" above is exactly the length of the SSID of the network\nthis device was connected to. The source of the warning looks like:\n\n ssid_len = user_scan_in-\u003essid_list[i].ssid_len;\n [...]\n memcpy(wildcard_ssid_tlv-\u003essid,\n user_scan_in-\u003essid_list[i].ssid, ssid_len);\n\nThere is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this\nstruct, but it already didn\u0027t account for the size of the one-element\narray, so it doesn\u0027t need to be changed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56539",
"url": "https://www.suse.com/security/cve/CVE-2024-56539"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234963 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "external",
"summary": "SUSE Bug 1234964 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-56539"
},
{
"cve": "CVE-2024-56548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: don\u0027t query the device logical block size multiple times\n\nDevices block sizes may change. One of these cases is a loop device by\nusing ioctl LOOP_SET_BLOCK_SIZE.\n\nWhile this may cause other issues like IO being rejected, in the case of\nhfsplus, it will allocate a block by using that size and potentially write\nout-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the\nlatter function reads a different io_size.\n\nUsing a new min_io_size initally set to sb_min_blocksize works for the\npurposes of the original fix, since it will be set to the max between\nHFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the\nmax between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not\ninitialized.\n\nTested by mounting an hfsplus filesystem with loop block sizes 512, 1024\nand 4096.\n\nThe produced KASAN report before the fix looks like this:\n\n[ 419.944641] ==================================================================\n[ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a\n[ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678\n[ 419.947612]\n[ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84\n[ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 419.950035] Call Trace:\n[ 419.950384] \u003cTASK\u003e\n[ 419.950676] dump_stack_lvl+0x57/0x78\n[ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.951830] print_report+0x14c/0x49e\n[ 419.952361] ? __virt_addr_valid+0x267/0x278\n[ 419.952979] ? kmem_cache_debug_flags+0xc/0x1d\n[ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.954231] kasan_report+0x89/0xb0\n[ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955367] hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10\n[ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9\n[ 419.957214] ? _raw_spin_unlock+0x1a/0x2e\n[ 419.957772] hfsplus_fill_super+0x348/0x1590\n[ 419.958355] ? hlock_class+0x4c/0x109\n[ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.959499] ? __pfx_string+0x10/0x10\n[ 419.960006] ? lock_acquire+0x3e2/0x454\n[ 419.960532] ? bdev_name.constprop.0+0xce/0x243\n[ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10\n[ 419.961799] ? pointer+0x3f0/0x62f\n[ 419.962277] ? __pfx_pointer+0x10/0x10\n[ 419.962761] ? vsnprintf+0x6c4/0xfba\n[ 419.963178] ? __pfx_vsnprintf+0x10/0x10\n[ 419.963621] ? setup_bdev_super+0x376/0x3b3\n[ 419.964029] ? snprintf+0x9d/0xd2\n[ 419.964344] ? __pfx_snprintf+0x10/0x10\n[ 419.964675] ? lock_acquired+0x45c/0x5e9\n[ 419.965016] ? set_blocksize+0x139/0x1c1\n[ 419.965381] ? sb_set_blocksize+0x6d/0xae\n[ 419.965742] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.966179] mount_bdev+0x12f/0x1bf\n[ 419.966512] ? __pfx_mount_bdev+0x10/0x10\n[ 419.966886] ? vfs_parse_fs_string+0xce/0x111\n[ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10\n[ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10\n[ 419.968073] legacy_get_tree+0x104/0x178\n[ 419.968414] vfs_get_tree+0x86/0x296\n[ 419.968751] path_mount+0xba3/0xd0b\n[ 419.969157] ? __pfx_path_mount+0x10/0x10\n[ 419.969594] ? kmem_cache_free+0x1e2/0x260\n[ 419.970311] do_mount+0x99/0xe0\n[ 419.970630] ? __pfx_do_mount+0x10/0x10\n[ 419.971008] __do_sys_mount+0x199/0x1c9\n[ 419.971397] do_syscall_64+0xd0/0x135\n[ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 419.972233] RIP: 0033:0x7c3cb812972e\n[ 419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48\n[ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5\n[ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e\n[ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI:\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56548",
"url": "https://www.suse.com/security/cve/CVE-2024-56548"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235073 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "external",
"summary": "SUSE Bug 1235074 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-56548"
},
{
"cve": "CVE-2024-56579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56579"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: amphion: Set video drvdata before register video device\n\nThe video drvdata should be set before the video device is registered,\notherwise video_drvdata() may return NULL in the open() file ops, and led\nto oops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56579",
"url": "https://www.suse.com/security/cve/CVE-2024-56579"
},
{
"category": "external",
"summary": "SUSE Bug 1236575 for CVE-2024-56579",
"url": "https://bugzilla.suse.com/1236575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56579"
},
{
"cve": "CVE-2024-56592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56592"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Call free_htab_elem() after htab_unlock_bucket()\n\nFor htab of maps, when the map is removed from the htab, it may hold the\nlast reference of the map. bpf_map_fd_put_ptr() will invoke\nbpf_map_free_id() to free the id of the removed map element. However,\nbpf_map_fd_put_ptr() is invoked while holding a bucket lock\n(raw_spin_lock_t), and bpf_map_free_id() attempts to acquire map_idr_lock\n(spinlock_t), triggering the following lockdep warning:\n\n =============================\n [ BUG: Invalid wait context ]\n 6.11.0-rc4+ #49 Not tainted\n -----------------------------\n test_maps/4881 is trying to lock:\n ffffffff84884578 (map_idr_lock){+...}-{3:3}, at: bpf_map_free_id.part.0+0x21/0x70\n other info that might help us debug this:\n context-{5:5}\n 2 locks held by test_maps/4881:\n #0: ffffffff846caf60 (rcu_read_lock){....}-{1:3}, at: bpf_fd_htab_map_update_elem+0xf9/0x270\n #1: ffff888149ced148 (\u0026htab-\u003elockdep_key#2){....}-{2:2}, at: htab_map_update_elem+0x178/0xa80\n stack backtrace:\n CPU: 0 UID: 0 PID: 4881 Comm: test_maps Not tainted 6.11.0-rc4+ #49\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), ...\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6e/0xb0\n dump_stack+0x10/0x20\n __lock_acquire+0x73e/0x36c0\n lock_acquire+0x182/0x450\n _raw_spin_lock_irqsave+0x43/0x70\n bpf_map_free_id.part.0+0x21/0x70\n bpf_map_put+0xcf/0x110\n bpf_map_fd_put_ptr+0x9a/0xb0\n free_htab_elem+0x69/0xe0\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n bpf_map_update_value+0x266/0x380\n __sys_bpf+0x21bb/0x36b0\n __x64_sys_bpf+0x45/0x60\n x64_sys_call+0x1b2a/0x20d0\n do_syscall_64+0x5d/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nOne way to fix the lockdep warning is using raw_spinlock_t for\nmap_idr_lock as well. However, bpf_map_alloc_id() invokes\nidr_alloc_cyclic() after acquiring map_idr_lock, it will trigger a\nsimilar lockdep warning because the slab\u0027s lock (s-\u003ecpu_slab-\u003elock) is\nstill a spinlock.\n\nInstead of changing map_idr_lock\u0027s type, fix the issue by invoking\nhtab_put_fd_value() after htab_unlock_bucket(). However, only deferring\nthe invocation of htab_put_fd_value() is not enough, because the old map\npointers in htab of maps can not be saved during batched deletion.\nTherefore, also defer the invocation of free_htab_elem(), so these\nto-be-freed elements could be linked together similar to lru map.\n\nThere are four callers for -\u003emap_fd_put_ptr:\n\n(1) alloc_htab_elem() (through htab_put_fd_value())\nIt invokes -\u003emap_fd_put_ptr() under a raw_spinlock_t. The invocation of\nhtab_put_fd_value() can not simply move after htab_unlock_bucket(),\nbecause the old element has already been stashed in htab-\u003eextra_elems.\nIt may be reused immediately after htab_unlock_bucket() and the\ninvocation of htab_put_fd_value() after htab_unlock_bucket() may release\nthe newly-added element incorrectly. Therefore, saving the map pointer\nof the old element for htab of maps before unlocking the bucket and\nreleasing the map_ptr after unlock. Beside the map pointer in the old\nelement, should do the same thing for the special fields in the old\nelement as well.\n\n(2) free_htab_elem() (through htab_put_fd_value())\nIts caller includes __htab_map_lookup_and_delete_elem(),\nhtab_map_delete_elem() and __htab_map_lookup_and_delete_batch().\n\nFor htab_map_delete_elem(), simply invoke free_htab_elem() after\nhtab_unlock_bucket(). For __htab_map_lookup_and_delete_batch(), just\nlike lru map, linking the to-be-freed element into node_to_free list\nand invoking free_htab_elem() for these element after unlock. It is safe\nto reuse batch_flink as the link for node_to_free, because these\nelements have been removed from the hash llist.\n\nBecause htab of maps doesn\u0027t support lookup_and_delete operation,\n__htab_map_lookup_and_delete_elem() doesn\u0027t have the problem, so kept\nit as\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56592",
"url": "https://www.suse.com/security/cve/CVE-2024-56592"
},
{
"category": "external",
"summary": "SUSE Bug 1235244 for CVE-2024-56592",
"url": "https://bugzilla.suse.com/1235244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56592"
},
{
"cve": "CVE-2024-56605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56605"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()\n\nbt_sock_alloc() allocates the sk object and attaches it to the provided\nsock object. On error l2cap_sock_alloc() frees the sk object, but the\ndangling pointer is still attached to the sock object, which may create\nuse-after-free in other code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56605",
"url": "https://www.suse.com/security/cve/CVE-2024-56605"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235061 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "external",
"summary": "SUSE Bug 1235062 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-56605"
},
{
"cve": "CVE-2024-56633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg\n\nThe current sk memory accounting logic in __SK_REDIRECT is pre-uncharging\ntosend bytes, which is either msg-\u003esg.size or a smaller value apply_bytes.\n\nPotential problems with this strategy are as follows:\n\n- If the actual sent bytes are smaller than tosend, we need to charge some\n bytes back, as in line 487, which is okay but seems not clean.\n\n- When tosend is set to apply_bytes, as in line 417, and (ret \u003c 0), we may\n miss uncharging (msg-\u003esg.size - apply_bytes) bytes.\n\n[...]\n415 tosend = msg-\u003esg.size;\n416 if (psock-\u003eapply_bytes \u0026\u0026 psock-\u003eapply_bytes \u003c tosend)\n417 tosend = psock-\u003eapply_bytes;\n[...]\n443 sk_msg_return(sk, msg, tosend);\n444 release_sock(sk);\n446 origsize = msg-\u003esg.size;\n447 ret = tcp_bpf_sendmsg_redir(sk_redir, redir_ingress,\n448 msg, tosend, flags);\n449 sent = origsize - msg-\u003esg.size;\n[...]\n454 lock_sock(sk);\n455 if (unlikely(ret \u003c 0)) {\n456 int free = sk_msg_free_nocharge(sk, msg);\n458 if (!cork)\n459 *copied -= free;\n460 }\n[...]\n487 if (eval == __SK_REDIRECT)\n488 sk_mem_charge(sk, tosend - sent);\n[...]\n\nWhen running the selftest test_txmsg_redir_wait_sndmem with txmsg_apply,\nthe following warning will be reported:\n\n------------[ cut here ]------------\nWARNING: CPU: 6 PID: 57 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x190/0x1a0\nModules linked in:\nCPU: 6 UID: 0 PID: 57 Comm: kworker/6:0 Not tainted 6.12.0-rc1.bm.1-amd64+ #43\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nWorkqueue: events sk_psock_destroy\nRIP: 0010:inet_sock_destruct+0x190/0x1a0\nRSP: 0018:ffffad0a8021fe08 EFLAGS: 00010206\nRAX: 0000000000000011 RBX: ffff9aab4475b900 RCX: ffff9aab481a0800\nRDX: 0000000000000303 RSI: 0000000000000011 RDI: ffff9aab4475b900\nRBP: ffff9aab4475b990 R08: 0000000000000000 R09: ffff9aab40050ec0\nR10: 0000000000000000 R11: ffff9aae6fdb1d01 R12: ffff9aab49c60400\nR13: ffff9aab49c60598 R14: ffff9aab49c60598 R15: dead000000000100\nFS: 0000000000000000(0000) GS:ffff9aae6fd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffec7e47bd8 CR3: 00000001a1a1c004 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x89/0x130\n? inet_sock_destruct+0x190/0x1a0\n? report_bug+0xfc/0x1e0\n? handle_bug+0x5c/0xa0\n? exc_invalid_op+0x17/0x70\n? asm_exc_invalid_op+0x1a/0x20\n? inet_sock_destruct+0x190/0x1a0\n__sk_destruct+0x25/0x220\nsk_psock_destroy+0x2b2/0x310\nprocess_scheduled_works+0xa3/0x3e0\nworker_thread+0x117/0x240\n? __pfx_worker_thread+0x10/0x10\nkthread+0xcf/0x100\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x31/0x40\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\n\nIn __SK_REDIRECT, a more concise way is delaying the uncharging after sent\nbytes are finalized, and uncharge this value. When (ret \u003c 0), we shall\ninvoke sk_msg_free.\n\nSame thing happens in case __SK_DROP, when tosend is set to apply_bytes,\nwe may miss uncharging (msg-\u003esg.size - apply_bytes) bytes. The same\nwarning will be reported in selftest.\n\n[...]\n468 case __SK_DROP:\n469 default:\n470 sk_msg_free_partial(sk, msg, tosend);\n471 sk_msg_apply_bytes(psock, tosend);\n472 *copied -= (tosend + delta);\n473 return -EACCES;\n[...]\n\nSo instead of sk_msg_free_partial we can do sk_msg_free here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56633",
"url": "https://www.suse.com/security/cve/CVE-2024-56633"
},
{
"category": "external",
"summary": "SUSE Bug 1235485 for CVE-2024-56633",
"url": "https://bugzilla.suse.com/1235485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56633"
},
{
"cve": "CVE-2024-56638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_inner: incorrect percpu area handling under softirq\n\nSoftirq can interrupt ongoing packet from process context that is\nwalking over the percpu area that contains inner header offsets.\n\nDisable bh and perform three checks before restoring the percpu inner\nheader offsets to validate that the percpu area is valid for this\nskbuff:\n\n1) If the NFT_PKTINFO_INNER_FULL flag is set on, then this skbuff\n has already been parsed before for inner header fetching to\n register.\n\n2) Validate that the percpu area refers to this skbuff using the\n skbuff pointer as a cookie. If there is a cookie mismatch, then\n this skbuff needs to be parsed again.\n\n3) Finally, validate if the percpu area refers to this tunnel type.\n\nOnly after these three checks the percpu area is restored to a on-stack\ncopy and bh is enabled again.\n\nAfter inner header fetching, the on-stack copy is stored back to the\npercpu area.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56638",
"url": "https://www.suse.com/security/cve/CVE-2024-56638"
},
{
"category": "external",
"summary": "SUSE Bug 1235524 for CVE-2024-56638",
"url": "https://bugzilla.suse.com/1235524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56638"
},
{
"cve": "CVE-2024-56640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix LGR and link use-after-free issue\n\nWe encountered a LGR/link use-after-free issue, which manifested as\nthe LGR/link refcnt reaching 0 early and entering the clear process,\nmaking resource access unsafe.\n\n refcount_t: addition on 0; use-after-free.\n WARNING: CPU: 14 PID: 107447 at lib/refcount.c:25 refcount_warn_saturate+0x9c/0x140\n Workqueue: events smc_lgr_terminate_work [smc]\n Call trace:\n refcount_warn_saturate+0x9c/0x140\n __smc_lgr_terminate.part.45+0x2a8/0x370 [smc]\n smc_lgr_terminate_work+0x28/0x30 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nor\n\n refcount_t: underflow; use-after-free.\n WARNING: CPU: 6 PID: 93140 at lib/refcount.c:28 refcount_warn_saturate+0xf0/0x140\n Workqueue: smc_hs_wq smc_listen_work [smc]\n Call trace:\n refcount_warn_saturate+0xf0/0x140\n smcr_link_put+0x1cc/0x1d8 [smc]\n smc_conn_free+0x110/0x1b0 [smc]\n smc_conn_abort+0x50/0x60 [smc]\n smc_listen_find_device+0x75c/0x790 [smc]\n smc_listen_work+0x368/0x8a0 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nIt is caused by repeated release of LGR/link refcnt. One suspect is that\nsmc_conn_free() is called repeatedly because some smc_conn_free() from\nserver listening path are not protected by sock lock.\n\ne.g.\n\nCalls under socklock | smc_listen_work\n-------------------------------------------------------\nlock_sock(sk) | smc_conn_abort\nsmc_conn_free | \\- smc_conn_free\n\\- smcr_link_put | \\- smcr_link_put (duplicated)\nrelease_sock(sk)\n\nSo here add sock lock protection in smc_listen_work() path, making it\nexclusive with other connection operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56640",
"url": "https://www.suse.com/security/cve/CVE-2024-56640"
},
{
"category": "external",
"summary": "SUSE Bug 1235436 for CVE-2024-56640",
"url": "https://bugzilla.suse.com/1235436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56640"
},
{
"cve": "CVE-2024-56647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix icmp host relookup triggering ip_rt_bug\n\narp link failure may trigger ip_rt_bug while xfrm enabled, call trace is:\n\nWARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20\nModules linked in:\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:ip_rt_bug+0x14/0x20\nCall Trace:\n \u003cIRQ\u003e\n ip_send_skb+0x14/0x40\n __icmp_send+0x42d/0x6a0\n ipv4_link_failure+0xe2/0x1d0\n arp_error_report+0x3c/0x50\n neigh_invalidate+0x8d/0x100\n neigh_timer_handler+0x2e1/0x330\n call_timer_fn+0x21/0x120\n __run_timer_base.part.0+0x1c9/0x270\n run_timer_softirq+0x4c/0x80\n handle_softirqs+0xac/0x280\n irq_exit_rcu+0x62/0x80\n sysvec_apic_timer_interrupt+0x77/0x90\n\nThe script below reproduces this scenario:\nip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \\\n\tdir out priority 0 ptype main flag localok icmp\nip l a veth1 type veth\nip a a 192.168.141.111/24 dev veth0\nip l s veth0 up\nping 192.168.141.155 -c 1\n\nicmp_route_lookup() create input routes for locally generated packets\nwhile xfrm relookup ICMP traffic.Then it will set input route\n(dst-\u003eout = ip_rt_bug) to skb for DESTUNREACH.\n\nFor ICMP err triggered by locally generated packets, dst-\u003edev of output\nroute is loopback. Generally, xfrm relookup verification is not required\non loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1).\n\nSkip icmp relookup for locally generated packets to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56647",
"url": "https://www.suse.com/security/cve/CVE-2024-56647"
},
{
"category": "external",
"summary": "SUSE Bug 1235435 for CVE-2024-56647",
"url": "https://bugzilla.suse.com/1235435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56647"
},
{
"cve": "CVE-2024-56658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: defer final \u0027struct net\u0027 free in netns dismantle\n\nIlya reported a slab-use-after-free in dst_destroy [1]\n\nIssue is in xfrm6_net_init() and xfrm4_net_init() :\n\nThey copy xfrm[46]_dst_ops_template into net-\u003exfrm.xfrm[46]_dst_ops.\n\nBut net structure might be freed before all the dst callbacks are\ncalled. So when dst_destroy() calls later :\n\nif (dst-\u003eops-\u003edestroy)\n dst-\u003eops-\u003edestroy(dst);\n\ndst-\u003eops points to the old net-\u003exfrm.xfrm[46]_dst_ops, which has been freed.\n\nSee a relevant issue fixed in :\n\nac888d58869b (\"net: do not delay dst_entries_add() in dst_release()\")\n\nA fix is to queue the \u0027struct net\u0027 to be freed after one\nanother cleanup_net() round (and existing rcu_barrier())\n\n[1]\n\nBUG: KASAN: slab-use-after-free in dst_destroy (net/core/dst.c:112)\nRead of size 8 at addr ffff8882137ccab0 by task swapper/37/0\nDec 03 05:46:18 kernel:\nCPU: 37 UID: 0 PID: 0 Comm: swapper/37 Kdump: loaded Not tainted 6.12.0 #67\nHardware name: Red Hat KVM/RHEL, BIOS 1.16.1-1.el9 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\ndump_stack_lvl (lib/dump_stack.c:124)\nprint_address_description.constprop.0 (mm/kasan/report.c:378)\n? dst_destroy (net/core/dst.c:112)\nprint_report (mm/kasan/report.c:489)\n? dst_destroy (net/core/dst.c:112)\n? kasan_addr_to_slab (mm/kasan/common.c:37)\nkasan_report (mm/kasan/report.c:603)\n? dst_destroy (net/core/dst.c:112)\n? rcu_do_batch (kernel/rcu/tree.c:2567)\ndst_destroy (net/core/dst.c:112)\nrcu_do_batch (kernel/rcu/tree.c:2567)\n? __pfx_rcu_do_batch (kernel/rcu/tree.c:2491)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4339 kernel/locking/lockdep.c:4406)\nrcu_core (kernel/rcu/tree.c:2825)\nhandle_softirqs (kernel/softirq.c:554)\n__irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637)\nirq_exit_rcu (kernel/softirq.c:651)\nsysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1049 arch/x86/kernel/apic/apic.c:1049)\n \u003c/IRQ\u003e\n \u003cTASK\u003e\nasm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702)\nRIP: 0010:default_idle (./arch/x86/include/asm/irqflags.h:37 ./arch/x86/include/asm/irqflags.h:92 arch/x86/kernel/process.c:743)\nCode: 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 6e ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 0f 00 2d c7 c9 27 00 fb f4 \u003cfa\u003e c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90\nRSP: 0018:ffff888100d2fe00 EFLAGS: 00000246\nRAX: 00000000001870ed RBX: 1ffff110201a5fc2 RCX: ffffffffb61a3e46\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffb3d4d123\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed11c7e1835d\nR10: ffff888e3f0c1aeb R11: 0000000000000000 R12: 0000000000000000\nR13: ffff888100d20000 R14: dffffc0000000000 R15: 0000000000000000\n? ct_kernel_exit.constprop.0 (kernel/context_tracking.c:148)\n? cpuidle_idle_call (kernel/sched/idle.c:186)\ndefault_idle_call (./include/linux/cpuidle.h:143 kernel/sched/idle.c:118)\ncpuidle_idle_call (kernel/sched/idle.c:186)\n? __pfx_cpuidle_idle_call (kernel/sched/idle.c:168)\n? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406)\n? tsc_verify_tsc_adjust (arch/x86/kernel/tsc_sync.c:59)\ndo_idle (kernel/sched/idle.c:326)\ncpu_startup_entry (kernel/sched/idle.c:423 (discriminator 1))\nstart_secondary (arch/x86/kernel/smpboot.c:202 arch/x86/kernel/smpboot.c:282)\n? __pfx_start_secondary (arch/x86/kernel/smpboot.c:232)\n? soft_restart_cpu (arch/x86/kernel/head_64.S:452)\ncommon_startup_64 (arch/x86/kernel/head_64.S:414)\n \u003c/TASK\u003e\nDec 03 05:46:18 kernel:\nAllocated by task 12184:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69)\n__kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\nkmem_cache_alloc_noprof (mm/slub.c:4085 mm/slub.c:4134 mm/slub.c:4141)\ncopy_net_ns (net/core/net_namespace.c:421 net/core/net_namespace.c:480)\ncreate_new_namespaces\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56658",
"url": "https://www.suse.com/security/cve/CVE-2024-56658"
},
{
"category": "external",
"summary": "SUSE Bug 1235441 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "external",
"summary": "SUSE Bug 1235442 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-56658"
},
{
"cve": "CVE-2024-56702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Mark raw_tp arguments with PTR_MAYBE_NULL\n\nArguments to a raw tracepoint are tagged as trusted, which carries the\nsemantics that the pointer will be non-NULL. However, in certain cases,\na raw tracepoint argument may end up being NULL. More context about this\nissue is available in [0].\n\nThus, there is a discrepancy between the reality, that raw_tp arguments\ncan actually be NULL, and the verifier\u0027s knowledge, that they are never\nNULL, causing explicit NULL checks to be deleted, and accesses to such\npointers potentially crashing the kernel.\n\nTo fix this, mark raw_tp arguments as PTR_MAYBE_NULL, and then special\ncase the dereference and pointer arithmetic to permit it, and allow\npassing them into helpers/kfuncs; these exceptions are made for raw_tp\nprograms only. Ensure that we don\u0027t do this when ref_obj_id \u003e 0, as in\nthat case this is an acquired object and doesn\u0027t need such adjustment.\n\nThe reason we do mask_raw_tp_trusted_reg logic is because other will\nrecheck in places whether the register is a trusted_reg, and then\nconsider our register as untrusted when detecting the presence of the\nPTR_MAYBE_NULL flag.\n\nTo allow safe dereference, we enable PROBE_MEM marking when we see loads\ninto trusted pointers with PTR_MAYBE_NULL.\n\nWhile trusted raw_tp arguments can also be passed into helpers or kfuncs\nwhere such broken assumption may cause issues, a future patch set will\ntackle their case separately, as PTR_TO_BTF_ID (without PTR_TRUSTED) can\nalready be passed into helpers and causes similar problems. Thus, they\nare left alone for now.\n\nIt is possible that these checks also permit passing non-raw_tp args\nthat are trusted PTR_TO_BTF_ID with null marking. In such a case,\nallowing dereference when pointer is NULL expands allowed behavior, so\nwon\u0027t regress existing programs, and the case of passing these into\nhelpers is the same as above and will be dealt with later.\n\nAlso update the failure case in tp_btf_nullable selftest to capture the\nnew behavior, as the verifier will no longer cause an error when\ndirectly dereference a raw tracepoint argument marked as __nullable.\n\n [0]: https://lore.kernel.org/bpf/ZrCZS6nisraEqehw@jlelli-thinkpadt14gen4.remote.csb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56702",
"url": "https://www.suse.com/security/cve/CVE-2024-56702"
},
{
"category": "external",
"summary": "SUSE Bug 1235501 for CVE-2024-56702",
"url": "https://bugzilla.suse.com/1235501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56702"
},
{
"cve": "CVE-2024-56703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix soft lockups in fib6_select_path under high next hop churn\n\nSoft lockups have been observed on a cluster of Linux-based edge routers\nlocated in a highly dynamic environment. Using the `bird` service, these\nrouters continuously update BGP-advertised routes due to frequently\nchanging nexthop destinations, while also managing significant IPv6\ntraffic. The lockups occur during the traversal of the multipath\ncircular linked-list in the `fib6_select_path` function, particularly\nwhile iterating through the siblings in the list. The issue typically\narises when the nodes of the linked list are unexpectedly deleted\nconcurrently on a different core\u2014indicated by their \u0027next\u0027 and\n\u0027previous\u0027 elements pointing back to the node itself and their reference\ncount dropping to zero. This results in an infinite loop, leading to a\nsoft lockup that triggers a system panic via the watchdog timer.\n\nApply RCU primitives in the problematic code sections to resolve the\nissue. Where necessary, update the references to fib6_siblings to\nannotate or use the RCU APIs.\n\nInclude a test script that reproduces the issue. The script\nperiodically updates the routing table while generating a heavy load\nof outgoing IPv6 traffic through multiple iperf3 clients. It\nconsistently induces infinite soft lockups within a couple of minutes.\n\nKernel log:\n\n 0 [ffffbd13003e8d30] machine_kexec at ffffffff8ceaf3eb\n 1 [ffffbd13003e8d90] __crash_kexec at ffffffff8d0120e3\n 2 [ffffbd13003e8e58] panic at ffffffff8cef65d4\n 3 [ffffbd13003e8ed8] watchdog_timer_fn at ffffffff8d05cb03\n 4 [ffffbd13003e8f08] __hrtimer_run_queues at ffffffff8cfec62f\n 5 [ffffbd13003e8f70] hrtimer_interrupt at ffffffff8cfed756\n 6 [ffffbd13003e8fd0] __sysvec_apic_timer_interrupt at ffffffff8cea01af\n 7 [ffffbd13003e8ff0] sysvec_apic_timer_interrupt at ffffffff8df1b83d\n-- \u003cIRQ stack\u003e --\n 8 [ffffbd13003d3708] asm_sysvec_apic_timer_interrupt at ffffffff8e000ecb\n [exception RIP: fib6_select_path+299]\n RIP: ffffffff8ddafe7b RSP: ffffbd13003d37b8 RFLAGS: 00000287\n RAX: ffff975850b43600 RBX: ffff975850b40200 RCX: 0000000000000000\n RDX: 000000003fffffff RSI: 0000000051d383e4 RDI: ffff975850b43618\n RBP: ffffbd13003d3800 R8: 0000000000000000 R9: ffff975850b40200\n R10: 0000000000000000 R11: 0000000000000000 R12: ffffbd13003d3830\n R13: ffff975850b436a8 R14: ffff975850b43600 R15: 0000000000000007\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n 9 [ffffbd13003d3808] ip6_pol_route at ffffffff8ddb030c\n10 [ffffbd13003d3888] ip6_pol_route_input at ffffffff8ddb068c\n11 [ffffbd13003d3898] fib6_rule_lookup at ffffffff8ddf02b5\n12 [ffffbd13003d3928] ip6_route_input at ffffffff8ddb0f47\n13 [ffffbd13003d3a18] ip6_rcv_finish_core.constprop.0 at ffffffff8dd950d0\n14 [ffffbd13003d3a30] ip6_list_rcv_finish.constprop.0 at ffffffff8dd96274\n15 [ffffbd13003d3a98] ip6_sublist_rcv at ffffffff8dd96474\n16 [ffffbd13003d3af8] ipv6_list_rcv at ffffffff8dd96615\n17 [ffffbd13003d3b60] __netif_receive_skb_list_core at ffffffff8dc16fec\n18 [ffffbd13003d3be0] netif_receive_skb_list_internal at ffffffff8dc176b3\n19 [ffffbd13003d3c50] napi_gro_receive at ffffffff8dc565b9\n20 [ffffbd13003d3c80] ice_receive_skb at ffffffffc087e4f5 [ice]\n21 [ffffbd13003d3c90] ice_clean_rx_irq at ffffffffc0881b80 [ice]\n22 [ffffbd13003d3d20] ice_napi_poll at ffffffffc088232f [ice]\n23 [ffffbd13003d3d80] __napi_poll at ffffffff8dc18000\n24 [ffffbd13003d3db8] net_rx_action at ffffffff8dc18581\n25 [ffffbd13003d3e40] __do_softirq at ffffffff8df352e9\n26 [ffffbd13003d3eb0] run_ksoftirqd at ffffffff8ceffe47\n27 [ffffbd13003d3ec0] smpboot_thread_fn at ffffffff8cf36a30\n28 [ffffbd13003d3ee8] kthread at ffffffff8cf2b39f\n29 [ffffbd13003d3f28] ret_from_fork at ffffffff8ce5fa64\n30 [ffffbd13003d3f50] ret_from_fork_asm at ffffffff8ce03cbb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56703",
"url": "https://www.suse.com/security/cve/CVE-2024-56703"
},
{
"category": "external",
"summary": "SUSE Bug 1235455 for CVE-2024-56703",
"url": "https://bugzilla.suse.com/1235455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56703"
},
{
"cve": "CVE-2024-56718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: protect link down work from execute after lgr freed\n\nlink down work may be scheduled before lgr freed but execute\nafter lgr freed, which may result in crash. So it is need to\nhold a reference before shedule link down work, and put the\nreference after work executed or canceled.\n\nThe relevant crash call stack as follows:\n list_del corruption. prev-\u003enext should be ffffb638c9c0fe20,\n but was 0000000000000000\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:51!\n invalid opcode: 0000 [#1] SMP NOPTI\n CPU: 6 PID: 978112 Comm: kworker/6:119 Kdump: loaded Tainted: G #1\n Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 2221b89 04/01/2014\n Workqueue: events smc_link_down_work [smc]\n RIP: 0010:__list_del_entry_valid.cold+0x31/0x47\n RSP: 0018:ffffb638c9c0fdd8 EFLAGS: 00010086\n RAX: 0000000000000054 RBX: ffff942fb75e5128 RCX: 0000000000000000\n RDX: ffff943520930aa0 RSI: ffff94352091fc80 RDI: ffff94352091fc80\n RBP: 0000000000000000 R08: 0000000000000000 R09: ffffb638c9c0fc38\n R10: ffffb638c9c0fc30 R11: ffffffffa015eb28 R12: 0000000000000002\n R13: ffffb638c9c0fe20 R14: 0000000000000001 R15: ffff942f9cd051c0\n FS: 0000000000000000(0000) GS:ffff943520900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f4f25214000 CR3: 000000025fbae004 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n rwsem_down_write_slowpath+0x17e/0x470\n smc_link_down_work+0x3c/0x60 [smc]\n process_one_work+0x1ac/0x350\n worker_thread+0x49/0x2f0\n ? rescuer_thread+0x360/0x360\n kthread+0x118/0x140\n ? __kthread_bind_mask+0x60/0x60\n ret_from_fork+0x1f/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56718",
"url": "https://www.suse.com/security/cve/CVE-2024-56718"
},
{
"category": "external",
"summary": "SUSE Bug 1235589 for CVE-2024-56718",
"url": "https://bugzilla.suse.com/1235589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56718"
},
{
"cve": "CVE-2024-56719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: fix TSO DMA API usage causing oops\n\nCommit 66600fac7a98 (\"net: stmmac: TSO: Fix unbalanced DMA map/unmap\nfor non-paged SKB data\") moved the assignment of tx_skbuff_dma[]\u0027s\nmembers to be later in stmmac_tso_xmit().\n\nThe buf (dma cookie) and len stored in this structure are passed to\ndma_unmap_single() by stmmac_tx_clean(). The DMA API requires that\nthe dma cookie passed to dma_unmap_single() is the same as the value\nreturned from dma_map_single(). However, by moving the assignment\nlater, this is not the case when priv-\u003edma_cap.addr64 \u003e 32 as \"des\"\nis offset by proto_hdr_len.\n\nThis causes problems such as:\n\n dwc-eth-dwmac 2490000.ethernet eth0: Tx DMA map failed\n\nand with DMA_API_DEBUG enabled:\n\n DMA-API: dwc-eth-dwmac 2490000.ethernet: device driver tries to +free DMA memory it has not allocated [device address=0x000000ffffcf65c0] [size=66 bytes]\n\nFix this by maintaining \"des\" as the original DMA cookie, and use\ntso_des to pass the offset DMA cookie to stmmac_tso_allocator().\n\nFull details of the crashes can be found at:\nhttps://lore.kernel.org/all/d8112193-0386-4e14-b516-37c2d838171a@nvidia.com/\nhttps://lore.kernel.org/all/klkzp5yn5kq5efgtrow6wbvnc46bcqfxs65nz3qy77ujr5turc@bwwhelz2l4dw/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56719",
"url": "https://www.suse.com/security/cve/CVE-2024-56719"
},
{
"category": "external",
"summary": "SUSE Bug 1235591 for CVE-2024-56719",
"url": "https://bugzilla.suse.com/1235591"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56719"
},
{
"cve": "CVE-2024-56720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56720"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Several fixes to bpf_msg_pop_data\n\nSeveral fixes to bpf_msg_pop_data,\n1. In sk_msg_shift_left, we should put_page\n2. if (len == 0), return early is better\n3. pop the entire sk_msg (last == msg-\u003esg.size) should be supported\n4. Fix for the value of variable \"a\"\n5. In sk_msg_shift_left, after shifting, i has already pointed to the next\nelement. Addtional sk_msg_iter_var_next may result in BUG.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56720",
"url": "https://www.suse.com/security/cve/CVE-2024-56720"
},
{
"category": "external",
"summary": "SUSE Bug 1235592 for CVE-2024-56720",
"url": "https://bugzilla.suse.com/1235592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56720"
},
{
"cve": "CVE-2024-56751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56751"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: release nexthop on device removal\n\nThe CI is hitting some aperiodic hangup at device removal time in the\npmtu.sh self-test:\n\nunregister_netdevice: waiting for veth_A-R1 to become free. Usage count = 6\nref_tracker: veth_A-R1@ffff888013df15d8 has 1/5 users at\n\tdst_init+0x84/0x4a0\n\tdst_alloc+0x97/0x150\n\tip6_dst_alloc+0x23/0x90\n\tip6_rt_pcpu_alloc+0x1e6/0x520\n\tip6_pol_route+0x56f/0x840\n\tfib6_rule_lookup+0x334/0x630\n\tip6_route_output_flags+0x259/0x480\n\tip6_dst_lookup_tail.constprop.0+0x5c2/0x940\n\tip6_dst_lookup_flow+0x88/0x190\n\tudp_tunnel6_dst_lookup+0x2a7/0x4c0\n\tvxlan_xmit_one+0xbde/0x4a50 [vxlan]\n\tvxlan_xmit+0x9ad/0xf20 [vxlan]\n\tdev_hard_start_xmit+0x10e/0x360\n\t__dev_queue_xmit+0xf95/0x18c0\n\tarp_solicit+0x4a2/0xe00\n\tneigh_probe+0xaa/0xf0\n\nWhile the first suspect is the dst_cache, explicitly tracking the dst\nowing the last device reference via probes proved such dst is held by\nthe nexthop in the originating fib6_info.\n\nSimilar to commit f5b51fe804ec (\"ipv6: route: purge exception on\nremoval\"), we need to explicitly release the originating fib info when\ndisconnecting a to-be-removed device from a live ipv6 dst: move the\nfib6_info cleanup into ip6_dst_ifdown().\n\nTested running:\n\n./pmtu.sh cleanup_ipv6_exception\n\nin a tight loop for more than 400 iterations with no spat, running an\nunpatched kernel I observed a splat every ~10 iterations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56751",
"url": "https://www.suse.com/security/cve/CVE-2024-56751"
},
{
"category": "external",
"summary": "SUSE Bug 1234936 for CVE-2024-56751",
"url": "https://bugzilla.suse.com/1234936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56751"
},
{
"cve": "CVE-2024-56758",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56758"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: check folio mapping after unlock in relocate_one_folio()\n\nWhen we call btrfs_read_folio() to bring a folio uptodate, we unlock the\nfolio. The result of that is that a different thread can modify the\nmapping (like remove it with invalidate) before we call folio_lock().\nThis results in an invalid page and we need to try again.\n\nIn particular, if we are relocating concurrently with aborting a\ntransaction, this can result in a crash like the following:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP\n CPU: 76 PID: 1411631 Comm: kworker/u322:5\n Workqueue: events_unbound btrfs_reclaim_bgs_work\n RIP: 0010:set_page_extent_mapped+0x20/0xb0\n RSP: 0018:ffffc900516a7be8 EFLAGS: 00010246\n RAX: ffffea009e851d08 RBX: ffffea009e0b1880 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffffc900516a7b90 RDI: ffffea009e0b1880\n RBP: 0000000003573000 R08: 0000000000000001 R09: ffff88c07fd2f3f0\n R10: 0000000000000000 R11: 0000194754b575be R12: 0000000003572000\n R13: 0000000003572fff R14: 0000000000100cca R15: 0000000005582fff\n FS: 0000000000000000(0000) GS:ffff88c07fd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 000000407d00f002 CR4: 00000000007706f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x78/0xc0\n ? page_fault_oops+0x2a8/0x3a0\n ? __switch_to+0x133/0x530\n ? wq_worker_running+0xa/0x40\n ? exc_page_fault+0x63/0x130\n ? asm_exc_page_fault+0x22/0x30\n ? set_page_extent_mapped+0x20/0xb0\n relocate_file_extent_cluster+0x1a7/0x940\n relocate_data_extent+0xaf/0x120\n relocate_block_group+0x20f/0x480\n btrfs_relocate_block_group+0x152/0x320\n btrfs_relocate_chunk+0x3d/0x120\n btrfs_reclaim_bgs_work+0x2ae/0x4e0\n process_scheduled_works+0x184/0x370\n worker_thread+0xc6/0x3e0\n ? blk_add_timer+0xb0/0xb0\n kthread+0xae/0xe0\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork+0x2f/0x40\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n\nThis occurs because cleanup_one_transaction() calls\ndestroy_delalloc_inodes() which calls invalidate_inode_pages2() which\ntakes the folio_lock before setting mapping to NULL. We fail to check\nthis, and subsequently call set_extent_mapping(), which assumes that\nmapping != NULL (in fact it asserts that in debug mode)\n\nNote that the \"fixes\" patch here is not the one that introduced the\nrace (the very first iteration of this code from 2009) but a more recent\nchange that made this particular crash happen in practice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56758",
"url": "https://www.suse.com/security/cve/CVE-2024-56758"
},
{
"category": "external",
"summary": "SUSE Bug 1235621 for CVE-2024-56758",
"url": "https://bugzilla.suse.com/1235621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56758"
},
{
"cve": "CVE-2024-56770",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56770"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: netem: account for backlog updates from child qdisc\n\nIn general, \u0027qlen\u0027 of any classful qdisc should keep track of the\nnumber of packets that the qdisc itself and all of its children holds.\nIn case of netem, \u0027qlen\u0027 only accounts for the packets in its internal\ntfifo. When netem is used with a child qdisc, the child qdisc can use\n\u0027qdisc_tree_reduce_backlog\u0027 to inform its parent, netem, about created\nor dropped SKBs. This function updates \u0027qlen\u0027 and the backlog statistics\nof netem, but netem does not account for changes made by a child qdisc.\n\u0027qlen\u0027 then indicates the wrong number of packets in the tfifo.\nIf a child qdisc creates new SKBs during enqueue and informs its parent\nabout this, netem\u0027s \u0027qlen\u0027 value is increased. When netem dequeues the\nnewly created SKBs from the child, the \u0027qlen\u0027 in netem is not updated.\nIf \u0027qlen\u0027 reaches the configured sch-\u003elimit, the enqueue function stops\nworking, even though the tfifo is not full.\n\nReproduce the bug:\nEnsure that the sender machine has GSO enabled. Configure netem as root\nqdisc and tbf as its child on the outgoing interface of the machine\nas follows:\n$ tc qdisc add dev \u003coif\u003e root handle 1: netem delay 100ms limit 100\n$ tc qdisc add dev \u003coif\u003e parent 1:0 tbf rate 50Mbit burst 1542 latency 50ms\n\nSend bulk TCP traffic out via this interface, e.g., by running an iPerf3\nclient on the machine. Check the qdisc statistics:\n$ tc -s qdisc show dev \u003coif\u003e\n\nStatistics after 10s of iPerf3 TCP test before the fix (note that\nnetem\u0027s backlog \u003e limit, netem stopped accepting packets):\nqdisc netem 1: root refcnt 2 limit 1000 delay 100ms\n Sent 2767766 bytes 1848 pkt (dropped 652, overlimits 0 requeues 0)\n backlog 4294528236b 1155p requeues 0\nqdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms\n Sent 2767766 bytes 1848 pkt (dropped 327, overlimits 7601 requeues 0)\n backlog 0b 0p requeues 0\n\nStatistics after the fix:\nqdisc netem 1: root refcnt 2 limit 1000 delay 100ms\n Sent 37766372 bytes 24974 pkt (dropped 9, overlimits 0 requeues 0)\n backlog 0b 0p requeues 0\nqdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms\n Sent 37766372 bytes 24974 pkt (dropped 327, overlimits 96017 requeues 0)\n backlog 0b 0p requeues 0\n\ntbf segments the GSO SKBs (tbf_segment) and updates the netem\u0027s \u0027qlen\u0027.\nThe interface fully stops transferring packets and \"locks\". In this case,\nthe child qdisc and tfifo are empty, but \u0027qlen\u0027 indicates the tfifo is at\nits limit and no more packets are accepted.\n\nThis patch adds a counter for the entries in the tfifo. Netem\u0027s \u0027qlen\u0027 is\nonly decreased when a packet is returned by its dequeue function, and not\nduring enqueuing into the child qdisc. External updates to \u0027qlen\u0027 are thus\naccounted for and only the behavior of the backlog statistics changes. As\nin other qdiscs, \u0027qlen\u0027 then keeps track of how many packets are held in\nnetem and all of its children. As before, sch-\u003elimit remains as the\nmaximum number of packets in the tfifo. The same applies to netem\u0027s\nbacklog statistics.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56770",
"url": "https://www.suse.com/security/cve/CVE-2024-56770"
},
{
"category": "external",
"summary": "SUSE Bug 1235637 for CVE-2024-56770",
"url": "https://bugzilla.suse.com/1235637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56770"
},
{
"cve": "CVE-2024-57807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57807"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: megaraid_sas: Fix for a potential deadlock\n\nThis fixes a \u0027possible circular locking dependency detected\u0027 warning\n CPU0 CPU1\n ---- ----\n lock(\u0026instance-\u003ereset_mutex);\n lock(\u0026shost-\u003escan_mutex);\n lock(\u0026instance-\u003ereset_mutex);\n lock(\u0026shost-\u003escan_mutex);\n\nFix this by temporarily releasing the reset_mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57807",
"url": "https://www.suse.com/security/cve/CVE-2024-57807"
},
{
"category": "external",
"summary": "SUSE Bug 1235761 for CVE-2024-57807",
"url": "https://bugzilla.suse.com/1235761"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57807"
},
{
"cve": "CVE-2024-57834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57834"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread\n\nsyzbot report a null-ptr-deref in vidtv_mux_stop_thread. [1]\n\nIf dvb-\u003emux is not initialized successfully by vidtv_mux_init() in the\nvidtv_start_streaming(), it will trigger null pointer dereference about mux\nin vidtv_mux_stop_thread().\n\nAdjust the timing of streaming initialization and check it before\nstopping it.\n\n[1]\nKASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f]\nCPU: 0 UID: 0 PID: 5842 Comm: syz-executor248 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:vidtv_mux_stop_thread+0x26/0x80 drivers/media/test-drivers/vidtv/vidtv_mux.c:471\nCode: 90 90 90 90 66 0f 1f 00 55 53 48 89 fb e8 82 2e c8 f9 48 8d bb 28 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c0f\u003e b6 04 02 84 c0 74 02 7e 3b 0f b6 ab 28 01 00 00 31 ff 89 ee e8\nRSP: 0018:ffffc90003f2faa8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff87cfb125\nRDX: 0000000000000025 RSI: ffffffff87d120ce RDI: 0000000000000128\nRBP: ffff888029b8d220 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000003 R12: ffff888029b8d188\nR13: ffffffff8f590aa0 R14: ffffc9000581c5c8 R15: ffff888029a17710\nFS: 00007f7eef5156c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f7eef5e635c CR3: 0000000076ca6000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vidtv_stop_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:209 [inline]\n vidtv_stop_feed+0x151/0x250 drivers/media/test-drivers/vidtv/vidtv_bridge.c:252\n dmx_section_feed_stop_filtering+0x90/0x160 drivers/media/dvb-core/dvb_demux.c:1000\n dvb_dmxdev_feed_stop.isra.0+0x1ee/0x270 drivers/media/dvb-core/dmxdev.c:486\n dvb_dmxdev_filter_stop+0x22a/0x3a0 drivers/media/dvb-core/dmxdev.c:559\n dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline]\n dvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246\n __fput+0x3f8/0xb60 fs/file_table.c:450\n task_work_run+0x14e/0x250 kernel/task_work.c:239\n get_signal+0x1d3/0x2610 kernel/signal.c:2790\n arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337\n exit_to_user_mode_loop kernel/entry/common.c:111 [inline]\n exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218\n do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57834",
"url": "https://www.suse.com/security/cve/CVE-2024-57834"
},
{
"category": "external",
"summary": "SUSE Bug 1238993 for CVE-2024-57834",
"url": "https://bugzilla.suse.com/1238993"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57834"
},
{
"cve": "CVE-2024-57882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57882"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix TCP options overflow.\n\nSyzbot reported the following splat:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 UID: 0 PID: 5836 Comm: sshd Not tainted 6.13.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\nRIP: 0010:_compound_head include/linux/page-flags.h:242 [inline]\nRIP: 0010:put_page+0x23/0x260 include/linux/mm.h:1552\nCode: 90 90 90 90 90 90 90 55 41 57 41 56 53 49 89 fe 48 bd 00 00 00 00 00 fc ff df e8 f8 5e 12 f8 49 8d 5e 08 48 89 d8 48 c1 e8 03 \u003c80\u003e 3c 28 00 74 08 48 89 df e8 8f c7 78 f8 48 8b 1b 48 89 de 48 83\nRSP: 0000:ffffc90003916c90 EFLAGS: 00010202\nRAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888030458000\nRDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: dffffc0000000000 R08: ffffffff898ca81d R09: 1ffff110054414ac\nR10: dffffc0000000000 R11: ffffed10054414ad R12: 0000000000000007\nR13: ffff88802a20a542 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f34f496e800(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f9d6ec9ec28 CR3: 000000004d260000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n skb_page_unref include/linux/skbuff_ref.h:43 [inline]\n __skb_frag_unref include/linux/skbuff_ref.h:56 [inline]\n skb_release_data+0x483/0x8a0 net/core/skbuff.c:1119\n skb_release_all net/core/skbuff.c:1190 [inline]\n __kfree_skb+0x55/0x70 net/core/skbuff.c:1204\n tcp_clean_rtx_queue net/ipv4/tcp_input.c:3436 [inline]\n tcp_ack+0x2442/0x6bc0 net/ipv4/tcp_input.c:4032\n tcp_rcv_state_process+0x8eb/0x44e0 net/ipv4/tcp_input.c:6805\n tcp_v4_do_rcv+0x77d/0xc70 net/ipv4/tcp_ipv4.c:1939\n tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2351\n ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n __netif_receive_skb_one_core net/core/dev.c:5672 [inline]\n __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5785\n process_backlog+0x662/0x15b0 net/core/dev.c:6117\n __napi_poll+0xcb/0x490 net/core/dev.c:6883\n napi_poll net/core/dev.c:6952 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:7074\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0x57/0xc0 arch/x86/kernel/apic/apic.c:1049\n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702\nRIP: 0033:0x7f34f4519ad5\nCode: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83\nRSP: 002b:00007ffec5b32ce0 EFLAGS: 00000246\nRAX: 0000000000000001 RBX: 00000000000668a0 RCX: 00007f34f4519ad5\nRDX: 00007ffec5b32d00 RSI: 0000000000000004 RDI: 0000564f4bc6cae0\nRBP: 0000564f4bc6b5a0 R08: 0000000000000008 R09: 0000000000000000\nR10: 00007ffec5b32de8 R11: 0000000000000246 R12: 0000564f48ea8aa4\nR13: 0000000000000001 R14: 0000564f48ea93e8 R15: 00007ffec5b32d68\n \u003c/TASK\u003e\n\nEric noted a probable shinfo-\u003enr_frags corruption, which indeed\noccurs.\n\nThe root cause is a buggy MPTCP option len computation in some\ncircumstances: the ADD_ADDR option should be mutually exclusive\nwith DSS since the blamed commit.\n\nStill, mptcp_established_options_add_addr() tries to set the\nrelevant info in mptcp_out_options, if \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57882",
"url": "https://www.suse.com/security/cve/CVE-2024-57882"
},
{
"category": "external",
"summary": "SUSE Bug 1235914 for CVE-2024-57882",
"url": "https://bugzilla.suse.com/1235914"
},
{
"category": "external",
"summary": "SUSE Bug 1235916 for CVE-2024-57882",
"url": "https://bugzilla.suse.com/1235916"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-57882"
},
{
"cve": "CVE-2024-57889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking\n\nIf a device uses MCP23xxx IO expander to receive IRQs, the following\nbug can happen:\n\n BUG: sleeping function called from invalid context\n at kernel/locking/mutex.c:283\n in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ...\n preempt_count: 1, expected: 0\n ...\n Call Trace:\n ...\n __might_resched+0x104/0x10e\n __might_sleep+0x3e/0x62\n mutex_lock+0x20/0x4c\n regmap_lock_mutex+0x10/0x18\n regmap_update_bits_base+0x2c/0x66\n mcp23s08_irq_set_type+0x1ae/0x1d6\n __irq_set_trigger+0x56/0x172\n __setup_irq+0x1e6/0x646\n request_threaded_irq+0xb6/0x160\n ...\n\nWe observed the problem while experimenting with a touchscreen driver which\nused MCP23017 IO expander (I2C).\n\nThe regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from\nconcurrent accesses, which is the default for regmaps without .fast_io,\n.disable_locking, etc.\n\nmcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter\nlocks the mutex.\n\nHowever, __setup_irq() locks desc-\u003elock spinlock before calling these\nfunctions. As a result, the system tries to lock the mutex whole holding\nthe spinlock.\n\nIt seems, the internal regmap locks are not needed in this driver at all.\nmcp-\u003elock seems to protect the regmap from concurrent accesses already,\nexcept, probably, in mcp_pinconf_get/set.\n\nmcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under\nchip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes\nmcp-\u003elock and enables regmap caching, so that the potentially slow I2C\naccesses are deferred until chip_bus_unlock().\n\nThe accesses to the regmap from mcp23s08_probe_one() do not need additional\nlocking.\n\nIn all remaining places where the regmap is accessed, except\nmcp_pinconf_get/set(), the driver already takes mcp-\u003elock.\n\nThis patch adds locking in mcp_pinconf_get/set() and disables internal\nlocking in the regmap config. Among other things, it fixes the sleeping\nin atomic context described above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57889",
"url": "https://www.suse.com/security/cve/CVE-2024-57889"
},
{
"category": "external",
"summary": "SUSE Bug 1236573 for CVE-2024-57889",
"url": "https://bugzilla.suse.com/1236573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57889"
},
{
"cve": "CVE-2024-57900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57900"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: serialize calls to nf_register_net_hooks()\n\nsyzbot found a race in ila_add_mapping() [1]\n\ncommit 031ae72825ce (\"ila: call nf_unregister_net_hooks() sooner\")\nattempted to fix a similar issue.\n\nLooking at the syzbot repro, we have concurrent ILA_CMD_ADD commands.\n\nAdd a mutex to make sure at most one thread is calling nf_register_net_hooks().\n\n[1]\n BUG: KASAN: slab-use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: slab-use-after-free in __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604\nRead of size 4 at addr ffff888028f40008 by task dhcpcd/5501\n\nCPU: 1 UID: 0 PID: 5501 Comm: dhcpcd Not tainted 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:489\n kasan_report+0xd9/0x110 mm/kasan/report.c:602\n rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:127 [inline]\n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n ila_nf_input+0x1ee/0x620 net/ipv6/ila/ila_xlat.c:185\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xbb/0x200 net/netfilter/core.c:626\n nf_hook.constprop.0+0x42e/0x750 include/linux/netfilter.h:269\n NF_HOOK include/linux/netfilter.h:312 [inline]\n ipv6_rcv+0xa4/0x680 net/ipv6/ip6_input.c:309\n __netif_receive_skb_one_core+0x12e/0x1e0 net/core/dev.c:5672\n __netif_receive_skb+0x1d/0x160 net/core/dev.c:5785\n process_backlog+0x443/0x15f0 net/core/dev.c:6117\n __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:6883\n napi_poll net/core/dev.c:6952 [inline]\n net_rx_action+0xa94/0x1010 net/core/dev.c:7074\n handle_softirqs+0x213/0x8f0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0x109/0x170 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57900",
"url": "https://www.suse.com/security/cve/CVE-2024-57900"
},
{
"category": "external",
"summary": "SUSE Bug 1235973 for CVE-2024-57900",
"url": "https://bugzilla.suse.com/1235973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57900"
},
{
"cve": "CVE-2024-57947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_set_pipapo: fix initial map fill\n\nThe initial buffer has to be inited to all-ones, but it must restrict\nit to the size of the first field, not the total field size.\n\nAfter each round in the map search step, the result and the fill map\nare swapped, so if we have a set where f-\u003ebsize of the first element\nis smaller than m-\u003ebsize_max, those one-bits are leaked into future\nrounds result map.\n\nThis makes pipapo find an incorrect matching results for sets where\nfirst field size is not the largest.\n\nFollowup patch adds a test case to nft_concat_range.sh selftest script.\n\nThanks to Stefano Brivio for pointing out that we need to zero out\nthe remainder explicitly, only correcting memset() argument isn\u0027t enough.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57947",
"url": "https://www.suse.com/security/cve/CVE-2024-57947"
},
{
"category": "external",
"summary": "SUSE Bug 1236333 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "external",
"summary": "SUSE Bug 1245799 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1245799"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-57947"
},
{
"cve": "CVE-2024-57948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: check local interfaces before deleting sdata list\n\nsyzkaller reported a corrupted list in ieee802154_if_remove. [1]\n\nRemove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4\nhardware device from the system.\n\nCPU0\t\t\t\t\tCPU1\n====\t\t\t\t\t====\ngenl_family_rcv_msg_doit\t\tieee802154_unregister_hw\nieee802154_del_iface\t\t\tieee802154_remove_interfaces\nrdev_del_virtual_intf_deprecated\tlist_del(\u0026sdata-\u003elist)\nieee802154_if_remove\nlist_del_rcu\n\nThe net device has been unregistered, since the rcu grace period,\nunregistration must be run before ieee802154_if_remove.\n\nTo avoid this issue, add a check for local-\u003einterfaces before deleting\nsdata list.\n\n[1]\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 UID: 0 PID: 6277 Comm: syz-executor157 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:__list_del_entry_valid_or_report+0xf4/0x140 lib/list_debug.c:56\nCode: e8 a1 7e 00 07 90 0f 0b 48 c7 c7 e0 37 60 8c 4c 89 fe e8 8f 7e 00 07 90 0f 0b 48 c7 c7 40 38 60 8c 4c 89 fe e8 7d 7e 00 07 90 \u003c0f\u003e 0b 48 c7 c7 a0 38 60 8c 4c 89 fe e8 6b 7e 00 07 90 0f 0b 48 c7\nRSP: 0018:ffffc9000490f3d0 EFLAGS: 00010246\nRAX: 000000000000004e RBX: dead000000000122 RCX: d211eee56bb28d00\nRDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\nRBP: ffff88805b278dd8 R08: ffffffff8174a12c R09: 1ffffffff2852f0d\nR10: dffffc0000000000 R11: fffffbfff2852f0e R12: dffffc0000000000\nR13: dffffc0000000000 R14: dead000000000100 R15: ffff88805b278cc0\nFS: 0000555572f94380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000056262e4a3000 CR3: 0000000078496000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __list_del_entry_valid include/linux/list.h:124 [inline]\n __list_del_entry include/linux/list.h:215 [inline]\n list_del_rcu include/linux/rculist.h:157 [inline]\n ieee802154_if_remove+0x86/0x1e0 net/mac802154/iface.c:687\n rdev_del_virtual_intf_deprecated net/ieee802154/rdev-ops.h:24 [inline]\n ieee802154_del_iface+0x2c0/0x5c0 net/ieee802154/nl-phy.c:323\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:744\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2607\n ___sys_sendmsg net/socket.c:2661 [inline]\n __sys_sendmsg+0x292/0x380 net/socket.c:2690\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57948",
"url": "https://www.suse.com/security/cve/CVE-2024-57948"
},
{
"category": "external",
"summary": "SUSE Bug 1236677 for CVE-2024-57948",
"url": "https://bugzilla.suse.com/1236677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57948"
},
{
"cve": "CVE-2024-57973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57973"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrdma/cxgb4: Prevent potential integer overflow on 32bit\n\nThe \"gl-\u003etot_len\" variable is controlled by the user. It comes from\nprocess_responses(). On 32bit systems, the \"gl-\u003etot_len + sizeof(struct\ncpl_pass_accept_req) + sizeof(struct rss_header)\" addition could have an\ninteger wrapping bug. Use size_add() to prevent this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57973",
"url": "https://www.suse.com/security/cve/CVE-2024-57973"
},
{
"category": "external",
"summary": "SUSE Bug 1238531 for CVE-2024-57973",
"url": "https://bugzilla.suse.com/1238531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57973"
},
{
"cve": "CVE-2024-57974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudp: Deal with race between UDP socket address change and rehash\n\nIf a UDP socket changes its local address while it\u0027s receiving\ndatagrams, as a result of connect(), there is a period during which\na lookup operation might fail to find it, after the address is changed\nbut before the secondary hash (port and address) and the four-tuple\nhash (local and remote ports and addresses) are updated.\n\nSecondary hash chains were introduced by commit 30fff9231fad (\"udp:\nbind() optimisation\") and, as a result, a rehash operation became\nneeded to make a bound socket reachable again after a connect().\n\nThis operation was introduced by commit 719f835853a9 (\"udp: add\nrehash on connect()\") which isn\u0027t however a complete fix: the\nsocket will be found once the rehashing completes, but not while\nit\u0027s pending.\n\nThis is noticeable with a socat(1) server in UDP4-LISTEN mode, and a\nclient sending datagrams to it. After the server receives the first\ndatagram (cf. _xioopen_ipdgram_listen()), it issues a connect() to\nthe address of the sender, in order to set up a directed flow.\n\nNow, if the client, running on a different CPU thread, happens to\nsend a (subsequent) datagram while the server\u0027s socket changes its\naddress, but is not rehashed yet, this will result in a failed\nlookup and a port unreachable error delivered to the client, as\napparent from the following reproducer:\n\n LEN=$(($(cat /proc/sys/net/core/wmem_default) / 4))\n dd if=/dev/urandom bs=1 count=${LEN} of=tmp.in\n\n while :; do\n \ttaskset -c 1 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,trunc \u0026\n \tsleep 0.1 || sleep 1\n \ttaskset -c 2 socat OPEN:tmp.in UDP4:localhost:1337,shut-null\n \twait\n done\n\nwhere the client will eventually get ECONNREFUSED on a write()\n(typically the second or third one of a given iteration):\n\n 2024/11/13 21:28:23 socat[46901] E write(6, 0x556db2e3c000, 8192): Connection refused\n\nThis issue was first observed as a seldom failure in Podman\u0027s tests\nchecking UDP functionality while using pasta(1) to connect the\ncontainer\u0027s network namespace, which leads us to a reproducer with\nthe lookup error resulting in an ICMP packet on a tap device:\n\n LOCAL_ADDR=\"$(ip -j -4 addr show|jq -rM \u0027.[] | .addr_info[0] | select(.scope == \"global\").local\u0027)\"\n\n while :; do\n \t./pasta --config-net -p pasta.pcap -u 1337 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,trunc \u0026\n \tsleep 0.2 || sleep 1\n \tsocat OPEN:tmp.in UDP4:${LOCAL_ADDR}:1337,shut-null\n \twait\n \tcmp tmp.in tmp.out\n done\n\nOnce this fails:\n\n tmp.in tmp.out differ: char 8193, line 29\n\nwe can finally have a look at what\u0027s going on:\n\n $ tshark -r pasta.pcap\n 1 0.000000 :: ? ff02::16 ICMPv6 110 Multicast Listener Report Message v2\n 2 0.168690 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 3 0.168767 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 4 0.168806 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 5 0.168827 c6:47:05:8d:dc:04 ? Broadcast ARP 42 Who has 88.198.0.161? Tell 88.198.0.164\n 6 0.168851 9a:55:9a:55:9a:55 ? c6:47:05:8d:dc:04 ARP 42 88.198.0.161 is at 9a:55:9a:55:9a:55\n 7 0.168875 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 8 0.168896 88.198.0.164 ? 88.198.0.161 ICMP 590 Destination unreachable (Port unreachable)\n 9 0.168926 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 10 0.168959 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 11 0.168989 88.198.0.161 ? 88.198.0.164 UDP 4138 60260 ? 1337 Len=4096\n 12 0.169010 88.198.0.161 ? 88.198.0.164 UDP 42 60260 ? 1337 Len=0\n\nOn the third datagram received, the network namespace of the container\ninitiates an ARP lookup to deliver the ICMP message.\n\nIn another variant of this reproducer, starting the client with:\n\n strace -f pasta --config-net -u 1337 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,tru\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57974",
"url": "https://www.suse.com/security/cve/CVE-2024-57974"
},
{
"category": "external",
"summary": "SUSE Bug 1238532 for CVE-2024-57974",
"url": "https://bugzilla.suse.com/1238532"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57974"
},
{
"cve": "CVE-2024-57978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Fix potential error pointer dereference in detach_pm()\n\nThe proble is on the first line:\n\n\tif (jpeg-\u003epd_dev[i] \u0026\u0026 !pm_runtime_suspended(jpeg-\u003epd_dev[i]))\n\nIf jpeg-\u003epd_dev[i] is an error pointer, then passing it to\npm_runtime_suspended() will lead to an Oops. The other conditions\ncheck for both error pointers and NULL, but it would be more clear to\nuse the IS_ERR_OR_NULL() check for that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57978",
"url": "https://www.suse.com/security/cve/CVE-2024-57978"
},
{
"category": "external",
"summary": "SUSE Bug 1238523 for CVE-2024-57978",
"url": "https://bugzilla.suse.com/1238523"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57978"
},
{
"cve": "CVE-2024-57979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57979"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npps: Fix a use-after-free\n\nOn a board running ntpd and gpsd, I\u0027m seeing a consistent use-after-free\nin sys_exit() from gpsd when rebooting:\n\n pps pps1: removed\n ------------[ cut here ]------------\n kobject: \u0027(null)\u0027 (00000000db4bec24): is not initialized, yet kobject_put() is being called.\n WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150\n CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1\n Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : kobject_put+0x120/0x150\n lr : kobject_put+0x120/0x150\n sp : ffffffc0803d3ae0\n x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001\n x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440\n x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600\n x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20\n x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000\n x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n kobject_put+0x120/0x150\n cdev_put+0x20/0x3c\n __fput+0x2c4/0x2d8\n ____fput+0x1c/0x38\n task_work_run+0x70/0xfc\n do_exit+0x2a0/0x924\n do_group_exit+0x34/0x90\n get_signal+0x7fc/0x8c0\n do_signal+0x128/0x13b4\n do_notify_resume+0xdc/0x160\n el0_svc+0xd4/0xf8\n el0t_64_sync_handler+0x140/0x14c\n el0t_64_sync+0x190/0x194\n ---[ end trace 0000000000000000 ]---\n\n...followed by more symptoms of corruption, with similar stacks:\n\n refcount_t: underflow; use-after-free.\n kernel BUG at lib/list_debug.c:62!\n Kernel panic - not syncing: Oops - BUG: Fatal exception\n\nThis happens because pps_device_destruct() frees the pps_device with the\nembedded cdev immediately after calling cdev_del(), but, as the comment\nabove cdev_del() notes, fops for previously opened cdevs are still\ncallable even after cdev_del() returns. I think this bug has always\nbeen there: I can\u0027t explain why it suddenly started happening every time\nI reboot this particular board.\n\nIn commit d953e0e837e6 (\"pps: Fix a use-after free bug when\nunregistering a source.\"), George Spelvin suggested removing the\nembedded cdev. That seems like the simplest way to fix this, so I\u0027ve\nimplemented his suggestion, using __register_chrdev() with pps_idr\nbecoming the source of truth for which minor corresponds to which\ndevice.\n\nBut now that pps_idr defines userspace visibility instead of cdev_add(),\nwe need to be sure the pps-\u003edev refcount can\u0027t reach zero while\nuserspace can still find it again. So, the idr_remove() call moves to\npps_unregister_cdev(), and pps_idr now holds a reference to pps-\u003edev.\n\n pps_core: source serial1 got cdev (251:1)\n \u003c...\u003e\n pps pps1: removed\n pps_core: unregistering pps1\n pps_core: deallocating pps1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57979",
"url": "https://www.suse.com/security/cve/CVE-2024-57979"
},
{
"category": "external",
"summary": "SUSE Bug 1238521 for CVE-2024-57979",
"url": "https://bugzilla.suse.com/1238521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57979"
},
{
"cve": "CVE-2024-57980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix double free in error path\n\nIf the uvc_status_init() function fails to allocate the int_urb, it will\nfree the dev-\u003estatus pointer but doesn\u0027t reset the pointer to NULL. This\nresults in the kfree() call in uvc_status_cleanup() trying to\ndouble-free the memory. Fix it by resetting the dev-\u003estatus pointer to\nNULL after freeing it.\n\nReviewed by: Ricardo Ribalda \u003cribalda@chromium.org\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57980",
"url": "https://www.suse.com/security/cve/CVE-2024-57980"
},
{
"category": "external",
"summary": "SUSE Bug 1237911 for CVE-2024-57980",
"url": "https://bugzilla.suse.com/1237911"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57980"
},
{
"cve": "CVE-2024-57981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Fix NULL pointer dereference on certain command aborts\n\nIf a command is queued to the final usable TRB of a ring segment, the\nenqueue pointer is advanced to the subsequent link TRB and no further.\nIf the command is later aborted, when the abort completion is handled\nthe dequeue pointer is advanced to the first TRB of the next segment.\n\nIf no further commands are queued, xhci_handle_stopped_cmd_ring() sees\nthe ring pointers unequal and assumes that there is a pending command,\nso it calls xhci_mod_cmd_timer() which crashes if cur_cmd was NULL.\n\nDon\u0027t attempt timer setup if cur_cmd is NULL. The subsequent doorbell\nring likely is unnecessary too, but it\u0027s harmless. Leave it alone.\n\nThis is probably Bug 219532, but no confirmation has been received.\n\nThe issue has been independently reproduced and confirmed fixed using\na USB MCU programmed to NAK the Status stage of SET_ADDRESS forever.\nEverything continued working normally after several prevented crashes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57981",
"url": "https://www.suse.com/security/cve/CVE-2024-57981"
},
{
"category": "external",
"summary": "SUSE Bug 1237912 for CVE-2024-57981",
"url": "https://bugzilla.suse.com/1237912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57981"
},
{
"cve": "CVE-2024-57986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57986"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: Fix assumption that Resolution Multipliers must be in Logical Collections\n\nA report in 2019 by the syzbot fuzzer was found to be connected to two\nerrors in the HID core associated with Resolution Multipliers. One of\nthe errors was fixed by commit ea427a222d8b (\"HID: core: Fix deadloop\nin hid_apply_multiplier.\"), but the other has not been fixed.\n\nThis error arises because hid_apply_multipler() assumes that every\nResolution Multiplier control is contained in a Logical Collection,\ni.e., there\u0027s no way the routine can ever set multiplier_collection to\nNULL. This is in spite of the fact that the function starts with a\nbig comment saying:\n\n\t * \"The Resolution Multiplier control must be contained in the same\n\t * Logical Collection as the control(s) to which it is to be applied.\n\t ...\n\t * If no Logical Collection is\n\t * defined, the Resolution Multiplier is associated with all\n\t * controls in the report.\"\n\t * HID Usage Table, v1.12, Section 4.3.1, p30\n\t *\n\t * Thus, search from the current collection upwards until we find a\n\t * logical collection...\n\nThe comment and the code overlook the possibility that none of the\ncollections found may be a Logical Collection.\n\nThe fix is to set the multiplier_collection pointer to NULL if the\ncollection found isn\u0027t a Logical Collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57986",
"url": "https://www.suse.com/security/cve/CVE-2024-57986"
},
{
"category": "external",
"summary": "SUSE Bug 1237907 for CVE-2024-57986",
"url": "https://bugzilla.suse.com/1237907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57986"
},
{
"cve": "CVE-2024-57990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57990"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925: fix off by one in mt7925_load_clc()\n\nThis comparison should be \u003e= instead of \u003e to prevent an out of bounds\nread and write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57990",
"url": "https://www.suse.com/security/cve/CVE-2024-57990"
},
{
"category": "external",
"summary": "SUSE Bug 1237900 for CVE-2024-57990",
"url": "https://bugzilla.suse.com/1237900"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57990"
},
{
"cve": "CVE-2024-57993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check\n\nsyzbot has found a type mismatch between a USB pipe and the transfer\nendpoint, which is triggered by the hid-thrustmaster driver[1].\nThere is a number of similar, already fixed issues [2].\nIn this case as in others, implementing check for endpoint type fixes the issue.\n\n[1] https://syzkaller.appspot.com/bug?extid=040e8b3db6a96908d470\n[2] https://syzkaller.appspot.com/bug?extid=348331f63b034f89b622",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57993",
"url": "https://www.suse.com/security/cve/CVE-2024-57993"
},
{
"category": "external",
"summary": "SUSE Bug 1237894 for CVE-2024-57993",
"url": "https://bugzilla.suse.com/1237894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57993"
},
{
"cve": "CVE-2024-57994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()\n\nJakub added a lockdep_assert_no_hardirq() check in __page_pool_put_page()\nto increase test coverage.\n\nsyzbot found a splat caused by hard irq blocking in\nptr_ring_resize_multiple() [1]\n\nAs current users of ptr_ring_resize_multiple() do not require\nhard irqs being masked, replace it to only block BH.\n\nRename helpers to better reflect they are safe against BH only.\n\n- ptr_ring_resize_multiple() to ptr_ring_resize_multiple_bh()\n- skb_array_resize_multiple() to skb_array_resize_multiple_bh()\n\n[1]\n\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 __page_pool_put_page net/core/page_pool.c:709 [inline]\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nModules linked in:\nCPU: 1 UID: 0 PID: 9150 Comm: syz.1.1052 Not tainted 6.11.0-rc3-syzkaller-00202-gf8669d7b5f5d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:__page_pool_put_page net/core/page_pool.c:709 [inline]\nRIP: 0010:page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nCode: 74 0e e8 7c aa fb f7 eb 43 e8 75 aa fb f7 eb 3c 65 8b 1d 38 a8 6a 76 31 ff 89 de e8 a3 ae fb f7 85 db 74 0b e8 5a aa fb f7 90 \u003c0f\u003e 0b 90 eb 1d 65 8b 1d 15 a8 6a 76 31 ff 89 de e8 84 ae fb f7 85\nRSP: 0018:ffffc9000bda6b58 EFLAGS: 00010083\nRAX: ffffffff8997e523 RBX: 0000000000000000 RCX: 0000000000040000\nRDX: ffffc9000fbd0000 RSI: 0000000000001842 RDI: 0000000000001843\nRBP: 0000000000000000 R08: ffffffff8997df2c R09: 1ffffd40003a000d\nR10: dffffc0000000000 R11: fffff940003a000e R12: ffffea0001d00040\nR13: ffff88802e8a4000 R14: dffffc0000000000 R15: 00000000ffffffff\nFS: 00007fb7aaf716c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fa15a0d4b72 CR3: 00000000561b0000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n tun_ptr_free drivers/net/tun.c:617 [inline]\n __ptr_ring_swap_queue include/linux/ptr_ring.h:571 [inline]\n ptr_ring_resize_multiple_noprof include/linux/ptr_ring.h:643 [inline]\n tun_queue_resize drivers/net/tun.c:3694 [inline]\n tun_device_event+0xaaf/0x1080 drivers/net/tun.c:3714\n notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93\n call_netdevice_notifiers_extack net/core/dev.c:2032 [inline]\n call_netdevice_notifiers net/core/dev.c:2046 [inline]\n dev_change_tx_queue_len+0x158/0x2a0 net/core/dev.c:9024\n do_setlink+0xff6/0x41f0 net/core/rtnetlink.c:2923\n rtnl_setlink+0x40d/0x5a0 net/core/rtnetlink.c:3201\n rtnetlink_rcv_msg+0x73f/0xcf0 net/core/rtnetlink.c:6647\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2550",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57994",
"url": "https://www.suse.com/security/cve/CVE-2024-57994"
},
{
"category": "external",
"summary": "SUSE Bug 1237901 for CVE-2024-57994",
"url": "https://bugzilla.suse.com/1237901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57994"
},
{
"cve": "CVE-2024-57996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: don\u0027t allow 1 packet limit\n\nThe current implementation does not work correctly with a limit of\n1. iproute2 actually checks for this and this patch adds the check in\nkernel as well.\n\nThis fixes the following syzkaller reported crash:\n\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:210:6\nindex 65535 is out of range for type \u0027struct sfq_head[128]\u0027\nCPU: 0 PID: 2569 Comm: syz-executor101 Not tainted 5.10.0-smp-DEV #1\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n __dump_stack lib/dump_stack.c:79 [inline]\n dump_stack+0x125/0x19f lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:148 [inline]\n __ubsan_handle_out_of_bounds+0xed/0x120 lib/ubsan.c:347\n sfq_link net/sched/sch_sfq.c:210 [inline]\n sfq_dec+0x528/0x600 net/sched/sch_sfq.c:238\n sfq_dequeue+0x39b/0x9d0 net/sched/sch_sfq.c:500\n sfq_reset+0x13/0x50 net/sched/sch_sfq.c:525\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n tbf_reset+0x3d/0x100 net/sched/sch_tbf.c:319\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n dev_reset_queue+0x8c/0x140 net/sched/sch_generic.c:1296\n netdev_for_each_tx_queue include/linux/netdevice.h:2350 [inline]\n dev_deactivate_many+0x6dc/0xc20 net/sched/sch_generic.c:1362\n __dev_close_many+0x214/0x350 net/core/dev.c:1468\n dev_close_many+0x207/0x510 net/core/dev.c:1506\n unregister_netdevice_many+0x40f/0x16b0 net/core/dev.c:10738\n unregister_netdevice_queue+0x2be/0x310 net/core/dev.c:10695\n unregister_netdevice include/linux/netdevice.h:2893 [inline]\n __tun_detach+0x6b6/0x1600 drivers/net/tun.c:689\n tun_detach drivers/net/tun.c:705 [inline]\n tun_chr_close+0x104/0x1b0 drivers/net/tun.c:3640\n __fput+0x203/0x840 fs/file_table.c:280\n task_work_run+0x129/0x1b0 kernel/task_work.c:185\n exit_task_work include/linux/task_work.h:33 [inline]\n do_exit+0x5ce/0x2200 kernel/exit.c:931\n do_group_exit+0x144/0x310 kernel/exit.c:1046\n __do_sys_exit_group kernel/exit.c:1057 [inline]\n __se_sys_exit_group kernel/exit.c:1055 [inline]\n __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1055\n do_syscall_64+0x6c/0xd0\n entry_SYSCALL_64_after_hwframe+0x61/0xcb\nRIP: 0033:0x7fe5e7b52479\nCode: Unable to access opcode bytes at RIP 0x7fe5e7b5244f.\nRSP: 002b:00007ffd3c800398 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe5e7b52479\nRDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000\nRBP: 00007fe5e7bcd2d0 R08: ffffffffffffffb8 R09: 0000000000000014\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5e7bcd2d0\nR13: 0000000000000000 R14: 00007fe5e7bcdd20 R15: 00007fe5e7b24270\n\nThe crash can be also be reproduced with the following (with a tc\nrecompiled to allow for sfq limits of 1):\n\ntc qdisc add dev dummy0 handle 1: root tbf rate 1Kbit burst 100b lat 1s\n../iproute2-6.9.0/tc/tc qdisc add dev dummy0 handle 2: parent 1:10 sfq limit 1\nifconfig dummy0 up\nping -I dummy0 -f -c2 -W0.1 8.8.8.8\nsleep 1\n\nScenario that triggers the crash:\n\n* the first packet is sent and queued in TBF and SFQ; qdisc qlen is 1\n\n* TBF dequeues: it peeks from SFQ which moves the packet to the\n gso_skb list and keeps qdisc qlen set to 1. TBF is out of tokens so\n it schedules itself for later.\n\n* the second packet is sent and TBF tries to queues it to SFQ. qdisc\n qlen is now 2 and because the SFQ limit is 1 the packet is dropped\n by SFQ. At this point qlen is 1, and all of the SFQ slots are empty,\n however q-\u003etail is not NULL.\n\nAt this point, assuming no more packets are queued, when sch_dequeue\nruns again it will decrement the qlen for the current empty slot\ncausing an underflow and the subsequent out of bounds access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57996",
"url": "https://www.suse.com/security/cve/CVE-2024-57996"
},
{
"category": "external",
"summary": "SUSE Bug 1239076 for CVE-2024-57996",
"url": "https://bugzilla.suse.com/1239076"
},
{
"category": "external",
"summary": "SUSE Bug 1239077 for CVE-2024-57996",
"url": "https://bugzilla.suse.com/1239077"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-57996"
},
{
"cve": "CVE-2024-57997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57997"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wcn36xx: fix channel survey memory allocation size\n\nKASAN reported a memory allocation issue in wcn-\u003echan_survey\ndue to incorrect size calculation.\nThis commit uses kcalloc to allocate memory for wcn-\u003echan_survey,\nensuring proper initialization and preventing the use of uninitialized\nvalues when there are no frames on the channel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57997",
"url": "https://www.suse.com/security/cve/CVE-2024-57997"
},
{
"category": "external",
"summary": "SUSE Bug 1238529 for CVE-2024-57997",
"url": "https://bugzilla.suse.com/1238529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57997"
},
{
"cve": "CVE-2024-57999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57999"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW\n\nPower Hypervisor can possibily allocate MMIO window intersecting with\nDynamic DMA Window (DDW) range, which is over 32-bit addressing.\n\nThese MMIO pages needs to be marked as reserved so that IOMMU doesn\u0027t map\nDMA buffers in this range.\n\nThe current code is not marking these pages correctly which is resulting\nin LPAR to OOPS while booting. The stack is at below\n\nBUG: Unable to handle kernel data access on read at 0xc00800005cd40000\nFaulting instruction address: 0xc00000000005cdac\nOops: Kernel access of bad area, sig: 11 [#1]\nLE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries\nModules linked in: af_packet rfkill ibmveth(X) lpfc(+) nvmet_fc nvmet nvme_keyring crct10dif_vpmsum nvme_fc nvme_fabrics nvme_core be2net(+) nvme_auth rtc_generic nfsd auth_rpcgss nfs_acl lockd grace sunrpc fuse configfs ip_tables x_tables xfs libcrc32c dm_service_time ibmvfc(X) scsi_transport_fc vmx_crypto gf128mul crc32c_vpmsum dm_mirror dm_region_hash dm_log dm_multipath dm_mod sd_mod scsi_dh_emc scsi_dh_rdac scsi_dh_alua t10_pi crc64_rocksoft_generic crc64_rocksoft sg crc64 scsi_mod\nSupported: Yes, External\nCPU: 8 PID: 241 Comm: kworker/8:1 Kdump: loaded Not tainted 6.4.0-150600.23.14-default #1 SLE15-SP6 b44ee71c81261b9e4bab5e0cde1f2ed891d5359b\nHardware name: IBM,9080-M9S POWER9 (raw) 0x4e2103 0xf000005 of:IBM,FW950.B0 (VH950_149) hv:phyp pSeries\nWorkqueue: events work_for_cpu_fn\nNIP: c00000000005cdac LR: c00000000005e830 CTR: 0000000000000000\nREGS: c00001400c9ff770 TRAP: 0300 Not tainted (6.4.0-150600.23.14-default)\nMSR: 800000000280b033 \u003cSF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE\u003e CR: 24228448 XER: 00000001\nCFAR: c00000000005cdd4 DAR: c00800005cd40000 DSISR: 40000000 IRQMASK: 0\nGPR00: c00000000005e830 c00001400c9ffa10 c000000001987d00 c00001400c4fe800\nGPR04: 0000080000000000 0000000000000001 0000000004000000 0000000000800000\nGPR08: 0000000004000000 0000000000000001 c00800005cd40000 ffffffffffffffff\nGPR12: 0000000084228882 c00000000a4c4f00 0000000000000010 0000080000000000\nGPR16: c00001400c4fe800 0000000004000000 0800000000000000 c00000006088b800\nGPR20: c00001401a7be980 c00001400eff3800 c000000002a2da68 000000000000002b\nGPR24: c0000000026793a8 c000000002679368 000000000000002a c0000000026793c8\nGPR28: 000008007effffff 0000080000000000 0000000000800000 c00001400c4fe800\nNIP [c00000000005cdac] iommu_table_reserve_pages+0xac/0x100\nLR [c00000000005e830] iommu_init_table+0x80/0x1e0\nCall Trace:\n[c00001400c9ffa10] [c00000000005e810] iommu_init_table+0x60/0x1e0 (unreliable)\n[c00001400c9ffa90] [c00000000010356c] iommu_bypass_supported_pSeriesLP+0x9cc/0xe40\n[c00001400c9ffc30] [c00000000005c300] dma_iommu_dma_supported+0xf0/0x230\n[c00001400c9ffcb0] [c00000000024b0c4] dma_supported+0x44/0x90\n[c00001400c9ffcd0] [c00000000024b14c] dma_set_mask+0x3c/0x80\n[c00001400c9ffd00] [c0080000555b715c] be_probe+0xc4/0xb90 [be2net]\n[c00001400c9ffdc0] [c000000000986f3c] local_pci_probe+0x6c/0x110\n[c00001400c9ffe40] [c000000000188f28] work_for_cpu_fn+0x38/0x60\n[c00001400c9ffe70] [c00000000018e454] process_one_work+0x314/0x620\n[c00001400c9fff10] [c00000000018f280] worker_thread+0x2b0/0x620\n[c00001400c9fff90] [c00000000019bb18] kthread+0x148/0x150\n[c00001400c9fffe0] [c00000000000ded8] start_kernel_thread+0x14/0x18\n\nThere are 2 issues in the code\n\n1. The index is \"int\" while the address is \"unsigned long\". This results in\n negative value when setting the bitmap.\n\n2. The DMA offset is page shifted but the MMIO range is used as-is (64-bit\n address). MMIO address needs to be page shifted as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57999",
"url": "https://www.suse.com/security/cve/CVE-2024-57999"
},
{
"category": "external",
"summary": "SUSE Bug 1238526 for CVE-2024-57999",
"url": "https://bugzilla.suse.com/1238526"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57999"
},
{
"cve": "CVE-2024-58002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58002"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Remove dangling pointers\n\nWhen an async control is written, we copy a pointer to the file handle\nthat started the operation. That pointer will be used when the device is\ndone. Which could be anytime in the future.\n\nIf the user closes that file descriptor, its structure will be freed,\nand there will be one dangling pointer per pending async control, that\nthe driver will try to use.\n\nClean all the dangling pointers during release().\n\nTo avoid adding a performance penalty in the most common case (no async\noperation), a counter has been introduced with some logic to make sure\nthat it is properly handled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58002",
"url": "https://www.suse.com/security/cve/CVE-2024-58002"
},
{
"category": "external",
"summary": "SUSE Bug 1238503 for CVE-2024-58002",
"url": "https://bugzilla.suse.com/1238503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58002"
},
{
"cve": "CVE-2024-58005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Change to kvalloc() in eventlog/acpi.c\n\nThe following failure was reported on HPE ProLiant D320:\n\n[ 10.693310][ T1] tpm_tis STM0925:00: 2.0 TPM (device-id 0x3, rev-id 0)\n[ 10.848132][ T1] ------------[ cut here ]------------\n[ 10.853559][ T1] WARNING: CPU: 59 PID: 1 at mm/page_alloc.c:4727 __alloc_pages_noprof+0x2ca/0x330\n[ 10.862827][ T1] Modules linked in:\n[ 10.866671][ T1] CPU: 59 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-lp155.2.g52785e2-default #1 openSUSE Tumbleweed (unreleased) 588cd98293a7c9eba9013378d807364c088c9375\n[ 10.882741][ T1] Hardware name: HPE ProLiant DL320 Gen12/ProLiant DL320 Gen12, BIOS 1.20 10/28/2024\n[ 10.892170][ T1] RIP: 0010:__alloc_pages_noprof+0x2ca/0x330\n[ 10.898103][ T1] Code: 24 08 e9 4a fe ff ff e8 34 36 fa ff e9 88 fe ff ff 83 fe 0a 0f 86 b3 fd ff ff 80 3d 01 e7 ce 01 00 75 09 c6 05 f8 e6 ce 01 01 \u003c0f\u003e 0b 45 31 ff e9 e5 fe ff ff f7 c2 00 00 08 00 75 42 89 d9 80 e1\n[ 10.917750][ T1] RSP: 0000:ffffb7cf40077980 EFLAGS: 00010246\n[ 10.923777][ T1] RAX: 0000000000000000 RBX: 0000000000040cc0 RCX: 0000000000000000\n[ 10.931727][ T1] RDX: 0000000000000000 RSI: 000000000000000c RDI: 0000000000040cc0\n\nThe above transcript shows that ACPI pointed a 16 MiB buffer for the log\nevents because RSI maps to the \u0027order\u0027 parameter of __alloc_pages_noprof().\nAddress the bug by moving from devm_kmalloc() to devm_add_action() and\nkvmalloc() and devm_add_action().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58005",
"url": "https://www.suse.com/security/cve/CVE-2024-58005"
},
{
"category": "external",
"summary": "SUSE Bug 1237873 for CVE-2024-58005",
"url": "https://bugzilla.suse.com/1237873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58005"
},
{
"cve": "CVE-2024-58006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58006"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()\n\nIn commit 4284c88fff0e (\"PCI: designware-ep: Allow pci_epc_set_bar() update\ninbound map address\") set_bar() was modified to support dynamically\nchanging the backing physical address of a BAR that was already configured.\n\nThis means that set_bar() can be called twice, without ever calling\nclear_bar() (as calling clear_bar() would clear the BAR\u0027s PCI address\nassigned by the host).\n\nThis can only be done if the new BAR size/flags does not differ from the\nexisting BAR configuration. Add these missing checks.\n\nIf we allow set_bar() to set e.g. a new BAR size that differs from the\nexisting BAR size, the new address translation range will be smaller than\nthe BAR size already determined by the host, which would mean that a read\npast the new BAR size would pass the iATU untranslated, which could allow\nthe host to read memory not belonging to the new struct pci_epf_bar.\n\nWhile at it, add comments which clarifies the support for dynamically\nchanging the physical address of a BAR. (Which was also missing.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58006",
"url": "https://www.suse.com/security/cve/CVE-2024-58006"
},
{
"category": "external",
"summary": "SUSE Bug 1238772 for CVE-2024-58006",
"url": "https://bugzilla.suse.com/1238772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58006"
},
{
"cve": "CVE-2024-58007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58007"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: socinfo: Avoid out of bounds read of serial number\n\nOn MSM8916 devices, the serial number exposed in sysfs is constant and does\nnot change across individual devices. It\u0027s always:\n\n db410c:/sys/devices/soc0$ cat serial_number\n 2644893864\n\nThe firmware used on MSM8916 exposes SOCINFO_VERSION(0, 8), which does not\nhave support for the serial_num field in the socinfo struct. There is an\nexisting check to avoid exposing the serial number in that case, but it\u0027s\nnot correct: When checking the item_size returned by SMEM, we need to make\nsure the *end* of the serial_num is within bounds, instead of comparing\nwith the *start* offset. The serial_number currently exposed on MSM8916\ndevices is just an out of bounds read of whatever comes after the socinfo\nstruct in SMEM.\n\nFix this by changing offsetof() to offsetofend(), so that the size of the\nfield is also taken into account.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58007",
"url": "https://www.suse.com/security/cve/CVE-2024-58007"
},
{
"category": "external",
"summary": "SUSE Bug 1238511 for CVE-2024-58007",
"url": "https://bugzilla.suse.com/1238511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58007"
},
{
"cve": "CVE-2024-58009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc\n\nA NULL sock pointer is passed into l2cap_sock_alloc() when it is called\nfrom l2cap_sock_new_connection_cb() and the error handling paths should\nalso be aware of it.\n\nSeemingly a more elegant solution would be to swap bt_sock_alloc() and\nl2cap_chan_create() calls since they are not interdependent to that moment\nbut then l2cap_chan_create() adds the soon to be deallocated and still\ndummy-initialized channel to the global list accessible by many L2CAP\npaths. The channel would be removed from the list in short period of time\nbut be a bit more straight-forward here and just check for NULL instead of\nchanging the order of function calls.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58009",
"url": "https://www.suse.com/security/cve/CVE-2024-58009"
},
{
"category": "external",
"summary": "SUSE Bug 1238760 for CVE-2024-58009",
"url": "https://bugzilla.suse.com/1238760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58009"
},
{
"cve": "CVE-2024-58011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58011"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: int3472: Check for adev == NULL\n\nNot all devices have an ACPI companion fwnode, so adev might be NULL. This\ncan e.g. (theoretically) happen when a user manually binds one of\nthe int3472 drivers to another i2c/platform device through sysfs.\n\nAdd a check for adev not being set and return -ENODEV in that case to\navoid a possible NULL pointer deref in skl_int3472_get_acpi_buffer().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58011",
"url": "https://www.suse.com/security/cve/CVE-2024-58011"
},
{
"category": "external",
"summary": "SUSE Bug 1239080 for CVE-2024-58011",
"url": "https://bugzilla.suse.com/1239080"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58011"
},
{
"cve": "CVE-2024-58012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58012"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params\n\nEach cpu DAI should associate with a widget. However, the topology might\nnot create the right number of DAI widgets for aggregated amps. And it\nwill cause NULL pointer deference.\nCheck that the DAI widget associated with the CPU DAI is valid to prevent\nNULL pointer deference due to missing DAI widgets in topologies with\naggregated amps.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58012",
"url": "https://www.suse.com/security/cve/CVE-2024-58012"
},
{
"category": "external",
"summary": "SUSE Bug 1239104 for CVE-2024-58012",
"url": "https://bugzilla.suse.com/1239104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58012"
},
{
"cve": "CVE-2024-58013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync\n\nThis fixes the following crash:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543\nRead of size 8 at addr ffff88814128f898 by task kworker/u9:4/5961\n\nCPU: 1 UID: 0 PID: 5961 Comm: kworker/u9:4 Not tainted 6.12.0-syzkaller-10684-gf1cd565ce577 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543\n hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nAllocated by task 16026:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4314\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n mgmt_pending_new+0x65/0x250 net/bluetooth/mgmt_util.c:269\n mgmt_pending_add+0x36/0x120 net/bluetooth/mgmt_util.c:296\n remove_adv_monitor+0x102/0x1b0 net/bluetooth/mgmt.c:5568\n hci_mgmt_cmd+0xc47/0x11d0 net/bluetooth/hci_sock.c:1712\n hci_sock_sendmsg+0x7b8/0x11c0 net/bluetooth/hci_sock.c:1832\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:726\n sock_write_iter+0x2d7/0x3f0 net/socket.c:1147\n new_sync_write fs/read_write.c:586 [inline]\n vfs_write+0xaeb/0xd30 fs/read_write.c:679\n ksys_write+0x18f/0x2b0 fs/read_write.c:731\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 16022:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2338 [inline]\n slab_free mm/slub.c:4598 [inline]\n kfree+0x196/0x420 mm/slub.c:4746\n mgmt_pending_foreach+0xd1/0x130 net/bluetooth/mgmt_util.c:259\n __mgmt_power_off+0x183/0x430 net/bluetooth/mgmt.c:9550\n hci_dev_close_sync+0x6c4/0x11c0 net/bluetooth/hci_sync.c:5208\n hci_dev_do_close net/bluetooth/hci_core.c:483 [inline]\n hci_dev_close+0x112/0x210 net/bluetooth/hci_core.c:508\n sock_do_ioctl+0x158/0x460 net/socket.c:1209\n sock_ioctl+0x626/0x8e0 net/socket.c:1328\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58013",
"url": "https://www.suse.com/security/cve/CVE-2024-58013"
},
{
"category": "external",
"summary": "SUSE Bug 1239095 for CVE-2024-58013",
"url": "https://bugzilla.suse.com/1239095"
},
{
"category": "external",
"summary": "SUSE Bug 1239096 for CVE-2024-58013",
"url": "https://bugzilla.suse.com/1239096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-58013"
},
{
"cve": "CVE-2024-58014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58014"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()\n\nIn \u0027wlc_phy_iqcal_gainparams_nphy()\u0027, add gain range check to WARN()\ninstead of possible out-of-bounds \u0027tbl_iqcal_gainparams_nphy\u0027 access.\nCompile tested only.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58014",
"url": "https://www.suse.com/security/cve/CVE-2024-58014"
},
{
"category": "external",
"summary": "SUSE Bug 1239109 for CVE-2024-58014",
"url": "https://bugzilla.suse.com/1239109"
},
{
"category": "external",
"summary": "SUSE Bug 1239110 for CVE-2024-58014",
"url": "https://bugzilla.suse.com/1239110"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-58014"
},
{
"cve": "CVE-2024-58017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58017"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nprintk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX\n\nShifting 1 \u003c\u003c 31 on a 32-bit int causes signed integer overflow, which\nleads to undefined behavior. To prevent this, cast 1 to u32 before\nperforming the shift, ensuring well-defined behavior.\n\nThis change explicitly avoids any potential overflow by ensuring that\nthe shift occurs on an unsigned 32-bit integer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58017",
"url": "https://www.suse.com/security/cve/CVE-2024-58017"
},
{
"category": "external",
"summary": "SUSE Bug 1239112 for CVE-2024-58017",
"url": "https://bugzilla.suse.com/1239112"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58017"
},
{
"cve": "CVE-2024-58019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvkm/gsp: correctly advance the read pointer of GSP message queue\n\nA GSP event message consists three parts: message header, RPC header,\nmessage body. GSP calculates the number of pages to write from the\ntotal size of a GSP message. This behavior can be observed from the\nmovement of the write pointer.\n\nHowever, nvkm takes only the size of RPC header and message body as\nthe message size when advancing the read pointer. When handling a\ntwo-page GSP message in the non rollback case, It wrongly takes the\nmessage body of the previous message as the message header of the next\nmessage. As the \"message length\" tends to be zero, in the calculation of\nsize needs to be copied (0 - size of (message header)), the size needs to\nbe copied will be \"0xffffffxx\". It also triggers a kernel panic due to a\nNULL pointer error.\n\n[ 547.614102] msg: 00000f90: ff ff ff ff ff ff ff ff 40 d7 18 fb 8b 00 00 00 ........@.......\n[ 547.622533] msg: 00000fa0: 00 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 ................\n[ 547.630965] msg: 00000fb0: ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ................\n[ 547.639397] msg: 00000fc0: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................\n[ 547.647832] nvkm 0000:c1:00.0: gsp: peek msg rpc fn:0 len:0x0/0xffffffffffffffe0\n[ 547.655225] nvkm 0000:c1:00.0: gsp: get msg rpc fn:0 len:0x0/0xffffffffffffffe0\n[ 547.662532] BUG: kernel NULL pointer dereference, address: 0000000000000020\n[ 547.669485] #PF: supervisor read access in kernel mode\n[ 547.674624] #PF: error_code(0x0000) - not-present page\n[ 547.679755] PGD 0 P4D 0\n[ 547.682294] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 547.686643] CPU: 22 PID: 322 Comm: kworker/22:1 Tainted: G E 6.9.0-rc6+ #1\n[ 547.694893] Hardware name: ASRockRack 1U1G-MILAN/N/ROMED8-NL, BIOS L3.12E 09/06/2022\n[ 547.702626] Workqueue: events r535_gsp_msgq_work [nvkm]\n[ 547.707921] RIP: 0010:r535_gsp_msg_recv+0x87/0x230 [nvkm]\n[ 547.713375] Code: 00 8b 70 08 48 89 e1 31 d2 4c 89 f7 e8 12 f5 ff ff 48 89 c5 48 85 c0 0f 84 cf 00 00 00 48 81 fd 00 f0 ff ff 0f 87 c4 00 00 00 \u003c8b\u003e 55 10 41 8b 46 30 85 d2 0f 85 f6 00 00 00 83 f8 04 76 10 ba 05\n[ 547.732119] RSP: 0018:ffffabe440f87e10 EFLAGS: 00010203\n[ 547.737335] RAX: 0000000000000010 RBX: 0000000000000008 RCX: 000000000000003f\n[ 547.744461] RDX: 0000000000000000 RSI: ffffabe4480a8030 RDI: 0000000000000010\n[ 547.751585] RBP: 0000000000000010 R08: 0000000000000000 R09: ffffabe440f87bb0\n[ 547.758707] R10: ffffabe440f87dc8 R11: 0000000000000010 R12: 0000000000000000\n[ 547.765834] R13: 0000000000000000 R14: ffff9351df1e5000 R15: 0000000000000000\n[ 547.772958] FS: 0000000000000000(0000) GS:ffff93708eb00000(0000) knlGS:0000000000000000\n[ 547.781035] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 547.786771] CR2: 0000000000000020 CR3: 00000003cc220002 CR4: 0000000000770ef0\n[ 547.793896] PKRU: 55555554\n[ 547.796600] Call Trace:\n[ 547.799046] \u003cTASK\u003e\n[ 547.801152] ? __die+0x20/0x70\n[ 547.804211] ? page_fault_oops+0x75/0x170\n[ 547.808221] ? print_hex_dump+0x100/0x160\n[ 547.812226] ? exc_page_fault+0x64/0x150\n[ 547.816152] ? asm_exc_page_fault+0x22/0x30\n[ 547.820341] ? r535_gsp_msg_recv+0x87/0x230 [nvkm]\n[ 547.825184] r535_gsp_msgq_work+0x42/0x50 [nvkm]\n[ 547.829845] process_one_work+0x196/0x3d0\n[ 547.833861] worker_thread+0x2fc/0x410\n[ 547.837613] ? __pfx_worker_thread+0x10/0x10\n[ 547.841885] kthread+0xdf/0x110\n[ 547.845031] ? __pfx_kthread+0x10/0x10\n[ 547.848775] ret_from_fork+0x30/0x50\n[ 547.852354] ? __pfx_kthread+0x10/0x10\n[ 547.856097] ret_from_fork_asm+0x1a/0x30\n[ 547.860019] \u003c/TASK\u003e\n[ 547.862208] Modules linked in: nvkm(E) gsp_log(E) snd_seq_dummy(E) snd_hrtimer(E) snd_seq(E) snd_timer(E) snd_seq_device(E) snd(E) soundcore(E) rfkill(E) qrtr(E) vfat(E) fat(E) ipmi_ssif(E) amd_atl(E) intel_rapl_msr(E) intel_rapl_common(E) amd64_edac(E) mlx5_ib(E) edac_mce_amd(E) kvm_amd\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58019",
"url": "https://www.suse.com/security/cve/CVE-2024-58019"
},
{
"category": "external",
"summary": "SUSE Bug 1238997 for CVE-2024-58019",
"url": "https://bugzilla.suse.com/1238997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58019"
},
{
"cve": "CVE-2024-58020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: multitouch: Add NULL check in mt_input_configured\n\ndevm_kasprintf() can return a NULL pointer on failure,but this\nreturned value in mt_input_configured() is not checked.\nAdd NULL check in mt_input_configured(), to handle kernel NULL\npointer dereference error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58020",
"url": "https://www.suse.com/security/cve/CVE-2024-58020"
},
{
"category": "external",
"summary": "SUSE Bug 1239346 for CVE-2024-58020",
"url": "https://bugzilla.suse.com/1239346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58020"
},
{
"cve": "CVE-2024-58034",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58034"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()\n\nAs of_find_node_by_name() release the reference of the argument device\nnode, tegra_emc_find_node_by_ram_code() releases some device nodes while\nstill in use, resulting in possible UAFs. According to the bindings and\nthe in-tree DTS files, the \"emc-tables\" node is always device\u0027s child\nnode with the property \"nvidia,use-ram-code\", and the \"lpddr2\" node is a\nchild of the \"emc-tables\" node. Thus utilize the\nfor_each_child_of_node() macro and of_get_child_by_name() instead of\nof_find_node_by_name() to simplify the code.\n\nThis bug was found by an experimental verification tool that I am\ndeveloping.\n\n[krzysztof: applied v1, adjust the commit msg to incorporate v2 parts]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58034",
"url": "https://www.suse.com/security/cve/CVE-2024-58034"
},
{
"category": "external",
"summary": "SUSE Bug 1238773 for CVE-2024-58034",
"url": "https://bugzilla.suse.com/1238773"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58034"
},
{
"cve": "CVE-2024-58051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi: ipmb: Add check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this\nreturned value is not checked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58051",
"url": "https://www.suse.com/security/cve/CVE-2024-58051"
},
{
"category": "external",
"summary": "SUSE Bug 1238963 for CVE-2024-58051",
"url": "https://bugzilla.suse.com/1238963"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58051"
},
{
"cve": "CVE-2024-58052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table\n\nThe function atomctrl_get_smc_sclk_range_table() does not check the return\nvalue of smu_atom_get_data_table(). If smu_atom_get_data_table() fails to\nretrieve SMU_Info table, it returns NULL which is later dereferenced.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\nIn practice this should never happen as this code only gets called\non polaris chips and the vbios data table will always be present on\nthose chips.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58052",
"url": "https://www.suse.com/security/cve/CVE-2024-58052"
},
{
"category": "external",
"summary": "SUSE Bug 1238986 for CVE-2024-58052",
"url": "https://bugzilla.suse.com/1238986"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58052"
},
{
"cve": "CVE-2024-58054",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58054"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: media: max96712: fix kernel oops when removing module\n\nThe following kernel oops is thrown when trying to remove the max96712\nmodule:\n\nUnable to handle kernel paging request at virtual address 00007375746174db\nMem abort info:\n ESR = 0x0000000096000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=000000010af89000\n[00007375746174db] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 0000000096000004 [#1] PREEMPT SMP\nModules linked in: crct10dif_ce polyval_ce mxc_jpeg_encdec flexcan\n snd_soc_fsl_sai snd_soc_fsl_asoc_card snd_soc_fsl_micfil dwc_mipi_csi2\n imx_csi_formatter polyval_generic v4l2_jpeg imx_pcm_dma can_dev\n snd_soc_imx_audmux snd_soc_wm8962 snd_soc_imx_card snd_soc_fsl_utils\n max96712(C-) rpmsg_ctrl rpmsg_char pwm_fan fuse\n [last unloaded: imx8_isi]\nCPU: 0 UID: 0 PID: 754 Comm: rmmod\n\t Tainted: G C 6.12.0-rc6-06364-g327fec852c31 #17\nTainted: [C]=CRAP\nHardware name: NXP i.MX95 19X19 board (DT)\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : led_put+0x1c/0x40\nlr : v4l2_subdev_put_privacy_led+0x48/0x58\nsp : ffff80008699bbb0\nx29: ffff80008699bbb0 x28: ffff00008ac233c0 x27: 0000000000000000\nx26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\nx23: ffff000080cf1170 x22: ffff00008b53bd00 x21: ffff8000822ad1c8\nx20: ffff000080ff5c00 x19: ffff00008b53be40 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000004 x13: ffff0000800f8010 x12: 0000000000000000\nx11: ffff000082acf5c0 x10: ffff000082acf478 x9 : ffff0000800f8010\nx8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff6364626d\nx5 : 8080808000000000 x4 : 0000000000000020 x3 : 00000000553a3dc1\nx2 : ffff00008ac233c0 x1 : ffff00008ac233c0 x0 : ff00737574617473\nCall trace:\n led_put+0x1c/0x40\n v4l2_subdev_put_privacy_led+0x48/0x58\n v4l2_async_unregister_subdev+0x2c/0x1a4\n max96712_remove+0x1c/0x38 [max96712]\n i2c_device_remove+0x2c/0x9c\n device_remove+0x4c/0x80\n device_release_driver_internal+0x1cc/0x228\n driver_detach+0x4c/0x98\n bus_remove_driver+0x6c/0xbc\n driver_unregister+0x30/0x60\n i2c_del_driver+0x54/0x64\n max96712_i2c_driver_exit+0x18/0x1d0 [max96712]\n __arm64_sys_delete_module+0x1a4/0x290\n invoke_syscall+0x48/0x10c\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0xd8\n el0t_64_sync_handler+0x120/0x12c\n el0t_64_sync+0x190/0x194\nCode: f9000bf3 aa0003f3 f9402800 f9402000 (f9403400)\n---[ end trace 0000000000000000 ]---\n\nThis happens because in v4l2_i2c_subdev_init(), the i2c_set_cliendata()\nis called again and the data is overwritten to point to sd, instead of\npriv. So, in remove(), the wrong pointer is passed to\nv4l2_async_unregister_subdev(), leading to a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58054",
"url": "https://www.suse.com/security/cve/CVE-2024-58054"
},
{
"category": "external",
"summary": "SUSE Bug 1238975 for CVE-2024-58054",
"url": "https://bugzilla.suse.com/1238975"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58054"
},
{
"cve": "CVE-2024-58055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_tcm: Don\u0027t free command immediately\n\nDon\u0027t prematurely free the command. Wait for the status completion of\nthe sense status. It can be freed then. Otherwise we will double-free\nthe command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58055",
"url": "https://www.suse.com/security/cve/CVE-2024-58055"
},
{
"category": "external",
"summary": "SUSE Bug 1238959 for CVE-2024-58055",
"url": "https://bugzilla.suse.com/1238959"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58055"
},
{
"cve": "CVE-2024-58056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: core: Fix ida_free call while not allocated\n\nIn the rproc_alloc() function, on error, put_device(\u0026rproc-\u003edev) is\ncalled, leading to the call of the rproc_type_release() function.\nAn error can occurs before ida_alloc is called.\n\nIn such case in rproc_type_release(), the condition (rproc-\u003eindex \u003e= 0) is\ntrue as rproc-\u003eindex has been initialized to 0.\nida_free() is called reporting a warning:\n[ 4.181906] WARNING: CPU: 1 PID: 24 at lib/idr.c:525 ida_free+0x100/0x164\n[ 4.186378] stm32-display-dsi 5a000000.dsi: Fixed dependency cycle(s) with /soc/dsi@5a000000/panel@0\n[ 4.188854] ida_free called for id=0 which is not allocated.\n[ 4.198256] mipi-dsi 5a000000.dsi.0: Fixed dependency cycle(s) with /soc/dsi@5a000000\n[ 4.203556] Modules linked in: panel_orisetech_otm8009a dw_mipi_dsi_stm(+) gpu_sched dw_mipi_dsi stm32_rproc stm32_crc32 stm32_ipcc(+) optee(+)\n[ 4.224307] CPU: 1 UID: 0 PID: 24 Comm: kworker/u10:0 Not tainted 6.12.0 #442\n[ 4.231481] Hardware name: STM32 (Device Tree Support)\n[ 4.236627] Workqueue: events_unbound deferred_probe_work_func\n[ 4.242504] Call trace:\n[ 4.242522] unwind_backtrace from show_stack+0x10/0x14\n[ 4.250218] show_stack from dump_stack_lvl+0x50/0x64\n[ 4.255274] dump_stack_lvl from __warn+0x80/0x12c\n[ 4.260134] __warn from warn_slowpath_fmt+0x114/0x188\n[ 4.265199] warn_slowpath_fmt from ida_free+0x100/0x164\n[ 4.270565] ida_free from rproc_type_release+0x38/0x60\n[ 4.275832] rproc_type_release from device_release+0x30/0xa0\n[ 4.281601] device_release from kobject_put+0xc4/0x294\n[ 4.286762] kobject_put from rproc_alloc.part.0+0x208/0x28c\n[ 4.292430] rproc_alloc.part.0 from devm_rproc_alloc+0x80/0xc4\n[ 4.298393] devm_rproc_alloc from stm32_rproc_probe+0xd0/0x844 [stm32_rproc]\n[ 4.305575] stm32_rproc_probe [stm32_rproc] from platform_probe+0x5c/0xbc\n\nCalling ida_alloc earlier in rproc_alloc ensures that the rproc-\u003eindex is\nproperly set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58056",
"url": "https://www.suse.com/security/cve/CVE-2024-58056"
},
{
"category": "external",
"summary": "SUSE Bug 1238981 for CVE-2024-58056",
"url": "https://bugzilla.suse.com/1238981"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58056"
},
{
"cve": "CVE-2024-58057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: convert workqueues to unbound\n\nWhen a workqueue is created with `WQ_UNBOUND`, its work items are\nserved by special worker-pools, whose host workers are not bound to\nany specific CPU. In the default configuration (i.e. when\n`queue_delayed_work` and friends do not specify which CPU to run the\nwork item on), `WQ_UNBOUND` allows the work item to be executed on any\nCPU in the same node of the CPU it was enqueued on. While this\nsolution potentially sacrifices locality, it avoids contention with\nother processes that might dominate the CPU time of the processor the\nwork item was scheduled on.\n\nThis is not just a theoretical problem: in a particular scenario\nmisconfigured process was hogging most of the time from CPU0, leaving\nless than 0.5% of its CPU time to the kworker. The IDPF workqueues\nthat were using the kworker on CPU0 suffered large completion delays\nas a result, causing performance degradation, timeouts and eventual\nsystem crash.\n\n\n* I have also run a manual test to gauge the performance\n improvement. The test consists of an antagonist process\n (`./stress --cpu 2`) consuming as much of CPU 0 as possible. This\n process is run under `taskset 01` to bind it to CPU0, and its\n priority is changed with `chrt -pQ 9900 10000 ${pid}` and\n `renice -n -20 ${pid}` after start.\n\n Then, the IDPF driver is forced to prefer CPU0 by editing all calls\n to `queue_delayed_work`, `mod_delayed_work`, etc... to use CPU 0.\n\n Finally, `ktraces` for the workqueue events are collected.\n\n Without the current patch, the antagonist process can force\n arbitrary delays between `workqueue_queue_work` and\n `workqueue_execute_start`, that in my tests were as high as\n `30ms`. With the current patch applied, the workqueue can be\n migrated to another unloaded CPU in the same node, and, keeping\n everything else equal, the maximum delay I could see was `6us`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58057",
"url": "https://www.suse.com/security/cve/CVE-2024-58057"
},
{
"category": "external",
"summary": "SUSE Bug 1238969 for CVE-2024-58057",
"url": "https://bugzilla.suse.com/1238969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58057"
},
{
"cve": "CVE-2024-58058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: skip dumping tnc tree when zroot is null\n\nClearing slab cache will free all znode in memory and make\nc-\u003ezroot.znode = NULL, then dumping tnc tree will access\nc-\u003ezroot.znode which cause null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58058",
"url": "https://www.suse.com/security/cve/CVE-2024-58058"
},
{
"category": "external",
"summary": "SUSE Bug 1238979 for CVE-2024-58058",
"url": "https://bugzilla.suse.com/1238979"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58058"
},
{
"cve": "CVE-2024-58061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: prohibit deactivating all links\n\nIn the internal API this calls this is a WARN_ON, but that\nshould remain since internally we want to know about bugs\nthat may cause this. Prevent deactivating all links in the\ndebugfs write directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58061",
"url": "https://www.suse.com/security/cve/CVE-2024-58061"
},
{
"category": "external",
"summary": "SUSE Bug 1238973 for CVE-2024-58061",
"url": "https://bugzilla.suse.com/1238973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58061"
},
{
"cve": "CVE-2024-58063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: fix memory leaks and invalid access at probe error path\n\nDeinitialize at reverse order when probe fails.\n\nWhen init_sw_vars fails, rtl_deinit_core should not be called, specially\nnow that it destroys the rtl_wq workqueue.\n\nAnd call rtl_pci_deinit and deinit_sw_vars, otherwise, memory will be\nleaked.\n\nRemove pci_set_drvdata call as it will already be cleaned up by the core\ndriver code and could lead to memory leaks too. cf. commit 8d450935ae7f\n(\"wireless: rtlwifi: remove unnecessary pci_set_drvdata()\") and\ncommit 3d86b93064c7 (\"rtlwifi: Fix PCI probe error path orphaned memory\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58063",
"url": "https://www.suse.com/security/cve/CVE-2024-58063"
},
{
"category": "external",
"summary": "SUSE Bug 1238984 for CVE-2024-58063",
"url": "https://bugzilla.suse.com/1238984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58063"
},
{
"cve": "CVE-2024-58069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58069"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read\n\nThe nvmem interface supports variable buffer sizes, while the regmap\ninterface operates with fixed-size storage. If an nvmem client uses a\nbuffer size less than 4 bytes, regmap_read will write out of bounds\nas it expects the buffer to point at an unsigned int.\n\nFix this by using an intermediary unsigned int to hold the value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58069",
"url": "https://www.suse.com/security/cve/CVE-2024-58069"
},
{
"category": "external",
"summary": "SUSE Bug 1238978 for CVE-2024-58069",
"url": "https://bugzilla.suse.com/1238978"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58069"
},
{
"cve": "CVE-2024-58072",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58072"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: remove unused check_buddy_priv\n\nCommit 2461c7d60f9f (\"rtlwifi: Update header file\") introduced a global\nlist of private data structures.\n\nLater on, commit 26634c4b1868 (\"rtlwifi Modify existing bits to match\nvendor version 2013.02.07\") started adding the private data to that list at\nprobe time and added a hook, check_buddy_priv to find the private data from\na similar device.\n\nHowever, that function was never used.\n\nBesides, though there is a lock for that list, it is never used. And when\nthe probe fails, the private data is never removed from the list. This\nwould cause a second probe to access freed memory.\n\nRemove the unused hook, structures and members, which will prevent the\npotential race condition on the list and its corruption during a second\nprobe when probe fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58072",
"url": "https://www.suse.com/security/cve/CVE-2024-58072"
},
{
"category": "external",
"summary": "SUSE Bug 1238964 for CVE-2024-58072",
"url": "https://bugzilla.suse.com/1238964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58072"
},
{
"cve": "CVE-2024-58076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: gcc-sm6350: Add missing parent_map for two clocks\n\nIf a clk_rcg2 has a parent, it should also have parent_map defined,\notherwise we\u0027ll get a NULL pointer dereference when calling clk_set_rate\nlike the following:\n\n [ 3.388105] Call trace:\n [ 3.390664] qcom_find_src_index+0x3c/0x70 (P)\n [ 3.395301] qcom_find_src_index+0x1c/0x70 (L)\n [ 3.399934] _freq_tbl_determine_rate+0x48/0x100\n [ 3.404753] clk_rcg2_determine_rate+0x1c/0x28\n [ 3.409387] clk_core_determine_round_nolock+0x58/0xe4\n [ 3.421414] clk_core_round_rate_nolock+0x48/0xfc\n [ 3.432974] clk_core_round_rate_nolock+0xd0/0xfc\n [ 3.444483] clk_core_set_rate_nolock+0x8c/0x300\n [ 3.455886] clk_set_rate+0x38/0x14c\n\nAdd the parent_map property for two clocks where it\u0027s missing and also\nun-inline the parent_data as well to keep the matching parent_map and\nparent_data together.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58076",
"url": "https://www.suse.com/security/cve/CVE-2024-58076"
},
{
"category": "external",
"summary": "SUSE Bug 1239037 for CVE-2024-58076",
"url": "https://bugzilla.suse.com/1239037"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58076"
},
{
"cve": "CVE-2024-58078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors\n\nmisc_minor_alloc was allocating id using ida for minor only in case of\nMISC_DYNAMIC_MINOR but misc_minor_free was always freeing ids\nusing ida_free causing a mismatch and following warn:\n\u003e \u003e WARNING: CPU: 0 PID: 159 at lib/idr.c:525 ida_free+0x3e0/0x41f\n\u003e \u003e ida_free called for id=127 which is not allocated.\n\u003e \u003e \u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\n...\n\u003e \u003e [\u003c60941eb4\u003e] ida_free+0x3e0/0x41f\n\u003e \u003e [\u003c605ac993\u003e] misc_minor_free+0x3e/0xbc\n\u003e \u003e [\u003c605acb82\u003e] misc_deregister+0x171/0x1b3\n\nmisc_minor_alloc is changed to allocate id from ida for all minors\nfalling in the range of dynamic/ misc dynamic minors",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58078",
"url": "https://www.suse.com/security/cve/CVE-2024-58078"
},
{
"category": "external",
"summary": "SUSE Bug 1239034 for CVE-2024-58078",
"url": "https://bugzilla.suse.com/1239034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58078"
},
{
"cve": "CVE-2024-58079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix crash during unbind if gpio unit is in use\n\nWe used the wrong device for the device managed functions. We used the\nusb device, when we should be using the interface device.\n\nIf we unbind the driver from the usb interface, the cleanup functions\nare never called. In our case, the IRQ is never disabled.\n\nIf an IRQ is triggered, it will try to access memory sections that are\nalready free, causing an OOPS.\n\nWe cannot use the function devm_request_threaded_irq here. The devm_*\nclean functions may be called after the main structure is released by\nuvc_delete.\n\nLuckily this bug has small impact, as it is only affected by devices\nwith gpio units and the user has to unbind the device, a disconnect will\nnot trigger this error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58079",
"url": "https://www.suse.com/security/cve/CVE-2024-58079"
},
{
"category": "external",
"summary": "SUSE Bug 1239029 for CVE-2024-58079",
"url": "https://bugzilla.suse.com/1239029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58079"
},
{
"cve": "CVE-2024-58080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: dispcc-sm6350: Add missing parent_map for a clock\n\nIf a clk_rcg2 has a parent, it should also have parent_map defined,\notherwise we\u0027ll get a NULL pointer dereference when calling clk_set_rate\nlike the following:\n\n [ 3.388105] Call trace:\n [ 3.390664] qcom_find_src_index+0x3c/0x70 (P)\n [ 3.395301] qcom_find_src_index+0x1c/0x70 (L)\n [ 3.399934] _freq_tbl_determine_rate+0x48/0x100\n [ 3.404753] clk_rcg2_determine_rate+0x1c/0x28\n [ 3.409387] clk_core_determine_round_nolock+0x58/0xe4\n [ 3.421414] clk_core_round_rate_nolock+0x48/0xfc\n [ 3.432974] clk_core_round_rate_nolock+0xd0/0xfc\n [ 3.444483] clk_core_set_rate_nolock+0x8c/0x300\n [ 3.455886] clk_set_rate+0x38/0x14c\n\nAdd the parent_map property for the clock where it\u0027s missing and also\nun-inline the parent_data as well to keep the matching parent_map and\nparent_data together.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58080",
"url": "https://www.suse.com/security/cve/CVE-2024-58080"
},
{
"category": "external",
"summary": "SUSE Bug 1239027 for CVE-2024-58080",
"url": "https://bugzilla.suse.com/1239027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58080"
},
{
"cve": "CVE-2024-58083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58083"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Explicitly verify target vCPU is online in kvm_get_vcpu()\n\nExplicitly verify the target vCPU is fully online _prior_ to clamping the\nindex in kvm_get_vcpu(). If the index is \"bad\", the nospec clamping will\ngenerate \u00270\u0027, i.e. KVM will return vCPU0 instead of NULL.\n\nIn practice, the bug is unlikely to cause problems, as it will only come\ninto play if userspace or the guest is buggy or misbehaving, e.g. KVM may\nsend interrupts to vCPU0 instead of dropping them on the floor.\n\nHowever, returning vCPU0 when it shouldn\u0027t exist per online_vcpus is\nproblematic now that KVM uses an xarray for the vCPUs array, as KVM needs\nto insert into the xarray before publishing the vCPU to userspace (see\ncommit c5b077549136 (\"KVM: Convert the kvm-\u003evcpus array to a xarray\")),\ni.e. before vCPU creation is guaranteed to succeed.\n\nAs a result, incorrectly providing access to vCPU0 will trigger a\nuse-after-free if vCPU0 is dereferenced and kvm_vm_ioctl_create_vcpu()\nbails out of vCPU creation due to an error and frees vCPU0. Commit\nafb2acb2e3a3 (\"KVM: Fix vcpu_array[0] races\") papered over that issue, but\nin doing so introduced an unsolvable teardown conundrum. Preventing\naccesses to vCPU0 before it\u0027s fully online will allow reverting commit\nafb2acb2e3a3, without re-introducing the vcpu_array[0] UAF race.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58083",
"url": "https://www.suse.com/security/cve/CVE-2024-58083"
},
{
"category": "external",
"summary": "SUSE Bug 1239036 for CVE-2024-58083",
"url": "https://bugzilla.suse.com/1239036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58083"
},
{
"cve": "CVE-2024-58085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntomoyo: don\u0027t emit warning in tomoyo_write_control()\n\nsyzbot is reporting too large allocation warning at tomoyo_write_control(),\nfor one can write a very very long line without new line character. To fix\nthis warning, I use __GFP_NOWARN rather than checking for KMALLOC_MAX_SIZE,\nfor practically a valid line should be always shorter than 32KB where the\n\"too small to fail\" memory-allocation rule applies.\n\nOne might try to write a valid line that is longer than 32KB, but such\nrequest will likely fail with -ENOMEM. Therefore, I feel that separately\nreturning -EINVAL when a line is longer than KMALLOC_MAX_SIZE is redundant.\nThere is no need to distinguish over-32KB and over-KMALLOC_MAX_SIZE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58085",
"url": "https://www.suse.com/security/cve/CVE-2024-58085"
},
{
"category": "external",
"summary": "SUSE Bug 1239085 for CVE-2024-58085",
"url": "https://bugzilla.suse.com/1239085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58085"
},
{
"cve": "CVE-2024-58086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58086"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Stop active perfmon if it is being destroyed\n\nIf the active performance monitor (`v3d-\u003eactive_perfmon`) is being\ndestroyed, stop it first. Currently, the active perfmon is not\nstopped during destruction, leaving the `v3d-\u003eactive_perfmon` pointer\nstale. This can lead to undefined behavior and instability.\n\nThis patch ensures that the active perfmon is stopped before being\ndestroyed, aligning with the behavior introduced in commit\n7d1fd3638ee3 (\"drm/v3d: Stop the active perfmon before being destroyed\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58086",
"url": "https://www.suse.com/security/cve/CVE-2024-58086"
},
{
"category": "external",
"summary": "SUSE Bug 1239038 for CVE-2024-58086",
"url": "https://bugzilla.suse.com/1239038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58086"
},
{
"cve": "CVE-2025-21631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21631"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: fix waker_bfqq UAF after bfq_split_bfqq()\n\nOur syzkaller report a following UAF for v6.6:\n\nBUG: KASAN: slab-use-after-free in bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958\nRead of size 8 at addr ffff8881b57147d8 by task fsstress/232726\n\nCPU: 2 PID: 232726 Comm: fsstress Not tainted 6.6.0-g3629d1885222 #39\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106\n print_address_description.constprop.0+0x66/0x300 mm/kasan/report.c:364\n print_report+0x3e/0x70 mm/kasan/report.c:475\n kasan_report+0xb8/0xf0 mm/kasan/report.c:588\n hlist_add_head include/linux/list.h:1023 [inline]\n bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958\n bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271\n bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323\n blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660\n blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143\n __submit_bio+0xa0/0x6b0 block/blk-core.c:639\n __submit_bio_noacct_mq block/blk-core.c:718 [inline]\n submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747\n submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847\n __ext4_read_bh fs/ext4/super.c:205 [inline]\n ext4_read_bh+0x15e/0x2e0 fs/ext4/super.c:230\n __read_extent_tree_block+0x304/0x6f0 fs/ext4/extents.c:567\n ext4_find_extent+0x479/0xd20 fs/ext4/extents.c:947\n ext4_ext_map_blocks+0x1a3/0x2680 fs/ext4/extents.c:4182\n ext4_map_blocks+0x929/0x15a0 fs/ext4/inode.c:660\n ext4_iomap_begin_report+0x298/0x480 fs/ext4/inode.c:3569\n iomap_iter+0x3dd/0x1010 fs/iomap/iter.c:91\n iomap_fiemap+0x1f4/0x360 fs/iomap/fiemap.c:80\n ext4_fiemap+0x181/0x210 fs/ext4/extents.c:5051\n ioctl_fiemap.isra.0+0x1b4/0x290 fs/ioctl.c:220\n do_vfs_ioctl+0x31c/0x11a0 fs/ioctl.c:811\n __do_sys_ioctl fs/ioctl.c:869 [inline]\n __se_sys_ioctl+0xae/0x190 fs/ioctl.c:857\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x70/0x120 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\nAllocated by task 232719:\n kasan_save_stack+0x22/0x50 mm/kasan/common.c:45\n kasan_set_track+0x25/0x30 mm/kasan/common.c:52\n __kasan_slab_alloc+0x87/0x90 mm/kasan/common.c:328\n kasan_slab_alloc include/linux/kasan.h:188 [inline]\n slab_post_alloc_hook mm/slab.h:768 [inline]\n slab_alloc_node mm/slub.c:3492 [inline]\n kmem_cache_alloc_node+0x1b8/0x6f0 mm/slub.c:3537\n bfq_get_queue+0x215/0x1f00 block/bfq-iosched.c:5869\n bfq_get_bfqq_handle_split+0x167/0x5f0 block/bfq-iosched.c:6776\n bfq_init_rq+0x13a4/0x17a0 block/bfq-iosched.c:6938\n bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271\n bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323\n blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660\n blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143\n __submit_bio+0xa0/0x6b0 block/blk-core.c:639\n __submit_bio_noacct_mq block/blk-core.c:718 [inline]\n submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747\n submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847\n __ext4_read_bh fs/ext4/super.c:205 [inline]\n ext4_read_bh_nowait+0x15a/0x240 fs/ext4/super.c:217\n ext4_read_bh_lock+0xac/0xd0 fs/ext4/super.c:242\n ext4_bread_batch+0x268/0x500 fs/ext4/inode.c:958\n __ext4_find_entry+0x448/0x10f0 fs/ext4/namei.c:1671\n ext4_lookup_entry fs/ext4/namei.c:1774 [inline]\n ext4_lookup.part.0+0x359/0x6f0 fs/ext4/namei.c:1842\n ext4_lookup+0x72/0x90 fs/ext4/namei.c:1839\n __lookup_slow+0x257/0x480 fs/namei.c:1696\n lookup_slow fs/namei.c:1713 [inline]\n walk_component+0x454/0x5c0 fs/namei.c:2004\n link_path_walk.part.0+0x773/0xda0 fs/namei.c:2331\n link_path_walk fs/namei.c:3826 [inline]\n path_openat+0x1b9/0x520 fs/namei.c:3826\n do_filp_open+0x1b7/0x400 fs/namei.c:3857\n do_sys_openat2+0x5dc/0x6e0 fs/open.c:1428\n do_sys_open fs/open.c:1443 [inline]\n __do_sys_openat fs/open.c:1459 [inline]\n __se_sys_openat fs/open.c:1454 [inline]\n __x64_sys_openat+0x148/0x200 fs/open.c:1454\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_6\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21631",
"url": "https://www.suse.com/security/cve/CVE-2025-21631"
},
{
"category": "external",
"summary": "SUSE Bug 1236099 for CVE-2025-21631",
"url": "https://bugzilla.suse.com/1236099"
},
{
"category": "external",
"summary": "SUSE Bug 1236100 for CVE-2025-21631",
"url": "https://bugzilla.suse.com/1236100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21631"
},
{
"cve": "CVE-2025-21635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21635"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe per-netns structure can be obtained from the table-\u003edata using\ncontainer_of(), then the \u0027net\u0027 one can be retrieved from the listen\nsocket (if available).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21635",
"url": "https://www.suse.com/security/cve/CVE-2025-21635"
},
{
"category": "external",
"summary": "SUSE Bug 1236111 for CVE-2025-21635",
"url": "https://bugzilla.suse.com/1236111"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21635"
},
{
"cve": "CVE-2025-21636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21636"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.probe_interval\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21636",
"url": "https://www.suse.com/security/cve/CVE-2025-21636"
},
{
"category": "external",
"summary": "SUSE Bug 1236113 for CVE-2025-21636",
"url": "https://bugzilla.suse.com/1236113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21636"
},
{
"cve": "CVE-2025-21637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21637"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: udp_port: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21637",
"url": "https://www.suse.com/security/cve/CVE-2025-21637"
},
{
"category": "external",
"summary": "SUSE Bug 1236114 for CVE-2025-21637",
"url": "https://bugzilla.suse.com/1236114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21637"
},
{
"cve": "CVE-2025-21638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: auth_enable: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21638",
"url": "https://www.suse.com/security/cve/CVE-2025-21638"
},
{
"category": "external",
"summary": "SUSE Bug 1236115 for CVE-2025-21638",
"url": "https://bugzilla.suse.com/1236115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21638"
},
{
"cve": "CVE-2025-21639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21639"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: rto_min/max: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.rto_min/max\u0027 is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21639",
"url": "https://www.suse.com/security/cve/CVE-2025-21639"
},
{
"category": "external",
"summary": "SUSE Bug 1236122 for CVE-2025-21639",
"url": "https://bugzilla.suse.com/1236122"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21639"
},
{
"cve": "CVE-2025-21640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.sctp_hmac_alg\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21640",
"url": "https://www.suse.com/security/cve/CVE-2025-21640"
},
{
"category": "external",
"summary": "SUSE Bug 1236123 for CVE-2025-21640",
"url": "https://bugzilla.suse.com/1236123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21640"
},
{
"cve": "CVE-2025-21647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: add bounds checks to host bulk flow fairness counts\n\nEven though we fixed a logic error in the commit cited below, syzbot\nstill managed to trigger an underflow of the per-host bulk flow\ncounters, leading to an out of bounds memory access.\n\nTo avoid any such logic errors causing out of bounds memory accesses,\nthis commit factors out all accesses to the per-host bulk flow counters\nto a series of helpers that perform bounds-checking before any\nincrements and decrements. This also has the benefit of improving\nreadability by moving the conditional checks for the flow mode into\nthese helpers, instead of having them spread out throughout the\ncode (which was the cause of the original logic error).\n\nAs part of this change, the flow quantum calculation is consolidated\ninto a helper function, which means that the dithering applied to the\nost load scaling is now applied both in the DRR rotation and when a\nsparse flow\u0027s quantum is first initiated. The only user-visible effect\nof this is that the maximum packet size that can be sent while a flow\nstays sparse will now vary with +/- one byte in some cases. This should\nnot make a noticeable difference in practice, and thus it\u0027s not worth\ncomplicating the code to preserve the old behaviour.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21647",
"url": "https://www.suse.com/security/cve/CVE-2025-21647"
},
{
"category": "external",
"summary": "SUSE Bug 1236133 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "external",
"summary": "SUSE Bug 1236134 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21647"
},
{
"cve": "CVE-2025-21659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21659"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdev: prevent accessing NAPI instances from another namespace\n\nThe NAPI IDs were not fully exposed to user space prior to the netlink\nAPI, so they were never namespaced. The netlink API must ensure that\nat the very least NAPI instance belongs to the same netns as the owner\nof the genl sock.\n\nnapi_by_id() can become static now, but it needs to move because of\ndev_get_by_napi_id().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21659",
"url": "https://www.suse.com/security/cve/CVE-2025-21659"
},
{
"category": "external",
"summary": "SUSE Bug 1236206 for CVE-2025-21659",
"url": "https://bugzilla.suse.com/1236206"
},
{
"category": "external",
"summary": "SUSE Bug 1236207 for CVE-2025-21659",
"url": "https://bugzilla.suse.com/1236207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21659"
},
{
"cve": "CVE-2025-21665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilemap: avoid truncating 64-bit offset to 32 bits\n\nOn 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a\n64-bit value to 32 bits, leading to a possible infinite loop when writing\nto an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21665",
"url": "https://www.suse.com/security/cve/CVE-2025-21665"
},
{
"category": "external",
"summary": "SUSE Bug 1236684 for CVE-2025-21665",
"url": "https://bugzilla.suse.com/1236684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21665"
},
{
"cve": "CVE-2025-21666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21666"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: prevent null-ptr-deref in vsock_*[has_data|has_space]\n\nRecent reports have shown how we sometimes call vsock_*_has_data()\nwhen a vsock socket has been de-assigned from a transport (see attached\nlinks), but we shouldn\u0027t.\n\nPrevious commits should have solved the real problems, but we may have\nmore in the future, so to avoid null-ptr-deref, we can return 0\n(no space, no data available) but with a warning.\n\nThis way the code should continue to run in a nearly consistent state\nand have a warning that allows us to debug future problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21666",
"url": "https://www.suse.com/security/cve/CVE-2025-21666"
},
{
"category": "external",
"summary": "SUSE Bug 1236680 for CVE-2025-21666",
"url": "https://bugzilla.suse.com/1236680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21666"
},
{
"cve": "CVE-2025-21667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21667"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: avoid avoid truncating 64-bit offset to 32 bits\n\non 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a\n32-bit position due to folio_next_index() returning an unsigned long.\nThis could lead to an infinite loop when writing to an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21667",
"url": "https://www.suse.com/security/cve/CVE-2025-21667"
},
{
"category": "external",
"summary": "SUSE Bug 1236681 for CVE-2025-21667",
"url": "https://bugzilla.suse.com/1236681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21667"
},
{
"cve": "CVE-2025-21668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8mp-blk-ctrl: add missing loop break condition\n\nCurrently imx8mp_blk_ctrl_remove() will continue the for loop\nuntil an out-of-bounds exception occurs.\n\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : dev_pm_domain_detach+0x8/0x48\nlr : imx8mp_blk_ctrl_shutdown+0x58/0x90\nsp : ffffffc084f8bbf0\nx29: ffffffc084f8bbf0 x28: ffffff80daf32ac0 x27: 0000000000000000\nx26: ffffffc081658d78 x25: 0000000000000001 x24: ffffffc08201b028\nx23: ffffff80d0db9490 x22: ffffffc082340a78 x21: 00000000000005b0\nx20: ffffff80d19bc180 x19: 000000000000000a x18: ffffffffffffffff\nx17: ffffffc080a39e08 x16: ffffffc080a39c98 x15: 4f435f464f006c72\nx14: 0000000000000004 x13: ffffff80d0172110 x12: 0000000000000000\nx11: ffffff80d0537740 x10: ffffff80d05376c0 x9 : ffffffc0808ed2d8\nx8 : ffffffc084f8bab0 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : ffffff80d19b9420 x4 : fffffffe03466e60 x3 : 0000000080800077\nx2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000000\nCall trace:\n dev_pm_domain_detach+0x8/0x48\n platform_shutdown+0x2c/0x48\n device_shutdown+0x158/0x268\n kernel_restart_prepare+0x40/0x58\n kernel_kexec+0x58/0xe8\n __do_sys_reboot+0x198/0x258\n __arm64_sys_reboot+0x2c/0x40\n invoke_syscall+0x5c/0x138\n el0_svc_common.constprop.0+0x48/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x38/0xc8\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x190/0x198\nCode: 8128c2d0 ffffffc0 aa1e03e9 d503201f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21668",
"url": "https://www.suse.com/security/cve/CVE-2025-21668"
},
{
"category": "external",
"summary": "SUSE Bug 1236682 for CVE-2025-21668",
"url": "https://bugzilla.suse.com/1236682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21668"
},
{
"cve": "CVE-2025-21669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21669"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: discard packets if the transport changes\n\nIf the socket has been de-assigned or assigned to another transport,\nwe must discard any packets received because they are not expected\nand would cause issues when we access vsk-\u003etransport.\n\nA possible scenario is described by Hyunwoo Kim in the attached link,\nwhere after a first connect() interrupted by a signal, and a second\nconnect() failed, we can find `vsk-\u003etransport` at NULL, leading to a\nNULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21669",
"url": "https://www.suse.com/security/cve/CVE-2025-21669"
},
{
"category": "external",
"summary": "SUSE Bug 1236683 for CVE-2025-21669",
"url": "https://bugzilla.suse.com/1236683"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21669"
},
{
"cve": "CVE-2025-21670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21670"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/bpf: return early if transport is not assigned\n\nSome of the core functions can only be called if the transport\nhas been assigned.\n\nAs Michal reported, a socket might have the transport at NULL,\nfor example after a failed connect(), causing the following trace:\n\n BUG: kernel NULL pointer dereference, address: 00000000000000a0\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+\n RIP: 0010:vsock_connectible_has_data+0x1f/0x40\n Call Trace:\n vsock_bpf_recvmsg+0xca/0x5e0\n sock_recvmsg+0xb9/0xc0\n __sys_recvfrom+0xb3/0x130\n __x64_sys_recvfrom+0x20/0x30\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nSo we need to check the `vsk-\u003etransport` in vsock_bpf_recvmsg(),\nespecially for connected sockets (stream/seqpacket) as we already\ndo in __vsock_connectible_recvmsg().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21670",
"url": "https://www.suse.com/security/cve/CVE-2025-21670"
},
{
"category": "external",
"summary": "SUSE Bug 1236685 for CVE-2025-21670",
"url": "https://bugzilla.suse.com/1236685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21670"
},
{
"cve": "CVE-2025-21671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21671"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nzram: fix potential UAF of zram table\n\nIf zram_meta_alloc failed early, it frees allocated zram-\u003etable without\nsetting it NULL. Which will potentially cause zram_meta_free to access\nthe table if user reset an failed and uninitialized device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21671",
"url": "https://www.suse.com/security/cve/CVE-2025-21671"
},
{
"category": "external",
"summary": "SUSE Bug 1236692 for CVE-2025-21671",
"url": "https://bugzilla.suse.com/1236692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21671"
},
{
"cve": "CVE-2025-21673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double free of TCP_Server_Info::hostname\n\nWhen shutting down the server in cifs_put_tcp_session(), cifsd thread\nmight be reconnecting to multiple DFS targets before it realizes it\nshould exit the loop, so @server-\u003ehostname can\u0027t be freed as long as\ncifsd thread isn\u0027t done. Otherwise the following can happen:\n\n RIP: 0010:__slab_free+0x223/0x3c0\n Code: 5e 41 5f c3 cc cc cc cc 4c 89 de 4c 89 cf 44 89 44 24 08 4c 89\n 1c 24 e8 fb cf 8e 00 44 8b 44 24 08 4c 8b 1c 24 e9 5f fe ff ff \u003c0f\u003e\n 0b 41 f7 45 08 00 0d 21 00 0f 85 2d ff ff ff e9 1f ff ff ff 80\n RSP: 0018:ffffb26180dbfd08 EFLAGS: 00010246\n RAX: ffff8ea34728e510 RBX: ffff8ea34728e500 RCX: 0000000000800068\n RDX: 0000000000800068 RSI: 0000000000000000 RDI: ffff8ea340042400\n RBP: ffffe112041ca380 R08: 0000000000000001 R09: 0000000000000000\n R10: 6170732e31303000 R11: 70726f632e786563 R12: ffff8ea34728e500\n R13: ffff8ea340042400 R14: ffff8ea34728e500 R15: 0000000000800068\n FS: 0000000000000000(0000) GS:ffff8ea66fd80000(0000)\n 000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ffc25376080 CR3: 000000012a2ba001 CR4:\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? show_trace_log_lvl+0x1c4/0x2df\n ? show_trace_log_lvl+0x1c4/0x2df\n ? __reconnect_target_unlocked+0x3e/0x160 [cifs]\n ? __die_body.cold+0x8/0xd\n ? die+0x2b/0x50\n ? do_trap+0xce/0x120\n ? __slab_free+0x223/0x3c0\n ? do_error_trap+0x65/0x80\n ? __slab_free+0x223/0x3c0\n ? exc_invalid_op+0x4e/0x70\n ? __slab_free+0x223/0x3c0\n ? asm_exc_invalid_op+0x16/0x20\n ? __slab_free+0x223/0x3c0\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? __kmalloc+0x4b/0x140\n __reconnect_target_unlocked+0x3e/0x160 [cifs]\n reconnect_dfs_server+0x145/0x430 [cifs]\n cifs_handle_standard+0x1ad/0x1d0 [cifs]\n cifs_demultiplex_thread+0x592/0x730 [cifs]\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n kthread+0xdd/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x50\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21673",
"url": "https://www.suse.com/security/cve/CVE-2025-21673"
},
{
"category": "external",
"summary": "SUSE Bug 1236689 for CVE-2025-21673",
"url": "https://bugzilla.suse.com/1236689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21673"
},
{
"cve": "CVE-2025-21675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21675"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Clear port select structure when fail to create\n\nClear the port select structure on error so no stale values left after\ndefiners are destroyed. That\u0027s because the mlx5_lag_destroy_definers()\nalways try to destroy all lag definers in the tt_map, so in the flow\nbelow lag definers get double-destroyed and cause kernel crash:\n\n mlx5_lag_port_sel_create()\n mlx5_lag_create_definers()\n mlx5_lag_create_definer() \u003c- Failed on tt 1\n mlx5_lag_destroy_definers() \u003c- definers[tt=0] gets destroyed\n mlx5_lag_port_sel_create()\n mlx5_lag_create_definers()\n mlx5_lag_create_definer() \u003c- Failed on tt 0\n mlx5_lag_destroy_definers() \u003c- definers[tt=0] gets double-destroyed\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008\n Mem abort info:\n ESR = 0x0000000096000005\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x05: level 1 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n user pgtable: 64k pages, 48-bit VAs, pgdp=0000000112ce2e00\n [0000000000000008] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n Modules linked in: iptable_raw bonding ip_gre ip6_gre gre ip6_tunnel tunnel6 geneve ip6_udp_tunnel udp_tunnel ipip tunnel4 ip_tunnel rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) mlx5_fwctl(OE) fwctl(OE) mlx5_core(OE) mlxdevm(OE) ib_core(OE) mlxfw(OE) memtrack(OE) mlx_compat(OE) openvswitch nsh nf_conncount psample xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo xt_addrtype iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter bridge stp llc netconsole overlay efi_pstore sch_fq_codel zram ip_tables crct10dif_ce qemu_fw_cfg fuse ipv6 crc_ccitt [last unloaded: mlx_compat(OE)]\n CPU: 3 UID: 0 PID: 217 Comm: kworker/u53:2 Tainted: G OE 6.11.0+ #2\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\n Workqueue: mlx5_lag mlx5_do_bond_work [mlx5_core]\n pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mlx5_del_flow_rules+0x24/0x2c0 [mlx5_core]\n lr : mlx5_lag_destroy_definer+0x54/0x100 [mlx5_core]\n sp : ffff800085fafb00\n x29: ffff800085fafb00 x28: ffff0000da0c8000 x27: 0000000000000000\n x26: ffff0000da0c8000 x25: ffff0000da0c8000 x24: ffff0000da0c8000\n x23: ffff0000c31f81a0 x22: 0400000000000000 x21: ffff0000da0c8000\n x20: 0000000000000000 x19: 0000000000000001 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff8b0c9350\n x14: 0000000000000000 x13: ffff800081390d18 x12: ffff800081dc3cc0\n x11: 0000000000000001 x10: 0000000000000b10 x9 : ffff80007ab7304c\n x8 : ffff0000d00711f0 x7 : 0000000000000004 x6 : 0000000000000190\n x5 : ffff00027edb3010 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : ffff0000d39b8000 x1 : ffff0000d39b8000 x0 : 0400000000000000\n Call trace:\n mlx5_del_flow_rules+0x24/0x2c0 [mlx5_core]\n mlx5_lag_destroy_definer+0x54/0x100 [mlx5_core]\n mlx5_lag_destroy_definers+0xa0/0x108 [mlx5_core]\n mlx5_lag_port_sel_create+0x2d4/0x6f8 [mlx5_core]\n mlx5_activate_lag+0x60c/0x6f8 [mlx5_core]\n mlx5_do_bond_work+0x284/0x5c8 [mlx5_core]\n process_one_work+0x170/0x3e0\n worker_thread+0x2d8/0x3e0\n kthread+0x11c/0x128\n ret_from_fork+0x10/0x20\n Code: a9025bf5 aa0003f6 a90363f7 f90023f9 (f9400400)\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21675",
"url": "https://www.suse.com/security/cve/CVE-2025-21675"
},
{
"category": "external",
"summary": "SUSE Bug 1236694 for CVE-2025-21675",
"url": "https://bugzilla.suse.com/1236694"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21675"
},
{
"cve": "CVE-2025-21678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: Destroy device along with udp socket\u0027s netns dismantle.\n\ngtp_newlink() links the device to a list in dev_net(dev) instead of\nsrc_net, where a udp tunnel socket is created.\n\nEven when src_net is removed, the device stays alive on dev_net(dev).\nThen, removing src_net triggers the splat below. [0]\n\nIn this example, gtp0 is created in ns2, and the udp socket is created\nin ns1.\n\n ip netns add ns1\n ip netns add ns2\n ip -n ns1 link add netns ns2 name gtp0 type gtp role sgsn\n ip netns del ns1\n\nLet\u0027s link the device to the socket\u0027s netns instead.\n\nNow, gtp_net_exit_batch_rtnl() needs another netdev iteration to remove\nall gtp devices in the netns.\n\n[0]:\nref_tracker: net notrefcnt@000000003d6e7d05 has 1/2 users at\n sk_alloc (./include/net/net_namespace.h:345 net/core/sock.c:2236)\n inet_create (net/ipv4/af_inet.c:326 net/ipv4/af_inet.c:252)\n __sock_create (net/socket.c:1558)\n udp_sock_create4 (net/ipv4/udp_tunnel_core.c:18)\n gtp_create_sock (./include/net/udp_tunnel.h:59 drivers/net/gtp.c:1423)\n gtp_create_sockets (drivers/net/gtp.c:1447)\n gtp_newlink (drivers/net/gtp.c:1507)\n rtnl_newlink (net/core/rtnetlink.c:3786 net/core/rtnetlink.c:3897 net/core/rtnetlink.c:4012)\n rtnetlink_rcv_msg (net/core/rtnetlink.c:6922)\n netlink_rcv_skb (net/netlink/af_netlink.c:2542)\n netlink_unicast (net/netlink/af_netlink.c:1321 net/netlink/af_netlink.c:1347)\n netlink_sendmsg (net/netlink/af_netlink.c:1891)\n ____sys_sendmsg (net/socket.c:711 net/socket.c:726 net/socket.c:2583)\n ___sys_sendmsg (net/socket.c:2639)\n __sys_sendmsg (net/socket.c:2669)\n do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\n\nWARNING: CPU: 1 PID: 60 at lib/ref_tracker.c:179 ref_tracker_dir_exit (lib/ref_tracker.c:179)\nModules linked in:\nCPU: 1 UID: 0 PID: 60 Comm: kworker/u16:2 Not tainted 6.13.0-rc5-00147-g4c1224501e9d #5\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nWorkqueue: netns cleanup_net\nRIP: 0010:ref_tracker_dir_exit (lib/ref_tracker.c:179)\nCode: 00 00 00 fc ff df 4d 8b 26 49 bd 00 01 00 00 00 00 ad de 4c 39 f5 0f 85 df 00 00 00 48 8b 74 24 08 48 89 df e8 a5 cc 12 02 90 \u003c0f\u003e 0b 90 48 8d 6b 44 be 04 00 00 00 48 89 ef e8 80 de 67 ff 48 89\nRSP: 0018:ff11000009a07b60 EFLAGS: 00010286\nRAX: 0000000000002bd3 RBX: ff1100000f4e1aa0 RCX: 1ffffffff0e40ac6\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8423ee3c\nRBP: ff1100000f4e1af0 R08: 0000000000000001 R09: fffffbfff0e395ae\nR10: 0000000000000001 R11: 0000000000036001 R12: ff1100000f4e1af0\nR13: dead000000000100 R14: ff1100000f4e1af0 R15: dffffc0000000000\nFS: 0000000000000000(0000) GS:ff1100006ce80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f9b2464bd98 CR3: 0000000005286005 CR4: 0000000000771ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __warn (kernel/panic.c:748)\n ? ref_tracker_dir_exit (lib/ref_tracker.c:179)\n ? report_bug (lib/bug.c:201 lib/bug.c:219)\n ? handle_bug (arch/x86/kernel/traps.c:285)\n ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1))\n ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621)\n ? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:97 ./arch/x86/include/asm/irqflags.h:155 ./include/linux/spinlock_api_smp.h:151 kernel/locking/spinlock.c:194)\n ? ref_tracker_dir_exit (lib/ref_tracker.c:179)\n ? __pfx_ref_tracker_dir_exit (lib/ref_tracker.c:158)\n ? kfree (mm/slub.c:4613 mm/slub.c:4761)\n net_free (net/core/net_namespace.c:476 net/core/net_namespace.c:467)\n cleanup_net (net/core/net_namespace.c:664 (discriminator 3))\n process_one_work (kernel/workqueue.c:3229)\n worker_thread (kernel/workqueue.c:3304 kernel/workqueue.c:3391\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21678",
"url": "https://www.suse.com/security/cve/CVE-2025-21678"
},
{
"category": "external",
"summary": "SUSE Bug 1236698 for CVE-2025-21678",
"url": "https://bugzilla.suse.com/1236698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21678"
},
{
"cve": "CVE-2025-21680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: Avoid out-of-bounds access in get_imix_entries\n\nPassing a sufficient amount of imix entries leads to invalid access to the\npkt_dev-\u003eimix_entries array because of the incorrect boundary check.\n\nUBSAN: array-index-out-of-bounds in net/core/pktgen.c:874:24\nindex 20 is out of range for type \u0027imix_pkt [20]\u0027\nCPU: 2 PID: 1210 Comm: bash Not tainted 6.10.0-rc1 #121\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl lib/dump_stack.c:117\n__ubsan_handle_out_of_bounds lib/ubsan.c:429\nget_imix_entries net/core/pktgen.c:874\npktgen_if_write net/core/pktgen.c:1063\npde_write fs/proc/inode.c:334\nproc_reg_write fs/proc/inode.c:346\nvfs_write fs/read_write.c:593\nksys_write fs/read_write.c:644\ndo_syscall_64 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe arch/x86/entry/entry_64.S:130\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[ fp: allow to fill the array completely; minor changelog cleanup ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21680",
"url": "https://www.suse.com/security/cve/CVE-2025-21680"
},
{
"category": "external",
"summary": "SUSE Bug 1236700 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "external",
"summary": "SUSE Bug 1236701 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21680"
},
{
"cve": "CVE-2025-21681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: fix lockup on tx to unregistering netdev with carrier\n\nCommit in a fixes tag attempted to fix the issue in the following\nsequence of calls:\n\n do_output\n -\u003e ovs_vport_send\n -\u003e dev_queue_xmit\n -\u003e __dev_queue_xmit\n -\u003e netdev_core_pick_tx\n -\u003e skb_tx_hash\n\nWhen device is unregistering, the \u0027dev-\u003ereal_num_tx_queues\u0027 goes to\nzero and the \u0027while (unlikely(hash \u003e= qcount))\u0027 loop inside the\n\u0027skb_tx_hash\u0027 becomes infinite, locking up the core forever.\n\nBut unfortunately, checking just the carrier status is not enough to\nfix the issue, because some devices may still be in unregistering\nstate while reporting carrier status OK.\n\nOne example of such device is a net/dummy. It sets carrier ON\non start, but it doesn\u0027t implement .ndo_stop to set the carrier off.\nAnd it makes sense, because dummy doesn\u0027t really have a carrier.\nTherefore, while this device is unregistering, it\u0027s still easy to hit\nthe infinite loop in the skb_tx_hash() from the OVS datapath. There\nmight be other drivers that do the same, but dummy by itself is\nimportant for the OVS ecosystem, because it is frequently used as a\npacket sink for tcpdump while debugging OVS deployments. And when the\nissue is hit, the only way to recover is to reboot.\n\nFix that by also checking if the device is running. The running\nstate is handled by the net core during unregistering, so it covers\nunregistering case better, and we don\u0027t really need to send packets\nto devices that are not running anyway.\n\nWhile only checking the running state might be enough, the carrier\ncheck is preserved. The running and the carrier states seem disjoined\nthroughout the code and different drivers. And other core functions\nlike __dev_direct_xmit() check both before attempting to transmit\na packet. So, it seems safer to check both flags in OVS as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21681",
"url": "https://www.suse.com/security/cve/CVE-2025-21681"
},
{
"category": "external",
"summary": "SUSE Bug 1236702 for CVE-2025-21681",
"url": "https://bugzilla.suse.com/1236702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21681"
},
{
"cve": "CVE-2025-21684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21684"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: xilinx: Convert gpio_lock to raw spinlock\n\nirq_chip functions may be called in raw spinlock context. Therefore, we\nmust also use a raw spinlock for our own internal locking.\n\nThis fixes the following lockdep splat:\n\n[ 5.349336] =============================\n[ 5.353349] [ BUG: Invalid wait context ]\n[ 5.357361] 6.13.0-rc5+ #69 Tainted: G W\n[ 5.363031] -----------------------------\n[ 5.367045] kworker/u17:1/44 is trying to lock:\n[ 5.371587] ffffff88018b02c0 (\u0026chip-\u003egpio_lock){....}-{3:3}, at: xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.380079] other info that might help us debug this:\n[ 5.385138] context-{5:5}\n[ 5.387762] 5 locks held by kworker/u17:1/44:\n[ 5.392123] #0: ffffff8800014958 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3204)\n[ 5.402260] #1: ffffffc082fcbdd8 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3205)\n[ 5.411528] #2: ffffff880172c900 (\u0026dev-\u003emutex){....}-{4:4}, at: __device_attach (drivers/base/dd.c:1006)\n[ 5.419929] #3: ffffff88039c8268 (request_class#2){+.+.}-{4:4}, at: __setup_irq (kernel/irq/internals.h:156 kernel/irq/manage.c:1596)\n[ 5.428331] #4: ffffff88039c80c8 (lock_class#2){....}-{2:2}, at: __setup_irq (kernel/irq/manage.c:1614)\n[ 5.436472] stack backtrace:\n[ 5.439359] CPU: 2 UID: 0 PID: 44 Comm: kworker/u17:1 Tainted: G W 6.13.0-rc5+ #69\n[ 5.448690] Tainted: [W]=WARN\n[ 5.451656] Hardware name: xlnx,zynqmp (DT)\n[ 5.455845] Workqueue: events_unbound deferred_probe_work_func\n[ 5.461699] Call trace:\n[ 5.464147] show_stack+0x18/0x24 C\n[ 5.467821] dump_stack_lvl (lib/dump_stack.c:123)\n[ 5.471501] dump_stack (lib/dump_stack.c:130)\n[ 5.474824] __lock_acquire (kernel/locking/lockdep.c:4828 kernel/locking/lockdep.c:4898 kernel/locking/lockdep.c:5176)\n[ 5.478758] lock_acquire (arch/arm64/include/asm/percpu.h:40 kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851 kernel/locking/lockdep.c:5814)\n[ 5.482429] _raw_spin_lock_irqsave (include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\n[ 5.486797] xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.490737] irq_enable (kernel/irq/internals.h:236 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345)\n[ 5.494060] __irq_startup (kernel/irq/internals.h:241 kernel/irq/chip.c:180 kernel/irq/chip.c:250)\n[ 5.497645] irq_startup (kernel/irq/chip.c:270)\n[ 5.501143] __setup_irq (kernel/irq/manage.c:1807)\n[ 5.504728] request_threaded_irq (kernel/irq/manage.c:2208)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21684",
"url": "https://www.suse.com/security/cve/CVE-2025-21684"
},
{
"category": "external",
"summary": "SUSE Bug 1236952 for CVE-2025-21684",
"url": "https://bugzilla.suse.com/1236952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21684"
},
{
"cve": "CVE-2025-21687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/platform: check the bounds of read/write syscalls\n\ncount and offset are passed from user space and not checked, only\noffset is capped to 40 bits, which can be used to read/write out of\nbounds of the device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21687",
"url": "https://www.suse.com/security/cve/CVE-2025-21687"
},
{
"category": "external",
"summary": "SUSE Bug 1237045 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "external",
"summary": "SUSE Bug 1237046 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21687"
},
{
"cve": "CVE-2025-21688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21688"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Assign job pointer to NULL before signaling the fence\n\nIn commit e4b5ccd392b9 (\"drm/v3d: Ensure job pointer is set to NULL\nafter job completion\"), we introduced a change to assign the job pointer\nto NULL after completing a job, indicating job completion.\n\nHowever, this approach created a race condition between the DRM\nscheduler workqueue and the IRQ execution thread. As soon as the fence is\nsignaled in the IRQ execution thread, a new job starts to be executed.\nThis results in a race condition where the IRQ execution thread sets the\njob pointer to NULL simultaneously as the `run_job()` function assigns\na new job to the pointer.\n\nThis race condition can lead to a NULL pointer dereference if the IRQ\nexecution thread sets the job pointer to NULL after `run_job()` assigns\nit to the new job. When the new job completes and the GPU emits an\ninterrupt, `v3d_irq()` is triggered, potentially causing a crash.\n\n[ 466.310099] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0\n[ 466.318928] Mem abort info:\n[ 466.321723] ESR = 0x0000000096000005\n[ 466.325479] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 466.330807] SET = 0, FnV = 0\n[ 466.333864] EA = 0, S1PTW = 0\n[ 466.337010] FSC = 0x05: level 1 translation fault\n[ 466.341900] Data abort info:\n[ 466.344783] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 466.350285] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 466.355350] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 466.360677] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000089772000\n[ 466.367140] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 466.375875] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[ 466.382163] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device algif_hash algif_skcipher af_alg bnep binfmt_misc vc4 snd_soc_hdmi_codec drm_display_helper cec brcmfmac_wcc spidev rpivid_hevc(C) drm_client_lib brcmfmac hci_uart drm_dma_helper pisp_be btbcm brcmutil snd_soc_core aes_ce_blk v4l2_mem2mem bluetooth aes_ce_cipher snd_compress videobuf2_dma_contig ghash_ce cfg80211 gf128mul snd_pcm_dmaengine videobuf2_memops ecdh_generic sha2_ce ecc videobuf2_v4l2 snd_pcm v3d sha256_arm64 rfkill videodev snd_timer sha1_ce libaes gpu_sched snd videobuf2_common sha1_generic drm_shmem_helper mc rp1_pio drm_kms_helper raspberrypi_hwmon spi_bcm2835 gpio_keys i2c_brcmstb rp1 raspberrypi_gpiomem rp1_mailbox rp1_adc nvmem_rmem uio_pdrv_genirq uio i2c_dev drm ledtrig_pattern drm_panel_orientation_quirks backlight fuse dm_mod ip_tables x_tables ipv6\n[ 466.458429] CPU: 0 UID: 1000 PID: 2008 Comm: chromium Tainted: G C 6.13.0-v8+ #18\n[ 466.467336] Tainted: [C]=CRAP\n[ 466.470306] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\n[ 466.476157] pstate: 404000c9 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 466.483143] pc : v3d_irq+0x118/0x2e0 [v3d]\n[ 466.487258] lr : __handle_irq_event_percpu+0x60/0x228\n[ 466.492327] sp : ffffffc080003ea0\n[ 466.495646] x29: ffffffc080003ea0 x28: ffffff80c0c94200 x27: 0000000000000000\n[ 466.502807] x26: ffffffd08dd81d7b x25: ffffff80c0c94200 x24: ffffff8003bdc200\n[ 466.509969] x23: 0000000000000001 x22: 00000000000000a7 x21: 0000000000000000\n[ 466.517130] x20: ffffff8041bb0000 x19: 0000000000000001 x18: 0000000000000000\n[ 466.524291] x17: ffffffafadfb0000 x16: ffffffc080000000 x15: 0000000000000000\n[ 466.531452] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 466.538613] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffffd08c527eb0\n[ 466.545777] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n[ 466.552941] x5 : ffffffd08c4100d0 x4 : ffffffafadfb0000 x3 : ffffffc080003f70\n[ 466.560102] x2 : ffffffc0829e8058 x1 : 0000000000000001 x0 : 0000000000000000\n[ 466.567263] Call trace:\n[ 466.569711] v3d_irq+0x118/0x2e0 [v3d] (P)\n[ 466.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21688",
"url": "https://www.suse.com/security/cve/CVE-2025-21688"
},
{
"category": "external",
"summary": "SUSE Bug 1237007 for CVE-2025-21688",
"url": "https://bugzilla.suse.com/1237007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21688"
},
{
"cve": "CVE-2025-21689",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21689"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()\n\nThis patch addresses a null-ptr-deref in qt2_process_read_urb() due to\nan incorrect bounds check in the following:\n\n if (newport \u003e serial-\u003enum_ports) {\n dev_err(\u0026port-\u003edev,\n \"%s - port change to invalid port: %i\\n\",\n __func__, newport);\n break;\n }\n\nThe condition doesn\u0027t account for the valid range of the serial-\u003eport\nbuffer, which is from 0 to serial-\u003enum_ports - 1. When newport is equal\nto serial-\u003enum_ports, the assignment of \"port\" in the\nfollowing code is out-of-bounds and NULL:\n\n serial_priv-\u003ecurrent_port = newport;\n port = serial-\u003eport[serial_priv-\u003ecurrent_port];\n\nThe fix checks if newport is greater than or equal to serial-\u003enum_ports\nindicating it is out-of-bounds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21689",
"url": "https://www.suse.com/security/cve/CVE-2025-21689"
},
{
"category": "external",
"summary": "SUSE Bug 1237017 for CVE-2025-21689",
"url": "https://bugzilla.suse.com/1237017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21689"
},
{
"cve": "CVE-2025-21690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21690"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Ratelimit warning logs to prevent VM denial of service\n\nIf there\u0027s a persistent error in the hypervisor, the SCSI warning for\nfailed I/O can flood the kernel log and max out CPU utilization,\npreventing troubleshooting from the VM side. Ratelimit the warning so\nit doesn\u0027t DoS the VM.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21690",
"url": "https://www.suse.com/security/cve/CVE-2025-21690"
},
{
"category": "external",
"summary": "SUSE Bug 1237025 for CVE-2025-21690",
"url": "https://bugzilla.suse.com/1237025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21690"
},
{
"cve": "CVE-2025-21692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan \u003cg1042620637@gmail.com\u003e found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [ 18.852298] ------------[ cut here ]------------\n [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [ 18.853743] index 18446744073709551615 is out of range for type \u0027ets_class [16]\u0027\n [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [ 18.856532] Call Trace:\n [ 18.857441] \u003cTASK\u003e\n [ 18.858227] dump_stack_lvl+0xc2/0xf0\n [ 18.859607] dump_stack+0x10/0x20\n [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0\n [ 18.864022] ets_class_change+0x3d6/0x3f0\n [ 18.864322] tc_ctl_tclass+0x251/0x910\n [ 18.864587] ? lock_acquire+0x5e/0x140\n [ 18.865113] ? __mutex_lock+0x9c/0xe70\n [ 18.866009] ? __mutex_lock+0xa34/0xe70\n [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0\n [ 18.866806] ? __lock_acquire+0x578/0xc10\n [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [ 18.867503] netlink_rcv_skb+0x59/0x110\n [ 18.867776] rtnetlink_rcv+0x15/0x30\n [ 18.868159] netlink_unicast+0x1c3/0x2b0\n [ 18.868440] netlink_sendmsg+0x239/0x4b0\n [ 18.868721] ____sys_sendmsg+0x3e2/0x410\n [ 18.869012] ___sys_sendmsg+0x88/0xe0\n [ 18.869276] ? rseq_ip_fixup+0x198/0x260\n [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190\n [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0\n [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220\n [ 18.870547] ? do_syscall_64+0x93/0x150\n [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290\n [ 18.871157] __sys_sendmsg+0x69/0xd0\n [ 18.871416] __x64_sys_sendmsg+0x1d/0x30\n [ 18.871699] x64_sys_call+0x9e2/0x2670\n [ 18.871979] do_syscall_64+0x87/0x150\n [ 18.873280] ? do_syscall_64+0x93/0x150\n [ 18.874742] ? lock_release+0x7b/0x160\n [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0\n [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210\n [ 18.879608] ? irqentry_exit+0x77/0xb0\n [ 18.879808] ? clear_bhb_loop+0x15/0x70\n [ 18.880023] ? clear_bhb_loop+0x15/0x70\n [ 18.880223] ? clear_bhb_loop+0x15/0x70\n [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [ 18.880683] RIP: 0033:0x44a957\n [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [ 18.888395] \u003c/TASK\u003e\n [ 18.888610] ---[ end trace ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21692",
"url": "https://www.suse.com/security/cve/CVE-2025-21692"
},
{
"category": "external",
"summary": "SUSE Bug 1237028 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "external",
"summary": "SUSE Bug 1237048 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: zswap: properly synchronize freeing resources during CPU hotunplug\n\nIn zswap_compress() and zswap_decompress(), the per-CPU acomp_ctx of the\ncurrent CPU at the beginning of the operation is retrieved and used\nthroughout. However, since neither preemption nor migration are disabled,\nit is possible that the operation continues on a different CPU.\n\nIf the original CPU is hotunplugged while the acomp_ctx is still in use,\nwe run into a UAF bug as some of the resources attached to the acomp_ctx\nare freed during hotunplug in zswap_cpu_comp_dead() (i.e. \nacomp_ctx.buffer, acomp_ctx.req, or acomp_ctx.acomp).\n\nThe problem was introduced in commit 1ec3b5fe6eec (\"mm/zswap: move to use\ncrypto_acomp API for hardware acceleration\") when the switch to the\ncrypto_acomp API was made. Prior to that, the per-CPU crypto_comp was\nretrieved using get_cpu_ptr() which disables preemption and makes sure the\nCPU cannot go away from under us. Preemption cannot be disabled with the\ncrypto_acomp API as a sleepable context is needed.\n\nUse the acomp_ctx.mutex to synchronize CPU hotplug callbacks allocating\nand freeing resources with compression/decompression paths. Make sure\nthat acomp_ctx.req is NULL when the resources are freed. In the\ncompression/decompression paths, check if acomp_ctx.req is NULL after\nacquiring the mutex (meaning the CPU was offlined) and retry on the new\nCPU.\n\nThe initialization of acomp_ctx.mutex is moved from the CPU hotplug\ncallback to the pool initialization where it belongs (where the mutex is\nallocated). In addition to adding clarity, this makes sure that CPU\nhotplug cannot reinitialize a mutex that is already locked by\ncompression/decompression.\n\nPreviously a fix was attempted by holding cpus_read_lock() [1]. This\nwould have caused a potential deadlock as it is possible for code already\nholding the lock to fall into reclaim and enter zswap (causing a\ndeadlock). A fix was also attempted using SRCU for synchronization, but\nJohannes pointed out that synchronize_srcu() cannot be used in CPU hotplug\nnotifiers [2].\n\nAlternative fixes that were considered/attempted and could have worked:\n- Refcounting the per-CPU acomp_ctx. This involves complexity in\n handling the race between the refcount dropping to zero in\n zswap_[de]compress() and the refcount being re-initialized when the\n CPU is onlined.\n- Disabling migration before getting the per-CPU acomp_ctx [3], but\n that\u0027s discouraged and is a much bigger hammer than needed, and could\n result in subtle performance issues.\n\n[1]https://lkml.kernel.org/20241219212437.2714151-1-yosryahmed@google.com/\n[2]https://lkml.kernel.org/20250107074724.1756696-2-yosryahmed@google.com/\n[3]https://lkml.kernel.org/20250107222236.2715883-2-yosryahmed@google.com/\n\n[yosryahmed@google.com: remove comment]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21693",
"url": "https://www.suse.com/security/cve/CVE-2025-21693"
},
{
"category": "external",
"summary": "SUSE Bug 1237029 for CVE-2025-21693",
"url": "https://bugzilla.suse.com/1237029"
},
{
"category": "external",
"summary": "SUSE Bug 1237047 for CVE-2025-21693",
"url": "https://bugzilla.suse.com/1237047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21693"
},
{
"cve": "CVE-2025-21697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Ensure job pointer is set to NULL after job completion\n\nAfter a job completes, the corresponding pointer in the device must\nbe set to NULL. Failing to do so triggers a warning when unloading\nthe driver, as it appears the job is still active. To prevent this,\nassign the job pointer to NULL after completing the job, indicating\nthe job has finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21697",
"url": "https://www.suse.com/security/cve/CVE-2025-21697"
},
{
"category": "external",
"summary": "SUSE Bug 1237132 for CVE-2025-21697",
"url": "https://bugzilla.suse.com/1237132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "low"
}
],
"title": "CVE-2025-21697"
},
{
"cve": "CVE-2025-21699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Truncate address space when flipping GFS2_DIF_JDATA flag\n\nTruncate an inode\u0027s address space when flipping the GFS2_DIF_JDATA flag:\ndepending on that flag, the pages in the address space will either use\nbuffer heads or iomap_folio_state structs, and we cannot mix the two.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21699",
"url": "https://www.suse.com/security/cve/CVE-2025-21699"
},
{
"category": "external",
"summary": "SUSE Bug 1237139 for CVE-2025-21699",
"url": "https://bugzilla.suse.com/1237139"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21699"
},
{
"cve": "CVE-2025-21700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: Disallow replacing of child qdisc from one parent to another\n\nLion Ackermann was able to create a UAF which can be abused for privilege\nescalation with the following script\n\nStep 1. create root qdisc\ntc qdisc add dev lo root handle 1:0 drr\n\nstep2. a class for packet aggregation do demonstrate uaf\ntc class add dev lo classid 1:1 drr\n\nstep3. a class for nesting\ntc class add dev lo classid 1:2 drr\n\nstep4. a class to graft qdisc to\ntc class add dev lo classid 1:3 drr\n\nstep5.\ntc qdisc add dev lo parent 1:1 handle 2:0 plug limit 1024\n\nstep6.\ntc qdisc add dev lo parent 1:2 handle 3:0 drr\n\nstep7.\ntc class add dev lo classid 3:1 drr\n\nstep 8.\ntc qdisc add dev lo parent 3:1 handle 4:0 pfifo\n\nstep 9. Display the class/qdisc layout\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nstep10. trigger the bug \u003c=== prevented by this patch\ntc qdisc replace dev lo parent 1:3 handle 4:0\n\nstep 11. Redisplay again the qdiscs/classes\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 1:3 root leaf 4: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 refcnt 2 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nObserve that a) parent for 4:0 does not change despite the replace request.\nThere can only be one parent. b) refcount has gone up by two for 4:0 and\nc) both class 1:3 and 3:1 are pointing to it.\n\nStep 12. send one packet to plug\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10001))\nstep13. send one packet to the grafted fifo\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10003))\n\nstep14. lets trigger the uaf\ntc class delete dev lo classid 1:3\ntc class delete dev lo classid 1:1\n\nThe semantics of \"replace\" is for a del/add _on the same node_ and not\na delete from one node(3:1) and add to another node (1:3) as in step10.\nWhile we could \"fix\" with a more complex approach there could be\nconsequences to expectations so the patch takes the preventive approach of\n\"disallow such config\".\n\nJoint work with Lion Ackermann \u003cnnamrec@gmail.com\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21700",
"url": "https://www.suse.com/security/cve/CVE-2025-21700"
},
{
"category": "external",
"summary": "SUSE Bug 1237159 for CVE-2025-21700",
"url": "https://bugzilla.suse.com/1237159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21700"
},
{
"cve": "CVE-2025-21701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: avoid race between device unregistration and ethnl ops\n\nThe following trace can be seen if a device is being unregistered while\nits number of channels are being modified.\n\n DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120\n CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771\n RIP: 0010:__mutex_lock+0xc8a/0x1120\n Call Trace:\n \u003cTASK\u003e\n ethtool_check_max_channel+0x1ea/0x880\n ethnl_set_channels+0x3c3/0xb10\n ethnl_default_set_doit+0x306/0x650\n genl_family_rcv_msg_doit+0x1e3/0x2c0\n genl_rcv_msg+0x432/0x6f0\n netlink_rcv_skb+0x13d/0x3b0\n genl_rcv+0x28/0x40\n netlink_unicast+0x42e/0x720\n netlink_sendmsg+0x765/0xc20\n __sys_sendto+0x3ac/0x420\n __x64_sys_sendto+0xe0/0x1c0\n do_syscall_64+0x95/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThis is because unregister_netdevice_many_notify might run before the\nrtnl lock section of ethnl operations, eg. set_channels in the above\nexample. In this example the rss lock would be destroyed by the device\nunregistration path before being used again, but in general running\nethnl operations while dismantle has started is not a good idea.\n\nFix this by denying any operation on devices being unregistered. A check\nwas already there in ethnl_ops_begin, but not wide enough.\n\nNote that the same issue cannot be seen on the ioctl version\n(__dev_ethtool) because the device reference is retrieved from within\nthe rtnl lock section there. Once dismantle started, the net device is\nunlisted and no reference will be found.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21701",
"url": "https://www.suse.com/security/cve/CVE-2025-21701"
},
{
"category": "external",
"summary": "SUSE Bug 1237164 for CVE-2025-21701",
"url": "https://bugzilla.suse.com/1237164"
},
{
"category": "external",
"summary": "SUSE Bug 1245805 for CVE-2025-21701",
"url": "https://bugzilla.suse.com/1245805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21701"
},
{
"cve": "CVE-2025-21703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: Update sch-\u003eq.qlen before qdisc_tree_reduce_backlog()\n\nqdisc_tree_reduce_backlog() notifies parent qdisc only if child\nqdisc becomes empty, therefore we need to reduce the backlog of the\nchild qdisc before calling it. Otherwise it would miss the opportunity\nto call cops-\u003eqlen_notify(), in the case of DRR, it resulted in UAF\nsince DRR uses -\u003eqlen_notify() to maintain its active list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21703",
"url": "https://www.suse.com/security/cve/CVE-2025-21703"
},
{
"category": "external",
"summary": "SUSE Bug 1237313 for CVE-2025-21703",
"url": "https://bugzilla.suse.com/1237313"
},
{
"category": "external",
"summary": "SUSE Bug 1245796 for CVE-2025-21703",
"url": "https://bugzilla.suse.com/1245796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21703"
},
{
"cve": "CVE-2025-21704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21704"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdc-acm: Check control transfer buffer size before access\n\nIf the first fragment is shorter than struct usb_cdc_notification, we can\u0027t\ncalculate an expected_size. Log an error and discard the notification\ninstead of reading lengths from memory outside the received data, which can\nlead to memory corruption when the expected_size decreases between\nfragments, causing `expected_size - acm-\u003enb_index` to wrap.\n\nThis issue has been present since the beginning of git history; however,\nit only leads to memory corruption since commit ea2583529cd1\n(\"cdc-acm: reassemble fragmented notifications\").\n\nA mitigating factor is that acm_ctrl_irq() can only execute after userspace\nhas opened /dev/ttyACM*; but if ModemManager is running, ModemManager will\ndo that automatically depending on the USB device\u0027s vendor/product IDs and\nits other interfaces.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21704",
"url": "https://www.suse.com/security/cve/CVE-2025-21704"
},
{
"category": "external",
"summary": "SUSE Bug 1237571 for CVE-2025-21704",
"url": "https://bugzilla.suse.com/1237571"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21704"
},
{
"cve": "CVE-2025-21705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21705"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle fastopen disconnect correctly\n\nSyzbot was able to trigger a data stream corruption:\n\n WARNING: CPU: 0 PID: 9846 at net/mptcp/protocol.c:1024 __mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Modules linked in:\n CPU: 0 UID: 0 PID: 9846 Comm: syz-executor351 Not tainted 6.13.0-rc2-syzkaller-00059-g00a5acdbf398 #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\n RIP: 0010:__mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Code: fa ff ff 48 8b 4c 24 18 80 e1 07 fe c1 38 c1 0f 8c 8e fa ff ff 48 8b 7c 24 18 e8 e0 db 54 f6 e9 7f fa ff ff e8 e6 80 ee f5 90 \u003c0f\u003e 0b 90 4c 8b 6c 24 40 4d 89 f4 e9 04 f5 ff ff 44 89 f1 80 e1 07\n RSP: 0018:ffffc9000c0cf400 EFLAGS: 00010293\n RAX: ffffffff8bb0dd5a RBX: ffff888033f5d230 RCX: ffff888059ce8000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000c0cf518 R08: ffffffff8bb0d1dd R09: 1ffff110170c8928\n R10: dffffc0000000000 R11: ffffed10170c8929 R12: 0000000000000000\n R13: ffff888033f5d220 R14: dffffc0000000000 R15: ffff8880592b8000\n FS: 00007f6e866496c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f6e86f491a0 CR3: 00000000310e6000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n __mptcp_clean_una_wakeup+0x7f/0x2d0 net/mptcp/protocol.c:1074\n mptcp_release_cb+0x7cb/0xb30 net/mptcp/protocol.c:3493\n release_sock+0x1aa/0x1f0 net/core/sock.c:3640\n inet_wait_for_connect net/ipv4/af_inet.c:609 [inline]\n __inet_stream_connect+0x8bd/0xf30 net/ipv4/af_inet.c:703\n mptcp_sendmsg_fastopen+0x2a2/0x530 net/mptcp/protocol.c:1755\n mptcp_sendmsg+0x1884/0x1b10 net/mptcp/protocol.c:1830\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f6e86ebfe69\n Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007f6e86649168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f6e86f491b8 RCX: 00007f6e86ebfe69\n RDX: 0000000030004001 RSI: 0000000020000080 RDI: 0000000000000003\n RBP: 00007f6e86f491b0 R08: 00007f6e866496c0 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6e86f491bc\n R13: 000000000000006e R14: 00007ffe445d9420 R15: 00007ffe445d9508\n \u003c/TASK\u003e\n\nThe root cause is the bad handling of disconnect() generated internally\nby the MPTCP protocol in case of connect FASTOPEN errors.\n\nAddress the issue increasing the socket disconnect counter even on such\na case, to allow other threads waiting on the same socket lock to\nproperly error out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21705",
"url": "https://www.suse.com/security/cve/CVE-2025-21705"
},
{
"category": "external",
"summary": "SUSE Bug 1238525 for CVE-2025-21705",
"url": "https://bugzilla.suse.com/1238525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21705"
},
{
"cve": "CVE-2025-21706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21706"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only set fullmesh for subflow endp\n\nWith the in-kernel path-manager, it is possible to change the \u0027fullmesh\u0027\nflag. The code in mptcp_pm_nl_fullmesh() expects to change it only on\n\u0027subflow\u0027 endpoints, to recreate more or less subflows using the linked\naddress.\n\nUnfortunately, the set_flags() hook was a bit more permissive, and\nallowed \u0027implicit\u0027 endpoints to get the \u0027fullmesh\u0027 flag while it is not\nallowed before.\n\nThat\u0027s what syzbot found, triggering the following warning:\n\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 __mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064\n Modules linked in:\n CPU: 0 UID: 0 PID: 6499 Comm: syz.1.413 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n RIP: 0010:__mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]\n RIP: 0010:mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]\n RIP: 0010:mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]\n RIP: 0010:mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064\n Code: 01 00 00 49 89 c5 e8 fb 45 e8 f5 e9 b8 fc ff ff e8 f1 45 e8 f5 4c 89 f7 be 03 00 00 00 e8 44 1d 0b f9 eb a0 e8 dd 45 e8 f5 90 \u003c0f\u003e 0b 90 e9 17 ff ff ff 89 d9 80 e1 07 38 c1 0f 8c c9 fc ff ff 48\n RSP: 0018:ffffc9000d307240 EFLAGS: 00010293\n RAX: ffffffff8bb72e03 RBX: 0000000000000000 RCX: ffff88807da88000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000d307430 R08: ffffffff8bb72cf0 R09: 1ffff1100b842a5e\n R10: dffffc0000000000 R11: ffffed100b842a5f R12: ffff88801e2e5ac0\n R13: ffff88805c214800 R14: ffff88805c2152e8 R15: 1ffff1100b842a5d\n FS: 00005555619f6500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000020002840 CR3: 00000000247e6000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2542\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f5fe8785d29\n Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007fff571f5558 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f5fe8975fa0 RCX: 00007f5fe8785d29\n RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000007\n RBP: 00007f5fe8801b08 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 00007f5fe8975fa0 R14: 00007f5fe8975fa0 R15: 000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21706",
"url": "https://www.suse.com/security/cve/CVE-2025-21706"
},
{
"category": "external",
"summary": "SUSE Bug 1238528 for CVE-2025-21706",
"url": "https://bugzilla.suse.com/1238528"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21706"
},
{
"cve": "CVE-2025-21708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: rtl8150: enable basic endpoint checking\n\nSyzkaller reports [1] encountering a common issue of utilizing a wrong\nusb endpoint type during URB submitting stage. This, in turn, triggers\na warning shown below.\n\nFor now, enable simple endpoint checking (specifically, bulk and\ninterrupt eps, testing control one is not essential) to mitigate\nthe issue with a view to do other related cosmetic changes later,\nif they are necessary.\n\n[1] Syzkaller report:\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 1 PID: 2586 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 driv\u003e\nModules linked in:\nCPU: 1 UID: 0 PID: 2586 Comm: dhcpcd Not tainted 6.11.0-rc4-syzkaller-00069-gfc88bb11617\u003e\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\nCode: 84 3c 02 00 00 e8 05 e4 fc fc 4c 89 ef e8 fd 25 d7 fe 45 89 e0 89 e9 4c 89 f2 48 8\u003e\nRSP: 0018:ffffc9000441f740 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff888112487a00 RCX: ffffffff811a99a9\nRDX: ffff88810df6ba80 RSI: ffffffff811a99b6 RDI: 0000000000000001\nRBP: 0000000000000003 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001\nR13: ffff8881023bf0a8 R14: ffff888112452a20 R15: ffff888112487a7c\nFS: 00007fc04eea5740(0000) GS:ffff8881f6300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f0a1de9f870 CR3: 000000010dbd0000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n rtl8150_open+0x300/0xe30 drivers/net/usb/rtl8150.c:733\n __dev_open+0x2d4/0x4e0 net/core/dev.c:1474\n __dev_change_flags+0x561/0x720 net/core/dev.c:8838\n dev_change_flags+0x8f/0x160 net/core/dev.c:8910\n devinet_ioctl+0x127a/0x1f10 net/ipv4/devinet.c:1177\n inet_ioctl+0x3aa/0x3f0 net/ipv4/af_inet.c:1003\n sock_do_ioctl+0x116/0x280 net/socket.c:1222\n sock_ioctl+0x22e/0x6c0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x193/0x220 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fc04ef73d49\n...\n\nThis change has not been tested on real hardware.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21708",
"url": "https://www.suse.com/security/cve/CVE-2025-21708"
},
{
"category": "external",
"summary": "SUSE Bug 1239087 for CVE-2025-21708",
"url": "https://bugzilla.suse.com/1239087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21708"
},
{
"cve": "CVE-2025-21711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21711"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rose: prevent integer overflows in rose_setsockopt()\n\nIn case of possible unpredictably large arguments passed to\nrose_setsockopt() and multiplied by extra values on top of that,\ninteger overflows may occur.\n\nDo the safest minimum and fix these issues by checking the\ncontents of \u0027opt\u0027 and returning -EINVAL if they are too large. Also,\nswitch to unsigned int and remove useless check for negative \u0027opt\u0027\nin ROSE_IDLE case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21711",
"url": "https://www.suse.com/security/cve/CVE-2025-21711"
},
{
"category": "external",
"summary": "SUSE Bug 1239114 for CVE-2025-21711",
"url": "https://bugzilla.suse.com/1239114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21711"
},
{
"cve": "CVE-2025-21714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21714"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix implicit ODP use after free\n\nPrevent double queueing of implicit ODP mr destroy work by using\n__xa_cmpxchg() to make sure this is the only time we are destroying this\nspecific mr.\n\nWithout this change, we could try to invalidate this mr twice, which in\nturn could result in queuing a MR work destroy twice, and eventually the\nsecond work could execute after the MR was freed due to the first work,\ncausing a user after free and trace below.\n\n refcount_t: underflow; use-after-free.\n WARNING: CPU: 2 PID: 12178 at lib/refcount.c:28 refcount_warn_saturate+0x12b/0x130\n Modules linked in: bonding ib_ipoib vfio_pci ip_gre geneve nf_tables ip6_gre gre ip6_tunnel tunnel6 ipip tunnel4 ib_umad rdma_ucm mlx5_vfio_pci vfio_pci_core vfio_iommu_type1 mlx5_ib vfio ib_uverbs mlx5_core iptable_raw openvswitch nsh rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm ib_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay zram zsmalloc fuse [last unloaded: ib_uverbs]\n CPU: 2 PID: 12178 Comm: kworker/u20:5 Not tainted 6.5.0-rc1_net_next_mlx5_58c644e #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: events_unbound free_implicit_child_mr_work [mlx5_ib]\n RIP: 0010:refcount_warn_saturate+0x12b/0x130\n Code: 48 c7 c7 38 95 2a 82 c6 05 bc c6 fe 00 01 e8 0c 66 aa ff 0f 0b 5b c3 48 c7 c7 e0 94 2a 82 c6 05 a7 c6 fe 00 01 e8 f5 65 aa ff \u003c0f\u003e 0b 5b c3 90 8b 07 3d 00 00 00 c0 74 12 83 f8 01 74 13 8d 50 ff\n RSP: 0018:ffff8881008e3e40 EFLAGS: 00010286\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000027\n RDX: ffff88852c91b5c8 RSI: 0000000000000001 RDI: ffff88852c91b5c0\n RBP: ffff8881dacd4e00 R08: 00000000ffffffff R09: 0000000000000019\n R10: 000000000000072e R11: 0000000063666572 R12: ffff88812bfd9e00\n R13: ffff8881c792d200 R14: ffff88810011c005 R15: ffff8881002099c0\n FS: 0000000000000000(0000) GS:ffff88852c900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f5694b5e000 CR3: 00000001153f6003 CR4: 0000000000370ea0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0x12b/0x130\n free_implicit_child_mr_work+0x180/0x1b0 [mlx5_ib]\n process_one_work+0x1cc/0x3c0\n worker_thread+0x218/0x3c0\n kthread+0xc6/0xf0\n ret_from_fork+0x1f/0x30\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21714",
"url": "https://www.suse.com/security/cve/CVE-2025-21714"
},
{
"category": "external",
"summary": "SUSE Bug 1237890 for CVE-2025-21714",
"url": "https://bugzilla.suse.com/1237890"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21714"
},
{
"cve": "CVE-2025-21715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21715"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: davicom: fix UAF in dm9000_drv_remove\n\ndm is netdev private data and it cannot be\nused after free_netdev() call. Using dm after free_netdev()\ncan cause UAF bug. Fix it by moving free_netdev() at the end of the\nfunction.\n\nThis is similar to the issue fixed in commit\nad297cd2db89 (\"net: qcom/emac: fix UAF in emac_remove\").\n\nThis bug is detected by our static analysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21715",
"url": "https://www.suse.com/security/cve/CVE-2025-21715"
},
{
"category": "external",
"summary": "SUSE Bug 1237889 for CVE-2025-21715",
"url": "https://bugzilla.suse.com/1237889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21715"
},
{
"cve": "CVE-2025-21716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21716"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix uninit-value in vxlan_vnifilter_dump()\n\nKMSAN reported an uninit-value access in vxlan_vnifilter_dump() [1].\n\nIf the length of the netlink message payload is less than\nsizeof(struct tunnel_msg), vxlan_vnifilter_dump() accesses bytes\nbeyond the message. This can lead to uninit-value access. Fix this by\nreturning an error in such situations.\n\n[1]\nBUG: KMSAN: uninit-value in vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6786\n netlink_dump+0x93e/0x15f0 net/netlink/af_netlink.c:2317\n __netlink_dump_start+0x716/0xd60 net/netlink/af_netlink.c:2432\n netlink_dump_start include/linux/netlink.h:340 [inline]\n rtnetlink_dump_start net/core/rtnetlink.c:6815 [inline]\n rtnetlink_rcv_msg+0x1256/0x14a0 net/core/rtnetlink.c:6882\n netlink_rcv_skb+0x467/0x660 net/netlink/af_netlink.c:2542\n rtnetlink_rcv+0x35/0x40 net/core/rtnetlink.c:6944\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0xed6/0x1290 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x1092/0x1230 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4110 [inline]\n slab_alloc_node mm/slub.c:4153 [inline]\n kmem_cache_alloc_node_noprof+0x800/0xe80 mm/slub.c:4205\n kmalloc_reserve+0x13b/0x4b0 net/core/skbuff.c:587\n __alloc_skb+0x347/0x7d0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1323 [inline]\n netlink_alloc_large_skb+0xa5/0x280 net/netlink/af_netlink.c:1196\n netlink_sendmsg+0xac9/0x1230 net/netlink/af_netlink.c:1866\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 30991 Comm: syz.4.10630 Not tainted 6.12.0-10694-gc44daa7e3c73 #29\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21716",
"url": "https://www.suse.com/security/cve/CVE-2025-21716"
},
{
"category": "external",
"summary": "SUSE Bug 1237891 for CVE-2025-21716",
"url": "https://bugzilla.suse.com/1237891"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21716"
},
{
"cve": "CVE-2025-21718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: fix timer races against user threads\n\nRose timers only acquire the socket spinlock, without\nchecking if the socket is owned by one user thread.\n\nAdd a check and rearm the timers if needed.\n\nBUG: KASAN: slab-use-after-free in rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174\nRead of size 2 at addr ffff88802f09b82a by task swapper/0/0\n\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174\n call_timer_fn+0x187/0x650 kernel/time/timer.c:1793\n expire_timers kernel/time/timer.c:1844 [inline]\n __run_timers kernel/time/timer.c:2418 [inline]\n __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2430\n run_timer_base kernel/time/timer.c:2439 [inline]\n run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2449\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21718",
"url": "https://www.suse.com/security/cve/CVE-2025-21718"
},
{
"category": "external",
"summary": "SUSE Bug 1239073 for CVE-2025-21718",
"url": "https://bugzilla.suse.com/1239073"
},
{
"category": "external",
"summary": "SUSE Bug 1239074 for CVE-2025-21718",
"url": "https://bugzilla.suse.com/1239074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21718"
},
{
"cve": "CVE-2025-21719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmr: do not call mr_mfc_uses_dev() for unres entries\n\nsyzbot found that calling mr_mfc_uses_dev() for unres entries\nwould crash [1], because c-\u003emfc_un.res.minvif / c-\u003emfc_un.res.maxvif\nalias to \"struct sk_buff_head unresolved\", which contain two pointers.\n\nThis code never worked, lets remove it.\n\n[1]\nUnable to handle kernel paging request at virtual address ffff5fff2d536613\nKASAN: maybe wild-memory-access in range [0xfffefff96a9b3098-0xfffefff96a9b309f]\nModules linked in:\nCPU: 1 UID: 0 PID: 7321 Comm: syz.0.16 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline]\n pc : mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334\n lr : mr_mfc_uses_dev net/ipv4/ipmr_base.c:289 [inline]\n lr : mr_table_dump+0x694/0x8b0 net/ipv4/ipmr_base.c:334\nCall trace:\n mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline] (P)\n mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334 (P)\n mr_rtm_dumproute+0x254/0x454 net/ipv4/ipmr_base.c:382\n ipmr_rtm_dumproute+0x248/0x4b4 net/ipv4/ipmr.c:2648\n rtnl_dump_all+0x2e4/0x4e8 net/core/rtnetlink.c:4327\n rtnl_dumpit+0x98/0x1d0 net/core/rtnetlink.c:6791\n netlink_dump+0x4f0/0xbc0 net/netlink/af_netlink.c:2317\n netlink_recvmsg+0x56c/0xe64 net/netlink/af_netlink.c:1973\n sock_recvmsg_nosec net/socket.c:1033 [inline]\n sock_recvmsg net/socket.c:1055 [inline]\n sock_read_iter+0x2d8/0x40c net/socket.c:1125\n new_sync_read fs/read_write.c:484 [inline]\n vfs_read+0x740/0x970 fs/read_write.c:565\n ksys_read+0x15c/0x26c fs/read_write.c:708",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21719",
"url": "https://www.suse.com/security/cve/CVE-2025-21719"
},
{
"category": "external",
"summary": "SUSE Bug 1238860 for CVE-2025-21719",
"url": "https://bugzilla.suse.com/1238860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21719"
},
{
"cve": "CVE-2025-21723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21723"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix possible crash when setting up bsg fails\n\nIf bsg_setup_queue() fails, the bsg_queue is assigned a non-NULL value.\nConsequently, in mpi3mr_bsg_exit(), the condition \"if(!mrioc-\u003ebsg_queue)\"\nwill not be satisfied, preventing execution from entering\nbsg_remove_queue(), which could lead to the following crash:\n\nBUG: kernel NULL pointer dereference, address: 000000000000041c\nCall Trace:\n \u003cTASK\u003e\n mpi3mr_bsg_exit+0x1f/0x50 [mpi3mr]\n mpi3mr_remove+0x6f/0x340 [mpi3mr]\n pci_device_remove+0x3f/0xb0\n device_release_driver_internal+0x19d/0x220\n unbind_store+0xa4/0xb0\n kernfs_fop_write_iter+0x11f/0x200\n vfs_write+0x1fc/0x3e0\n ksys_write+0x67/0xe0\n do_syscall_64+0x38/0x80\n entry_SYSCALL_64_after_hwframe+0x78/0xe2",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21723",
"url": "https://www.suse.com/security/cve/CVE-2025-21723"
},
{
"category": "external",
"summary": "SUSE Bug 1238864 for CVE-2025-21723",
"url": "https://bugzilla.suse.com/1238864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21723"
},
{
"cve": "CVE-2025-21724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()\n\nResolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index()\nwhere shifting the constant \"1\" (of type int) by bitmap-\u003emapped.pgshift\n(an unsigned long value) could result in undefined behavior.\n\nThe constant \"1\" defaults to a 32-bit \"int\", and when \"pgshift\" exceeds\n31 (e.g., pgshift = 63) the shift operation overflows, as the result\ncannot be represented in a 32-bit type.\n\nTo resolve this, the constant is updated to \"1UL\", promoting it to an\nunsigned long type to match the operand\u0027s type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21724",
"url": "https://www.suse.com/security/cve/CVE-2025-21724"
},
{
"category": "external",
"summary": "SUSE Bug 1238863 for CVE-2025-21724",
"url": "https://bugzilla.suse.com/1238863"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21724"
},
{
"cve": "CVE-2025-21725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix oops due to unset link speed\n\nIt isn\u0027t guaranteed that NETWORK_INTERFACE_INFO::LinkSpeed will always\nbe set by the server, so the client must handle any values and then\nprevent oopses like below from happening:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 1323 Comm: cat Not tainted 6.13.0-rc7 #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41\n04/01/2014\nRIP: 0010:cifs_debug_data_proc_show+0xa45/0x1460 [cifs] Code: 00 00 48\n89 df e8 3b cd 1b c1 41 f6 44 24 2c 04 0f 84 50 01 00 00 48 89 ef e8\ne7 d0 1b c1 49 8b 44 24 18 31 d2 49 8d 7c 24 28 \u003c48\u003e f7 74 24 18 48 89\nc3 e8 6e cf 1b c1 41 8b 6c 24 28 49 8d 7c 24\nRSP: 0018:ffffc90001817be0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88811230022c RCX: ffffffffc041bd99\nRDX: 0000000000000000 RSI: 0000000000000567 RDI: ffff888112300228\nRBP: ffff888112300218 R08: fffff52000302f5f R09: ffffed1022fa58ac\nR10: ffff888117d2c566 R11: 00000000fffffffe R12: ffff888112300200\nR13: 000000012a15343f R14: 0000000000000001 R15: ffff888113f2db58\nFS: 00007fe27119e740(0000) GS:ffff888148600000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fe2633c5000 CR3: 0000000124da0000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? die+0x2e/0x50\n ? do_trap+0x159/0x1b0\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? do_error_trap+0x90/0x130\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? exc_divide_error+0x39/0x50\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? asm_exc_divide_error+0x1a/0x20\n ? cifs_debug_data_proc_show+0xa39/0x1460 [cifs]\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? seq_read_iter+0x42e/0x790\n seq_read_iter+0x19a/0x790\n proc_reg_read_iter+0xbe/0x110\n ? __pfx_proc_reg_read_iter+0x10/0x10\n vfs_read+0x469/0x570\n ? do_user_addr_fault+0x398/0x760\n ? __pfx_vfs_read+0x10/0x10\n ? find_held_lock+0x8a/0xa0\n ? __pfx_lock_release+0x10/0x10\n ksys_read+0xd3/0x170\n ? __pfx_ksys_read+0x10/0x10\n ? __rcu_read_unlock+0x50/0x270\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe271288911\nCode: 00 48 8b 15 01 25 10 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8\n20 ad 01 00 f3 0f 1e fa 80 3d b5 a7 10 00 00 74 13 31 c0 0f 05 \u003c48\u003e 3d\n00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec\nRSP: 002b:00007ffe87c079d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\nRAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007fe271288911\nRDX: 0000000000040000 RSI: 00007fe2633c6000 RDI: 0000000000000003\nRBP: 00007ffe87c07a00 R08: 0000000000000000 R09: 00007fe2713e6380\nR10: 0000000000000022 R11: 0000000000000246 R12: 0000000000040000\nR13: 00007fe2633c6000 R14: 0000000000000003 R15: 0000000000000000\n \u003c/TASK\u003e\n\nFix this by setting cifs_server_iface::speed to a sane value (1Gbps)\nby default when link speed is unset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21725",
"url": "https://www.suse.com/security/cve/CVE-2025-21725"
},
{
"category": "external",
"summary": "SUSE Bug 1238877 for CVE-2025-21725",
"url": "https://bugzilla.suse.com/1238877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21725"
},
{
"cve": "CVE-2025-21726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21726"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: avoid UAF for reorder_work\n\nAlthough the previous patch can avoid ps and ps UAF for _do_serial, it\ncan not avoid potential UAF issue for reorder_work. This issue can\nhappen just as below:\n\ncrypto_request\t\t\tcrypto_request\t\tcrypto_del_alg\npadata_do_serial\n ...\n padata_reorder\n // processes all remaining\n // requests then breaks\n while (1) {\n if (!padata)\n break;\n ...\n }\n\n\t\t\t\tpadata_do_serial\n\t\t\t\t // new request added\n\t\t\t\t list_add\n // sees the new request\n queue_work(reorder_work)\n\t\t\t\t padata_reorder\n\t\t\t\t queue_work_on(squeue-\u003ework)\n...\n\n\t\t\t\t\u003ckworker context\u003e\n\t\t\t\tpadata_serial_worker\n\t\t\t\t// completes new request,\n\t\t\t\t// no more outstanding\n\t\t\t\t// requests\n\n\t\t\t\t\t\t\tcrypto_del_alg\n\t\t\t\t\t\t\t // free pd\n\n\u003ckworker context\u003e\ninvoke_padata_reorder\n // UAF of pd\n\nTo avoid UAF for \u0027reorder_work\u0027, get \u0027pd\u0027 ref before put \u0027reorder_work\u0027\ninto the \u0027serial_wq\u0027 and put \u0027pd\u0027 ref until the \u0027serial_wq\u0027 finish.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21726",
"url": "https://www.suse.com/security/cve/CVE-2025-21726"
},
{
"category": "external",
"summary": "SUSE Bug 1238865 for CVE-2025-21726",
"url": "https://bugzilla.suse.com/1238865"
},
{
"category": "external",
"summary": "SUSE Bug 1240837 for CVE-2025-21726",
"url": "https://bugzilla.suse.com/1240837"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21726"
},
{
"cve": "CVE-2025-21727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: fix UAF in padata_reorder\n\nA bug was found when run ltp test:\n\nBUG: KASAN: slab-use-after-free in padata_find_next+0x29/0x1a0\nRead of size 4 at addr ffff88bbfe003524 by task kworker/u113:2/3039206\n\nCPU: 0 PID: 3039206 Comm: kworker/u113:2 Kdump: loaded Not tainted 6.6.0+\nWorkqueue: pdecrypt_parallel padata_parallel_worker\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl+0x32/0x50\nprint_address_description.constprop.0+0x6b/0x3d0\nprint_report+0xdd/0x2c0\nkasan_report+0xa5/0xd0\npadata_find_next+0x29/0x1a0\npadata_reorder+0x131/0x220\npadata_parallel_worker+0x3d/0xc0\nprocess_one_work+0x2ec/0x5a0\n\nIf \u0027mdelay(10)\u0027 is added before calling \u0027padata_find_next\u0027 in the\n\u0027padata_reorder\u0027 function, this issue could be reproduced easily with\nltp test (pcrypt_aead01).\n\nThis can be explained as bellow:\n\npcrypt_aead_encrypt\n...\npadata_do_parallel\nrefcount_inc(\u0026pd-\u003erefcnt); // add refcnt\n...\npadata_do_serial\npadata_reorder // pd\nwhile (1) {\npadata_find_next(pd, true); // using pd\nqueue_work_on\n...\npadata_serial_worker\t\t\t\tcrypto_del_alg\npadata_put_pd_cnt // sub refcnt\n\t\t\t\t\t\tpadata_free_shell\n\t\t\t\t\t\tpadata_put_pd(ps-\u003epd);\n\t\t\t\t\t\t// pd is freed\n// loop again, but pd is freed\n// call padata_find_next, UAF\n}\n\nIn the padata_reorder function, when it loops in \u0027while\u0027, if the alg is\ndeleted, the refcnt may be decreased to 0 before entering\n\u0027padata_find_next\u0027, which leads to UAF.\n\nAs mentioned in [1], do_serial is supposed to be called with BHs disabled\nand always happen under RCU protection, to address this issue, add\nsynchronize_rcu() in \u0027padata_free_shell\u0027 wait for all _do_serial calls\nto finish.\n\n[1] https://lore.kernel.org/all/20221028160401.cccypv4euxikusiq@parnassus.localdomain/\n[2] https://lore.kernel.org/linux-kernel/jfjz5d7zwbytztackem7ibzalm5lnxldi2eofeiczqmqs2m7o6@fq426cwnjtkm/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21727",
"url": "https://www.suse.com/security/cve/CVE-2025-21727"
},
{
"category": "external",
"summary": "SUSE Bug 1237876 for CVE-2025-21727",
"url": "https://bugzilla.suse.com/1237876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21727"
},
{
"cve": "CVE-2025-21728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Send signals asynchronously if !preemptible\n\nBPF programs can execute in all kinds of contexts and when a program\nrunning in a non-preemptible context uses the bpf_send_signal() kfunc,\nit will cause issues because this kfunc can sleep.\nChange `irqs_disabled()` to `!preemptible()`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21728",
"url": "https://www.suse.com/security/cve/CVE-2025-21728"
},
{
"category": "external",
"summary": "SUSE Bug 1237879 for CVE-2025-21728",
"url": "https://bugzilla.suse.com/1237879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21728"
},
{
"cve": "CVE-2025-21731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21731"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: don\u0027t allow reconnect after disconnect\n\nFollowing process can cause nbd_config UAF:\n\n1) grab nbd_config temporarily;\n\n2) nbd_genl_disconnect() flush all recv_work() and release the\ninitial reference:\n\n nbd_genl_disconnect\n nbd_disconnect_and_put\n nbd_disconnect\n flush_workqueue(nbd-\u003erecv_workq)\n if (test_and_clear_bit(NBD_RT_HAS_CONFIG_REF, ...))\n nbd_config_put\n -\u003e due to step 1), reference is still not zero\n\n3) nbd_genl_reconfigure() queue recv_work() again;\n\n nbd_genl_reconfigure\n config = nbd_get_config_unlocked(nbd)\n if (!config)\n -\u003e succeed\n if (!test_bit(NBD_RT_BOUND, ...))\n -\u003e succeed\n nbd_reconnect_socket\n queue_work(nbd-\u003erecv_workq, \u0026args-\u003ework)\n\n4) step 1) release the reference;\n\n5) Finially, recv_work() will trigger UAF:\n\n recv_work\n nbd_config_put(nbd)\n -\u003e nbd_config is freed\n atomic_dec(\u0026config-\u003erecv_threads)\n -\u003e UAF\n\nFix the problem by clearing NBD_RT_BOUND in nbd_genl_disconnect(), so\nthat nbd_genl_reconfigure() will fail.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21731",
"url": "https://www.suse.com/security/cve/CVE-2025-21731"
},
{
"category": "external",
"summary": "SUSE Bug 1237881 for CVE-2025-21731",
"url": "https://bugzilla.suse.com/1237881"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21731"
},
{
"cve": "CVE-2025-21732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21732"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error\n\nThis patch addresses a race condition for an ODP MR that can result in a\nCQE with an error on the UMR QP.\n\nDuring the __mlx5_ib_dereg_mr() flow, the following sequence of calls\noccurs:\n\nmlx5_revoke_mr()\n mlx5r_umr_revoke_mr()\n mlx5r_umr_post_send_wait()\n\nAt this point, the lkey is freed from the hardware\u0027s perspective.\n\nHowever, concurrently, mlx5_ib_invalidate_range() might be triggered by\nanother task attempting to invalidate a range for the same freed lkey.\n\nThis task will:\n - Acquire the umem_odp-\u003eumem_mutex lock.\n - Call mlx5r_umr_update_xlt() on the UMR QP.\n - Since the lkey has already been freed, this can lead to a CQE error,\n causing the UMR QP to enter an error state [1].\n\nTo resolve this race condition, the umem_odp-\u003eumem_mutex lock is now also\nacquired as part of the mlx5_revoke_mr() scope. Upon successful revoke,\nwe set umem_odp-\u003eprivate which points to that MR to NULL, preventing any\nfurther invalidation attempts on its lkey.\n\n[1] From dmesg:\n\n infiniband rocep8s0f0: dump_cqe:277:(pid 0): WC error: 6, Message: memory bind operation error\n cqe_dump: 00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000030: 00 00 00 00 08 00 78 06 25 00 11 b9 00 0e dd d2\n\n WARNING: CPU: 15 PID: 1506 at drivers/infiniband/hw/mlx5/umr.c:394 mlx5r_umr_post_send_wait+0x15a/0x2b0 [mlx5_ib]\n Modules linked in: ip6table_mangle ip6table_natip6table_filter ip6_tables iptable_mangle xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_umad ib_ipoib ib_cm mlx5_ib ib_uverbs ib_core fuse mlx5_core\n CPU: 15 UID: 0 PID: 1506 Comm: ibv_rc_pingpong Not tainted 6.12.0-rc7+ #1626\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:mlx5r_umr_post_send_wait+0x15a/0x2b0 [mlx5_ib]\n [..]\n Call Trace:\n \u003cTASK\u003e\n mlx5r_umr_update_xlt+0x23c/0x3e0 [mlx5_ib]\n mlx5_ib_invalidate_range+0x2e1/0x330 [mlx5_ib]\n __mmu_notifier_invalidate_range_start+0x1e1/0x240\n zap_page_range_single+0xf1/0x1a0\n madvise_vma_behavior+0x677/0x6e0\n do_madvise+0x1a2/0x4b0\n __x64_sys_madvise+0x25/0x30\n do_syscall_64+0x6b/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21732",
"url": "https://www.suse.com/security/cve/CVE-2025-21732"
},
{
"category": "external",
"summary": "SUSE Bug 1237877 for CVE-2025-21732",
"url": "https://bugzilla.suse.com/1237877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21732"
},
{
"cve": "CVE-2025-21733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Fix resetting of tracepoints\n\nIf a timerlat tracer is started with the osnoise option OSNOISE_WORKLOAD\ndisabled, but then that option is enabled and timerlat is removed, the\ntracepoints that were enabled on timerlat registration do not get\ndisabled. If the option is disabled again and timelat is started, then it\ntriggers a warning in the tracepoint code due to registering the\ntracepoint again without ever disabling it.\n\nDo not use the same user space defined options to know to disable the\ntracepoints when timerlat is removed. Instead, set a global flag when it\nis enabled and use that flag to know to disable the events.\n\n ~# echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo timerlat \u003e /sys/kernel/tracing/current_tracer\n ~# echo OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo nop \u003e /sys/kernel/tracing/current_tracer\n ~# echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo timerlat \u003e /sys/kernel/tracing/current_tracer\n\nTriggers:\n\n ------------[ cut here ]------------\n WARNING: CPU: 6 PID: 1337 at kernel/tracepoint.c:294 tracepoint_add_func+0x3b6/0x3f0\n Modules linked in:\n CPU: 6 UID: 0 PID: 1337 Comm: rtla Not tainted 6.13.0-rc4-test-00018-ga867c441128e-dirty #73\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:tracepoint_add_func+0x3b6/0x3f0\n Code: 48 8b 53 28 48 8b 73 20 4c 89 04 24 e8 23 59 11 00 4c 8b 04 24 e9 36 fe ff ff 0f 0b b8 ea ff ff ff 45 84 e4 0f 84 68 fe ff ff \u003c0f\u003e 0b e9 61 fe ff ff 48 8b 7b 18 48 85 ff 0f 84 4f ff ff ff 49 8b\n RSP: 0018:ffffb9b003a87ca0 EFLAGS: 00010202\n RAX: 00000000ffffffef RBX: ffffffff92f30860 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffff9bf59e91ccd0 RDI: ffffffff913b6410\n RBP: 000000000000000a R08: 00000000000005c7 R09: 0000000000000002\n R10: ffffb9b003a87ce0 R11: 0000000000000002 R12: 0000000000000001\n R13: ffffb9b003a87ce0 R14: ffffffffffffffef R15: 0000000000000008\n FS: 00007fce81209240(0000) GS:ffff9bf6fdd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055e99b728000 CR3: 00000001277c0002 CR4: 0000000000172ef0\n Call Trace:\n \u003cTASK\u003e\n ? __warn.cold+0xb7/0x14d\n ? tracepoint_add_func+0x3b6/0x3f0\n ? report_bug+0xea/0x170\n ? handle_bug+0x58/0x90\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n ? tracepoint_add_func+0x3b6/0x3f0\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n tracepoint_probe_register+0x78/0xb0\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n osnoise_workload_start+0x2b5/0x370\n timerlat_tracer_init+0x76/0x1b0\n tracing_set_tracer+0x244/0x400\n tracing_set_trace_write+0xa0/0xe0\n vfs_write+0xfc/0x570\n ? do_sys_openat2+0x9c/0xe0\n ksys_write+0x72/0xf0\n do_syscall_64+0x79/0x1c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21733",
"url": "https://www.suse.com/security/cve/CVE-2025-21733"
},
{
"category": "external",
"summary": "SUSE Bug 1238494 for CVE-2025-21733",
"url": "https://bugzilla.suse.com/1238494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21733"
},
{
"cve": "CVE-2025-21734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21734"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix copy buffer page size\n\nFor non-registered buffer, fastrpc driver copies the buffer and\npass it to the remote subsystem. There is a problem with current\nimplementation of page size calculation which is not considering\nthe offset in the calculation. This might lead to passing of\nimproper and out-of-bounds page size which could result in\nmemory issue. Calculate page start and page end using the offset\nadjusted address instead of absolute address.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21734",
"url": "https://www.suse.com/security/cve/CVE-2025-21734"
},
{
"category": "external",
"summary": "SUSE Bug 1238734 for CVE-2025-21734",
"url": "https://bugzilla.suse.com/1238734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21734"
},
{
"cve": "CVE-2025-21735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21735"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: Add bounds checking in nci_hci_create_pipe()\n\nThe \"pipe\" variable is a u8 which comes from the network. If it\u0027s more\nthan 127, then it results in memory corruption in the caller,\nnci_hci_connect_gate().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21735",
"url": "https://www.suse.com/security/cve/CVE-2025-21735"
},
{
"category": "external",
"summary": "SUSE Bug 1238497 for CVE-2025-21735",
"url": "https://bugzilla.suse.com/1238497"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21735"
},
{
"cve": "CVE-2025-21736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21736"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix possible int overflows in nilfs_fiemap()\n\nSince nilfs_bmap_lookup_contig() in nilfs_fiemap() calculates its result\nby being prepared to go through potentially maxblocks == INT_MAX blocks,\nthe value in n may experience an overflow caused by left shift of blkbits.\n\nWhile it is extremely unlikely to occur, play it safe and cast right hand\nexpression to wider type to mitigate the issue.\n\nFound by Linux Verification Center (linuxtesting.org) with static analysis\ntool SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21736",
"url": "https://www.suse.com/security/cve/CVE-2025-21736"
},
{
"category": "external",
"summary": "SUSE Bug 1238715 for CVE-2025-21736",
"url": "https://bugzilla.suse.com/1238715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21736"
},
{
"cve": "CVE-2025-21738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21738"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-sff: Ensure that we cannot write outside the allocated buffer\n\nreveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND ioctl with out_len\nset to 0xd42, SCSI command set to ATA_16 PASS-THROUGH, ATA command set to\nATA_NOP, and protocol set to ATA_PROT_PIO, can cause ata_pio_sector() to\nwrite outside the allocated buffer, overwriting random memory.\n\nWhile a ATA device is supposed to abort a ATA_NOP command, there does seem\nto be a bug either in libata-sff or QEMU, where either this status is not\nset, or the status is cleared before read by ata_sff_hsm_move().\nAnyway, that is most likely a separate bug.\n\nLooking at __atapi_pio_bytes(), it already has a safety check to ensure\nthat __atapi_pio_bytes() cannot write outside the allocated buffer.\n\nAdd a similar check to ata_pio_sector(), such that also ata_pio_sector()\ncannot write outside the allocated buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21738",
"url": "https://www.suse.com/security/cve/CVE-2025-21738"
},
{
"category": "external",
"summary": "SUSE Bug 1238917 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1238917"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21738"
},
{
"cve": "CVE-2025-21739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21739"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix use-after free in init error and remove paths\n\ndevm_blk_crypto_profile_init() registers a cleanup handler to run when\nthe associated (platform-) device is being released. For UFS, the\ncrypto private data and pointers are stored as part of the ufs_hba\u0027s\ndata structure \u0027struct ufs_hba::crypto_profile\u0027. This structure is\nallocated as part of the underlying ufshcd and therefore Scsi_host\nallocation.\n\nDuring driver release or during error handling in ufshcd_pltfrm_init(),\nthis structure is released as part of ufshcd_dealloc_host() before the\n(platform-) device associated with the crypto call above is released.\nOnce this device is released, the crypto cleanup code will run, using\nthe just-released \u0027struct ufs_hba::crypto_profile\u0027. This causes a\nuse-after-free situation:\n\n Call trace:\n kfree+0x60/0x2d8 (P)\n kvfree+0x44/0x60\n blk_crypto_profile_destroy_callback+0x28/0x70\n devm_action_release+0x1c/0x30\n release_nodes+0x6c/0x108\n devres_release_all+0x98/0x100\n device_unbind_cleanup+0x20/0x70\n really_probe+0x218/0x2d0\n\nIn other words, the initialisation code flow is:\n\n platform-device probe\n ufshcd_pltfrm_init()\n ufshcd_alloc_host()\n scsi_host_alloc()\n allocation of struct ufs_hba\n creation of scsi-host devices\n devm_blk_crypto_profile_init()\n devm registration of cleanup handler using platform-device\n\nand during error handling of ufshcd_pltfrm_init() or during driver\nremoval:\n\n ufshcd_dealloc_host()\n scsi_host_put()\n put_device(scsi-host)\n release of struct ufs_hba\n put_device(platform-device)\n crypto cleanup handler\n\nTo fix this use-after free, change ufshcd_alloc_host() to register a\ndevres action to automatically cleanup the underlying SCSI device on\nufshcd destruction, without requiring explicit calls to\nufshcd_dealloc_host(). This way:\n\n * the crypto profile and all other ufs_hba-owned resources are\n destroyed before SCSI (as they\u0027ve been registered after)\n * a memleak is plugged in tc-dwc-g210-pci.c remove() as a\n side-effect\n * EXPORT_SYMBOL_GPL(ufshcd_dealloc_host) can be removed fully as\n it\u0027s not needed anymore\n * no future drivers using ufshcd_alloc_host() could ever forget\n adding the cleanup",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21739",
"url": "https://www.suse.com/security/cve/CVE-2025-21739"
},
{
"category": "external",
"summary": "SUSE Bug 1238506 for CVE-2025-21739",
"url": "https://bugzilla.suse.com/1238506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21739"
},
{
"cve": "CVE-2025-21741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21741"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: fix DPE OoB read\n\nFix an out-of-bounds DPE read, limit the number of processed DPEs to\nthe amount that fits into the fixed-size NDP16 header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21741",
"url": "https://www.suse.com/security/cve/CVE-2025-21741"
},
{
"category": "external",
"summary": "SUSE Bug 1238767 for CVE-2025-21741",
"url": "https://bugzilla.suse.com/1238767"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21741"
},
{
"cve": "CVE-2025-21742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21742"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: use static NDP16 location in URB\n\nOriginal code allowed for the start of NDP16 to be anywhere within the\nURB based on the `wNdpIndex` value in NTH16. Only the start position of\nNDP16 was checked, so it was possible for even the fixed-length part\nof NDP16 to extend past the end of URB, leading to an out-of-bounds\nread.\n\nOn iOS devices, the NDP16 header always directly follows NTH16. Rely on\nand check for this specific format.\n\nThis, along with NCM-specific minimal URB length check that already\nexists, will ensure that the fixed-length part of NDP16 plus a set\namount of DPEs fit within the URB.\n\nNote that this commit alone does not fully address the OoB read.\nThe limit on the amount of DPEs needs to be enforced separately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21742",
"url": "https://www.suse.com/security/cve/CVE-2025-21742"
},
{
"category": "external",
"summary": "SUSE Bug 1238771 for CVE-2025-21742",
"url": "https://bugzilla.suse.com/1238771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21742"
},
{
"cve": "CVE-2025-21743",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21743"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: fix possible overflow in DPE length check\n\nOriginally, it was possible for the DPE length check to overflow if\nwDatagramIndex + wDatagramLength \u003e U16_MAX. This could lead to an OoB\nread.\n\nMove the wDatagramIndex term to the other side of the inequality.\n\nAn existing condition ensures that wDatagramIndex \u003c urb-\u003eactual_length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21743",
"url": "https://www.suse.com/security/cve/CVE-2025-21743"
},
{
"category": "external",
"summary": "SUSE Bug 1238781 for CVE-2025-21743",
"url": "https://bugzilla.suse.com/1238781"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21743"
},
{
"cve": "CVE-2025-21744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21744"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()\n\nOn removal of the device or unloading of the kernel module a potential NULL\npointer dereference occurs.\n\nThe following sequence deletes the interface:\n\n brcmf_detach()\n brcmf_remove_interface()\n brcmf_del_if()\n\nInside the brcmf_del_if() function the drvr-\u003eif2bss[ifidx] is updated to\nBRCMF_BSSIDX_INVALID (-1) if the bsscfgidx matches.\n\nAfter brcmf_remove_interface() call the brcmf_proto_detach() function is\ncalled providing the following sequence:\n\n brcmf_detach()\n brcmf_proto_detach()\n brcmf_proto_msgbuf_detach()\n brcmf_flowring_detach()\n brcmf_msgbuf_delete_flowring()\n brcmf_msgbuf_remove_flowring()\n brcmf_flowring_delete()\n brcmf_get_ifp()\n brcmf_txfinalize()\n\nSince brcmf_get_ip() can and actually will return NULL in this case the\ncall to brcmf_txfinalize() will result in a NULL pointer dereference inside\nbrcmf_txfinalize() when trying to update ifp-\u003endev-\u003estats.tx_errors.\n\nThis will only happen if a flowring still has an skb.\n\nAlthough the NULL pointer dereference has only been seen when trying to\nupdate the tx statistic, all other uses of the ifp pointer have been\nguarded as well with an early return if ifp is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21744",
"url": "https://www.suse.com/security/cve/CVE-2025-21744"
},
{
"category": "external",
"summary": "SUSE Bug 1238903 for CVE-2025-21744",
"url": "https://bugzilla.suse.com/1238903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21744"
},
{
"cve": "CVE-2025-21745",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21745"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage\n\nblkcg_fill_root_iostats() iterates over @block_class\u0027s devices by\nclass_dev_iter_(init|next)(), but does not end iterating with\nclass_dev_iter_exit(), so causes the class\u0027s subsystem refcount leakage.\n\nFix by ending the iterating with class_dev_iter_exit().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21745",
"url": "https://www.suse.com/security/cve/CVE-2025-21745"
},
{
"category": "external",
"summary": "SUSE Bug 1238785 for CVE-2025-21745",
"url": "https://bugzilla.suse.com/1238785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21745"
},
{
"cve": "CVE-2025-21749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21749"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: lock the socket in rose_bind()\n\nsyzbot reported a soft lockup in rose_loopback_timer(),\nwith a repro calling bind() from multiple threads.\n\nrose_bind() must lock the socket to avoid this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21749",
"url": "https://www.suse.com/security/cve/CVE-2025-21749"
},
{
"category": "external",
"summary": "SUSE Bug 1238904 for CVE-2025-21749",
"url": "https://bugzilla.suse.com/1238904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "low"
}
],
"title": "CVE-2025-21749"
},
{
"cve": "CVE-2025-21750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21750"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: Check the return value of of_property_read_string_index()\n\nSomewhen between 6.10 and 6.11 the driver started to crash on my\nMacBookPro14,3. The property doesn\u0027t exist and \u0027tmp\u0027 remains\nuninitialized, so we pass a random pointer to devm_kstrdup().\n\nThe crash I am getting looks like this:\n\nBUG: unable to handle page fault for address: 00007f033c669379\nPF: supervisor read access in kernel mode\nPF: error_code(0x0001) - permissions violation\nPGD 8000000101341067 P4D 8000000101341067 PUD 101340067 PMD 1013bb067 PTE 800000010aee9025\nOops: Oops: 0001 [#1] SMP PTI\nCPU: 4 UID: 0 PID: 827 Comm: (udev-worker) Not tainted 6.11.8-gentoo #1\nHardware name: Apple Inc. MacBookPro14,3/Mac-551B86E5744E2388, BIOS 529.140.2.0.0 06/23/2024\nRIP: 0010:strlen+0x4/0x30\nCode: f7 75 ec 31 c0 c3 cc cc cc cc 48 89 f8 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa \u003c80\u003e 3f 00 74 14 48 89 f8 48 83 c0 01 80 38 00 75 f7 48 29 f8 c3 cc\nRSP: 0018:ffffb4aac0683ad8 EFLAGS: 00010202\nRAX: 00000000ffffffea RBX: 00007f033c669379 RCX: 0000000000000001\nRDX: 0000000000000cc0 RSI: 00007f033c669379 RDI: 00007f033c669379\nRBP: 00000000ffffffea R08: 0000000000000000 R09: 00000000c0ba916a\nR10: ffffffffffffffff R11: ffffffffb61ea260 R12: ffff91f7815b50c8\nR13: 0000000000000cc0 R14: ffff91fafefffe30 R15: ffffb4aac0683b30\nFS: 00007f033ccbe8c0(0000) GS:ffff91faeed00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f033c669379 CR3: 0000000107b1e004 CR4: 00000000003706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x149/0x4c0\n ? raw_spin_rq_lock_nested+0xe/0x20\n ? sched_balance_newidle+0x22b/0x3c0\n ? update_load_avg+0x78/0x770\n ? exc_page_fault+0x6f/0x150\n ? asm_exc_page_fault+0x26/0x30\n ? __pfx_pci_conf1_write+0x10/0x10\n ? strlen+0x4/0x30\n devm_kstrdup+0x25/0x70\n brcmf_of_probe+0x273/0x350 [brcmfmac]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21750",
"url": "https://www.suse.com/security/cve/CVE-2025-21750"
},
{
"category": "external",
"summary": "SUSE Bug 1238905 for CVE-2025-21750",
"url": "https://bugzilla.suse.com/1238905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21750"
},
{
"cve": "CVE-2025-21753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21753"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free when attempting to join an aborted transaction\n\nWhen we are trying to join the current transaction and if it\u0027s aborted,\nwe read its \u0027aborted\u0027 field after unlocking fs_info-\u003etrans_lock and\nwithout holding any extra reference count on it. This means that a\nconcurrent task that is aborting the transaction may free the transaction\nbefore we read its \u0027aborted\u0027 field, leading to a use-after-free.\n\nFix this by reading the \u0027aborted\u0027 field while holding fs_info-\u003etrans_lock\nsince any freeing task must first acquire that lock and set\nfs_info-\u003erunning_transaction to NULL before freeing the transaction.\n\nThis was reported by syzbot and Dmitry with the following stack traces\nfrom KASAN:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n Read of size 4 at addr ffff888011839024 by task kworker/u4:9/1128\n\n CPU: 0 UID: 0 PID: 1128 Comm: kworker/u4:9 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Workqueue: events_unbound btrfs_async_reclaim_data_space\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n flush_space+0x448/0xcf0 fs/btrfs/space-info.c:803\n btrfs_async_reclaim_data_space+0x159/0x510 fs/btrfs/space-info.c:1321\n process_one_work kernel/workqueue.c:3236 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317\n worker_thread+0x870/0xd30 kernel/workqueue.c:3398\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\n Allocated by task 5315:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329\n kmalloc_noprof include/linux/slab.h:901 [inline]\n join_transaction+0x144/0xda0 fs/btrfs/transaction.c:308\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n btrfs_create_common+0x1b2/0x2e0 fs/btrfs/inode.c:6572\n lookup_open fs/namei.c:3649 [inline]\n open_last_lookups fs/namei.c:3748 [inline]\n path_openat+0x1c03/0x3590 fs/namei.c:3984\n do_filp_open+0x27f/0x4e0 fs/namei.c:4014\n do_sys_openat2+0x13e/0x1d0 fs/open.c:1402\n do_sys_open fs/open.c:1417 [inline]\n __do_sys_creat fs/open.c:1495 [inline]\n __se_sys_creat fs/open.c:1489 [inline]\n __x64_sys_creat+0x123/0x170 fs/open.c:1489\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 5336:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2353 [inline]\n slab_free mm/slub.c:4613 [inline]\n kfree+0x196/0x430 mm/slub.c:4761\n cleanup_transaction fs/btrfs/transaction.c:2063 [inline]\n btrfs_commit_transaction+0x2c97/0x3720 fs/btrfs/transaction.c:2598\n insert_balance_item+0x1284/0x20b0 fs/btrfs/volumes.c:3757\n btrfs_balance+0x992/\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21753",
"url": "https://www.suse.com/security/cve/CVE-2025-21753"
},
{
"category": "external",
"summary": "SUSE Bug 1237875 for CVE-2025-21753",
"url": "https://bugzilla.suse.com/1237875"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21753"
},
{
"cve": "CVE-2025-21754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21754"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix assertion failure when splitting ordered extent after transaction abort\n\nIf while we are doing a direct IO write a transaction abort happens, we\nmark all existing ordered extents with the BTRFS_ORDERED_IOERR flag (done\nat btrfs_destroy_ordered_extents()), and then after that if we enter\nbtrfs_split_ordered_extent() and the ordered extent has bytes left\n(meaning we have a bio that doesn\u0027t cover the whole ordered extent, see\ndetails at btrfs_extract_ordered_extent()), we will fail on the following\nassertion at btrfs_split_ordered_extent():\n\n ASSERT(!(flags \u0026 ~BTRFS_ORDERED_TYPE_FLAGS));\n\nbecause the BTRFS_ORDERED_IOERR flag is set and the definition of\nBTRFS_ORDERED_TYPE_FLAGS is just the union of all flags that identify the\ntype of write (regular, nocow, prealloc, compressed, direct IO, encoded).\n\nFix this by returning an error from btrfs_extract_ordered_extent() if we\nfind the BTRFS_ORDERED_IOERR flag in the ordered extent. The error will\nbe the error that resulted in the transaction abort or -EIO if no\ntransaction abort happened.\n\nThis was recently reported by syzbot with the following trace:\n\n FAULT_INJECTION: forcing a failure.\n name failslab, interval 1, probability 0, space 0, times 1\n CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.13.0-rc5-syzkaller #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n fail_dump lib/fault-inject.c:53 [inline]\n should_fail_ex+0x3b0/0x4e0 lib/fault-inject.c:154\n should_failslab+0xac/0x100 mm/failslab.c:46\n slab_pre_alloc_hook mm/slub.c:4072 [inline]\n slab_alloc_node mm/slub.c:4148 [inline]\n __do_kmalloc_node mm/slub.c:4297 [inline]\n __kmalloc_noprof+0xdd/0x4c0 mm/slub.c:4310\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n btrfs_chunk_alloc_add_chunk_item+0x244/0x1100 fs/btrfs/volumes.c:5742\n reserve_chunk_space+0x1ca/0x2c0 fs/btrfs/block-group.c:4292\n check_system_chunk fs/btrfs/block-group.c:4319 [inline]\n do_chunk_alloc fs/btrfs/block-group.c:3891 [inline]\n btrfs_chunk_alloc+0x77b/0xf80 fs/btrfs/block-group.c:4187\n find_free_extent_update_loop fs/btrfs/extent-tree.c:4166 [inline]\n find_free_extent+0x42d1/0x5810 fs/btrfs/extent-tree.c:4579\n btrfs_reserve_extent+0x422/0x810 fs/btrfs/extent-tree.c:4672\n btrfs_new_extent_direct fs/btrfs/direct-io.c:186 [inline]\n btrfs_get_blocks_direct_write+0x706/0xfa0 fs/btrfs/direct-io.c:321\n btrfs_dio_iomap_begin+0xbb7/0x1180 fs/btrfs/direct-io.c:525\n iomap_iter+0x697/0xf60 fs/iomap/iter.c:90\n __iomap_dio_rw+0xeb9/0x25b0 fs/iomap/direct-io.c:702\n btrfs_dio_write fs/btrfs/direct-io.c:775 [inline]\n btrfs_direct_write+0x610/0xa30 fs/btrfs/direct-io.c:880\n btrfs_do_write_iter+0x2a0/0x760 fs/btrfs/file.c:1397\n do_iter_readv_writev+0x600/0x880\n vfs_writev+0x376/0xba0 fs/read_write.c:1050\n do_pwritev fs/read_write.c:1146 [inline]\n __do_sys_pwritev2 fs/read_write.c:1204 [inline]\n __se_sys_pwritev2+0x196/0x2b0 fs/read_write.c:1195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f1281f85d29\n RSP: 002b:00007f12819fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148\n RAX: ffffffffffffffda RBX: 00007f1282176080 RCX: 00007f1281f85d29\n RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000005\n RBP: 00007f12819fe090 R08: 0000000000000000 R09: 0000000000000003\n R10: 0000000000007000 R11: 0000000000000246 R12: 0000000000000002\n R13: 0000000000000000 R14: 00007f1282176080 R15: 00007ffcb9e23328\n \u003c/TASK\u003e\n BTRFS error (device loop0 state A): Transaction aborted (error -12)\n BTRFS: error (device loop0 state A\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21754",
"url": "https://www.suse.com/security/cve/CVE-2025-21754"
},
{
"category": "external",
"summary": "SUSE Bug 1238496 for CVE-2025-21754",
"url": "https://bugzilla.suse.com/1238496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21754"
},
{
"cve": "CVE-2025-21756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Keep the binding until socket destruction\n\nPreserve sockets bindings; this includes both resulting from an explicit\nbind() and those implicitly bound through autobind during connect().\n\nPrevents socket unbinding during a transport reassignment, which fixes a\nuse-after-free:\n\n 1. vsock_create() (refcnt=1) calls vsock_insert_unbound() (refcnt=2)\n 2. transport-\u003erelease() calls vsock_remove_bound() without checking if\n sk was bound and moved to bound list (refcnt=1)\n 3. vsock_bind() assumes sk is in unbound list and before\n __vsock_insert_bound(vsock_bound_sockets()) calls\n __vsock_remove_bound() which does:\n list_del_init(\u0026vsk-\u003ebound_table); // nop\n sock_put(\u0026vsk-\u003esk); // refcnt=0\n\nBUG: KASAN: slab-use-after-free in __vsock_bind+0x62e/0x730\nRead of size 4 at addr ffff88816b46a74c by task a.out/2057\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n __vsock_bind+0x62e/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAllocated by task 2057:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n __vsock_create.constprop.0+0x2e/0xb60\n vsock_create+0xe4/0x420\n __sock_create+0x241/0x650\n __sys_socket+0xf2/0x1a0\n __x64_sys_socket+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2057:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n __vsock_bind+0x5e1/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 7 PID: 2057 at lib/refcount.c:25 refcount_warn_saturate+0xce/0x150\nRIP: 0010:refcount_warn_saturate+0xce/0x150\n __vsock_bind+0x66d/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 7 PID: 2057 at lib/refcount.c:28 refcount_warn_saturate+0xee/0x150\nRIP: 0010:refcount_warn_saturate+0xee/0x150\n vsock_remove_bound+0x187/0x1e0\n __vsock_release+0x383/0x4a0\n vsock_release+0x90/0x120\n __sock_release+0xa3/0x250\n sock_close+0x14/0x20\n __fput+0x359/0xa80\n task_work_run+0x107/0x1d0\n do_exit+0x847/0x2560\n do_group_exit+0xb8/0x250\n __x64_sys_exit_group+0x3a/0x50\n x64_sys_call+0xfec/0x14f0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21756",
"url": "https://www.suse.com/security/cve/CVE-2025-21756"
},
{
"category": "external",
"summary": "SUSE Bug 1238876 for CVE-2025-21756",
"url": "https://bugzilla.suse.com/1238876"
},
{
"category": "external",
"summary": "SUSE Bug 1245795 for CVE-2025-21756",
"url": "https://bugzilla.suse.com/1245795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21756"
},
{
"cve": "CVE-2025-21759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21759"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: extend RCU protection in igmp6_send()\n\nigmp6_send() can be called without RTNL or RCU being held.\n\nExtend RCU protection so that we can safely fetch the net pointer\nand avoid a potential UAF.\n\nNote that we no longer can use sock_alloc_send_skb() because\nipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.\n\nInstead use alloc_skb() and charge the net-\u003eipv6.igmp_sk\nsocket under RCU protection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21759",
"url": "https://www.suse.com/security/cve/CVE-2025-21759"
},
{
"category": "external",
"summary": "SUSE Bug 1238738 for CVE-2025-21759",
"url": "https://bugzilla.suse.com/1238738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21759"
},
{
"cve": "CVE-2025-21760",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21760"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: extend RCU protection in ndisc_send_skb()\n\nndisc_send_skb() can be called without RTNL or RCU held.\n\nAcquire rcu_read_lock() earlier, so that we can use dev_net_rcu()\nand avoid a potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21760",
"url": "https://www.suse.com/security/cve/CVE-2025-21760"
},
{
"category": "external",
"summary": "SUSE Bug 1238763 for CVE-2025-21760",
"url": "https://bugzilla.suse.com/1238763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21760"
},
{
"cve": "CVE-2025-21761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21761"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: use RCU protection in ovs_vport_cmd_fill_info()\n\novs_vport_cmd_fill_info() can be called without RTNL or RCU.\n\nUse RCU protection and dev_net_rcu() to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21761",
"url": "https://www.suse.com/security/cve/CVE-2025-21761"
},
{
"category": "external",
"summary": "SUSE Bug 1238775 for CVE-2025-21761",
"url": "https://bugzilla.suse.com/1238775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21761"
},
{
"cve": "CVE-2025-21762",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21762"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narp: use RCU protection in arp_xmit()\n\narp_xmit() can be called without RTNL or RCU protection.\n\nUse RCU protection to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21762",
"url": "https://www.suse.com/security/cve/CVE-2025-21762"
},
{
"category": "external",
"summary": "SUSE Bug 1238780 for CVE-2025-21762",
"url": "https://bugzilla.suse.com/1238780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21762"
},
{
"cve": "CVE-2025-21763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21763"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nneighbour: use RCU protection in __neigh_notify()\n\n__neigh_notify() can be called without RTNL or RCU protection.\n\nUse RCU protection to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21763",
"url": "https://www.suse.com/security/cve/CVE-2025-21763"
},
{
"category": "external",
"summary": "SUSE Bug 1237897 for CVE-2025-21763",
"url": "https://bugzilla.suse.com/1237897"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21763"
},
{
"cve": "CVE-2025-21764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21764"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: use RCU protection in ndisc_alloc_skb()\n\nndisc_alloc_skb() can be called without RTNL or RCU being held.\n\nAdd RCU protection to avoid possible UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21764",
"url": "https://www.suse.com/security/cve/CVE-2025-21764"
},
{
"category": "external",
"summary": "SUSE Bug 1237885 for CVE-2025-21764",
"url": "https://bugzilla.suse.com/1237885"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21764"
},
{
"cve": "CVE-2025-21765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21765"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: use RCU protection in ip6_default_advmss()\n\nip6_default_advmss() needs rcu protection to make\nsure the net structure it reads does not disappear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21765",
"url": "https://www.suse.com/security/cve/CVE-2025-21765"
},
{
"category": "external",
"summary": "SUSE Bug 1237906 for CVE-2025-21765",
"url": "https://bugzilla.suse.com/1237906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21765"
},
{
"cve": "CVE-2025-21766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21766"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: use RCU protection in __ip_rt_update_pmtu()\n\n__ip_rt_update_pmtu() must use RCU protection to make\nsure the net structure it reads does not disappear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21766",
"url": "https://www.suse.com/security/cve/CVE-2025-21766"
},
{
"category": "external",
"summary": "SUSE Bug 1238754 for CVE-2025-21766",
"url": "https://bugzilla.suse.com/1238754"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21766"
},
{
"cve": "CVE-2025-21767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21767"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context\n\nThe following bug report happened with a PREEMPT_RT kernel:\n\n BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog\n preempt_count: 1, expected: 0\n RCU nest depth: 0, expected: 0\n get_random_u32+0x4f/0x110\n clocksource_verify_choose_cpus+0xab/0x1a0\n clocksource_verify_percpu.part.0+0x6b/0x330\n clocksource_watchdog_kthread+0x193/0x1a0\n\nIt is due to the fact that clocksource_verify_choose_cpus() is invoked with\npreemption disabled. This function invokes get_random_u32() to obtain\nrandom numbers for choosing CPUs. The batched_entropy_32 local lock and/or\nthe base_crng.lock spinlock in driver/char/random.c will be acquired during\nthe call. In PREEMPT_RT kernel, they are both sleeping locks and so cannot\nbe acquired in atomic context.\n\nFix this problem by using migrate_disable() to allow smp_processor_id() to\nbe reliably used without introducing atomic context. preempt_disable() is\nthen called after clocksource_verify_choose_cpus() but before the\nclocksource measurement is being run to avoid introducing unexpected\nlatency.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21767",
"url": "https://www.suse.com/security/cve/CVE-2025-21767"
},
{
"category": "external",
"summary": "SUSE Bug 1238509 for CVE-2025-21767",
"url": "https://bugzilla.suse.com/1238509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21767"
},
{
"cve": "CVE-2025-21772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21772"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npartitions: mac: fix handling of bogus partition table\n\nFix several issues in partition probing:\n\n - The bailout for a bad partoffset must use put_dev_sector(), since the\n preceding read_part_sector() succeeded.\n - If the partition table claims a silly sector size like 0xfff bytes\n (which results in partition table entries straddling sector boundaries),\n bail out instead of accessing out-of-bounds memory.\n - We must not assume that the partition table contains proper NUL\n termination - use strnlen() and strncmp() instead of strlen() and\n strcmp().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21772",
"url": "https://www.suse.com/security/cve/CVE-2025-21772"
},
{
"category": "external",
"summary": "SUSE Bug 1238911 for CVE-2025-21772",
"url": "https://bugzilla.suse.com/1238911"
},
{
"category": "external",
"summary": "SUSE Bug 1238912 for CVE-2025-21772",
"url": "https://bugzilla.suse.com/1238912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21772"
},
{
"cve": "CVE-2025-21773",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21773"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: etas_es58x: fix potential NULL pointer dereference on udev-\u003eserial\n\nThe driver assumed that es58x_dev-\u003eudev-\u003eserial could never be NULL.\nWhile this is true on commercially available devices, an attacker\ncould spoof the device identity providing a NULL USB serial number.\nThat would trigger a NULL pointer dereference.\n\nAdd a check on es58x_dev-\u003eudev-\u003eserial before accessing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21773",
"url": "https://www.suse.com/security/cve/CVE-2025-21773"
},
{
"category": "external",
"summary": "SUSE Bug 1238762 for CVE-2025-21773",
"url": "https://bugzilla.suse.com/1238762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21773"
},
{
"cve": "CVE-2025-21775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21775"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: ctucanfd: handle skb allocation failure\n\nIf skb allocation fails, the pointer to struct can_frame is NULL. This\nis actually handled everywhere inside ctucan_err_interrupt() except for\nthe only place.\n\nAdd the missed NULL check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21775",
"url": "https://www.suse.com/security/cve/CVE-2025-21775"
},
{
"category": "external",
"summary": "SUSE Bug 1238501 for CVE-2025-21775",
"url": "https://bugzilla.suse.com/1238501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21775"
},
{
"cve": "CVE-2025-21776",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21776"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: hub: Ignore non-compliant devices with too many configs or interfaces\n\nRobert Morris created a test program which can cause\nusb_hub_to_struct_hub() to dereference a NULL or inappropriate\npointer:\n\nOops: general protection fault, probably for non-canonical address\n0xcccccccccccccccc: 0000 [#1] SMP DEBUG_PAGEALLOC PTI\nCPU: 7 UID: 0 PID: 117 Comm: kworker/7:1 Not tainted 6.13.0-rc3-00017-gf44d154d6e3d #14\nHardware name: FreeBSD BHYVE/BHYVE, BIOS 14.0 10/17/2021\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_hub_adjust_deviceremovable+0x78/0x110\n...\nCall Trace:\n \u003cTASK\u003e\n ? die_addr+0x31/0x80\n ? exc_general_protection+0x1b4/0x3c0\n ? asm_exc_general_protection+0x26/0x30\n ? usb_hub_adjust_deviceremovable+0x78/0x110\n hub_probe+0x7c7/0xab0\n usb_probe_interface+0x14b/0x350\n really_probe+0xd0/0x2d0\n ? __pfx___device_attach_driver+0x10/0x10\n __driver_probe_device+0x6e/0x110\n driver_probe_device+0x1a/0x90\n __device_attach_driver+0x7e/0xc0\n bus_for_each_drv+0x7f/0xd0\n __device_attach+0xaa/0x1a0\n bus_probe_device+0x8b/0xa0\n device_add+0x62e/0x810\n usb_set_configuration+0x65d/0x990\n usb_generic_driver_probe+0x4b/0x70\n usb_probe_device+0x36/0xd0\n\nThe cause of this error is that the device has two interfaces, and the\nhub driver binds to interface 1 instead of interface 0, which is where\nusb_hub_to_struct_hub() looks.\n\nWe can prevent the problem from occurring by refusing to accept hub\ndevices that violate the USB spec by having more than one\nconfiguration or interface.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21776",
"url": "https://www.suse.com/security/cve/CVE-2025-21776"
},
{
"category": "external",
"summary": "SUSE Bug 1238909 for CVE-2025-21776",
"url": "https://bugzilla.suse.com/1238909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21776"
},
{
"cve": "CVE-2025-21779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21779"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Reject Hyper-V\u0027s SEND_IPI hypercalls if local APIC isn\u0027t in-kernel\n\nAdvertise support for Hyper-V\u0027s SEND_IPI and SEND_IPI_EX hypercalls if and\nonly if the local API is emulated/virtualized by KVM, and explicitly reject\nsaid hypercalls if the local APIC is emulated in userspace, i.e. don\u0027t rely\non userspace to opt-in to KVM_CAP_HYPERV_ENFORCE_CPUID.\n\nRejecting SEND_IPI and SEND_IPI_EX fixes a NULL-pointer dereference if\nHyper-V enlightenments are exposed to the guest without an in-kernel local\nAPIC:\n\n dump_stack+0xbe/0xfd\n __kasan_report.cold+0x34/0x84\n kasan_report+0x3a/0x50\n __apic_accept_irq+0x3a/0x5c0\n kvm_hv_send_ipi.isra.0+0x34e/0x820\n kvm_hv_hypercall+0x8d9/0x9d0\n kvm_emulate_hypercall+0x506/0x7e0\n __vmx_handle_exit+0x283/0xb60\n vmx_handle_exit+0x1d/0xd0\n vcpu_enter_guest+0x16b0/0x24c0\n vcpu_run+0xc0/0x550\n kvm_arch_vcpu_ioctl_run+0x170/0x6d0\n kvm_vcpu_ioctl+0x413/0xb20\n __se_sys_ioctl+0x111/0x160\n do_syscal1_64+0x30/0x40\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nNote, checking the sending vCPU is sufficient, as the per-VM irqchip_mode\ncan\u0027t be modified after vCPUs are created, i.e. if one vCPU has an\nin-kernel local APIC, then all vCPUs have an in-kernel local APIC.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21779",
"url": "https://www.suse.com/security/cve/CVE-2025-21779"
},
{
"category": "external",
"summary": "SUSE Bug 1238768 for CVE-2025-21779",
"url": "https://bugzilla.suse.com/1238768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21779"
},
{
"cve": "CVE-2025-21780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21780"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()\n\nIt malicious user provides a small pptable through sysfs and then\na bigger pptable, it may cause buffer overflow attack in function\nsmu_sys_set_pp_table().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21780",
"url": "https://www.suse.com/security/cve/CVE-2025-21780"
},
{
"category": "external",
"summary": "SUSE Bug 1239115 for CVE-2025-21780",
"url": "https://bugzilla.suse.com/1239115"
},
{
"category": "external",
"summary": "SUSE Bug 1239116 for CVE-2025-21780",
"url": "https://bugzilla.suse.com/1239116"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21780"
},
{
"cve": "CVE-2025-21781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21781"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: fix panic during interface removal\n\nReference counting is used to ensure that\nbatadv_hardif_neigh_node and batadv_hard_iface\nare not freed before/during\nbatadv_v_elp_throughput_metric_update work is\nfinished.\n\nBut there isn\u0027t a guarantee that the hard if will\nremain associated with a soft interface up until\nthe work is finished.\n\nThis fixes a crash triggered by reboot that looks\nlike this:\n\nCall trace:\n batadv_v_mesh_free+0xd0/0x4dc [batman_adv]\n batadv_v_elp_throughput_metric_update+0x1c/0xa4\n process_one_work+0x178/0x398\n worker_thread+0x2e8/0x4d0\n kthread+0xd8/0xdc\n ret_from_fork+0x10/0x20\n\n(the batadv_v_mesh_free call is misleading,\nand does not actually happen)\n\nI was able to make the issue happen more reliably\nby changing hardif_neigh-\u003ebat_v.metric_work work\nto be delayed work. This allowed me to track down\nand confirm the fix.\n\n[sven@narfation.org: prevent entering batadv_v_elp_get_throughput without\n soft_iface]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21781",
"url": "https://www.suse.com/security/cve/CVE-2025-21781"
},
{
"category": "external",
"summary": "SUSE Bug 1238735 for CVE-2025-21781",
"url": "https://bugzilla.suse.com/1238735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21781"
},
{
"cve": "CVE-2025-21782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\norangefs: fix a oob in orangefs_debug_write\n\nI got a syzbot report: slab-out-of-bounds Read in\norangefs_debug_write... several people suggested fixes,\nI tested Al Viro\u0027s suggestion and made this patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21782",
"url": "https://www.suse.com/security/cve/CVE-2025-21782"
},
{
"category": "external",
"summary": "SUSE Bug 1239117 for CVE-2025-21782",
"url": "https://bugzilla.suse.com/1239117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21782"
},
{
"cve": "CVE-2025-21784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21784"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode()\n\nIn function psp_init_cap_microcode(), it should bail out when failed to\nload firmware, otherwise it may cause invalid memory access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21784",
"url": "https://www.suse.com/security/cve/CVE-2025-21784"
},
{
"category": "external",
"summary": "SUSE Bug 1238510 for CVE-2025-21784",
"url": "https://bugzilla.suse.com/1238510"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21784"
},
{
"cve": "CVE-2025-21785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21785"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array\n\nThe loop that detects/populates cache information already has a bounds\ncheck on the array size but does not account for cache levels with\nseparate data/instructions cache. Fix this by incrementing the index\nfor any populated leaf (instead of any populated level).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21785",
"url": "https://www.suse.com/security/cve/CVE-2025-21785"
},
{
"category": "external",
"summary": "SUSE Bug 1238747 for CVE-2025-21785",
"url": "https://bugzilla.suse.com/1238747"
},
{
"category": "external",
"summary": "SUSE Bug 1240745 for CVE-2025-21785",
"url": "https://bugzilla.suse.com/1240745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21785"
},
{
"cve": "CVE-2025-21790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21790"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: check vxlan_vnigroup_init() return value\n\nvxlan_init() must check vxlan_vnigroup_init() success\notherwise a crash happens later, spotted by syzbot.\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000002c: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000160-0x0000000000000167]\nCPU: 0 UID: 0 PID: 7313 Comm: syz-executor147 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:vxlan_vnigroup_uninit+0x89/0x500 drivers/net/vxlan/vxlan_vnifilter.c:912\nCode: 00 48 8b 44 24 08 4c 8b b0 98 41 00 00 49 8d 86 60 01 00 00 48 89 c2 48 89 44 24 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 4d 04 00 00 49 8b 86 60 01 00 00 48 ba 00 00 00\nRSP: 0018:ffffc9000cc1eea8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8672effb\nRDX: 000000000000002c RSI: ffffffff8672ecb9 RDI: ffff8880461b4f18\nRBP: ffff8880461b4ef4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000020000\nR13: ffff8880461b0d80 R14: 0000000000000000 R15: dffffc0000000000\nFS: 00007fecfa95d6c0(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fecfa95cfb8 CR3: 000000004472c000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vxlan_uninit+0x1ab/0x200 drivers/net/vxlan/vxlan_core.c:2942\n unregister_netdevice_many_notify+0x12d6/0x1f30 net/core/dev.c:11824\n unregister_netdevice_many net/core/dev.c:11866 [inline]\n unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11736\n register_netdevice+0x1829/0x1eb0 net/core/dev.c:10901\n __vxlan_dev_create+0x7c6/0xa30 drivers/net/vxlan/vxlan_core.c:3981\n vxlan_newlink+0xd1/0x130 drivers/net/vxlan/vxlan_core.c:4407\n rtnl_newlink_create net/core/rtnetlink.c:3795 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21790",
"url": "https://www.suse.com/security/cve/CVE-2025-21790"
},
{
"category": "external",
"summary": "SUSE Bug 1238753 for CVE-2025-21790",
"url": "https://bugzilla.suse.com/1238753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21790"
},
{
"cve": "CVE-2025-21791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: use RCU protection in l3mdev_l3_out()\n\nl3mdev_l3_out() can be called without RCU being held:\n\nraw_sendmsg()\n ip_push_pending_frames()\n ip_send_skb()\n ip_local_out()\n __ip_local_out()\n l3mdev_ip_out()\n\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\na potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21791",
"url": "https://www.suse.com/security/cve/CVE-2025-21791"
},
{
"category": "external",
"summary": "SUSE Bug 1238512 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "external",
"summary": "SUSE Bug 1240744 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1240744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21791"
},
{
"cve": "CVE-2025-21793",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21793"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: sn-f-ospi: Fix division by zero\n\nWhen there is no dummy cycle in the spi-nor commands, both dummy bus cycle\nbytes and width are zero. Because of the cpu\u0027s warning when divided by\nzero, the warning should be avoided. Return just zero to avoid such\ncalculations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21793",
"url": "https://www.suse.com/security/cve/CVE-2025-21793"
},
{
"category": "external",
"summary": "SUSE Bug 1238500 for CVE-2025-21793",
"url": "https://bugzilla.suse.com/1238500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21793"
},
{
"cve": "CVE-2025-21794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()\n\nSyzbot[1] has detected a stack-out-of-bounds read of the ep_addr array from\nhid-thrustmaster driver. This array is passed to usb_check_int_endpoints\nfunction from usb.c core driver, which executes a for loop that iterates\nover the elements of the passed array. Not finding a null element at the end of\nthe array, it tries to read the next, non-existent element, crashing the kernel.\n\nTo fix this, a 0 element was added at the end of the array to break the for\nloop.\n\n[1] https://syzkaller.appspot.com/bug?extid=9c9179ac46169c56c1ad",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21794",
"url": "https://www.suse.com/security/cve/CVE-2025-21794"
},
{
"category": "external",
"summary": "SUSE Bug 1238502 for CVE-2025-21794",
"url": "https://bugzilla.suse.com/1238502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21794"
},
{
"cve": "CVE-2025-21795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21795"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: fix hang in nfsd4_shutdown_callback\n\nIf nfs4_client is in courtesy state then there is no point to send\nthe callback. This causes nfsd4_shutdown_callback to hang since\ncl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP\nnotifies NFSD that the connection was dropped.\n\nThis patch modifies nfsd4_run_cb_work to skip the RPC call if\nnfs4_client is in courtesy state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21795",
"url": "https://www.suse.com/security/cve/CVE-2025-21795"
},
{
"category": "external",
"summary": "SUSE Bug 1238759 for CVE-2025-21795",
"url": "https://bugzilla.suse.com/1238759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21795"
},
{
"cve": "CVE-2025-21796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21796"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: clear acl_access/acl_default after releasing them\n\nIf getting acl_default fails, acl_access and acl_default will be released\nsimultaneously. However, acl_access will still retain a pointer pointing\nto the released posix_acl, which will trigger a WARNING in\nnfs3svc_release_getacl like this:\n\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 26 PID: 3199 at lib/refcount.c:28\nrefcount_warn_saturate+0xb5/0x170\nModules linked in:\nCPU: 26 UID: 0 PID: 3199 Comm: nfsd Not tainted\n6.12.0-rc6-00079-g04ae226af01f-dirty #8\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xb5/0x170\nCode: cc cc 0f b6 1d b3 20 a5 03 80 fb 01 0f 87 65 48 d8 00 83 e3 01 75\ne4 48 c7 c7 c0 3b 9b 85 c6 05 97 20 a5 03 01 e8 fb 3e 30 ff \u003c0f\u003e 0b eb\ncd 0f b6 1d 8a3\nRSP: 0018:ffffc90008637cd8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff83904fde\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88871ed36380\nRBP: ffff888158beeb40 R08: 0000000000000001 R09: fffff520010c6f56\nR10: ffffc90008637ab7 R11: 0000000000000001 R12: 0000000000000001\nR13: ffff888140e77400 R14: ffff888140e77408 R15: ffffffff858b42c0\nFS: 0000000000000000(0000) GS:ffff88871ed00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000562384d32158 CR3: 000000055cc6a000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0xb5/0x170\n ? __warn+0xa5/0x140\n ? refcount_warn_saturate+0xb5/0x170\n ? report_bug+0x1b1/0x1e0\n ? handle_bug+0x53/0xa0\n ? exc_invalid_op+0x17/0x40\n ? asm_exc_invalid_op+0x1a/0x20\n ? tick_nohz_tick_stopped+0x1e/0x40\n ? refcount_warn_saturate+0xb5/0x170\n ? refcount_warn_saturate+0xb5/0x170\n nfs3svc_release_getacl+0xc9/0xe0\n svc_process_common+0x5db/0xb60\n ? __pfx_svc_process_common+0x10/0x10\n ? __rcu_read_unlock+0x69/0xa0\n ? __pfx_nfsd_dispatch+0x10/0x10\n ? svc_xprt_received+0xa1/0x120\n ? xdr_init_decode+0x11d/0x190\n svc_process+0x2a7/0x330\n svc_handle_xprt+0x69d/0x940\n svc_recv+0x180/0x2d0\n nfsd+0x168/0x200\n ? __pfx_nfsd+0x10/0x10\n kthread+0x1a2/0x1e0\n ? kthread+0xf4/0x1e0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\nKernel panic - not syncing: kernel: panic_on_warn set ...\n\nClear acl_access/acl_default after posix_acl_release is called to prevent\nUAF from being triggered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21796",
"url": "https://www.suse.com/security/cve/CVE-2025-21796"
},
{
"category": "external",
"summary": "SUSE Bug 1238716 for CVE-2025-21796",
"url": "https://bugzilla.suse.com/1238716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21796"
},
{
"cve": "CVE-2025-21799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21799"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()\n\nWhen getting the IRQ we use k3_udma_glue_tx_get_irq() which returns\nnegative error value on error. So not NULL check is not sufficient\nto deteremine if IRQ is valid. Check that IRQ is greater then zero\nto ensure it is valid.\n\nThere is no issue at probe time but at runtime user can invoke\n.set_channels which results in the following call chain.\nam65_cpsw_set_channels()\n am65_cpsw_nuss_update_tx_rx_chns()\n am65_cpsw_nuss_remove_tx_chns()\n am65_cpsw_nuss_init_tx_chns()\n\nAt this point if am65_cpsw_nuss_init_tx_chns() fails due to\nk3_udma_glue_tx_get_irq() then tx_chn-\u003eirq will be set to a\nnegative value.\n\nThen, at subsequent .set_channels with higher channel count we\nwill attempt to free an invalid IRQ in am65_cpsw_nuss_remove_tx_chns()\nleading to a kernel warning.\n\nThe issue is present in the original commit that introduced this driver,\nalthough there, am65_cpsw_nuss_update_tx_rx_chns() existed as\nam65_cpsw_nuss_update_tx_chns().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21799",
"url": "https://www.suse.com/security/cve/CVE-2025-21799"
},
{
"category": "external",
"summary": "SUSE Bug 1238739 for CVE-2025-21799",
"url": "https://bugzilla.suse.com/1238739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21799"
},
{
"cve": "CVE-2025-21802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21802"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix oops when unload drivers paralleling\n\nWhen unload hclge driver, it tries to disable sriov first for each\nae_dev node from hnae3_ae_dev_list. If user unloads hns3 driver at\nthe time, because it removes all the ae_dev nodes, and it may cause\noops.\n\nBut we can\u0027t simply use hnae3_common_lock for this. Because in the\nprocess flow of pci_disable_sriov(), it will trigger the remove flow\nof VF, which will also take hnae3_common_lock.\n\nTo fixes it, introduce a new mutex to protect the unload process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21802",
"url": "https://www.suse.com/security/cve/CVE-2025-21802"
},
{
"category": "external",
"summary": "SUSE Bug 1238751 for CVE-2025-21802",
"url": "https://bugzilla.suse.com/1238751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21802"
},
{
"cve": "CVE-2025-21804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21804"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()\n\nThe rcar_pcie_parse_outbound_ranges() uses the devm_request_mem_region()\nmacro to request a needed resource. A string variable that lives on the\nstack is then used to store a dynamically computed resource name, which\nis then passed on as one of the macro arguments. This can lead to\nundefined behavior.\n\nDepending on the current contents of the memory, the manifestations of\nerrors may vary. One possible output may be as follows:\n\n $ cat /proc/iomem\n 30000000-37ffffff :\n 38000000-3fffffff :\n\nSometimes, garbage may appear after the colon.\n\nIn very rare cases, if no NULL-terminator is found in memory, the system\nmight crash because the string iterator will overrun which can lead to\naccess of unmapped memory above the stack.\n\nThus, fix this by replacing outbound_name with the name of the previously\nrequested resource. With the changes applied, the output will be as\nfollows:\n\n $ cat /proc/iomem\n 30000000-37ffffff : memory2\n 38000000-3fffffff : memory3\n\n[kwilczynski: commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21804",
"url": "https://www.suse.com/security/cve/CVE-2025-21804"
},
{
"category": "external",
"summary": "SUSE Bug 1238736 for CVE-2025-21804",
"url": "https://bugzilla.suse.com/1238736"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21804"
},
{
"cve": "CVE-2025-21810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: class: Fix wild pointer dereferences in API class_dev_iter_next()\n\nThere are a potential wild pointer dereferences issue regarding APIs\nclass_dev_iter_(init|next|exit)(), as explained by below typical usage:\n\n// All members of @iter are wild pointers.\nstruct class_dev_iter iter;\n\n// class_dev_iter_init(@iter, @class, ...) checks parameter @class for\n// potential class_to_subsys() error, and it returns void type and does\n// not initialize its output parameter @iter, so caller can not detect\n// the error and continues to invoke class_dev_iter_next(@iter) even if\n// @iter still contains wild pointers.\nclass_dev_iter_init(\u0026iter, ...);\n\n// Dereference these wild pointers in @iter here once suffer the error.\nwhile (dev = class_dev_iter_next(\u0026iter)) { ... };\n\n// Also dereference these wild pointers here.\nclass_dev_iter_exit(\u0026iter);\n\nActually, all callers of these APIs have such usage pattern in kernel tree.\nFix by:\n- Initialize output parameter @iter by memset() in class_dev_iter_init()\n and give callers prompt by pr_crit() for the error.\n- Check if @iter is valid in class_dev_iter_next().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21810",
"url": "https://www.suse.com/security/cve/CVE-2025-21810"
},
{
"category": "external",
"summary": "SUSE Bug 1238757 for CVE-2025-21810",
"url": "https://bugzilla.suse.com/1238757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21810"
},
{
"cve": "CVE-2025-21815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21815"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/compaction: fix UBSAN shift-out-of-bounds warning\n\nsyzkaller reported a UBSAN shift-out-of-bounds warning of (1UL \u003c\u003c order)\nin isolate_freepages_block(). The bogus compound_order can be any value\nbecause it is union with flags. Add back the MAX_PAGE_ORDER check to fix\nthe warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21815",
"url": "https://www.suse.com/security/cve/CVE-2025-21815"
},
{
"category": "external",
"summary": "SUSE Bug 1238474 for CVE-2025-21815",
"url": "https://bugzilla.suse.com/1238474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21815"
},
{
"cve": "CVE-2025-21819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21819"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/amd/display: Use HW lock mgr for PSR1\"\n\nThis reverts commit\na2b5a9956269 (\"drm/amd/display: Use HW lock mgr for PSR1\")\n\nBecause it may cause system hang while connect with two edp panel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21819",
"url": "https://www.suse.com/security/cve/CVE-2025-21819"
},
{
"category": "external",
"summary": "SUSE Bug 1238994 for CVE-2025-21819",
"url": "https://bugzilla.suse.com/1238994"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21819"
},
{
"cve": "CVE-2025-21820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21820"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: xilinx_uartps: split sysrq handling\n\nlockdep detects the following circular locking dependency:\n\nCPU 0 CPU 1\n========================== ============================\ncdns_uart_isr() printk()\n uart_port_lock(port) console_lock()\n\t\t\t cdns_uart_console_write()\n if (!port-\u003esysrq)\n uart_port_lock(port)\n uart_handle_break()\n port-\u003esysrq = ...\n uart_handle_sysrq_char()\n printk()\n console_lock()\n\nThe fixed commit attempts to avoid this situation by only taking the\nport lock in cdns_uart_console_write if port-\u003esysrq unset. However, if\n(as shown above) cdns_uart_console_write runs before port-\u003esysrq is set,\nthen it will try to take the port lock anyway. This may result in a\ndeadlock.\n\nFix this by splitting sysrq handling into two parts. We use the prepare\nhelper under the port lock and defer handling until we release the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21820",
"url": "https://www.suse.com/security/cve/CVE-2025-21820"
},
{
"category": "external",
"summary": "SUSE Bug 1238479 for CVE-2025-21820",
"url": "https://bugzilla.suse.com/1238479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21820"
},
{
"cve": "CVE-2025-21821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21821"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omap: use threaded IRQ for LCD DMA\n\nWhen using touchscreen and framebuffer, Nokia 770 crashes easily with:\n\n BUG: scheduling while atomic: irq/144-ads7846/82/0x00010000\n Modules linked in: usb_f_ecm g_ether usb_f_rndis u_ether libcomposite configfs omap_udc ohci_omap ohci_hcd\n CPU: 0 UID: 0 PID: 82 Comm: irq/144-ads7846 Not tainted 6.12.7-770 #2\n Hardware name: Nokia 770\n Call trace:\n unwind_backtrace from show_stack+0x10/0x14\n show_stack from dump_stack_lvl+0x54/0x5c\n dump_stack_lvl from __schedule_bug+0x50/0x70\n __schedule_bug from __schedule+0x4d4/0x5bc\n __schedule from schedule+0x34/0xa0\n schedule from schedule_preempt_disabled+0xc/0x10\n schedule_preempt_disabled from __mutex_lock.constprop.0+0x218/0x3b4\n __mutex_lock.constprop.0 from clk_prepare_lock+0x38/0xe4\n clk_prepare_lock from clk_set_rate+0x18/0x154\n clk_set_rate from sossi_read_data+0x4c/0x168\n sossi_read_data from hwa742_read_reg+0x5c/0x8c\n hwa742_read_reg from send_frame_handler+0xfc/0x300\n send_frame_handler from process_pending_requests+0x74/0xd0\n process_pending_requests from lcd_dma_irq_handler+0x50/0x74\n lcd_dma_irq_handler from __handle_irq_event_percpu+0x44/0x130\n __handle_irq_event_percpu from handle_irq_event+0x28/0x68\n handle_irq_event from handle_level_irq+0x9c/0x170\n handle_level_irq from generic_handle_domain_irq+0x2c/0x3c\n generic_handle_domain_irq from omap1_handle_irq+0x40/0x8c\n omap1_handle_irq from generic_handle_arch_irq+0x28/0x3c\n generic_handle_arch_irq from call_with_stack+0x1c/0x24\n call_with_stack from __irq_svc+0x94/0xa8\n Exception stack(0xc5255da0 to 0xc5255de8)\n 5da0: 00000001 c22fc620 00000000 00000000 c08384a8 c106fc00 00000000 c240c248\n 5dc0: c113a600 c3f6ec30 00000001 00000000 c22fc620 c5255df0 c22fc620 c0279a94\n 5de0: 60000013 ffffffff\n __irq_svc from clk_prepare_lock+0x4c/0xe4\n clk_prepare_lock from clk_get_rate+0x10/0x74\n clk_get_rate from uwire_setup_transfer+0x40/0x180\n uwire_setup_transfer from spi_bitbang_transfer_one+0x2c/0x9c\n spi_bitbang_transfer_one from spi_transfer_one_message+0x2d0/0x664\n spi_transfer_one_message from __spi_pump_transfer_message+0x29c/0x498\n __spi_pump_transfer_message from __spi_sync+0x1f8/0x2e8\n __spi_sync from spi_sync+0x24/0x40\n spi_sync from ads7846_halfd_read_state+0x5c/0x1c0\n ads7846_halfd_read_state from ads7846_irq+0x58/0x348\n ads7846_irq from irq_thread_fn+0x1c/0x78\n irq_thread_fn from irq_thread+0x120/0x228\n irq_thread from kthread+0xc8/0xe8\n kthread from ret_from_fork+0x14/0x28\n\nAs a quick fix, switch to a threaded IRQ which provides a stable system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21821",
"url": "https://www.suse.com/security/cve/CVE-2025-21821"
},
{
"category": "external",
"summary": "SUSE Bug 1239174 for CVE-2025-21821",
"url": "https://bugzilla.suse.com/1239174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21821"
},
{
"cve": "CVE-2025-21823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21823"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: Drop unmanaged ELP metric worker\n\nThe ELP worker needs to calculate new metric values for all neighbors\n\"reachable\" over an interface. Some of the used metric sources require\nlocks which might need to sleep. This sleep is incompatible with the RCU\nlist iterator used for the recorded neighbors. The initial approach to work\naround of this problem was to queue another work item per neighbor and then\nrun this in a new context.\n\nEven when this solved the RCU vs might_sleep() conflict, it has a major\nproblems: Nothing was stopping the work item in case it is not needed\nanymore - for example because one of the related interfaces was removed or\nthe batman-adv module was unloaded - resulting in potential invalid memory\naccesses.\n\nDirectly canceling the metric worker also has various problems:\n\n* cancel_work_sync for a to-be-deactivated interface is called with\n rtnl_lock held. But the code in the ELP metric worker also tries to use\n rtnl_lock() - which will never return in this case. This also means that\n cancel_work_sync would never return because it is waiting for the worker\n to finish.\n* iterating over the neighbor list for the to-be-deactivated interface is\n currently done using the RCU specific methods. Which means that it is\n possible to miss items when iterating over it without the associated\n spinlock - a behaviour which is acceptable for a periodic metric check\n but not for a cleanup routine (which must \"stop\" all still running\n workers)\n\nThe better approch is to get rid of the per interface neighbor metric\nworker and handle everything in the interface worker. The original problems\nare solved by:\n\n* creating a list of neighbors which require new metric information inside\n the RCU protected context, gathering the metric according to the new list\n outside the RCU protected context\n* only use rcu_trylock inside metric gathering code to avoid a deadlock\n when the cancel_delayed_work_sync is called in the interface removal code\n (which is called with the rtnl_lock held)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21823",
"url": "https://www.suse.com/security/cve/CVE-2025-21823"
},
{
"category": "external",
"summary": "SUSE Bug 1238475 for CVE-2025-21823",
"url": "https://bugzilla.suse.com/1238475"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21823"
},
{
"cve": "CVE-2025-21825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21825"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Cancel the running bpf_timer through kworker for PREEMPT_RT\n\nDuring the update procedure, when overwrite element in a pre-allocated\nhtab, the freeing of old_element is protected by the bucket lock. The\nreason why the bucket lock is necessary is that the old_element has\nalready been stashed in htab-\u003eextra_elems after alloc_htab_elem()\nreturns. If freeing the old_element after the bucket lock is unlocked,\nthe stashed element may be reused by concurrent update procedure and the\nfreeing of old_element will run concurrently with the reuse of the\nold_element. However, the invocation of check_and_free_fields() may\nacquire a spin-lock which violates the lockdep rule because its caller\nhas already held a raw-spin-lock (bucket lock). The following warning\nwill be reported when such race happens:\n\n BUG: scheduling while atomic: test_progs/676/0x00000003\n 3 locks held by test_progs/676:\n #0: ffffffff864b0240 (rcu_read_lock_trace){....}-{0:0}, at: bpf_prog_test_run_syscall+0x2c0/0x830\n #1: ffff88810e961188 (\u0026htab-\u003elockdep_key){....}-{2:2}, at: htab_map_update_elem+0x306/0x1500\n #2: ffff8881f4eac1b8 (\u0026base-\u003esoftirq_expiry_lock){....}-{2:2}, at: hrtimer_cancel_wait_running+0xe9/0x1b0\n Modules linked in: bpf_testmod(O)\n Preemption disabled at:\n [\u003cffffffff817837a3\u003e] htab_map_update_elem+0x293/0x1500\n CPU: 0 UID: 0 PID: 676 Comm: test_progs Tainted: G ... 6.12.0+ #11\n Tainted: [W]=WARN, [O]=OOT_MODULE\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)...\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x57/0x70\n dump_stack+0x10/0x20\n __schedule_bug+0x120/0x170\n __schedule+0x300c/0x4800\n schedule_rtlock+0x37/0x60\n rtlock_slowlock_locked+0x6d9/0x54c0\n rt_spin_lock+0x168/0x230\n hrtimer_cancel_wait_running+0xe9/0x1b0\n hrtimer_cancel+0x24/0x30\n bpf_timer_delete_work+0x1d/0x40\n bpf_timer_cancel_and_free+0x5e/0x80\n bpf_obj_free_fields+0x262/0x4a0\n check_and_free_fields+0x1d0/0x280\n htab_map_update_elem+0x7fc/0x1500\n bpf_prog_9f90bc20768e0cb9_overwrite_cb+0x3f/0x43\n bpf_prog_ea601c4649694dbd_overwrite_timer+0x5d/0x7e\n bpf_prog_test_run_syscall+0x322/0x830\n __sys_bpf+0x135d/0x3ca0\n __x64_sys_bpf+0x75/0xb0\n x64_sys_call+0x1b5/0xa10\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n ...\n \u003c/TASK\u003e\n\nIt seems feasible to break the reuse and refill of per-cpu extra_elems\ninto two independent parts: reuse the per-cpu extra_elems with bucket\nlock being held and refill the old_element as per-cpu extra_elems after\nthe bucket lock is unlocked. However, it will make the concurrent\noverwrite procedures on the same CPU return unexpected -E2BIG error when\nthe map is full.\n\nTherefore, the patch fixes the lock problem by breaking the cancelling\nof bpf_timer into two steps for PREEMPT_RT:\n1) use hrtimer_try_to_cancel() and check its return value\n2) if the timer is running, use hrtimer_cancel() through a kworker to\n cancel it again\nConsidering that the current implementation of hrtimer_cancel() will try\nto acquire a being held softirq_expiry_lock when the current timer is\nrunning, these steps above are reasonable. However, it also has\ndownside. When the timer is running, the cancelling of the timer is\ndelayed when releasing the last map uref. The delay is also fixable\n(e.g., break the cancelling of bpf timer into two parts: one part in\nlocked scope, another one in unlocked scope), it can be revised later if\nnecessary.\n\nIt is a bit hard to decide the right fix tag. One reason is that the\nproblem depends on PREEMPT_RT which is enabled in v6.12. Considering the\nsoftirq_expiry_lock lock exists since v5.4 and bpf_timer is introduced\nin v5.15, the bpf_timer commit is used in the fixes tag and an extra\ndepends-on tag is added to state the dependency on PREEMPT_RT.\n\nDepends-on: v6.12+ with PREEMPT_RT enabled",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21825",
"url": "https://www.suse.com/security/cve/CVE-2025-21825"
},
{
"category": "external",
"summary": "SUSE Bug 1238971 for CVE-2025-21825",
"url": "https://bugzilla.suse.com/1238971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21825"
},
{
"cve": "CVE-2025-21828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21828"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: don\u0027t flush non-uploaded STAs\n\nIf STA state is pre-moved to AUTHORIZED (such as in IBSS\nscenarios) and insertion fails, the station is freed.\nIn this case, the driver never knew about the station,\nso trying to flush it is unexpected and may crash.\n\nCheck if the sta was uploaded to the driver before and\nfix this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21828",
"url": "https://www.suse.com/security/cve/CVE-2025-21828"
},
{
"category": "external",
"summary": "SUSE Bug 1238958 for CVE-2025-21828",
"url": "https://bugzilla.suse.com/1238958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21828"
},
{
"cve": "CVE-2025-21829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21829"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix the warning \"__rxe_cleanup+0x12c/0x170 [rdma_rxe]\"\n\nThe Call Trace is as below:\n\"\n \u003cTASK\u003e\n ? show_regs.cold+0x1a/0x1f\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? __warn+0x84/0xd0\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? report_bug+0x105/0x180\n ? handle_bug+0x46/0x80\n ? exc_invalid_op+0x19/0x70\n ? asm_exc_invalid_op+0x1b/0x20\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? __rxe_cleanup+0x124/0x170 [rdma_rxe]\n rxe_destroy_qp.cold+0x24/0x29 [rdma_rxe]\n ib_destroy_qp_user+0x118/0x190 [ib_core]\n rdma_destroy_qp.cold+0x43/0x5e [rdma_cm]\n rtrs_cq_qp_destroy.cold+0x1d/0x2b [rtrs_core]\n rtrs_srv_close_work.cold+0x1b/0x31 [rtrs_server]\n process_one_work+0x21d/0x3f0\n worker_thread+0x4a/0x3c0\n ? process_one_work+0x3f0/0x3f0\n kthread+0xf0/0x120\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n \u003c/TASK\u003e\n\"\nWhen too many rdma resources are allocated, rxe needs more time to\nhandle these rdma resources. Sometimes with the current timeout, rxe\ncan not release the rdma resources correctly.\n\nCompared with other rdma drivers, a bigger timeout is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21829",
"url": "https://www.suse.com/security/cve/CVE-2025-21829"
},
{
"category": "external",
"summary": "SUSE Bug 1239030 for CVE-2025-21829",
"url": "https://bugzilla.suse.com/1239030"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21829"
},
{
"cve": "CVE-2025-21830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21830"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Handle weird files\n\nA corrupted filesystem (e.g. bcachefs) might return weird files.\nInstead of throwing a warning and allowing access to such file, treat\nthem as regular files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21830",
"url": "https://www.suse.com/security/cve/CVE-2025-21830"
},
{
"category": "external",
"summary": "SUSE Bug 1239033 for CVE-2025-21830",
"url": "https://bugzilla.suse.com/1239033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21830"
},
{
"cve": "CVE-2025-21831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1\n\ncommit 9d26d3a8f1b0 (\"PCI: Put PCIe ports into D3 during suspend\") sets the\npolicy that all PCIe ports are allowed to use D3. When the system is\nsuspended if the port is not power manageable by the platform and won\u0027t be\nused for wakeup via a PME this sets up the policy for these ports to go\ninto D3hot.\n\nThis policy generally makes sense from an OSPM perspective but it leads to\nproblems with wakeup from suspend on the TUXEDO Sirius 16 Gen 1 with a\nspecific old BIOS. This manifests as a system hang.\n\nOn the affected Device + BIOS combination, add a quirk for the root port of\nthe problematic controller to ensure that these root ports are not put into\nD3hot at suspend.\n\nThis patch is based on\n\n https://lore.kernel.org/linux-pci/20230708214457.1229-2-mario.limonciello@amd.com\n\nbut with the added condition both in the documentation and in the code to\napply only to the TUXEDO Sirius 16 Gen 1 with a specific old BIOS and only\nthe affected root ports.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21831",
"url": "https://www.suse.com/security/cve/CVE-2025-21831"
},
{
"category": "external",
"summary": "SUSE Bug 1239039 for CVE-2025-21831",
"url": "https://bugzilla.suse.com/1239039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21831"
},
{
"cve": "CVE-2025-21832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21832"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: don\u0027t revert iter for -EIOCBQUEUED\n\nblkdev_read_iter() has a few odd checks, like gating the position and\ncount adjustment on whether or not the result is bigger-than-or-equal to\nzero (where bigger than makes more sense), and not checking the return\nvalue of blkdev_direct_IO() before doing an iov_iter_revert(). The\nlatter can lead to attempting to revert with a negative value, which\nwhen passed to iov_iter_revert() as an unsigned value will lead to\nthrowing a WARN_ON() because unroll is bigger than MAX_RW_COUNT.\n\nBe sane and don\u0027t revert for -EIOCBQUEUED, like what is done in other\nspots.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21832",
"url": "https://www.suse.com/security/cve/CVE-2025-21832"
},
{
"category": "external",
"summary": "SUSE Bug 1239105 for CVE-2025-21832",
"url": "https://bugzilla.suse.com/1239105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21832"
},
{
"cve": "CVE-2025-21835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21835"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_midi: fix MIDI Streaming descriptor lengths\n\nWhile the MIDI jacks are configured correctly, and the MIDIStreaming\nendpoint descriptors are filled with the correct information,\nbNumEmbMIDIJack and bLength are set incorrectly in these descriptors.\n\nThis does not matter when the numbers of in and out ports are equal, but\nwhen they differ the host will receive broken descriptors with\nuninitialized stack memory leaking into the descriptor for whichever\nvalue is smaller.\n\nThe precise meaning of \"in\" and \"out\" in the port counts is not clearly\ndefined and can be confusing. But elsewhere the driver consistently\nuses this to match the USB meaning of IN and OUT viewed from the host,\nso that \"in\" ports send data to the host and \"out\" ports receive data\nfrom it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21835",
"url": "https://www.suse.com/security/cve/CVE-2025-21835"
},
{
"category": "external",
"summary": "SUSE Bug 1239068 for CVE-2025-21835",
"url": "https://bugzilla.suse.com/1239068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21835"
},
{
"cve": "CVE-2025-21838",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21838"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: flush gadget workqueue after device removal\n\ndevice_del() can lead to new work being scheduled in gadget-\u003ework\nworkqueue. This is observed, for example, with the dwc3 driver with the\nfollowing call stack:\n device_del()\n gadget_unbind_driver()\n usb_gadget_disconnect_locked()\n dwc3_gadget_pullup()\n\t dwc3_gadget_soft_disconnect()\n\t usb_gadget_set_state()\n\t schedule_work(\u0026gadget-\u003ework)\n\nMove flush_work() after device_del() to ensure the workqueue is cleaned\nup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21838",
"url": "https://www.suse.com/security/cve/CVE-2025-21838"
},
{
"category": "external",
"summary": "SUSE Bug 1239065 for CVE-2025-21838",
"url": "https://bugzilla.suse.com/1239065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21838"
},
{
"cve": "CVE-2025-21844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21844"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Add check for next_buffer in receive_encrypted_standard()\n\nAdd check for the return value of cifs_buf_get() and cifs_small_buf_get()\nin receive_encrypted_standard() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21844",
"url": "https://www.suse.com/security/cve/CVE-2025-21844"
},
{
"category": "external",
"summary": "SUSE Bug 1239512 for CVE-2025-21844",
"url": "https://bugzilla.suse.com/1239512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21844"
},
{
"cve": "CVE-2025-21846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21846"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nacct: perform last write from workqueue\n\nIn [1] it was reported that the acct(2) system call can be used to\ntrigger NULL deref in cases where it is set to write to a file that\ntriggers an internal lookup. This can e.g., happen when pointing acc(2)\nto /sys/power/resume. At the point the where the write to this file\nhappens the calling task has already exited and called exit_fs(). A\nlookup will thus trigger a NULL-deref when accessing current-\u003efs.\n\nReorganize the code so that the the final write happens from the\nworkqueue but with the caller\u0027s credentials. This preserves the\n(strange) permission model and has almost no regression risk.\n\nThis api should stop to exist though.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21846",
"url": "https://www.suse.com/security/cve/CVE-2025-21846"
},
{
"category": "external",
"summary": "SUSE Bug 1239508 for CVE-2025-21846",
"url": "https://bugzilla.suse.com/1239508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21846"
},
{
"cve": "CVE-2025-21847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21847"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()\n\nThe nullity of sps-\u003ecstream should be checked similarly as it is done in\nsof_set_stream_data_offset() function.\nAssuming that it is not NULL if sps-\u003estream is NULL is incorrect and can\nlead to NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21847",
"url": "https://www.suse.com/security/cve/CVE-2025-21847"
},
{
"category": "external",
"summary": "SUSE Bug 1239471 for CVE-2025-21847",
"url": "https://bugzilla.suse.com/1239471"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21847"
},
{
"cve": "CVE-2025-21848",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21848"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfp: bpf: Add check for nfp_app_ctrl_msg_alloc()\n\nAdd check for the return value of nfp_app_ctrl_msg_alloc() in\nnfp_bpf_cmsg_alloc() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21848",
"url": "https://www.suse.com/security/cve/CVE-2025-21848"
},
{
"category": "external",
"summary": "SUSE Bug 1239479 for CVE-2025-21848",
"url": "https://bugzilla.suse.com/1239479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21848"
},
{
"cve": "CVE-2025-21850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21850"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: Fix crash when a namespace is disabled\n\nThe namespace percpu counter protects pending I/O, and we can\nonly safely diable the namespace once the counter drop to zero.\nOtherwise we end up with a crash when running blktests/nvme/058\n(eg for loop transport):\n\n[ 2352.930426] [ T53909] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN PTI\n[ 2352.930431] [ T53909] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]\n[ 2352.930434] [ T53909] CPU: 3 UID: 0 PID: 53909 Comm: kworker/u16:5 Tainted: G W 6.13.0-rc6 #232\n[ 2352.930438] [ T53909] Tainted: [W]=WARN\n[ 2352.930440] [ T53909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n[ 2352.930443] [ T53909] Workqueue: nvmet-wq nvme_loop_execute_work [nvme_loop]\n[ 2352.930449] [ T53909] RIP: 0010:blkcg_set_ioprio+0x44/0x180\n\nas the queue is already torn down when calling submit_bio();\n\nSo we need to init the percpu counter in nvmet_ns_enable(), and\nwait for it to drop to zero in nvmet_ns_disable() to avoid having\nI/O pending after the namespace has been disabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21850",
"url": "https://www.suse.com/security/cve/CVE-2025-21850"
},
{
"category": "external",
"summary": "SUSE Bug 1239477 for CVE-2025-21850",
"url": "https://bugzilla.suse.com/1239477"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21850"
},
{
"cve": "CVE-2025-21855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21855"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Don\u0027t reference skb after sending to VIOS\n\nPreviously, after successfully flushing the xmit buffer to VIOS,\nthe tx_bytes stat was incremented by the length of the skb.\n\nIt is invalid to access the skb memory after sending the buffer to\nthe VIOS because, at any point after sending, the VIOS can trigger\nan interrupt to free this memory. A race between reading skb-\u003elen\nand freeing the skb is possible (especially during LPM) and will\nresult in use-after-free:\n ==================================================================\n BUG: KASAN: slab-use-after-free in ibmvnic_xmit+0x75c/0x1808 [ibmvnic]\n Read of size 4 at addr c00000024eb48a70 by task hxecom/14495\n \u003c...\u003e\n Call Trace:\n [c000000118f66cf0] [c0000000018cba6c] dump_stack_lvl+0x84/0xe8 (unreliable)\n [c000000118f66d20] [c0000000006f0080] print_report+0x1a8/0x7f0\n [c000000118f66df0] [c0000000006f08f0] kasan_report+0x128/0x1f8\n [c000000118f66f00] [c0000000006f2868] __asan_load4+0xac/0xe0\n [c000000118f66f20] [c0080000046eac84] ibmvnic_xmit+0x75c/0x1808 [ibmvnic]\n [c000000118f67340] [c0000000014be168] dev_hard_start_xmit+0x150/0x358\n \u003c...\u003e\n Freed by task 0:\n kasan_save_stack+0x34/0x68\n kasan_save_track+0x2c/0x50\n kasan_save_free_info+0x64/0x108\n __kasan_mempool_poison_object+0x148/0x2d4\n napi_skb_cache_put+0x5c/0x194\n net_tx_action+0x154/0x5b8\n handle_softirqs+0x20c/0x60c\n do_softirq_own_stack+0x6c/0x88\n \u003c...\u003e\n The buggy address belongs to the object at c00000024eb48a00 which\n belongs to the cache skbuff_head_cache of size 224\n==================================================================",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21855",
"url": "https://www.suse.com/security/cve/CVE-2025-21855"
},
{
"category": "external",
"summary": "SUSE Bug 1239484 for CVE-2025-21855",
"url": "https://bugzilla.suse.com/1239484"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21855"
},
{
"cve": "CVE-2025-21856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21856"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ism: add release function for struct device\n\nAccording to device_release() in /drivers/base/core.c,\na device without a release function is a broken device\nand must be fixed.\n\nThe current code directly frees the device after calling device_add()\nwithout waiting for other kernel parts to release their references.\nThus, a reference could still be held to a struct device,\ne.g., by sysfs, leading to potential use-after-free\nissues if a proper release function is not set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21856",
"url": "https://www.suse.com/security/cve/CVE-2025-21856"
},
{
"category": "external",
"summary": "SUSE Bug 1239486 for CVE-2025-21856",
"url": "https://bugzilla.suse.com/1239486"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21856"
},
{
"cve": "CVE-2025-21857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21857"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_api: fix error handling causing NULL dereference\n\ntcf_exts_miss_cookie_base_alloc() calls xa_alloc_cyclic() which can\nreturn 1 if the allocation succeeded after wrapping. This was treated as\nan error, with value 1 returned to caller tcf_exts_init_ex() which sets\nexts-\u003eactions to NULL and returns 1 to caller fl_change().\n\nfl_change() treats err == 1 as success, calling tcf_exts_validate_ex()\nwhich calls tcf_action_init() with exts-\u003eactions as argument, where it\nis dereferenced.\n\nExample trace:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nCPU: 114 PID: 16151 Comm: handler114 Kdump: loaded Not tainted 5.14.0-503.16.1.el9_5.x86_64 #1\nRIP: 0010:tcf_action_init+0x1f8/0x2c0\nCall Trace:\n tcf_action_init+0x1f8/0x2c0\n tcf_exts_validate_ex+0x175/0x190\n fl_change+0x537/0x1120 [cls_flower]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21857",
"url": "https://www.suse.com/security/cve/CVE-2025-21857"
},
{
"category": "external",
"summary": "SUSE Bug 1239478 for CVE-2025-21857",
"url": "https://bugzilla.suse.com/1239478"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21857"
},
{
"cve": "CVE-2025-21858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngeneve: Fix use-after-free in geneve_find_dev().\n\nsyzkaller reported a use-after-free in geneve_find_dev() [0]\nwithout repro.\n\ngeneve_configure() links struct geneve_dev.next to\nnet_generic(net, geneve_net_id)-\u003egeneve_list.\n\nThe net here could differ from dev_net(dev) if IFLA_NET_NS_PID,\nIFLA_NET_NS_FD, or IFLA_TARGET_NETNSID is set.\n\nWhen dev_net(dev) is dismantled, geneve_exit_batch_rtnl() finally\ncalls unregister_netdevice_queue() for each dev in the netns,\nand later the dev is freed.\n\nHowever, its geneve_dev.next is still linked to the backend UDP\nsocket netns.\n\nThen, use-after-free will occur when another geneve dev is created\nin the netns.\n\nLet\u0027s call geneve_dellink() instead in geneve_destroy_tunnels().\n\n[0]:\nBUG: KASAN: slab-use-after-free in geneve_find_dev drivers/net/geneve.c:1295 [inline]\nBUG: KASAN: slab-use-after-free in geneve_configure+0x234/0x858 drivers/net/geneve.c:1343\nRead of size 2 at addr ffff000054d6ee24 by task syz.1.4029/13441\n\nCPU: 1 UID: 0 PID: 13441 Comm: syz.1.4029 Not tainted 6.13.0-g0ad9617c78ac #24 dc35ca22c79fb82e8e7bc5c9c9adafea898b1e3d\nHardware name: linux,dummy-virt (DT)\nCall trace:\n show_stack+0x38/0x50 arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0xbc/0x108 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x16c/0x6f0 mm/kasan/report.c:489\n kasan_report+0xc0/0x120 mm/kasan/report.c:602\n __asan_report_load2_noabort+0x20/0x30 mm/kasan/report_generic.c:379\n geneve_find_dev drivers/net/geneve.c:1295 [inline]\n geneve_configure+0x234/0x858 drivers/net/geneve.c:1343\n geneve_newlink+0xb8/0x128 drivers/net/geneve.c:1634\n rtnl_newlink_create+0x23c/0x868 net/core/rtnetlink.c:3795\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]\n rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x618/0x838 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x5fc/0x8b0 net/netlink/af_netlink.c:1892\n sock_sendmsg_nosec net/socket.c:713 [inline]\n __sock_sendmsg net/socket.c:728 [inline]\n ____sys_sendmsg+0x410/0x6f8 net/socket.c:2568\n ___sys_sendmsg+0x178/0x1d8 net/socket.c:2622\n __sys_sendmsg net/socket.c:2654 [inline]\n __do_sys_sendmsg net/socket.c:2659 [inline]\n __se_sys_sendmsg net/socket.c:2657 [inline]\n __arm64_sys_sendmsg+0x12c/0x1c8 net/socket.c:2657\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x90/0x278 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x13c/0x250 arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x54/0x70 arch/arm64/kernel/syscall.c:151\n el0_svc+0x4c/0xa8 arch/arm64/kernel/entry-common.c:744\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:762\n el0t_64_sync+0x198/0x1a0 arch/arm64/kernel/entry.S:600\n\nAllocated by task 13247:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x30/0x68 mm/kasan/common.c:68\n kasan_save_alloc_info+0x44/0x58 mm/kasan/generic.c:568\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x84/0xa0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4298 [inline]\n __kmalloc_node_noprof+0x2a0/0x560 mm/slub.c:4304\n __kvmalloc_node_noprof+0x9c/0x230 mm/util.c:645\n alloc_netdev_mqs+0xb8/0x11a0 net/core/dev.c:11470\n rtnl_create_link+0x2b8/0xb50 net/core/rtnetlink.c:3604\n rtnl_newlink_create+0x19c/0x868 net/core/rtnetlink.c:3780\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]\n rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938\n netlink_unicast_kernel net/netlink/af_n\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21858",
"url": "https://www.suse.com/security/cve/CVE-2025-21858"
},
{
"category": "external",
"summary": "SUSE Bug 1239468 for CVE-2025-21858",
"url": "https://bugzilla.suse.com/1239468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21858"
},
{
"cve": "CVE-2025-21859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21859"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: f_midi: f_midi_complete to call queue_work\n\nWhen using USB MIDI, a lock is attempted to be acquired twice through a\nre-entrant call to f_midi_transmit, causing a deadlock.\n\nFix it by using queue_work() to schedule the inner f_midi_transmit() via\na high priority work queue from the completion handler.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21859",
"url": "https://www.suse.com/security/cve/CVE-2025-21859"
},
{
"category": "external",
"summary": "SUSE Bug 1239467 for CVE-2025-21859",
"url": "https://bugzilla.suse.com/1239467"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21859"
},
{
"cve": "CVE-2025-21861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/migrate_device: don\u0027t add folio to be freed to LRU in migrate_device_finalize()\n\nIf migration succeeded, we called\nfolio_migrate_flags()-\u003emem_cgroup_migrate() to migrate the memcg from the\nold to the new folio. This will set memcg_data of the old folio to 0.\n\nSimilarly, if migration failed, memcg_data of the dst folio is left unset.\n\nIf we call folio_putback_lru() on such folios (memcg_data == 0), we will\nadd the folio to be freed to the LRU, making memcg code unhappy. Running\nthe hmm selftests:\n\n # ./hmm-tests\n ...\n # RUN hmm.hmm_device_private.migrate ...\n [ 102.078007][T14893] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7ff27d200 pfn:0x13cc00\n [ 102.079974][T14893] anon flags: 0x17ff00000020018(uptodate|dirty|swapbacked|node=0|zone=2|lastcpupid=0x7ff)\n [ 102.082037][T14893] raw: 017ff00000020018 dead000000000100 dead000000000122 ffff8881353896c9\n [ 102.083687][T14893] raw: 00000007ff27d200 0000000000000000 00000001ffffffff 0000000000000000\n [ 102.085331][T14893] page dumped because: VM_WARN_ON_ONCE_FOLIO(!memcg \u0026\u0026 !mem_cgroup_disabled())\n [ 102.087230][T14893] ------------[ cut here ]------------\n [ 102.088279][T14893] WARNING: CPU: 0 PID: 14893 at ./include/linux/memcontrol.h:726 folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.090478][T14893] Modules linked in:\n [ 102.091244][T14893] CPU: 0 UID: 0 PID: 14893 Comm: hmm-tests Not tainted 6.13.0-09623-g6c216bc522fd #151\n [ 102.093089][T14893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n [ 102.094848][T14893] RIP: 0010:folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.096104][T14893] Code: ...\n [ 102.099908][T14893] RSP: 0018:ffffc900236c37b0 EFLAGS: 00010293\n [ 102.101152][T14893] RAX: 0000000000000000 RBX: ffffea0004f30000 RCX: ffffffff8183f426\n [ 102.102684][T14893] RDX: ffff8881063cb880 RSI: ffffffff81b8117f RDI: ffff8881063cb880\n [ 102.104227][T14893] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000\n [ 102.105757][T14893] R10: 0000000000000001 R11: 0000000000000002 R12: ffffc900236c37d8\n [ 102.107296][T14893] R13: ffff888277a2bcb0 R14: 000000000000001f R15: 0000000000000000\n [ 102.108830][T14893] FS: 00007ff27dbdd740(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000\n [ 102.110643][T14893] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 102.111924][T14893] CR2: 00007ff27d400000 CR3: 000000010866e000 CR4: 0000000000750ef0\n [ 102.113478][T14893] PKRU: 55555554\n [ 102.114172][T14893] Call Trace:\n [ 102.114805][T14893] \u003cTASK\u003e\n [ 102.115397][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.116547][T14893] ? __warn.cold+0x110/0x210\n [ 102.117461][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.118667][T14893] ? report_bug+0x1b9/0x320\n [ 102.119571][T14893] ? handle_bug+0x54/0x90\n [ 102.120494][T14893] ? exc_invalid_op+0x17/0x50\n [ 102.121433][T14893] ? asm_exc_invalid_op+0x1a/0x20\n [ 102.122435][T14893] ? __wake_up_klogd.part.0+0x76/0xd0\n [ 102.123506][T14893] ? dump_page+0x4f/0x60\n [ 102.124352][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.125500][T14893] folio_batch_move_lru+0xd4/0x200\n [ 102.126577][T14893] ? __pfx_lru_add+0x10/0x10\n [ 102.127505][T14893] __folio_batch_add_and_move+0x391/0x720\n [ 102.128633][T14893] ? __pfx_lru_add+0x10/0x10\n [ 102.129550][T14893] folio_putback_lru+0x16/0x80\n [ 102.130564][T14893] migrate_device_finalize+0x9b/0x530\n [ 102.131640][T14893] dmirror_migrate_to_device.constprop.0+0x7c5/0xad0\n [ 102.133047][T14893] dmirror_fops_unlocked_ioctl+0x89b/0xc80\n\nLikely, nothing else goes wrong: putting the last folio reference will\nremove the folio from the LRU again. So besides memcg complaining, adding\nthe folio to be freed to the LRU is just an unnecessary step.\n\nThe new flow resembles what we have in migrate_folio_move(): add the dst\nto the lru, rem\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21861",
"url": "https://www.suse.com/security/cve/CVE-2025-21861"
},
{
"category": "external",
"summary": "SUSE Bug 1239483 for CVE-2025-21861",
"url": "https://bugzilla.suse.com/1239483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21861"
},
{
"cve": "CVE-2025-21862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21862"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: fix incorrect initialization order\n\nSyzkaller reports the following bug:\n\nBUG: spinlock bad magic on CPU#1, syz-executor.0/7995\n lock: 0xffff88805303f3e0, .magic: 00000000, .owner: \u003cnone\u003e/-1, .owner_cpu: 0\nCPU: 1 PID: 7995 Comm: syz-executor.0 Tainted: G E 5.10.209+ #1\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x119/0x179 lib/dump_stack.c:118\n debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline]\n do_raw_spin_lock+0x1f6/0x270 kernel/locking/spinlock_debug.c:112\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline]\n _raw_spin_lock_irqsave+0x50/0x70 kernel/locking/spinlock.c:159\n reset_per_cpu_data+0xe6/0x240 [drop_monitor]\n net_dm_cmd_trace+0x43d/0x17a0 [drop_monitor]\n genl_family_rcv_msg_doit+0x22f/0x330 net/netlink/genetlink.c:739\n genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]\n genl_rcv_msg+0x341/0x5a0 net/netlink/genetlink.c:800\n netlink_rcv_skb+0x14d/0x440 net/netlink/af_netlink.c:2497\n genl_rcv+0x29/0x40 net/netlink/genetlink.c:811\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x54b/0x800 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x914/0xe00 net/netlink/af_netlink.c:1916\n sock_sendmsg_nosec net/socket.c:651 [inline]\n __sock_sendmsg+0x157/0x190 net/socket.c:663\n ____sys_sendmsg+0x712/0x870 net/socket.c:2378\n ___sys_sendmsg+0xf8/0x170 net/socket.c:2432\n __sys_sendmsg+0xea/0x1b0 net/socket.c:2461\n do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x62/0xc7\nRIP: 0033:0x7f3f9815aee9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f3f972bf0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f3f9826d050 RCX: 00007f3f9815aee9\nRDX: 0000000020000000 RSI: 0000000020001300 RDI: 0000000000000007\nRBP: 00007f3f981b63bd R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000006e R14: 00007f3f9826d050 R15: 00007ffe01ee6768\n\nIf drop_monitor is built as a kernel module, syzkaller may have time\nto send a netlink NET_DM_CMD_START message during the module loading.\nThis will call the net_dm_monitor_start() function that uses\na spinlock that has not yet been initialized.\n\nTo fix this, let\u0027s place resource initialization above the registration\nof a generic netlink family.\n\nFound by InfoTeCS on behalf of Linux Verification Center\n(linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21862",
"url": "https://www.suse.com/security/cve/CVE-2025-21862"
},
{
"category": "external",
"summary": "SUSE Bug 1239474 for CVE-2025-21862",
"url": "https://bugzilla.suse.com/1239474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21862"
},
{
"cve": "CVE-2025-21864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: drop secpath at the same time as we currently drop dst\n\nXiumei reported hitting the WARN in xfrm6_tunnel_net_exit while\nrunning tests that boil down to:\n - create a pair of netns\n - run a basic TCP test over ipcomp6\n - delete the pair of netns\n\nThe xfrm_state found on spi_byaddr was not deleted at the time we\ndelete the netns, because we still have a reference on it. This\nlingering reference comes from a secpath (which holds a ref on the\nxfrm_state), which is still attached to an skb. This skb is not\nleaked, it ends up on sk_receive_queue and then gets defer-free\u0027d by\nskb_attempt_defer_free.\n\nThe problem happens when we defer freeing an skb (push it on one CPU\u0027s\ndefer_list), and don\u0027t flush that list before the netns is deleted. In\nthat case, we still have a reference on the xfrm_state that we don\u0027t\nexpect at this point.\n\nWe already drop the skb\u0027s dst in the TCP receive path when it\u0027s no\nlonger needed, so let\u0027s also drop the secpath. At this point,\ntcp_filter has already called into the LSM hooks that may require the\nsecpath, so it should not be needed anymore. However, in some of those\nplaces, the MPTCP extension has just been attached to the skb, so we\ncannot simply drop all extensions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21864",
"url": "https://www.suse.com/security/cve/CVE-2025-21864"
},
{
"category": "external",
"summary": "SUSE Bug 1239482 for CVE-2025-21864",
"url": "https://bugzilla.suse.com/1239482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21864"
},
{
"cve": "CVE-2025-21865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21865"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().\n\nBrad Spengler reported the list_del() corruption splat in\ngtp_net_exit_batch_rtnl(). [0]\n\nCommit eb28fd76c0a0 (\"gtp: Destroy device along with udp socket\u0027s netns\ndismantle.\") added the for_each_netdev() loop in gtp_net_exit_batch_rtnl()\nto destroy devices in each netns as done in geneve and ip tunnels.\n\nHowever, this could trigger -\u003edellink() twice for the same device during\n-\u003eexit_batch_rtnl().\n\nSay we have two netns A \u0026 B and gtp device B that resides in netns B but\nwhose UDP socket is in netns A.\n\n 1. cleanup_net() processes netns A and then B.\n\n 2. gtp_net_exit_batch_rtnl() finds the device B while iterating\n netns A\u0027s gn-\u003egtp_dev_list and calls -\u003edellink().\n\n [ device B is not yet unlinked from netns B\n as unregister_netdevice_many() has not been called. ]\n\n 3. gtp_net_exit_batch_rtnl() finds the device B while iterating\n netns B\u0027s for_each_netdev() and calls -\u003edellink().\n\ngtp_dellink() cleans up the device\u0027s hash table, unlinks the dev from\ngn-\u003egtp_dev_list, and calls unregister_netdevice_queue().\n\nBasically, calling gtp_dellink() multiple times is fine unless\nCONFIG_DEBUG_LIST is enabled.\n\nLet\u0027s remove for_each_netdev() in gtp_net_exit_batch_rtnl() and\ndelegate the destruction to default_device_exit_batch() as done\nin bareudp.\n\n[0]:\nlist_del corruption, ffff8880aaa62c00-\u003enext (autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc00/0x1000 [slab object]) is LIST_POISON1 (ffffffffffffff02) (prev is 0xffffffffffffff04)\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN\nCPU: 1 UID: 0 PID: 1804 Comm: kworker/u8:7 Tainted: G T 6.12.13-grsec-full-20250211091339 #1\nTainted: [T]=RANDSTRUCT\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: netns cleanup_net\nRIP: 0010:[\u003cffffffff84947381\u003e] __list_del_entry_valid_or_report+0x141/0x200 lib/list_debug.c:58\nCode: c2 76 91 31 c0 e8 9f b1 f7 fc 0f 0b 4d 89 f0 48 c7 c1 02 ff ff ff 48 89 ea 48 89 ee 48 c7 c7 e0 c2 76 91 31 c0 e8 7f b1 f7 fc \u003c0f\u003e 0b 4d 89 e8 48 c7 c1 04 ff ff ff 48 89 ea 48 89 ee 48 c7 c7 60\nRSP: 0018:fffffe8040b4fbd0 EFLAGS: 00010283\nRAX: 00000000000000cc RBX: dffffc0000000000 RCX: ffffffff818c4054\nRDX: ffffffff84947381 RSI: ffffffff818d1512 RDI: 0000000000000000\nRBP: ffff8880aaa62c00 R08: 0000000000000001 R09: fffffbd008169f32\nR10: fffffe8040b4f997 R11: 0000000000000001 R12: a1988d84f24943e4\nR13: ffffffffffffff02 R14: ffffffffffffff04 R15: ffff8880aaa62c08\nRBX: kasan shadow of 0x0\nRCX: __wake_up_klogd.part.0+0x74/0xe0 kernel/printk/printk.c:4554\nRDX: __list_del_entry_valid_or_report+0x141/0x200 lib/list_debug.c:58\nRSI: vprintk+0x72/0x100 kernel/printk/printk_safe.c:71\nRBP: autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc00/0x1000 [slab object]\nRSP: process kstack fffffe8040b4fbd0+0x7bd0/0x8000 [kworker/u8:7+netns 1804 ]\nR09: kasan shadow of process kstack fffffe8040b4f990+0x7990/0x8000 [kworker/u8:7+netns 1804 ]\nR10: process kstack fffffe8040b4f997+0x7997/0x8000 [kworker/u8:7+netns 1804 ]\nR15: autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc08/0x1000 [slab object]\nFS: 0000000000000000(0000) GS:ffff888116000000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000748f5372c000 CR3: 0000000015408000 CR4: 00000000003406f0 shadow CR4: 00000000003406f0\nStack:\n 0000000000000000 ffffffff8a0c35e7 ffffffff8a0c3603 ffff8880aaa62c00\n ffff8880aaa62c00 0000000000000004 ffff88811145311c 0000000000000005\n 0000000000000001 ffff8880aaa62000 fffffe8040b4fd40 ffffffff8a0c360d\nCall Trace:\n \u003cTASK\u003e\n [\u003cffffffff8a0c360d\u003e] __list_del_entry_valid include/linux/list.h:131 [inline] fffffe8040b4fc28\n [\u003cffffffff8a0c360d\u003e] __list_del_entry include/linux/list.h:248 [inline] fffffe8040b4fc28\n [\u003cffffffff8a0c360d\u003e] list_del include/linux/list.h:262 [inl\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21865",
"url": "https://www.suse.com/security/cve/CVE-2025-21865"
},
{
"category": "external",
"summary": "SUSE Bug 1239481 for CVE-2025-21865",
"url": "https://bugzilla.suse.com/1239481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21865"
},
{
"cve": "CVE-2025-21866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC\n\nErhard reported the following KASAN hit while booting his PowerMac G4\nwith a KASAN-enabled kernel 6.13-rc6:\n\n BUG: KASAN: vmalloc-out-of-bounds in copy_to_kernel_nofault+0xd8/0x1c8\n Write of size 8 at addr f1000000 by task chronyd/1293\n\n CPU: 0 UID: 123 PID: 1293 Comm: chronyd Tainted: G W 6.13.0-rc6-PMacG4 #2\n Tainted: [W]=WARN\n Hardware name: PowerMac3,6 7455 0x80010303 PowerMac\n Call Trace:\n [c2437590] [c1631a84] dump_stack_lvl+0x70/0x8c (unreliable)\n [c24375b0] [c0504998] print_report+0xdc/0x504\n [c2437610] [c050475c] kasan_report+0xf8/0x108\n [c2437690] [c0505a3c] kasan_check_range+0x24/0x18c\n [c24376a0] [c03fb5e4] copy_to_kernel_nofault+0xd8/0x1c8\n [c24376c0] [c004c014] patch_instructions+0x15c/0x16c\n [c2437710] [c00731a8] bpf_arch_text_copy+0x60/0x7c\n [c2437730] [c0281168] bpf_jit_binary_pack_finalize+0x50/0xac\n [c2437750] [c0073cf4] bpf_int_jit_compile+0xb30/0xdec\n [c2437880] [c0280394] bpf_prog_select_runtime+0x15c/0x478\n [c24378d0] [c1263428] bpf_prepare_filter+0xbf8/0xc14\n [c2437990] [c12677ec] bpf_prog_create_from_user+0x258/0x2b4\n [c24379d0] [c027111c] do_seccomp+0x3dc/0x1890\n [c2437ac0] [c001d8e0] system_call_exception+0x2dc/0x420\n [c2437f30] [c00281ac] ret_from_syscall+0x0/0x2c\n --- interrupt: c00 at 0x5a1274\n NIP: 005a1274 LR: 006a3b3c CTR: 005296c8\n REGS: c2437f40 TRAP: 0c00 Tainted: G W (6.13.0-rc6-PMacG4)\n MSR: 0200f932 \u003cVEC,EE,PR,FP,ME,IR,DR,RI\u003e CR: 24004422 XER: 00000000\n\n GPR00: 00000166 af8f3fa0 a7ee3540 00000001 00000000 013b6500 005a5858 0200f932\n GPR08: 00000000 00001fe9 013d5fc8 005296c8 2822244c 00b2fcd8 00000000 af8f4b57\n GPR16: 00000000 00000001 00000000 00000000 00000000 00000001 00000000 00000002\n GPR24: 00afdbb0 00000000 00000000 00000000 006e0004 013ce060 006e7c1c 00000001\n NIP [005a1274] 0x5a1274\n LR [006a3b3c] 0x6a3b3c\n --- interrupt: c00\n\n The buggy address belongs to the virtual mapping at\n [f1000000, f1002000) created by:\n text_area_cpu_up+0x20/0x190\n\n The buggy address belongs to the physical page:\n page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x76e30\n flags: 0x80000000(zone=2)\n raw: 80000000 00000000 00000122 00000000 00000000 00000000 ffffffff 00000001\n raw: 00000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n f0ffff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n f0ffff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n \u003ef1000000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n f1000080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n f1000100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ==================================================================\n\nf8 corresponds to KASAN_VMALLOC_INVALID which means the area is not\ninitialised hence not supposed to be used yet.\n\nPowerpc text patching infrastructure allocates a virtual memory area\nusing get_vm_area() and flags it as VM_ALLOC. But that flag is meant\nto be used for vmalloc() and vmalloc() allocated memory is not\nsupposed to be used before a call to __vmalloc_node_range() which is\nnever called for that area.\n\nThat went undetected until commit e4137f08816b (\"mm, kasan, kmsan:\ninstrument copy_from/to_kernel_nofault\")\n\nThe area allocated by text_area_cpu_up() is not vmalloc memory, it is\nmapped directly on demand when needed by map_kernel_page(). There is\nno VM flag corresponding to such usage, so just pass no flag. That way\nthe area will be unpoisonned and usable immediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21866",
"url": "https://www.suse.com/security/cve/CVE-2025-21866"
},
{
"category": "external",
"summary": "SUSE Bug 1239473 for CVE-2025-21866",
"url": "https://bugzilla.suse.com/1239473"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21866"
},
{
"cve": "CVE-2025-21869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21869"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/code-patching: Disable KASAN report during patching via temporary mm\n\nErhard reports the following KASAN hit on Talos II (power9) with kernel 6.13:\n\n[ 12.028126] ==================================================================\n[ 12.028198] BUG: KASAN: user-memory-access in copy_to_kernel_nofault+0x8c/0x1a0\n[ 12.028260] Write of size 8 at addr 0000187e458f2000 by task systemd/1\n\n[ 12.028346] CPU: 87 UID: 0 PID: 1 Comm: systemd Tainted: G T 6.13.0-P9-dirty #3\n[ 12.028408] Tainted: [T]=RANDSTRUCT\n[ 12.028446] Hardware name: T2P9D01 REV 1.01 POWER9 0x4e1202 opal:skiboot-bc106a0 PowerNV\n[ 12.028500] Call Trace:\n[ 12.028536] [c000000008dbf3b0] [c000000001656a48] dump_stack_lvl+0xbc/0x110 (unreliable)\n[ 12.028609] [c000000008dbf3f0] [c0000000006e2fc8] print_report+0x6b0/0x708\n[ 12.028666] [c000000008dbf4e0] [c0000000006e2454] kasan_report+0x164/0x300\n[ 12.028725] [c000000008dbf600] [c0000000006e54d4] kasan_check_range+0x314/0x370\n[ 12.028784] [c000000008dbf640] [c0000000006e6310] __kasan_check_write+0x20/0x40\n[ 12.028842] [c000000008dbf660] [c000000000578e8c] copy_to_kernel_nofault+0x8c/0x1a0\n[ 12.028902] [c000000008dbf6a0] [c0000000000acfe4] __patch_instructions+0x194/0x210\n[ 12.028965] [c000000008dbf6e0] [c0000000000ade80] patch_instructions+0x150/0x590\n[ 12.029026] [c000000008dbf7c0] [c0000000001159bc] bpf_arch_text_copy+0x6c/0xe0\n[ 12.029085] [c000000008dbf800] [c000000000424250] bpf_jit_binary_pack_finalize+0x40/0xc0\n[ 12.029147] [c000000008dbf830] [c000000000115dec] bpf_int_jit_compile+0x3bc/0x930\n[ 12.029206] [c000000008dbf990] [c000000000423720] bpf_prog_select_runtime+0x1f0/0x280\n[ 12.029266] [c000000008dbfa00] [c000000000434b18] bpf_prog_load+0xbb8/0x1370\n[ 12.029324] [c000000008dbfb70] [c000000000436ebc] __sys_bpf+0x5ac/0x2e00\n[ 12.029379] [c000000008dbfd00] [c00000000043a228] sys_bpf+0x28/0x40\n[ 12.029435] [c000000008dbfd20] [c000000000038eb4] system_call_exception+0x334/0x610\n[ 12.029497] [c000000008dbfe50] [c00000000000c270] system_call_vectored_common+0xf0/0x280\n[ 12.029561] --- interrupt: 3000 at 0x3fff82f5cfa8\n[ 12.029608] NIP: 00003fff82f5cfa8 LR: 00003fff82f5cfa8 CTR: 0000000000000000\n[ 12.029660] REGS: c000000008dbfe80 TRAP: 3000 Tainted: G T (6.13.0-P9-dirty)\n[ 12.029735] MSR: 900000000280f032 \u003cSF,HV,VEC,VSX,EE,PR,FP,ME,IR,DR,RI\u003e CR: 42004848 XER: 00000000\n[ 12.029855] IRQMASK: 0\n GPR00: 0000000000000169 00003fffdcf789a0 00003fff83067100 0000000000000005\n GPR04: 00003fffdcf78a98 0000000000000090 0000000000000000 0000000000000008\n GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000\n GPR12: 0000000000000000 00003fff836ff7e0 c000000000010678 0000000000000000\n GPR16: 0000000000000000 0000000000000000 00003fffdcf78f28 00003fffdcf78f90\n GPR20: 0000000000000000 0000000000000000 0000000000000000 00003fffdcf78f80\n GPR24: 00003fffdcf78f70 00003fffdcf78d10 00003fff835c7239 00003fffdcf78bd8\n GPR28: 00003fffdcf78a98 0000000000000000 0000000000000000 000000011f547580\n[ 12.030316] NIP [00003fff82f5cfa8] 0x3fff82f5cfa8\n[ 12.030361] LR [00003fff82f5cfa8] 0x3fff82f5cfa8\n[ 12.030405] --- interrupt: 3000\n[ 12.030444] ==================================================================\n\nCommit c28c15b6d28a (\"powerpc/code-patching: Use temporary mm for\nRadix MMU\") is inspired from x86 but unlike x86 is doesn\u0027t disable\nKASAN reports during patching. This wasn\u0027t a problem at the begining\nbecause __patch_mem() is not instrumented.\n\nCommit 465cabc97b42 (\"powerpc/code-patching: introduce\npatch_instructions()\") use copy_to_kernel_nofault() to copy several\ninstructions at once. But when using temporary mm the destination is\nnot regular kernel memory but a kind of kernel-like memory located\nin user address space. \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21869",
"url": "https://www.suse.com/security/cve/CVE-2025-21869"
},
{
"category": "external",
"summary": "SUSE Bug 1240182 for CVE-2025-21869",
"url": "https://bugzilla.suse.com/1240182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21869"
},
{
"cve": "CVE-2025-21870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21870"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers\n\nOther, non DAI copier widgets could have the same stream name (sname) as\nthe ALH copier and in that case the copier-\u003edata is NULL, no alh_data is\nattached, which could lead to NULL pointer dereference.\nWe could check for this NULL pointer in sof_ipc4_prepare_copier_module()\nand avoid the crash, but a similar loop in sof_ipc4_widget_setup_comp_dai()\nwill miscalculate the ALH device count, causing broken audio.\n\nThe correct fix is to harden the matching logic by making sure that the\n1. widget is a DAI widget - so dai = w-\u003eprivate is valid\n2. the dai (and thus the copier) is ALH copier",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21870",
"url": "https://www.suse.com/security/cve/CVE-2025-21870"
},
{
"category": "external",
"summary": "SUSE Bug 1240191 for CVE-2025-21870",
"url": "https://bugzilla.suse.com/1240191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21870"
},
{
"cve": "CVE-2025-21871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21871"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: optee: Fix supplicant wait loop\n\nOP-TEE supplicant is a user-space daemon and it\u0027s possible for it\nbe hung or crashed or killed in the middle of processing an OP-TEE\nRPC call. It becomes more complicated when there is incorrect shutdown\nordering of the supplicant process vs the OP-TEE client application which\ncan eventually lead to system hang-up waiting for the closure of the\nclient application.\n\nAllow the client process waiting in kernel for supplicant response to\nbe killed rather than indefinitely waiting in an unkillable state. Also,\na normal uninterruptible wait should not have resulted in the hung-task\nwatchdog getting triggered, but the endless loop would.\n\nThis fixes issues observed during system reboot/shutdown when supplicant\ngot hung for some reason or gets crashed/killed which lead to client\ngetting hung in an unkillable state. It in turn lead to system being in\nhung up state requiring hard power off/on to recover.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21871",
"url": "https://www.suse.com/security/cve/CVE-2025-21871"
},
{
"category": "external",
"summary": "SUSE Bug 1240183 for CVE-2025-21871",
"url": "https://bugzilla.suse.com/1240183"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21871"
},
{
"cve": "CVE-2025-21876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21876"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix suspicious RCU usage\n\nCommit \u003cd74169ceb0d2\u003e (\"iommu/vt-d: Allocate DMAR fault interrupts\nlocally\") moved the call to enable_drhd_fault_handling() to a code\npath that does not hold any lock while traversing the drhd list. Fix\nit by ensuring the dmar_global_lock lock is held when traversing the\ndrhd list.\n\nWithout this fix, the following warning is triggered:\n =============================\n WARNING: suspicious RCU usage\n 6.14.0-rc3 #55 Not tainted\n -----------------------------\n drivers/iommu/intel/dmar.c:2046 RCU-list traversed in non-reader section!!\n other info that might help us debug this:\n rcu_scheduler_active = 1, debug_locks = 1\n 2 locks held by cpuhp/1/23:\n #0: ffffffff84a67c50 (cpu_hotplug_lock){++++}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0\n #1: ffffffff84a6a380 (cpuhp_state-up){+.+.}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0\n stack backtrace:\n CPU: 1 UID: 0 PID: 23 Comm: cpuhp/1 Not tainted 6.14.0-rc3 #55\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xb7/0xd0\n lockdep_rcu_suspicious+0x159/0x1f0\n ? __pfx_enable_drhd_fault_handling+0x10/0x10\n enable_drhd_fault_handling+0x151/0x180\n cpuhp_invoke_callback+0x1df/0x990\n cpuhp_thread_fun+0x1ea/0x2c0\n smpboot_thread_fn+0x1f5/0x2e0\n ? __pfx_smpboot_thread_fn+0x10/0x10\n kthread+0x12a/0x2d0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x4a/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nHolding the lock in enable_drhd_fault_handling() triggers a lockdep splat\nabout a possible deadlock between dmar_global_lock and cpu_hotplug_lock.\nThis is avoided by not holding dmar_global_lock when calling\niommu_device_register(), which initiates the device probe process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21876",
"url": "https://www.suse.com/security/cve/CVE-2025-21876"
},
{
"category": "external",
"summary": "SUSE Bug 1240179 for CVE-2025-21876",
"url": "https://bugzilla.suse.com/1240179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21876"
},
{
"cve": "CVE-2025-21877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21877"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: gl620a: fix endpoint checking in genelink_bind()\n\nSyzbot reports [1] a warning in usb_submit_urb() triggered by\ninconsistencies between expected and actually present endpoints\nin gl620a driver. Since genelink_bind() does not properly\nverify whether specified eps are in fact provided by the device,\nin this case, an artificially manufactured one, one may get a\nmismatch.\n\nFix the issue by resorting to a usbnet utility function\nusbnet_get_endpoints(), usually reserved for this very problem.\nCheck for endpoints and return early before proceeding further if\nany are missing.\n\n[1] Syzbot report:\nusb 5-1: Manufacturer: syz\nusb 5-1: SerialNumber: syz\nusb 5-1: config 0 descriptor??\ngl620a 5-1:0.23 usb0: register \u0027gl620a\u0027 at usb-dummy_hcd.0-1, ...\n------------[ cut here ]------------\nusb 5-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 2 PID: 1841 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\nModules linked in:\nCPU: 2 UID: 0 PID: 1841 Comm: kworker/2:2 Not tainted 6.12.0-syzkaller-07834-g06afb0f36106 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: mld mld_ifc_work\nRIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\n...\nCall Trace:\n \u003cTASK\u003e\n usbnet_start_xmit+0x6be/0x2780 drivers/net/usb/usbnet.c:1467\n __netdev_start_xmit include/linux/netdevice.h:5002 [inline]\n netdev_start_xmit include/linux/netdevice.h:5011 [inline]\n xmit_one net/core/dev.c:3590 [inline]\n dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3606\n sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343\n __dev_xmit_skb net/core/dev.c:3827 [inline]\n __dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4400\n dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n neigh_resolve_output net/core/neighbour.c:1514 [inline]\n neigh_resolve_output+0x5bc/0x950 net/core/neighbour.c:1494\n neigh_output include/net/neighbour.h:539 [inline]\n ip6_finish_output2+0xb1b/0x2070 net/ipv6/ip6_output.c:141\n __ip6_finish_output net/ipv6/ip6_output.c:215 [inline]\n ip6_finish_output+0x3f9/0x1360 net/ipv6/ip6_output.c:226\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip6_output+0x1f8/0x540 net/ipv6/ip6_output.c:247\n dst_output include/net/dst.h:450 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netfilter.h:308 [inline]\n mld_sendpack+0x9f0/0x11d0 net/ipv6/mcast.c:1819\n mld_send_cr net/ipv6/mcast.c:2120 [inline]\n mld_ifc_work+0x740/0xca0 net/ipv6/mcast.c:2651\n process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21877",
"url": "https://www.suse.com/security/cve/CVE-2025-21877"
},
{
"category": "external",
"summary": "SUSE Bug 1240172 for CVE-2025-21877",
"url": "https://bugzilla.suse.com/1240172"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21877"
},
{
"cve": "CVE-2025-21878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21878"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: npcm: disable interrupt enable bit before devm_request_irq\n\nThe customer reports that there is a soft lockup issue related to\nthe i2c driver. After checking, the i2c module was doing a tx transfer\nand the bmc machine reboots in the middle of the i2c transaction, the i2c\nmodule keeps the status without being reset.\n\nDue to such an i2c module status, the i2c irq handler keeps getting\ntriggered since the i2c irq handler is registered in the kernel booting\nprocess after the bmc machine is doing a warm rebooting.\nThe continuous triggering is stopped by the soft lockup watchdog timer.\n\nDisable the interrupt enable bit in the i2c module before calling\ndevm_request_irq to fix this issue since the i2c relative status bit\nis read-only.\n\nHere is the soft lockup log.\n[ 28.176395] watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [swapper/0:1]\n[ 28.183351] Modules linked in:\n[ 28.186407] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.15.120-yocto-s-dirty-bbebc78 #1\n[ 28.201174] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 28.208128] pc : __do_softirq+0xb0/0x368\n[ 28.212055] lr : __do_softirq+0x70/0x368\n[ 28.215972] sp : ffffff8035ebca00\n[ 28.219278] x29: ffffff8035ebca00 x28: 0000000000000002 x27: ffffff80071a3780\n[ 28.226412] x26: ffffffc008bdc000 x25: ffffffc008bcc640 x24: ffffffc008be50c0\n[ 28.233546] x23: ffffffc00800200c x22: 0000000000000000 x21: 000000000000001b\n[ 28.240679] x20: 0000000000000000 x19: ffffff80001c3200 x18: ffffffffffffffff\n[ 28.247812] x17: ffffffc02d2e0000 x16: ffffff8035eb8b40 x15: 00001e8480000000\n[ 28.254945] x14: 02c3647e37dbfcb6 x13: 02c364f2ab14200c x12: 0000000002c364f2\n[ 28.262078] x11: 00000000fa83b2da x10: 000000000000b67e x9 : ffffffc008010250\n[ 28.269211] x8 : 000000009d983d00 x7 : 7fffffffffffffff x6 : 0000036d74732434\n[ 28.276344] x5 : 00ffffffffffffff x4 : 0000000000000015 x3 : 0000000000000198\n[ 28.283476] x2 : ffffffc02d2e0000 x1 : 00000000000000e0 x0 : ffffffc008bdcb40\n[ 28.290611] Call trace:\n[ 28.293052] __do_softirq+0xb0/0x368\n[ 28.296625] __irq_exit_rcu+0xe0/0x100\n[ 28.300374] irq_exit+0x14/0x20\n[ 28.303513] handle_domain_irq+0x68/0x90\n[ 28.307440] gic_handle_irq+0x78/0xb0\n[ 28.311098] call_on_irq_stack+0x20/0x38\n[ 28.315019] do_interrupt_handler+0x54/0x5c\n[ 28.319199] el1_interrupt+0x2c/0x4c\n[ 28.322777] el1h_64_irq_handler+0x14/0x20\n[ 28.326872] el1h_64_irq+0x74/0x78\n[ 28.330269] __setup_irq+0x454/0x780\n[ 28.333841] request_threaded_irq+0xd0/0x1b4\n[ 28.338107] devm_request_threaded_irq+0x84/0x100\n[ 28.342809] npcm_i2c_probe_bus+0x188/0x3d0\n[ 28.346990] platform_probe+0x6c/0xc4\n[ 28.350653] really_probe+0xcc/0x45c\n[ 28.354227] __driver_probe_device+0x8c/0x160\n[ 28.358578] driver_probe_device+0x44/0xe0\n[ 28.362670] __driver_attach+0x124/0x1d0\n[ 28.366589] bus_for_each_dev+0x7c/0xe0\n[ 28.370426] driver_attach+0x28/0x30\n[ 28.373997] bus_add_driver+0x124/0x240\n[ 28.377830] driver_register+0x7c/0x124\n[ 28.381662] __platform_driver_register+0x2c/0x34\n[ 28.386362] npcm_i2c_init+0x3c/0x5c\n[ 28.389937] do_one_initcall+0x74/0x230\n[ 28.393768] kernel_init_freeable+0x24c/0x2b4\n[ 28.398126] kernel_init+0x28/0x130\n[ 28.401614] ret_from_fork+0x10/0x20\n[ 28.405189] Kernel panic - not syncing: softlockup: hung tasks\n[ 28.411011] SMP: stopping secondary CPUs\n[ 28.414933] Kernel Offset: disabled\n[ 28.418412] CPU features: 0x00000000,00000802\n[ 28.427644] Rebooting in 20 seconds..",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21878",
"url": "https://www.suse.com/security/cve/CVE-2025-21878"
},
{
"category": "external",
"summary": "SUSE Bug 1240192 for CVE-2025-21878",
"url": "https://bugzilla.suse.com/1240192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21878"
},
{
"cve": "CVE-2025-21883",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21883"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix deinitializing VF in error path\n\nIf ice_ena_vfs() fails after calling ice_create_vf_entries(), it frees\nall VFs without removing them from snapshot PF-VF mailbox list, leading\nto list corruption.\n\nReproducer:\n devlink dev eswitch set $PF1_PCI mode switchdev\n ip l s $PF1 up\n ip l s $PF1 promisc on\n sleep 1\n echo 1 \u003e /sys/class/net/$PF1/device/sriov_numvfs\n sleep 1\n echo 1 \u003e /sys/class/net/$PF1/device/sriov_numvfs\n\nTrace (minimized):\n list_add corruption. next-\u003eprev should be prev (ffff8882e241c6f0), but was 0000000000000000. (next=ffff888455da1330).\n kernel BUG at lib/list_debug.c:29!\n RIP: 0010:__list_add_valid_or_report+0xa6/0x100\n ice_mbx_init_vf_info+0xa7/0x180 [ice]\n ice_initialize_vf_entry+0x1fa/0x250 [ice]\n ice_sriov_configure+0x8d7/0x1520 [ice]\n ? __percpu_ref_switch_mode+0x1b1/0x5d0\n ? __pfx_ice_sriov_configure+0x10/0x10 [ice]\n\nSometimes a KASAN report can be seen instead with a similar stack trace:\n BUG: KASAN: use-after-free in __list_add_valid_or_report+0xf1/0x100\n\nVFs are added to this list in ice_mbx_init_vf_info(), but only removed\nin ice_free_vfs(). Move the removing to ice_free_vf_entries(), which is\nalso being called in other places where VFs are being removed (including\nice_free_vfs() itself).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21883",
"url": "https://www.suse.com/security/cve/CVE-2025-21883"
},
{
"category": "external",
"summary": "SUSE Bug 1240189 for CVE-2025-21883",
"url": "https://bugzilla.suse.com/1240189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21883"
},
{
"cve": "CVE-2025-21885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21885"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix the page details for the srq created by kernel consumers\n\nWhile using nvme target with use_srq on, below kernel panic is noticed.\n\n[ 549.698111] bnxt_en 0000:41:00.0 enp65s0np0: FEC autoneg off encoding: Clause 91 RS(544,514)\n[ 566.393619] Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI\n..\n[ 566.393799] \u003cTASK\u003e\n[ 566.393807] ? __die_body+0x1a/0x60\n[ 566.393823] ? die+0x38/0x60\n[ 566.393835] ? do_trap+0xe4/0x110\n[ 566.393847] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393867] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393881] ? do_error_trap+0x7c/0x120\n[ 566.393890] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393911] ? exc_divide_error+0x34/0x50\n[ 566.393923] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393939] ? asm_exc_divide_error+0x16/0x20\n[ 566.393966] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393997] bnxt_qplib_create_srq+0xc9/0x340 [bnxt_re]\n[ 566.394040] bnxt_re_create_srq+0x335/0x3b0 [bnxt_re]\n[ 566.394057] ? srso_return_thunk+0x5/0x5f\n[ 566.394068] ? __init_swait_queue_head+0x4a/0x60\n[ 566.394090] ib_create_srq_user+0xa7/0x150 [ib_core]\n[ 566.394147] nvmet_rdma_queue_connect+0x7d0/0xbe0 [nvmet_rdma]\n[ 566.394174] ? lock_release+0x22c/0x3f0\n[ 566.394187] ? srso_return_thunk+0x5/0x5f\n\nPage size and shift info is set only for the user space SRQs.\nSet page size and page shift for kernel space SRQs also.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21885",
"url": "https://www.suse.com/security/cve/CVE-2025-21885"
},
{
"category": "external",
"summary": "SUSE Bug 1240169 for CVE-2025-21885",
"url": "https://bugzilla.suse.com/1240169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21885"
},
{
"cve": "CVE-2025-21886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21886"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix implicit ODP hang on parent deregistration\n\nFix the destroy_unused_implicit_child_mr() to prevent hanging during\nparent deregistration as of below [1].\n\nUpon entering destroy_unused_implicit_child_mr(), the reference count\nfor the implicit MR parent is incremented using:\nrefcount_inc_not_zero().\n\nA corresponding decrement must be performed if\nfree_implicit_child_mr_work() is not called.\n\nThe code has been updated to properly manage the reference count that\nwas incremented.\n\n[1]\nINFO: task python3:2157 blocked for more than 120 seconds.\nNot tainted 6.12.0-rc7+ #1633\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:python3 state:D stack:0 pid:2157 tgid:2157 ppid:1685 flags:0x00000000\nCall Trace:\n\u003cTASK\u003e\n__schedule+0x420/0xd30\nschedule+0x47/0x130\n__mlx5_ib_dereg_mr+0x379/0x5d0 [mlx5_ib]\n? __pfx_autoremove_wake_function+0x10/0x10\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0x116/0x170 [ib_uverbs]\n? lock_release+0xc6/0x280\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n __x64_sys_ioctl+0x1b0/0xa70\n? kmem_cache_free+0x221/0x400\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f20f21f017b\nRSP: 002b:00007ffcfc4a77c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffcfc4a78d8 RCX: 00007f20f21f017b\nRDX: 00007ffcfc4a78c0 RSI: 00000000c0181b01 RDI: 0000000000000003\nRBP: 00007ffcfc4a78a0 R08: 000056147d125190 R09: 00007f20f1f14c60\nR10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcfc4a7890\nR13: 000000000000001c R14: 000056147d100fc0 R15: 00007f20e365c9d0\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21886",
"url": "https://www.suse.com/security/cve/CVE-2025-21886"
},
{
"category": "external",
"summary": "SUSE Bug 1240188 for CVE-2025-21886",
"url": "https://bugzilla.suse.com/1240188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21886"
},
{
"cve": "CVE-2025-21888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21888"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix a WARN during dereg_mr for DM type\n\nMemory regions (MR) of type DM (device memory) do not have an associated\numem.\n\nIn the __mlx5_ib_dereg_mr() -\u003e mlx5_free_priv_descs() flow, the code\nincorrectly takes the wrong branch, attempting to call\ndma_unmap_single() on a DMA address that is not mapped.\n\nThis results in a WARN [1], as shown below.\n\nThe issue is resolved by properly accounting for the DM type and\nensuring the correct branch is selected in mlx5_free_priv_descs().\n\n[1]\nWARNING: CPU: 12 PID: 1346 at drivers/iommu/dma-iommu.c:1230 iommu_dma_unmap_page+0x79/0x90\nModules linked in: ip6table_mangle ip6table_nat ip6table_filter ip6_tables iptable_mangle xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry ovelay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core fuse mlx5_core\nCPU: 12 UID: 0 PID: 1346 Comm: ibv_rc_pingpong Not tainted 6.12.0-rc7+ #1631\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:iommu_dma_unmap_page+0x79/0x90\nCode: 2b 49 3b 29 72 26 49 3b 69 08 73 20 4d 89 f0 44 89 e9 4c 89 e2 48 89 ee 48 89 df 5b 5d 41 5c 41 5d 41 5e 41 5f e9 07 b8 88 ff \u003c0f\u003e 0b 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 66 0f 1f 44 00\nRSP: 0018:ffffc90001913a10 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88810194b0a8 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001\nRBP: ffff88810194b0a8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f537abdd740(0000) GS:ffff88885fb00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f537aeb8000 CR3: 000000010c248001 CR4: 0000000000372eb0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x84/0x190\n? iommu_dma_unmap_page+0x79/0x90\n? report_bug+0xf8/0x1c0\n? handle_bug+0x55/0x90\n? exc_invalid_op+0x13/0x60\n? asm_exc_invalid_op+0x16/0x20\n? iommu_dma_unmap_page+0x79/0x90\ndma_unmap_page_attrs+0xe6/0x290\nmlx5_free_priv_descs+0xb0/0xe0 [mlx5_ib]\n__mlx5_ib_dereg_mr+0x37e/0x520 [mlx5_ib]\n? _raw_spin_unlock_irq+0x24/0x40\n? wait_for_completion+0xfe/0x130\n? rdma_restrack_put+0x63/0xe0 [ib_core]\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0x116/0x170 [ib_uverbs]\n? lock_release+0xc6/0x280\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n__x64_sys_ioctl+0x1b0/0xa70\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f537adaf17b\nCode: 0f 1e fa 48 8b 05 1d ad 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d ed ac 0c 00 f7 d8 64 89 01 48\nRSP: 002b:00007ffff218f0b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffff218f1d8 RCX: 00007f537adaf17b\nRDX: 00007ffff218f1c0 RSI: 00000000c0181b01 RDI: 0000000000000003\nRBP: 00007ffff218f1a0 R08: 00007f537aa8d010 R09: 0000561ee2e4f270\nR10: 00007f537aace3a8 R11: 0000000000000246 R12: 00007ffff218f190\nR13: 000000000000001c R14: 0000561ee2e4d7c0 R15: 00007ffff218f450\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21888",
"url": "https://www.suse.com/security/cve/CVE-2025-21888"
},
{
"category": "external",
"summary": "SUSE Bug 1240177 for CVE-2025-21888",
"url": "https://bugzilla.suse.com/1240177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21888"
},
{
"cve": "CVE-2025-21890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21890"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix checksums set in idpf_rx_rsc()\n\nidpf_rx_rsc() uses skb_transport_offset(skb) while the transport header\nis not set yet.\n\nThis triggers the following warning for CONFIG_DEBUG_NET=y builds.\n\nDEBUG_NET_WARN_ON_ONCE(!skb_transport_header_was_set(skb))\n\n[ 69.261620] WARNING: CPU: 7 PID: 0 at ./include/linux/skbuff.h:3020 idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261629] Modules linked in: vfat fat dummy bridge intel_uncore_frequency_tpmi intel_uncore_frequency_common intel_vsec_tpmi idpf intel_vsec cdc_ncm cdc_eem cdc_ether usbnet mii xhci_pci xhci_hcd ehci_pci ehci_hcd libeth\n[ 69.261644] CPU: 7 UID: 0 PID: 0 Comm: swapper/7 Tainted: G S W 6.14.0-smp-DEV #1697\n[ 69.261648] Tainted: [S]=CPU_OUT_OF_SPEC, [W]=WARN\n[ 69.261650] RIP: 0010:idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261677] ? __warn (kernel/panic.c:242 kernel/panic.c:748)\n[ 69.261682] ? idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261687] ? report_bug (lib/bug.c:?)\n[ 69.261690] ? handle_bug (arch/x86/kernel/traps.c:285)\n[ 69.261694] ? exc_invalid_op (arch/x86/kernel/traps.c:309)\n[ 69.261697] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)\n[ 69.261700] ? __pfx_idpf_vport_splitq_napi_poll (drivers/net/ethernet/intel/idpf/idpf_txrx.c:4011) idpf\n[ 69.261704] ? idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261708] ? idpf_vport_splitq_napi_poll (drivers/net/ethernet/intel/idpf/idpf_txrx.c:3072) idpf\n[ 69.261712] __napi_poll (net/core/dev.c:7194)\n[ 69.261716] net_rx_action (net/core/dev.c:7265)\n[ 69.261718] ? __qdisc_run (net/sched/sch_generic.c:293)\n[ 69.261721] ? sched_clock (arch/x86/include/asm/preempt.h:84 arch/x86/kernel/tsc.c:288)\n[ 69.261726] handle_softirqs (kernel/softirq.c:561)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21890",
"url": "https://www.suse.com/security/cve/CVE-2025-21890"
},
{
"category": "external",
"summary": "SUSE Bug 1240173 for CVE-2025-21890",
"url": "https://bugzilla.suse.com/1240173"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21890"
},
{
"cve": "CVE-2025-21891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21891"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: ensure network headers are in skb linear part\n\nsyzbot found that ipvlan_process_v6_outbound() was assuming\nthe IPv6 network header isis present in skb-\u003ehead [1]\n\nAdd the needed pskb_network_may_pull() calls for both\nIPv4 and IPv6 handlers.\n\n[1]\nBUG: KMSAN: uninit-value in __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n ipv6_addr_type include/net/ipv6.h:555 [inline]\n ip6_route_output_flags_noref net/ipv6/route.c:2616 [inline]\n ip6_route_output_flags+0x51/0x720 net/ipv6/route.c:2651\n ip6_route_output include/net/ip6_route.h:93 [inline]\n ipvlan_route_v6_outbound+0x24e/0x520 drivers/net/ipvlan/ipvlan_core.c:476\n ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:491 [inline]\n ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:541 [inline]\n ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:605 [inline]\n ipvlan_queue_xmit+0xd72/0x1780 drivers/net/ipvlan/ipvlan_core.c:671\n ipvlan_start_xmit+0x5b/0x210 drivers/net/ipvlan/ipvlan_main.c:223\n __netdev_start_xmit include/linux/netdevice.h:5150 [inline]\n netdev_start_xmit include/linux/netdevice.h:5159 [inline]\n xmit_one net/core/dev.c:3735 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3751\n sch_direct_xmit+0x399/0xd40 net/sched/sch_generic.c:343\n qdisc_restart net/sched/sch_generic.c:408 [inline]\n __qdisc_run+0x14da/0x35d0 net/sched/sch_generic.c:416\n qdisc_run+0x141/0x4d0 include/net/pkt_sched.h:127\n net_tx_action+0x78b/0x940 net/core/dev.c:5484\n handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561\n __do_softirq+0x14/0x1a kernel/softirq.c:595\n do_softirq+0x9a/0x100 kernel/softirq.c:462\n __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:389\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]\n __dev_queue_xmit+0x2758/0x57d0 net/core/dev.c:4611\n dev_queue_xmit include/linux/netdevice.h:3311 [inline]\n packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3132 [inline]\n packet_sendmsg+0x93e0/0xa7e0 net/packet/af_packet.c:3164\n sock_sendmsg_nosec net/socket.c:718 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21891",
"url": "https://www.suse.com/security/cve/CVE-2025-21891"
},
{
"category": "external",
"summary": "SUSE Bug 1240186 for CVE-2025-21891",
"url": "https://bugzilla.suse.com/1240186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21891"
},
{
"cve": "CVE-2025-21892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21892"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix the recovery flow of the UMR QP\n\nThis patch addresses an issue in the recovery flow of the UMR QP,\nensuring tasks do not get stuck, as highlighted by the call trace [1].\n\nDuring recovery, before transitioning the QP to the RESET state, the\nsoftware must wait for all outstanding WRs to complete.\n\nFailing to do so can cause the firmware to skip sending some flushed\nCQEs with errors and simply discard them upon the RESET, as per the IB\nspecification.\n\nThis race condition can result in lost CQEs and tasks becoming stuck.\n\nTo resolve this, the patch sends a final WR which serves only as a\nbarrier before moving the QP state to RESET.\n\nOnce a CQE is received for that final WR, it guarantees that no\noutstanding WRs remain, making it safe to transition the QP to RESET and\nsubsequently back to RTS, restoring proper functionality.\n\nNote:\nFor the barrier WR, we simply reuse the failed and ready WR.\nSince the QP is in an error state, it will only receive\nIB_WC_WR_FLUSH_ERR. However, as it serves only as a barrier we don\u0027t\ncare about its status.\n\n[1]\nINFO: task rdma_resource_l:1922 blocked for more than 120 seconds.\nTainted: G W 6.12.0-rc7+ #1626\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:rdma_resource_l state:D stack:0 pid:1922 tgid:1922 ppid:1369\n flags:0x00004004\nCall Trace:\n\u003cTASK\u003e\n__schedule+0x420/0xd30\nschedule+0x47/0x130\nschedule_timeout+0x280/0x300\n? mark_held_locks+0x48/0x80\n? lockdep_hardirqs_on_prepare+0xe5/0x1a0\nwait_for_completion+0x75/0x130\nmlx5r_umr_post_send_wait+0x3c2/0x5b0 [mlx5_ib]\n? __pfx_mlx5r_umr_done+0x10/0x10 [mlx5_ib]\nmlx5r_umr_revoke_mr+0x93/0xc0 [mlx5_ib]\n__mlx5_ib_dereg_mr+0x299/0x520 [mlx5_ib]\n? _raw_spin_unlock_irq+0x24/0x40\n? wait_for_completion+0xfe/0x130\n? rdma_restrack_put+0x63/0xe0 [ib_core]\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? __lock_acquire+0x64e/0x2080\n? mark_held_locks+0x48/0x80\n? find_held_lock+0x2d/0xa0\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? __fget_files+0xc3/0x1b0\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n__x64_sys_ioctl+0x1b0/0xa70\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f99c918b17b\nRSP: 002b:00007ffc766d0468 EFLAGS: 00000246 ORIG_RAX:\n 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffc766d0578 RCX:\n 00007f99c918b17b\nRDX: 00007ffc766d0560 RSI: 00000000c0181b01 RDI:\n 0000000000000003\nRBP: 00007ffc766d0540 R08: 00007f99c8f99010 R09:\n 000000000000bd7e\nR10: 00007f99c94c1c70 R11: 0000000000000246 R12:\n 00007ffc766d0530\nR13: 000000000000001c R14: 0000000040246a80 R15:\n 0000000000000000\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21892",
"url": "https://www.suse.com/security/cve/CVE-2025-21892"
},
{
"category": "external",
"summary": "SUSE Bug 1240175 for CVE-2025-21892",
"url": "https://bugzilla.suse.com/1240175"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21892"
}
]
}
suse-su-2025:0856-1
Vulnerability from csaf_suse
Published
2025-03-13 15:46
Modified
2025-03-13 15:46
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).
- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).
- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).
- CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439).
- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).
- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).
- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).
- CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028).
- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).
- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).
- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).
- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).
- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).
- CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032).
- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).
- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).
- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).
- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).
- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113).
- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114).
- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115).
- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122).
- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123).
- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).
- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).
- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).
- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).
- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).
- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).
- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).
- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).
- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).
- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).
- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).
- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).
- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).
- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).
- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).
- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).
- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).
- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).
- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).
The following non-security bugs were fixed:
- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).
- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).
- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).
- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).
- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).
- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).
- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).
- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).
- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).
- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).
- ALSA: seq: Make dependency on UMP clearer (git-fixes).
- ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes).
- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).
- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).
- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).
- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).
- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).
- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).
- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).
- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).
- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).
- ASoC: es8328: fix route from DAC to output (git-fixes).
- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).
- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).
- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).
- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).
- Fix memory-hotplug regression (bsc#1237504).
- Grab mm lock before grabbing pt lock (git-fixes).
- HID: Wacom: Add PCI Wacom device support (stable-fixes).
- HID: hid-steam: Add Deck IMU support (stable-fixes).
- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).
- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).
- HID: hid-steam: Clean up locking (stable-fixes).
- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).
- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).
- HID: hid-steam: Fix cleanup in probe() (git-fixes).
- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).
- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).
- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).
- HID: hid-steam: remove pointless error message (stable-fixes).
- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).
- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).
- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)
- Input: allocate keycode for phone linking (stable-fixes).
- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).
- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).
- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).
- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).
- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).
- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).
- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).
- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)
- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).
- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).
- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).
- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).
- KVM: x86/mmu: Skip the 'try unsync' path iff the old SPTE was a leaf SPTE (git-fixes).
- KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes).
- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).
- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).
- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).
- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).
- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).
- KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes).
- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).
- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).
- PCI: Use downstream bridges for distributing resources (bsc#1237325).
- PCI: hookup irq_get_affinity callback (bsc#1236896).
- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).
- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).
- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)
- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)
- RDMA/efa: Reset device on probe failure (git-fixes)
- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)
- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).
- RDMA/mlx5: Fix AH static rate parsing (git-fixes)
- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)
- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)
- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)
- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)
- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)
- RDMA/rxe: Improve newline in printing messages (git-fixes)
- Revert 'blk-throttle: Fix IO hang for a corner case' (git-fixes).
- Revert 'drm/amd/display: Use HW lock mgr for PSR1' (stable-fixes).
- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).
- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).
- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).
- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).
- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).
- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).
- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).
- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).
- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).
- USB: serial: option: drop MeiG Smart defines (stable-fixes).
- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).
- Update 'drm/mgag200: Added support for the new device G200eH5' (jsc#PED-12094).
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- acct: block access to kernel internal filesystems (git-fixes).
- acct: perform last write from workqueue (git-fixes).
- add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE.
- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).
- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).
- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)
- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)
- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).
- batman-adv: Drop unmanaged ELP metric worker (git-fixes).
- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).
- batman-adv: fix panic during interface removal (git-fixes).
- bio-integrity: do not restrict the size of integrity metadata (git-fixes).
- blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558).
- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).
- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).
- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).
- blk-mq: add number of queue calc helper (bsc#1236897).
- blk-mq: create correct map for fallback case (bsc#1236896).
- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).
- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).
- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).
- blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes).
- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).
- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).
- blk_iocost: remove some duplicate irq disable/enables (git-fixes).
- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).
- block: Clear zone limits for a non-zoned stacked queue (git-fixes).
- block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes).
- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).
- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).
- block: Provide bdev_open_* functions (git-fixes).
- block: Remove special-casing of compound pages (git-fixes).
- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).
- block: add a disk_has_partscan helper (git-fixes).
- block: add a partscan sysfs attribute for disks (git-fixes).
- block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes).
- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).
- block: change rq_integrity_vec to respect the iterator (git-fixes).
- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).
- block: ensure we hold a queue reference when using queue limits (git-fixes).
- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).
- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).
- block: fix integer overflow in BLKSECDISCARD (git-fixes).
- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).
- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).
- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).
- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).
- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).
- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).
- block: retry call probe after request_module in blk_request_module (git-fixes).
- block: return unsigned int from bdev_io_min (git-fixes).
- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).
- block: support to account io_ticks precisely (git-fixes).
- block: use the right type for stub rq_integrity_vec() (git-fixes).
- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).
- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).
- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).
- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).
- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).
- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).
- can: ctucanfd: handle skb allocation failure (git-fixes).
- can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes).
- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).
- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).
- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).
- cifs: Remove intermediate object of failed create reparse call (git-fixes).
- cifs: commands that are retried should have replay flag set (bsc#1231432).
- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).
- cifs: helper function to check replayable error codes (bsc#1231432).
- cifs: new mount option called retrans (bsc#1231432).
- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).
- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).
- cifs: update desired access while requesting for directory lease (git-fixes).
- cifs: update the same create_guid on replay (git-fixes).
- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).
- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).
- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).
- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).
- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).
- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).
- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).
- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).
- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).
- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).
- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).
- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).
- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).
- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).
- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).
- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).
- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).
- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).
- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).
- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).
- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).
- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).
- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).
- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).
- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).
- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).
- cxgb4: Avoid removal of uninserted tid (git-fixes).
- cxgb4: use port number to set mac addr (git-fixes).
- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).
- dlm: fix srcu_read_lock() return type to int (git-fixes).
- doc: update managed_irq documentation (bsc#1236897).
- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).
- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).
- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).
- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).
- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).
- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).
- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).
- drm/amdkfd: only flush the validate MES contex (stable-fixes).
- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).
- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).
- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).
- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).
- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).
- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).
- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).
- drm/i915/selftests: avoid using uninitialized context (git-fixes).
- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).
- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).
- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).
- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).
- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)
- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).
- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).
- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).
- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).
- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).
- drm/msm: Avoid rounding up to one jiffy (git-fixes).
- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).
- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).
- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).
- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).
- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).
- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).
- drm/virtio: New fence for every plane update (stable-fixes).
- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).
- efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes).
- eth: gve: use appropriate helper to set xdp_features (git-fixes).
- exfat: convert to ctime accessor functions (git-fixes).
- exfat: fix file being changed by unaligned direct write (git-fixes).
- exfat: fix zero the unwritten part for dio read (git-fixes).
- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).
- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).
- futex: Do not include process MM in futex key on no-MMU (git-fixes).
- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).
- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).
- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).
- gpio: pca953x: Improve interrupt support (git-fixes).
- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).
- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).
- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).
- gup: make the stack expansion warning a bit more targeted (bsc#1238214).
- hfs: Sanity check the root record (git-fixes).
- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).
- i2c: ls2x: Fix frequency division register access (git-fixes).
- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).
- iavf: allow changing VLAN state without calling PF (git-fixes).
- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).
- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).
- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).
- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).
- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).
- ice: fix max values for dpll pin phase adjust (git-fixes).
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).
- ice: gather page_count()'s of each frag right before XDP prog call (git-fixes).
- ice: put Rx buffers after being done with current frame (git-fixes).
- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).
- ice: use internal pf id instead of function number (git-fixes).
- idpf: add read memory barrier when checking descriptor done bit (git-fixes).
- idpf: call set_real_num_queues in idpf_open (bsc#1236661).
- idpf: convert workqueues to unbound (git-fixes).
- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).
- idpf: fix handling rsc packet with a single segment (git-fixes).
- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).
- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).
- igc: return early when failing to read EECD register (git-fixes).
- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).
- kabi: fix bus type (bsc#1236896).
- kabi: fix group_cpus_evenly (bsc#1236897).
- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).
- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).
- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).
- kernel-source: Also replace bin/env
- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).
- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).
- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).
- lib: stackinit: hide never-taken branch from compiler (stable-fixes).
- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).
- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).
- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).
- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).
- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).
- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).
- md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes).
- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).
- md/md-cluster: fix spares warnings for __le64 (git-fixes).
- md/raid0: do not free conf on raid0_run failure (git-fixes).
- md/raid1: do not free conf on raid0_run failure (git-fixes).
- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).
- md: Do not flush sync_work in md_write_start() (git-fixes).
- md: convert comma to semicolon (git-fixes).
- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).
- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).
- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).
- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).
- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).
- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).
- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).
- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).
- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).
- mptcp: export local_address (git-fixes)
- mptcp: fix NL PM announced address accounting (git-fixes)
- mptcp: fix data races on local_id (git-fixes)
- mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)
- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)
- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)
- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)
- mptcp: pm: deny endp with signal + subflow + port (git-fixes)
- mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes)
- mptcp: pm: do not try to create sf if alloc failed (git-fixes)
- mptcp: pm: fullmesh: select the right ID later (git-fixes)
- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)
- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)
- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)
- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)
- mptcp: pm: re-using ID of unused removed subflows (git-fixes)
- mptcp: pm: reduce indentation blocks (git-fixes)
- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)
- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)
- mptcp: unify pm get_local_id interfaces (git-fixes)
- mptcp: unify pm set_flags interfaces (git-fixes)
- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).
- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).
- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).
- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).
- nbd: Fix signal handling (git-fixes).
- nbd: Improve the documentation of the locking assumptions (git-fixes).
- nbd: do not allow reconnect after disconnect (git-fixes).
- net/mlx5: Correct TASR typo into TSAR (git-fixes).
- net/mlx5: Fix RDMA TX steering prio (git-fixes).
- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).
- net/mlx5: SF, Fix add port error handling (git-fixes).
- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).
- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).
- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).
- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).
- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).
- net: Fix undefined behavior in netdev name allocation (bsc#1233749).
- net: avoid UAF on deleted altname (bsc#1233749).
- net: check for altname conflicts when changing netdev's netns (bsc#1233749).
- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).
- net: do not send a MOVE event when netdev changes netns (bsc#1233749).
- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).
- net: fix ifname in netlink ntf during netns move (bsc#1233749).
- net: fix removing a namespace with conflicting altnames (bsc#1233749).
- net: free altname using an RCU callback (bsc#1233749).
- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).
- net: move altnames together with the netdevice (bsc#1233749).
- net: reduce indentation of __dev_alloc_name() (bsc#1233749).
- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).
- net: remove else after return in dev_prep_valid_name() (bsc#1233749).
- net: rose: lock the socket in rose_bind() (git-fixes).
- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).
- net: smc: fix spurious error message from __sock_release() (bsc#1237126).
- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).
- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).
- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).
- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).
- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).
- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).
- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).
- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).
- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).
- null_blk: fix validation of block size (git-fixes).
- nvme-fc: use ctrl state getter (git-fixes).
- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).
- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).
- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).
- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).
- nvme/ioctl: add missing space in err message (git-fixes).
- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).
- nvme: make nvme_tls_attrs_group static (git-fixes).
- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- nvme: tcp: Fix compilation warning with W=1 (git-fixes).
- nvmet: Fix crash when a namespace is disabled (git-fixes).
- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).
- padata: Clean up in padata_do_multithreaded() (bsc#1237563).
- padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563).
- partitions: ldm: remove the initial kernel-doc notation (git-fixes).
- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).
- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).
- phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes).
- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).
- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).
- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).
- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).
- platform/x86: ISST: Ignore minor version change (bsc#1237452).
- platform/x86: acer-wmi: Ignore AC events (stable-fixes).
- platform/x86: int3472: Check for adev == NULL (stable-fixes).
- power: supply: da9150-fg: fix potential overflow (git-fixes).
- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).
- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).
- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).
- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).
- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932).
- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).
- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).
- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).
- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).
- rbd: do not move requests to the running list on errors (git-fixes).
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).
- regmap-irq: Add missing kfree() (git-fixes).
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205).
- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).
- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).
- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).
- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).
- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).
- s390/pci: Ignore RID for isolated VFs (bsc#1236752).
- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).
- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).
- s390/pci: Use topology ID for multi-function devices (bsc#1236752).
- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).
- s390/topology: Improve topology detection (bsc#1236591).
- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).
- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).
- scsi: core: Clear driver private data when retrying request (git-fixes).
- scsi: core: Handle depopulation and restoration in progress (git-fixes).
- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).
- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).
- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).
- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).
- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).
- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).
- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- selftest: hugetlb_dio: fix test naming (git-fixes).
- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).
- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).
- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).
- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).
- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).
- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).
- selftests: mptcp: connect: -f: no reconnect (git-fixes).
- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).
- serial: 8250: Fix fifo underflow on flush (git-fixes).
- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).
- smb3: fix creating FIFOs when mounting with 'sfu' mount option (git-fixes).
- smb3: request handle caching when caching directories (bsc#1231432).
- smb3: retrying on failed server close (bsc#1231432).
- smb: cached directories can be more than root file handle (bsc#1231432).
- smb: cilent: set reparse mount points as automounts (git-fixes).
- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).
- smb: client: Fix minor whitespace errors and warnings (git-fixes).
- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).
- smb: client: add support for WSL reparse points (git-fixes).
- smb: client: allow creating special files via reparse points (git-fixes).
- smb: client: allow creating symlinks via reparse points (git-fixes).
- smb: client: cleanup smb2_query_reparse_point() (git-fixes).
- smb: client: do not query reparse points twice on symlinks (git-fixes).
- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).
- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).
- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).
- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).
- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).
- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).
- smb: client: fix hardlinking of reparse points (git-fixes).
- smb: client: fix missing mode bits for SMB symlinks (git-fixes).
- smb: client: fix possible double free in smb2_set_ea() (git-fixes).
- smb: client: fix potential broken compound request (git-fixes).
- smb: client: fix renaming of reparse points (git-fixes).
- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).
- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).
- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).
- smb: client: handle path separator of created SMB symlinks (git-fixes).
- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).
- smb: client: ignore unhandled reparse tags (git-fixes).
- smb: client: implement ->query_reparse_point() for SMB1 (git-fixes).
- smb: client: instantiate when creating SFU files (git-fixes).
- smb: client: introduce ->parse_reparse_point() (git-fixes).
- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).
- smb: client: introduce cifs_sfu_make_node() (git-fixes).
- smb: client: introduce reparse mount option (git-fixes).
- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).
- smb: client: move most of reparse point handling code to common file (git-fixes).
- smb: client: move some params to cifs_open_info_data (bsc#1231432).
- smb: client: optimise reparse point querying (git-fixes).
- smb: client: parse owner/group when creating reparse points (git-fixes).
- smb: client: parse reparse point flag in create response (bsc#1231432).
- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).
- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).
- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).
- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).
- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).
- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).
- smb: client: retry compound request without reusing lease (git-fixes).
- smb: client: return reparse type in /proc/mounts (git-fixes).
- smb: client: reuse file lease key in compound operations (git-fixes).
- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).
- smb: client: set correct file type from NFS reparse points (git-fixes).
- smb: client: stop revalidating reparse points unnecessarily (git-fixes).
- smb: use kernel_connect() and kernel_bind() (git-fixes).
- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).
- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).
- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).
- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).
- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).
- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).
- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).
- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).
- spi: sn-f-ospi: Fix division by zero (git-fixes).
- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).
- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).
- tools: fix annoying 'mkdir -p ...' logs when building tools in parallel (git-fixes).
- ublk: fix error code for unsupported command (git-fixes).
- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).
- ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes).
- ublk: move zone report data out of request pdu (git-fixes).
- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).
- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).
- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).
- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).
- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).
- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).
- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).
- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).
- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).
- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).
- usb: roles: set switch registered flag early on (git-fixes).
- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).
- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).
- usbnet: ipheth: document scope of NCM implementation (stable-fixes).
- util_macros.h: fix/rework find_closest() macros (git-fixes).
- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).
- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- virtio: hookup irq_get_affinity callback (bsc#1236896).
- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).
- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).
- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).
- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).
- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).
- wifi: iwlwifi: avoid memory leak (stable-fixes).
- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).
- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).
- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).
- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).
- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).
- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).
- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).
- x86/asm: Make serialize() always_inline (git-fixes).
- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).
- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).
- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).
- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
- xen/swiotlb: relax alignment requirements (git-fixes).
- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).
- zram: clear IDLE flag after recompression (git-fixes).
- zram: clear IDLE flag in mark_idle() (git-fixes).
- zram: do not mark idle slots that cannot be idle (git-fixes).
- zram: fix potential UAF of zram table (git-fixes).
- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).
- zram: refuse to use zero sized block device as backing device (git-fixes).
- zram: split memory-tracking and ac-time tracking (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).
- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)
- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)
- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)
- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes).
- drm/sched: Fix preprocessor guard (git-fixes).
- exfat: do not zero the extended part (bsc#1237356).
- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).
- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).
- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).
- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).
- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)
- packaging: Turn gcc version into config.sh variable.
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- scsi: core: Do not retry I/Os during depopulation (git-fixes).
- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).
- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).
- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).
- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).
- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).
- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).
- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).
- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).
- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).
- scsi: myrb: Remove dead code (git-fixes).
- scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).
- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).
- scsi: sg: Enable runtime power management (git-fixes).
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).
- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).
- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).
- wifi: iwlwifi: limit printed string from FW file (git-fixes).
- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).
- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).
Patchnames
SUSE-2025-856,SUSE-SLE-Module-Basesystem-15-SP6-2025-856,SUSE-SLE-Module-Development-Tools-15-SP6-2025-856,SUSE-SLE-Module-Legacy-15-SP6-2025-856,SUSE-SLE-Module-Live-Patching-15-SP6-2025-856,SUSE-SLE-Product-HA-15-SP6-2025-856,SUSE-SLE-Product-WE-15-SP6-2025-856,openSUSE-SLE-15.6-2025-856
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).\n- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).\n- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).\n- CVE-2024-45010: mptcp: pm: only mark \u0027subflow\u0027 endp as available (bsc#1230439).\n- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).\n- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).\n- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).\n- CVE-2024-50142: xfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset (bsc#1233028).\n- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).\n- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).\n- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).\n- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).\n- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).\n- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).\n- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).\n- CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032).\n- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).\n- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).\n- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).\n- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).\n- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy (bsc#1236113).\n- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current-\u003ensproxy (bsc#1236114).\n- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current-\u003ensproxy (bsc#1236115).\n- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current-\u003ensproxy (bsc#1236122).\n- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy (bsc#1236123).\n- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).\n- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).\n- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).\n- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).\n- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).\n- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).\n- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).\n- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).\n- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).\n- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).\n- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).\n- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).\n- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).\n- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).\n- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).\n- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).\n- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).\n- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).\n- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).\n- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).\n- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).\n- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).\n\nThe following non-security bugs were fixed:\n\n- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).\n- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).\n- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).\n- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).\n- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).\n- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).\n- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).\n- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).\n- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).\n- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).\n- ALSA: seq: Make dependency on UMP clearer (git-fixes).\n- ALSA: seq: remove redundant \u0027tristate\u0027 for SND_SEQ_UMP_CLIENT (stable-fixes).\n- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).\n- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).\n- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).\n- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).\n- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).\n- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).\n- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).\n- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).\n- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).\n- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).\n- ASoC: es8328: fix route from DAC to output (git-fixes).\n- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).\n- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).\n- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).\n- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).\n- Fix memory-hotplug regression (bsc#1237504).\n- Grab mm lock before grabbing pt lock (git-fixes).\n- HID: Wacom: Add PCI Wacom device support (stable-fixes).\n- HID: hid-steam: Add Deck IMU support (stable-fixes).\n- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).\n- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).\n- HID: hid-steam: Clean up locking (stable-fixes).\n- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).\n- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).\n- HID: hid-steam: Fix cleanup in probe() (git-fixes).\n- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).\n- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).\n- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).\n- HID: hid-steam: remove pointless error message (stable-fixes).\n- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).\n- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).\n- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)\n- Input: allocate keycode for phone linking (stable-fixes).\n- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).\n- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).\n- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).\n- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).\n- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).\n- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).\n- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).\n- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)\n- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).\n- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).\n- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).\n- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).\n- KVM: x86/mmu: Skip the \u0027try unsync\u0027 path iff the old SPTE was a leaf SPTE (git-fixes).\n- KVM: x86: AMD\u0027s IBPB is not equivalent to Intel\u0027s IBPB (git-fixes).\n- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).\n- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).\n- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).\n- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).\n- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).\n- KVM: x86: Reject Hyper-V\u0027s SEND_IPI hypercalls if local APIC isn\u0027t in-kernel (git-fixes).\n- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).\n- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).\n- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).\n- PCI: Use downstream bridges for distributing resources (bsc#1237325).\n- PCI: hookup irq_get_affinity callback (bsc#1236896).\n- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).\n- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).\n- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)\n- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)\n- RDMA/efa: Reset device on probe failure (git-fixes)\n- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)\n- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).\n- RDMA/mlx5: Fix AH static rate parsing (git-fixes)\n- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)\n- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)\n- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)\n- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)\n- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)\n- RDMA/rxe: Improve newline in printing messages (git-fixes)\n- Revert \u0027blk-throttle: Fix IO hang for a corner case\u0027 (git-fixes).\n- Revert \u0027drm/amd/display: Use HW lock mgr for PSR1\u0027 (stable-fixes).\n- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).\n- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).\n- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).\n- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).\n- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).\n- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).\n- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).\n- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).\n- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).\n- USB: serial: option: drop MeiG Smart defines (stable-fixes).\n- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).\n- Update \u0027drm/mgag200: Added support for the new device G200eH5\u0027 (jsc#PED-12094).\n- Use gcc-13 for build on SLE16 (jsc#PED-10028).\n- acct: block access to kernel internal filesystems (git-fixes).\n- acct: perform last write from workqueue (git-fixes).\n- add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE.\n- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).\n- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).\n- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)\n- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)\n- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)\n- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).\n- batman-adv: Drop unmanaged ELP metric worker (git-fixes).\n- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).\n- batman-adv: fix panic during interface removal (git-fixes).\n- bio-integrity: do not restrict the size of integrity metadata (git-fixes).\n- blk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage (bsc#1237558).\n- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).\n- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).\n- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).\n- blk-mq: add number of queue calc helper (bsc#1236897).\n- blk-mq: create correct map for fallback case (bsc#1236896).\n- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).\n- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).\n- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).\n- blk-mq: move cpuhp callback registering out of q-\u003esysfs_lock (git-fixes).\n- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).\n- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).\n- blk_iocost: remove some duplicate irq disable/enables (git-fixes).\n- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).\n- block: Clear zone limits for a non-zoned stacked queue (git-fixes).\n- block: Fix elevator_get_default() checking for NULL q-\u003etag_set (git-fixes).\n- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).\n- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).\n- block: Provide bdev_open_* functions (git-fixes).\n- block: Remove special-casing of compound pages (git-fixes).\n- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).\n- block: add a disk_has_partscan helper (git-fixes).\n- block: add a partscan sysfs attribute for disks (git-fixes).\n- block: add check of \u0027minors\u0027 and \u0027first_minor\u0027 in device_add_disk() (git-fixes).\n- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).\n- block: change rq_integrity_vec to respect the iterator (git-fixes).\n- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).\n- block: ensure we hold a queue reference when using queue limits (git-fixes).\n- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).\n- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).\n- block: fix integer overflow in BLKSECDISCARD (git-fixes).\n- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).\n- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).\n- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).\n- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).\n- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).\n- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).\n- block: retry call probe after request_module in blk_request_module (git-fixes).\n- block: return unsigned int from bdev_io_min (git-fixes).\n- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).\n- block: support to account io_ticks precisely (git-fixes).\n- block: use the right type for stub rq_integrity_vec() (git-fixes).\n- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).\n- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).\n- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).\n- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).\n- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).\n- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).\n- can: ctucanfd: handle skb allocation failure (git-fixes).\n- can: etas_es58x: fix potential NULL pointer dereference on udev-\u003eserial (git-fixes).\n- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).\n- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).\n- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).\n- cifs: Remove intermediate object of failed create reparse call (git-fixes).\n- cifs: commands that are retried should have replay flag set (bsc#1231432).\n- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).\n- cifs: helper function to check replayable error codes (bsc#1231432).\n- cifs: new mount option called retrans (bsc#1231432).\n- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).\n- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).\n- cifs: update desired access while requesting for directory lease (git-fixes).\n- cifs: update the same create_guid on replay (git-fixes).\n- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).\n- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).\n- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).\n- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).\n- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).\n- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).\n- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).\n- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).\n- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).\n- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).\n- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).\n- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).\n- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).\n- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).\n- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).\n- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).\n- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).\n- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).\n- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).\n- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).\n- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).\n- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).\n- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).\n- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).\n- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).\n- cxgb4: Avoid removal of uninserted tid (git-fixes).\n- cxgb4: use port number to set mac addr (git-fixes).\n- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).\n- dlm: fix srcu_read_lock() return type to int (git-fixes).\n- doc: update managed_irq documentation (bsc#1236897).\n- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).\n- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).\n- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).\n- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).\n- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).\n- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).\n- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).\n- drm/amdkfd: only flush the validate MES contex (stable-fixes).\n- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).\n- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).\n- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).\n- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).\n- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).\n- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).\n- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).\n- drm/i915/selftests: avoid using uninitialized context (git-fixes).\n- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).\n- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).\n- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).\n- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).\n- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)\n- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).\n- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).\n- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).\n- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).\n- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).\n- drm/msm: Avoid rounding up to one jiffy (git-fixes).\n- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).\n- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).\n- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).\n- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).\n- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).\n- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).\n- drm/virtio: New fence for every plane update (stable-fixes).\n- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).\n- efi: libstub: Use \u0027-std=gnu11\u0027 to fix build with GCC 15 (stable-fixes).\n- eth: gve: use appropriate helper to set xdp_features (git-fixes).\n- exfat: convert to ctime accessor functions (git-fixes).\n- exfat: fix file being changed by unaligned direct write (git-fixes).\n- exfat: fix zero the unwritten part for dio read (git-fixes).\n- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).\n- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).\n- futex: Do not include process MM in futex key on no-MMU (git-fixes).\n- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).\n- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).\n- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).\n- gpio: pca953x: Improve interrupt support (git-fixes).\n- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).\n- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).\n- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).\n- gup: make the stack expansion warning a bit more targeted (bsc#1238214).\n- hfs: Sanity check the root record (git-fixes).\n- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).\n- i2c: ls2x: Fix frequency division register access (git-fixes).\n- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).\n- iavf: allow changing VLAN state without calling PF (git-fixes).\n- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).\n- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).\n- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).\n- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).\n- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).\n- ice: fix max values for dpll pin phase adjust (git-fixes).\n- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).\n- ice: gather page_count()\u0027s of each frag right before XDP prog call (git-fixes).\n- ice: put Rx buffers after being done with current frame (git-fixes).\n- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).\n- ice: use internal pf id instead of function number (git-fixes).\n- idpf: add read memory barrier when checking descriptor done bit (git-fixes).\n- idpf: call set_real_num_queues in idpf_open (bsc#1236661).\n- idpf: convert workqueues to unbound (git-fixes).\n- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).\n- idpf: fix handling rsc packet with a single segment (git-fixes).\n- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).\n- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).\n- igc: return early when failing to read EECD register (git-fixes).\n- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).\n- kabi: fix bus type (bsc#1236896).\n- kabi: fix group_cpus_evenly (bsc#1236897).\n- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).\n- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).\n- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).\n- kernel-source: Also replace bin/env\n- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).\n- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).\n- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).\n- lib: stackinit: hide never-taken branch from compiler (stable-fixes).\n- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).\n- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).\n- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).\n- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).\n- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).\n- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).\n- md/md-bitmap: add \u0027sync_size\u0027 into struct md_bitmap_stats (git-fixes).\n- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).\n- md/md-cluster: fix spares warnings for __le64 (git-fixes).\n- md/raid0: do not free conf on raid0_run failure (git-fixes).\n- md/raid1: do not free conf on raid0_run failure (git-fixes).\n- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).\n- md: Do not flush sync_work in md_write_start() (git-fixes).\n- md: convert comma to semicolon (git-fixes).\n- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).\n- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).\n- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).\n- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).\n- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).\n- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).\n- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).\n- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).\n- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).\n- mptcp: export local_address (git-fixes)\n- mptcp: fix NL PM announced address accounting (git-fixes)\n- mptcp: fix data races on local_id (git-fixes)\n- mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)\n- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)\n- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)\n- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)\n- mptcp: pm: deny endp with signal + subflow + port (git-fixes)\n- mptcp: pm: do not ignore \u0027subflow\u0027 if \u0027signal\u0027 flag is also set (git-fixes)\n- mptcp: pm: do not try to create sf if alloc failed (git-fixes)\n- mptcp: pm: fullmesh: select the right ID later (git-fixes)\n- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)\n- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)\n- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)\n- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)\n- mptcp: pm: re-using ID of unused removed subflows (git-fixes)\n- mptcp: pm: reduce indentation blocks (git-fixes)\n- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)\n- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)\n- mptcp: unify pm get_local_id interfaces (git-fixes)\n- mptcp: unify pm set_flags interfaces (git-fixes)\n- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).\n- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).\n- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).\n- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).\n- nbd: Fix signal handling (git-fixes).\n- nbd: Improve the documentation of the locking assumptions (git-fixes).\n- nbd: do not allow reconnect after disconnect (git-fixes).\n- net/mlx5: Correct TASR typo into TSAR (git-fixes).\n- net/mlx5: Fix RDMA TX steering prio (git-fixes).\n- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).\n- net/mlx5: SF, Fix add port error handling (git-fixes).\n- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).\n- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).\n- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).\n- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).\n- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).\n- net: Fix undefined behavior in netdev name allocation (bsc#1233749).\n- net: avoid UAF on deleted altname (bsc#1233749).\n- net: check for altname conflicts when changing netdev\u0027s netns (bsc#1233749).\n- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).\n- net: do not send a MOVE event when netdev changes netns (bsc#1233749).\n- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).\n- net: fix ifname in netlink ntf during netns move (bsc#1233749).\n- net: fix removing a namespace with conflicting altnames (bsc#1233749).\n- net: free altname using an RCU callback (bsc#1233749).\n- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).\n- net: move altnames together with the netdevice (bsc#1233749).\n- net: reduce indentation of __dev_alloc_name() (bsc#1233749).\n- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).\n- net: remove else after return in dev_prep_valid_name() (bsc#1233749).\n- net: rose: lock the socket in rose_bind() (git-fixes).\n- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).\n- net: smc: fix spurious error message from __sock_release() (bsc#1237126).\n- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).\n- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).\n- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).\n- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).\n- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).\n- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).\n- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).\n- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).\n- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).\n- null_blk: fix validation of block size (git-fixes).\n- nvme-fc: use ctrl state getter (git-fixes).\n- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).\n- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).\n- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).\n- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).\n- nvme/ioctl: add missing space in err message (git-fixes).\n- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).\n- nvme: make nvme_tls_attrs_group static (git-fixes).\n- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- nvme: tcp: Fix compilation warning with W=1 (git-fixes).\n- nvmet: Fix crash when a namespace is disabled (git-fixes).\n- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).\n- padata: Clean up in padata_do_multithreaded() (bsc#1237563).\n- padata: Honor the caller\u0027s alignment in case of chunk_size 0 (bsc#1237563).\n- partitions: ldm: remove the initial kernel-doc notation (git-fixes).\n- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).\n- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).\n- phy: tegra: xusb: reset VBUS \u0026 ID OVERRIDE (git-fixes).\n- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).\n- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).\n- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).\n- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).\n- platform/x86: ISST: Ignore minor version change (bsc#1237452).\n- platform/x86: acer-wmi: Ignore AC events (stable-fixes).\n- platform/x86: int3472: Check for adev == NULL (stable-fixes).\n- power: supply: da9150-fg: fix potential overflow (git-fixes).\n- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).\n- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).\n- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).\n- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).\n- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932).\n- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).\n- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).\n- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).\n- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).\n- rbd: do not move requests to the running list on errors (git-fixes).\n- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).\n- regmap-irq: Add missing kfree() (git-fixes).\n- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)\n- s390/cio: rename bitmap_size() -\u003e idset_bitmap_size() (git-fixes bsc#1236205).\n- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).\n- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).\n- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).\n- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).\n- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).\n- s390/pci: Ignore RID for isolated VFs (bsc#1236752).\n- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).\n- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).\n- s390/pci: Use topology ID for multi-function devices (bsc#1236752).\n- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).\n- s390/topology: Improve topology detection (bsc#1236591).\n- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).\n- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).\n- scsi: core: Clear driver private data when retrying request (git-fixes).\n- scsi: core: Handle depopulation and restoration in progress (git-fixes).\n- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).\n- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).\n- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).\n- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).\n- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).\n- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).\n- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).\n- scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- selftest: hugetlb_dio: fix test naming (git-fixes).\n- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).\n- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).\n- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).\n- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).\n- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).\n- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).\n- selftests: mptcp: connect: -f: no reconnect (git-fixes).\n- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).\n- serial: 8250: Fix fifo underflow on flush (git-fixes).\n- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).\n- smb3: fix creating FIFOs when mounting with \u0027sfu\u0027 mount option (git-fixes).\n- smb3: request handle caching when caching directories (bsc#1231432).\n- smb3: retrying on failed server close (bsc#1231432).\n- smb: cached directories can be more than root file handle (bsc#1231432).\n- smb: cilent: set reparse mount points as automounts (git-fixes).\n- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).\n- smb: client: Fix minor whitespace errors and warnings (git-fixes).\n- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).\n- smb: client: add support for WSL reparse points (git-fixes).\n- smb: client: allow creating special files via reparse points (git-fixes).\n- smb: client: allow creating symlinks via reparse points (git-fixes).\n- smb: client: cleanup smb2_query_reparse_point() (git-fixes).\n- smb: client: do not query reparse points twice on symlinks (git-fixes).\n- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).\n- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).\n- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).\n- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).\n- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).\n- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).\n- smb: client: fix hardlinking of reparse points (git-fixes).\n- smb: client: fix missing mode bits for SMB symlinks (git-fixes).\n- smb: client: fix possible double free in smb2_set_ea() (git-fixes).\n- smb: client: fix potential broken compound request (git-fixes).\n- smb: client: fix renaming of reparse points (git-fixes).\n- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).\n- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).\n- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).\n- smb: client: handle path separator of created SMB symlinks (git-fixes).\n- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).\n- smb: client: ignore unhandled reparse tags (git-fixes).\n- smb: client: implement -\u003equery_reparse_point() for SMB1 (git-fixes).\n- smb: client: instantiate when creating SFU files (git-fixes).\n- smb: client: introduce -\u003eparse_reparse_point() (git-fixes).\n- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).\n- smb: client: introduce cifs_sfu_make_node() (git-fixes).\n- smb: client: introduce reparse mount option (git-fixes).\n- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).\n- smb: client: move most of reparse point handling code to common file (git-fixes).\n- smb: client: move some params to cifs_open_info_data (bsc#1231432).\n- smb: client: optimise reparse point querying (git-fixes).\n- smb: client: parse owner/group when creating reparse points (git-fixes).\n- smb: client: parse reparse point flag in create response (bsc#1231432).\n- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).\n- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).\n- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).\n- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).\n- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).\n- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).\n- smb: client: retry compound request without reusing lease (git-fixes).\n- smb: client: return reparse type in /proc/mounts (git-fixes).\n- smb: client: reuse file lease key in compound operations (git-fixes).\n- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).\n- smb: client: set correct file type from NFS reparse points (git-fixes).\n- smb: client: stop revalidating reparse points unnecessarily (git-fixes).\n- smb: use kernel_connect() and kernel_bind() (git-fixes).\n- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).\n- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).\n- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).\n- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).\n- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).\n- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).\n- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).\n- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).\n- spi: sn-f-ospi: Fix division by zero (git-fixes).\n- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).\n- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).\n- tools: fix annoying \u0027mkdir -p ...\u0027 logs when building tools in parallel (git-fixes).\n- ublk: fix error code for unsupported command (git-fixes).\n- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).\n- ublk: move ublk_cancel_dev() out of ub-\u003emutex (git-fixes).\n- ublk: move zone report data out of request pdu (git-fixes).\n- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).\n- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).\n- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).\n- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).\n- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).\n- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).\n- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).\n- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).\n- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).\n- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).\n- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).\n- usb: roles: set switch registered flag early on (git-fixes).\n- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).\n- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).\n- usbnet: ipheth: document scope of NCM implementation (stable-fixes).\n- util_macros.h: fix/rework find_closest() macros (git-fixes).\n- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).\n- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- virtio: hookup irq_get_affinity callback (bsc#1236896).\n- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).\n- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).\n- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).\n- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).\n- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).\n- wifi: iwlwifi: avoid memory leak (stable-fixes).\n- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).\n- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).\n- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).\n- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).\n- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).\n- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).\n- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).\n- x86/asm: Make serialize() always_inline (git-fixes).\n- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).\n- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).\n- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).\n- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).\n- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).\n- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).\n- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).\n- xen/swiotlb: relax alignment requirements (git-fixes).\n- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).\n- zram: clear IDLE flag after recompression (git-fixes).\n- zram: clear IDLE flag in mark_idle() (git-fixes).\n- zram: do not mark idle slots that cannot be idle (git-fixes).\n- zram: fix potential UAF of zram table (git-fixes).\n- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).\n- zram: refuse to use zero sized block device as backing device (git-fixes).\n- zram: split memory-tracking and ac-time tracking (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).\n- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)\n- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)\n- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)\n- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).\n- drm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in resource_build_scaling_params (git-fixes).\n- drm/sched: Fix preprocessor guard (git-fixes).\n- exfat: do not zero the extended part (bsc#1237356).\n- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).\n- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).\n- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).\n- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).\n- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)\n- packaging: Turn gcc version into config.sh variable.\n- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)\n- scsi: core: Do not retry I/Os during depopulation (git-fixes).\n- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).\n- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).\n- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).\n- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).\n- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).\n- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).\n- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).\n- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).\n- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).\n- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).\n- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).\n- scsi: myrb: Remove dead code (git-fixes).\n- scsi: qedi: Fix potential deadlock on \u0026qedi_percpu-\u003ep_work_lock (git-fixes).\n- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).\n- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).\n- scsi: sg: Enable runtime power management (git-fixes).\n- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).\n- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).\n- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).\n- wifi: iwlwifi: limit printed string from FW file (git-fixes).\n- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).\n- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-856,SUSE-SLE-Module-Basesystem-15-SP6-2025-856,SUSE-SLE-Module-Development-Tools-15-SP6-2025-856,SUSE-SLE-Module-Legacy-15-SP6-2025-856,SUSE-SLE-Module-Live-Patching-15-SP6-2025-856,SUSE-SLE-Product-HA-15-SP6-2025-856,SUSE-SLE-Product-WE-15-SP6-2025-856,openSUSE-SLE-15.6-2025-856",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0856-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0856-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250856-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0856-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020508.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1219367",
"url": "https://bugzilla.suse.com/1219367"
},
{
"category": "self",
"summary": "SUSE Bug 1222672",
"url": "https://bugzilla.suse.com/1222672"
},
{
"category": "self",
"summary": "SUSE Bug 1222803",
"url": "https://bugzilla.suse.com/1222803"
},
{
"category": "self",
"summary": "SUSE Bug 1225606",
"url": "https://bugzilla.suse.com/1225606"
},
{
"category": "self",
"summary": "SUSE Bug 1225742",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "self",
"summary": "SUSE Bug 1225981",
"url": "https://bugzilla.suse.com/1225981"
},
{
"category": "self",
"summary": "SUSE Bug 1227937",
"url": "https://bugzilla.suse.com/1227937"
},
{
"category": "self",
"summary": "SUSE Bug 1228521",
"url": "https://bugzilla.suse.com/1228521"
},
{
"category": "self",
"summary": "SUSE Bug 1230235",
"url": "https://bugzilla.suse.com/1230235"
},
{
"category": "self",
"summary": "SUSE Bug 1230438",
"url": "https://bugzilla.suse.com/1230438"
},
{
"category": "self",
"summary": "SUSE Bug 1230439",
"url": "https://bugzilla.suse.com/1230439"
},
{
"category": "self",
"summary": "SUSE Bug 1230497",
"url": "https://bugzilla.suse.com/1230497"
},
{
"category": "self",
"summary": "SUSE Bug 1231432",
"url": "https://bugzilla.suse.com/1231432"
},
{
"category": "self",
"summary": "SUSE Bug 1231912",
"url": "https://bugzilla.suse.com/1231912"
},
{
"category": "self",
"summary": "SUSE Bug 1231920",
"url": "https://bugzilla.suse.com/1231920"
},
{
"category": "self",
"summary": "SUSE Bug 1231949",
"url": "https://bugzilla.suse.com/1231949"
},
{
"category": "self",
"summary": "SUSE Bug 1232159",
"url": "https://bugzilla.suse.com/1232159"
},
{
"category": "self",
"summary": "SUSE Bug 1232198",
"url": "https://bugzilla.suse.com/1232198"
},
{
"category": "self",
"summary": "SUSE Bug 1232201",
"url": "https://bugzilla.suse.com/1232201"
},
{
"category": "self",
"summary": "SUSE Bug 1232299",
"url": "https://bugzilla.suse.com/1232299"
},
{
"category": "self",
"summary": "SUSE Bug 1232508",
"url": "https://bugzilla.suse.com/1232508"
},
{
"category": "self",
"summary": "SUSE Bug 1232520",
"url": "https://bugzilla.suse.com/1232520"
},
{
"category": "self",
"summary": "SUSE Bug 1232919",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "self",
"summary": "SUSE Bug 1233028",
"url": "https://bugzilla.suse.com/1233028"
},
{
"category": "self",
"summary": "SUSE Bug 1233109",
"url": "https://bugzilla.suse.com/1233109"
},
{
"category": "self",
"summary": "SUSE Bug 1233483",
"url": "https://bugzilla.suse.com/1233483"
},
{
"category": "self",
"summary": "SUSE Bug 1233749",
"url": "https://bugzilla.suse.com/1233749"
},
{
"category": "self",
"summary": "SUSE Bug 1234070",
"url": "https://bugzilla.suse.com/1234070"
},
{
"category": "self",
"summary": "SUSE Bug 1234853",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "self",
"summary": "SUSE Bug 1234857",
"url": "https://bugzilla.suse.com/1234857"
},
{
"category": "self",
"summary": "SUSE Bug 1234891",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "self",
"summary": "SUSE Bug 1234894",
"url": "https://bugzilla.suse.com/1234894"
},
{
"category": "self",
"summary": "SUSE Bug 1234895",
"url": "https://bugzilla.suse.com/1234895"
},
{
"category": "self",
"summary": "SUSE Bug 1234896",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "self",
"summary": "SUSE Bug 1234963",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "self",
"summary": "SUSE Bug 1235032",
"url": "https://bugzilla.suse.com/1235032"
},
{
"category": "self",
"summary": "SUSE Bug 1235054",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "self",
"summary": "SUSE Bug 1235061",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "self",
"summary": "SUSE Bug 1235073",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "self",
"summary": "SUSE Bug 1235435",
"url": "https://bugzilla.suse.com/1235435"
},
{
"category": "self",
"summary": "SUSE Bug 1235485",
"url": "https://bugzilla.suse.com/1235485"
},
{
"category": "self",
"summary": "SUSE Bug 1235592",
"url": "https://bugzilla.suse.com/1235592"
},
{
"category": "self",
"summary": "SUSE Bug 1235599",
"url": "https://bugzilla.suse.com/1235599"
},
{
"category": "self",
"summary": "SUSE Bug 1235609",
"url": "https://bugzilla.suse.com/1235609"
},
{
"category": "self",
"summary": "SUSE Bug 1235932",
"url": "https://bugzilla.suse.com/1235932"
},
{
"category": "self",
"summary": "SUSE Bug 1235933",
"url": "https://bugzilla.suse.com/1235933"
},
{
"category": "self",
"summary": "SUSE Bug 1236113",
"url": "https://bugzilla.suse.com/1236113"
},
{
"category": "self",
"summary": "SUSE Bug 1236114",
"url": "https://bugzilla.suse.com/1236114"
},
{
"category": "self",
"summary": "SUSE Bug 1236115",
"url": "https://bugzilla.suse.com/1236115"
},
{
"category": "self",
"summary": "SUSE Bug 1236122",
"url": "https://bugzilla.suse.com/1236122"
},
{
"category": "self",
"summary": "SUSE Bug 1236123",
"url": "https://bugzilla.suse.com/1236123"
},
{
"category": "self",
"summary": "SUSE Bug 1236133",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "self",
"summary": "SUSE Bug 1236138",
"url": "https://bugzilla.suse.com/1236138"
},
{
"category": "self",
"summary": "SUSE Bug 1236199",
"url": "https://bugzilla.suse.com/1236199"
},
{
"category": "self",
"summary": "SUSE Bug 1236200",
"url": "https://bugzilla.suse.com/1236200"
},
{
"category": "self",
"summary": "SUSE Bug 1236203",
"url": "https://bugzilla.suse.com/1236203"
},
{
"category": "self",
"summary": "SUSE Bug 1236205",
"url": "https://bugzilla.suse.com/1236205"
},
{
"category": "self",
"summary": "SUSE Bug 1236573",
"url": "https://bugzilla.suse.com/1236573"
},
{
"category": "self",
"summary": "SUSE Bug 1236575",
"url": "https://bugzilla.suse.com/1236575"
},
{
"category": "self",
"summary": "SUSE Bug 1236576",
"url": "https://bugzilla.suse.com/1236576"
},
{
"category": "self",
"summary": "SUSE Bug 1236591",
"url": "https://bugzilla.suse.com/1236591"
},
{
"category": "self",
"summary": "SUSE Bug 1236661",
"url": "https://bugzilla.suse.com/1236661"
},
{
"category": "self",
"summary": "SUSE Bug 1236677",
"url": "https://bugzilla.suse.com/1236677"
},
{
"category": "self",
"summary": "SUSE Bug 1236681",
"url": "https://bugzilla.suse.com/1236681"
},
{
"category": "self",
"summary": "SUSE Bug 1236682",
"url": "https://bugzilla.suse.com/1236682"
},
{
"category": "self",
"summary": "SUSE Bug 1236684",
"url": "https://bugzilla.suse.com/1236684"
},
{
"category": "self",
"summary": "SUSE Bug 1236689",
"url": "https://bugzilla.suse.com/1236689"
},
{
"category": "self",
"summary": "SUSE Bug 1236700",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "self",
"summary": "SUSE Bug 1236702",
"url": "https://bugzilla.suse.com/1236702"
},
{
"category": "self",
"summary": "SUSE Bug 1236752",
"url": "https://bugzilla.suse.com/1236752"
},
{
"category": "self",
"summary": "SUSE Bug 1236759",
"url": "https://bugzilla.suse.com/1236759"
},
{
"category": "self",
"summary": "SUSE Bug 1236821",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "self",
"summary": "SUSE Bug 1236822",
"url": "https://bugzilla.suse.com/1236822"
},
{
"category": "self",
"summary": "SUSE Bug 1236896",
"url": "https://bugzilla.suse.com/1236896"
},
{
"category": "self",
"summary": "SUSE Bug 1236897",
"url": "https://bugzilla.suse.com/1236897"
},
{
"category": "self",
"summary": "SUSE Bug 1236952",
"url": "https://bugzilla.suse.com/1236952"
},
{
"category": "self",
"summary": "SUSE Bug 1236967",
"url": "https://bugzilla.suse.com/1236967"
},
{
"category": "self",
"summary": "SUSE Bug 1236994",
"url": "https://bugzilla.suse.com/1236994"
},
{
"category": "self",
"summary": "SUSE Bug 1237007",
"url": "https://bugzilla.suse.com/1237007"
},
{
"category": "self",
"summary": "SUSE Bug 1237017",
"url": "https://bugzilla.suse.com/1237017"
},
{
"category": "self",
"summary": "SUSE Bug 1237025",
"url": "https://bugzilla.suse.com/1237025"
},
{
"category": "self",
"summary": "SUSE Bug 1237028",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "self",
"summary": "SUSE Bug 1237045",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "self",
"summary": "SUSE Bug 1237126",
"url": "https://bugzilla.suse.com/1237126"
},
{
"category": "self",
"summary": "SUSE Bug 1237132",
"url": "https://bugzilla.suse.com/1237132"
},
{
"category": "self",
"summary": "SUSE Bug 1237139",
"url": "https://bugzilla.suse.com/1237139"
},
{
"category": "self",
"summary": "SUSE Bug 1237155",
"url": "https://bugzilla.suse.com/1237155"
},
{
"category": "self",
"summary": "SUSE Bug 1237158",
"url": "https://bugzilla.suse.com/1237158"
},
{
"category": "self",
"summary": "SUSE Bug 1237159",
"url": "https://bugzilla.suse.com/1237159"
},
{
"category": "self",
"summary": "SUSE Bug 1237232",
"url": "https://bugzilla.suse.com/1237232"
},
{
"category": "self",
"summary": "SUSE Bug 1237234",
"url": "https://bugzilla.suse.com/1237234"
},
{
"category": "self",
"summary": "SUSE Bug 1237325",
"url": "https://bugzilla.suse.com/1237325"
},
{
"category": "self",
"summary": "SUSE Bug 1237356",
"url": "https://bugzilla.suse.com/1237356"
},
{
"category": "self",
"summary": "SUSE Bug 1237415",
"url": "https://bugzilla.suse.com/1237415"
},
{
"category": "self",
"summary": "SUSE Bug 1237452",
"url": "https://bugzilla.suse.com/1237452"
},
{
"category": "self",
"summary": "SUSE Bug 1237504",
"url": "https://bugzilla.suse.com/1237504"
},
{
"category": "self",
"summary": "SUSE Bug 1237521",
"url": "https://bugzilla.suse.com/1237521"
},
{
"category": "self",
"summary": "SUSE Bug 1237558",
"url": "https://bugzilla.suse.com/1237558"
},
{
"category": "self",
"summary": "SUSE Bug 1237562",
"url": "https://bugzilla.suse.com/1237562"
},
{
"category": "self",
"summary": "SUSE Bug 1237563",
"url": "https://bugzilla.suse.com/1237563"
},
{
"category": "self",
"summary": "SUSE Bug 1237848",
"url": "https://bugzilla.suse.com/1237848"
},
{
"category": "self",
"summary": "SUSE Bug 1237849",
"url": "https://bugzilla.suse.com/1237849"
},
{
"category": "self",
"summary": "SUSE Bug 1237879",
"url": "https://bugzilla.suse.com/1237879"
},
{
"category": "self",
"summary": "SUSE Bug 1237889",
"url": "https://bugzilla.suse.com/1237889"
},
{
"category": "self",
"summary": "SUSE Bug 1237891",
"url": "https://bugzilla.suse.com/1237891"
},
{
"category": "self",
"summary": "SUSE Bug 1237901",
"url": "https://bugzilla.suse.com/1237901"
},
{
"category": "self",
"summary": "SUSE Bug 1237950",
"url": "https://bugzilla.suse.com/1237950"
},
{
"category": "self",
"summary": "SUSE Bug 1238214",
"url": "https://bugzilla.suse.com/1238214"
},
{
"category": "self",
"summary": "SUSE Bug 1238303",
"url": "https://bugzilla.suse.com/1238303"
},
{
"category": "self",
"summary": "SUSE Bug 1238347",
"url": "https://bugzilla.suse.com/1238347"
},
{
"category": "self",
"summary": "SUSE Bug 1238368",
"url": "https://bugzilla.suse.com/1238368"
},
{
"category": "self",
"summary": "SUSE Bug 1238509",
"url": "https://bugzilla.suse.com/1238509"
},
{
"category": "self",
"summary": "SUSE Bug 1238525",
"url": "https://bugzilla.suse.com/1238525"
},
{
"category": "self",
"summary": "SUSE Bug 1238570",
"url": "https://bugzilla.suse.com/1238570"
},
{
"category": "self",
"summary": "SUSE Bug 1238739",
"url": "https://bugzilla.suse.com/1238739"
},
{
"category": "self",
"summary": "SUSE Bug 1238751",
"url": "https://bugzilla.suse.com/1238751"
},
{
"category": "self",
"summary": "SUSE Bug 1238753",
"url": "https://bugzilla.suse.com/1238753"
},
{
"category": "self",
"summary": "SUSE Bug 1238759",
"url": "https://bugzilla.suse.com/1238759"
},
{
"category": "self",
"summary": "SUSE Bug 1238860",
"url": "https://bugzilla.suse.com/1238860"
},
{
"category": "self",
"summary": "SUSE Bug 1238863",
"url": "https://bugzilla.suse.com/1238863"
},
{
"category": "self",
"summary": "SUSE Bug 1238877",
"url": "https://bugzilla.suse.com/1238877"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52924 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52925 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26708 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26810 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45010 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47701 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49884 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49950 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50029 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50036 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50073 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50115 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50142 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50185 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50294 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50294/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53123 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53147 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53173 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53177 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53178 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53226 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53239 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56539 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56548 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56568 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56568/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56579 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56605 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56605/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56633 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56647 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56720 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57889 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57948 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21636 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21637 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21638 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21639 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21640 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21647 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21665 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21667 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21668 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21680 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21681 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21684 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21687 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21688 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21689 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21689/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21690 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21699 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21705 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21715 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21716 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21719 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21767 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21790 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21799 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21802 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21802/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-03-13T15:46:38Z",
"generator": {
"date": "2025-03-13T15:46:38Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0856-1",
"initial_release_date": "2025-03-13T15:46:38Z",
"revision_history": [
{
"date": "2025-03-13T15:46:38Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"product_id": "cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"product_id": "cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"product_id": "dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"product_id": "dlm-kmp-default-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-allwinner-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-altera-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-altera-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-altera-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-amazon-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-amd-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-amd-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-amd-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-amlogic-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-apm-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-apm-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-apm-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-apple-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-apple-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-apple-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-arm-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-arm-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-arm-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-broadcom-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-cavium-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-exynos-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-freescale-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-hisilicon-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-lg-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-lg-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-lg-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-marvell-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-mediatek-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-nvidia-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-qcom-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-renesas-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-rockchip-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-socionext-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-sprd-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-xilinx-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"product_id": "gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"product_id": "gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"product_id": "kernel-64kb-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"product_id": "kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"product_id": "kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"product_id": "kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "kernel-default-6.4.0-150600.23.42.2.aarch64",
"product_id": "kernel-default-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"product": {
"name": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"product_id": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"product": {
"name": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"product_id": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"product_id": "kernel-default-devel-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"product_id": "kernel-default-extra-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"product_id": "kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"product_id": "kernel-default-optional-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"product_id": "kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"product_id": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"product_id": "kernel-obs-build-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"product_id": "kernel-obs-qa-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-syms-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "kernel-syms-6.4.0-150600.23.42.1.aarch64",
"product_id": "kernel-syms-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"product_id": "kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"product_id": "kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"product_id": "ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"product_id": "ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"product_id": "reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"product_id": "reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.4.0-150600.23.42.1.noarch",
"product": {
"name": "kernel-devel-6.4.0-150600.23.42.1.noarch",
"product_id": "kernel-devel-6.4.0-150600.23.42.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-6.4.0-150600.23.42.1.noarch",
"product": {
"name": "kernel-docs-6.4.0-150600.23.42.1.noarch",
"product_id": "kernel-docs-6.4.0-150600.23.42.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"product": {
"name": "kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"product_id": "kernel-docs-html-6.4.0-150600.23.42.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.4.0-150600.23.42.1.noarch",
"product": {
"name": "kernel-macros-6.4.0-150600.23.42.1.noarch",
"product_id": "kernel-macros-6.4.0-150600.23.42.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-6.4.0-150600.23.42.1.noarch",
"product": {
"name": "kernel-source-6.4.0-150600.23.42.1.noarch",
"product_id": "kernel-source-6.4.0-150600.23.42.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"product": {
"name": "kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"product_id": "kernel-source-vanilla-6.4.0-150600.23.42.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"product_id": "cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"product_id": "dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"product_id": "gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"product_id": "kernel-debug-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"product_id": "kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "kernel-default-6.4.0-150600.23.42.2.ppc64le",
"product_id": "kernel-default-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"product": {
"name": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"product_id": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"product": {
"name": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"product_id": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"product_id": "kernel-default-devel-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"product_id": "kernel-default-extra-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"product_id": "kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"product_id": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"product_id": "kernel-default-optional-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"product_id": "kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"product_id": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"product_id": "kernel-obs-build-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"product": {
"name": "kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"product_id": "kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"product": {
"name": "kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"product_id": "kernel-syms-6.4.0-150600.23.42.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"product_id": "kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"product_id": "ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"product_id": "reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"product": {
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"product_id": "cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"product": {
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"product_id": "dlm-kmp-default-6.4.0-150600.23.42.2.s390x"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"product": {
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"product_id": "gfs2-kmp-default-6.4.0-150600.23.42.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-6.4.0-150600.23.42.2.s390x",
"product": {
"name": "kernel-default-6.4.0-150600.23.42.2.s390x",
"product_id": "kernel-default-6.4.0-150600.23.42.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"product": {
"name": "kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"product_id": "kernel-default-devel-6.4.0-150600.23.42.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"product": {
"name": "kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"product_id": "kernel-default-extra-6.4.0-150600.23.42.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"product": {
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"product_id": "kernel-default-livepatch-6.4.0-150600.23.42.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"product": {
"name": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"product_id": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"product": {
"name": "kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"product_id": "kernel-default-optional-6.4.0-150600.23.42.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"product": {
"name": "kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"product_id": "kernel-obs-build-6.4.0-150600.23.42.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"product": {
"name": "kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"product_id": "kernel-obs-qa-6.4.0-150600.23.42.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-syms-6.4.0-150600.23.42.1.s390x",
"product": {
"name": "kernel-syms-6.4.0-150600.23.42.1.s390x",
"product_id": "kernel-syms-6.4.0-150600.23.42.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"product": {
"name": "kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"product_id": "kernel-zfcpdump-6.4.0-150600.23.42.2.s390x"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"product": {
"name": "kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"product_id": "kselftests-kmp-default-6.4.0-150600.23.42.2.s390x"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"product": {
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"product_id": "ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"product": {
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"product_id": "reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"product_id": "cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"product_id": "dlm-kmp-default-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"product_id": "gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kernel-debug-6.4.0-150600.23.42.2.x86_64",
"product_id": "kernel-debug-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"product_id": "kernel-debug-devel-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"product_id": "kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kernel-default-6.4.0-150600.23.42.2.x86_64",
"product_id": "kernel-default-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"product": {
"name": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"product_id": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"product": {
"name": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"product_id": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"product_id": "kernel-default-devel-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"product_id": "kernel-default-extra-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"product_id": "kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"product_id": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"product_id": "kernel-default-optional-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"product_id": "kernel-default-vdso-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"product_id": "kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"product_id": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"product_id": "kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"product_id": "kernel-obs-build-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"product": {
"name": "kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"product_id": "kernel-obs-qa-6.4.0-150600.23.42.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-6.4.0-150600.23.42.1.x86_64",
"product": {
"name": "kernel-syms-6.4.0-150600.23.42.1.x86_64",
"product_id": "kernel-syms-6.4.0-150600.23.42.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"product_id": "kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"product_id": "ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"product_id": "reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Legacy 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Legacy 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-legacy:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 15 SP6",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Workstation Extension 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Workstation Extension 15 SP6",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-we:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-64kb-6.4.0-150600.23.42.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-150600.23.42.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-default-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-150600.23.42.2.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-default-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-150600.23.42.2.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kernel-default-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-150600.23.42.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-default-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64"
},
"product_reference": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le"
},
"product_reference": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64"
},
"product_reference": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-150600.23.42.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-150600.23.42.2.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-150600.23.42.2.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-150600.23.42.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.4.0-150600.23.42.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch"
},
"product_reference": "kernel-devel-6.4.0-150600.23.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.4.0-150600.23.42.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch"
},
"product_reference": "kernel-macros-6.4.0-150600.23.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-zfcpdump-6.4.0-150600.23.42.2.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-docs-6.4.0-150600.23.42.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch"
},
"product_reference": "kernel-docs-6.4.0-150600.23.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-6.4.0-150600.23.42.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-6.4.0-150600.23.42.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-6.4.0-150600.23.42.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-6.4.0-150600.23.42.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.4.0-150600.23.42.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch"
},
"product_reference": "kernel-source-6.4.0-150600.23.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-6.4.0-150600.23.42.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "kernel-syms-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-6.4.0-150600.23.42.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le"
},
"product_reference": "kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-6.4.0-150600.23.42.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x"
},
"product_reference": "kernel-syms-6.4.0-150600.23.42.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-6.4.0-150600.23.42.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64"
},
"product_reference": "kernel-syms-6.4.0-150600.23.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64 as component of SUSE Linux Enterprise Module for Legacy 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le as component of SUSE Linux Enterprise Module for Legacy 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x as component of SUSE Linux Enterprise Module for Legacy 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64 as component of SUSE Linux Enterprise Module for Legacy 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-extra-6.4.0-150600.23.42.2.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15 SP6",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-allwinner-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-altera-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-altera-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-amazon-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-amd-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-amd-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-amlogic-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-apm-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-apm-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-apple-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-apple-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-arm-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-arm-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-broadcom-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-cavium-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-exynos-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-freescale-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-hisilicon-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-lg-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-lg-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-marvell-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-mediatek-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-nvidia-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-qcom-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-renesas-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-rockchip-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-socionext-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-sprd-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-xilinx-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-64kb-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-debug-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-devel-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-default-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-default-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-150600.23.42.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kernel-default-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-default-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64"
},
"product_reference": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le"
},
"product_reference": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64"
},
"product_reference": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64"
},
"product_reference": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le"
},
"product_reference": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64"
},
"product_reference": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-150600.23.42.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-extra-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-extra-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-extra-6.4.0-150600.23.42.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-extra-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-optional-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-optional-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-optional-6.4.0-150600.23.42.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-optional-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-vdso-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.4.0-150600.23.42.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch"
},
"product_reference": "kernel-devel-6.4.0-150600.23.42.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-docs-6.4.0-150600.23.42.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch"
},
"product_reference": "kernel-docs-6.4.0-150600.23.42.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-docs-html-6.4.0-150600.23.42.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch"
},
"product_reference": "kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.4.0-150600.23.42.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch"
},
"product_reference": "kernel-macros-6.4.0-150600.23.42.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-6.4.0-150600.23.42.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-qa-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le"
},
"product_reference": "kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-qa-6.4.0-150600.23.42.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x"
},
"product_reference": "kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-qa-6.4.0-150600.23.42.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64"
},
"product_reference": "kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.4.0-150600.23.42.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch"
},
"product_reference": "kernel-source-6.4.0-150600.23.42.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-6.4.0-150600.23.42.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch"
},
"product_reference": "kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "kernel-syms-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-6.4.0-150600.23.42.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le"
},
"product_reference": "kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-6.4.0-150600.23.42.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x"
},
"product_reference": "kernel-syms-6.4.0-150600.23.42.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-6.4.0-150600.23.42.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64"
},
"product_reference": "kernel-syms-6.4.0-150600.23.42.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-zfcpdump-6.4.0-150600.23.42.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kselftests-kmp-default-6.4.0-150600.23.42.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t skip expired elements during walk\n\nThere is an asymmetry between commit/abort and preparation phase if the\nfollowing conditions are met:\n\n1. set is a verdict map (\"1.2.3.4 : jump foo\")\n2. timeouts are enabled\n\nIn this case, following sequence is problematic:\n\n1. element E in set S refers to chain C\n2. userspace requests removal of set S\n3. kernel does a set walk to decrement chain-\u003euse count for all elements\n from preparation phase\n4. kernel does another set walk to remove elements from the commit phase\n (or another walk to do a chain-\u003euse increment for all elements from\n abort phase)\n\nIf E has already expired in 1), it will be ignored during list walk, so its use count\nwon\u0027t have been changed.\n\nThen, when set is culled, -\u003edestroy callback will zap the element via\nnf_tables_set_elem_destroy(), but this function is only safe for\nelements that have been deactivated earlier from the preparation phase:\nlack of earlier deactivate removes the element but leaks the chain use\ncount, which results in a WARN splat when the chain gets removed later,\nplus a leak of the nft_chain structure.\n\nUpdate pipapo_get() not to skip expired elements, otherwise flush\ncommand reports bogus ENOENT errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52924",
"url": "https://www.suse.com/security/cve/CVE-2023-52924"
},
{
"category": "external",
"summary": "SUSE Bug 1236821 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "external",
"summary": "SUSE Bug 1244630 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1244630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "important"
}
],
"title": "CVE-2023-52924"
},
{
"cve": "CVE-2023-52925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t fail inserts if duplicate has expired\n\nnftables selftests fail:\nrun-tests.sh testcases/sets/0044interval_overlap_0\nExpected: 0-2 . 0-3, got:\nW: [FAILED] ./testcases/sets/0044interval_overlap_0: got 1\n\nInsertion must ignore duplicate but expired entries.\n\nMoreover, there is a strange asymmetry in nft_pipapo_activate:\n\nIt refetches the current element, whereas the other -\u003eactivate callbacks\n(bitmap, hash, rhash, rbtree) use elem-\u003epriv.\nSame for .remove: other set implementations take elem-\u003epriv,\nnft_pipapo_remove fetches elem-\u003epriv, then does a relookup,\nremove this.\n\nI suspect this was the reason for the change that prompted the\nremoval of the expired check in pipapo_get() in the first place,\nbut skipping exired elements there makes no sense to me, this helper\nis used for normal get requests, insertions (duplicate check)\nand deactivate callback.\n\nIn first two cases expired elements must be skipped.\n\nFor -\u003edeactivate(), this gets called for DELSETELEM, so it\nseems to me that expired elements should be skipped as well, i.e.\ndelete request should fail with -ENOENT error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52925",
"url": "https://www.suse.com/security/cve/CVE-2023-52925"
},
{
"category": "external",
"summary": "SUSE Bug 1236822 for CVE-2023-52925",
"url": "https://bugzilla.suse.com/1236822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "important"
}
],
"title": "CVE-2023-52925"
},
{
"cve": "CVE-2024-26708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: really cope with fastopen race\n\nFastopen and PM-trigger subflow shutdown can race, as reported by\nsyzkaller.\n\nIn my first attempt to close such race, I missed the fact that\nthe subflow status can change again before the subflow_state_change\ncallback is invoked.\n\nAddress the issue additionally copying with all the states directly\nreachable from TCP_FIN_WAIT1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26708",
"url": "https://www.suse.com/security/cve/CVE-2024-26708"
},
{
"category": "external",
"summary": "SUSE Bug 1222672 for CVE-2024-26708",
"url": "https://bugzilla.suse.com/1222672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-26708"
},
{
"cve": "CVE-2024-26810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Lock external INTx masking ops\n\nMask operations through config space changes to DisINTx may race INTx\nconfiguration changes via ioctl. Create wrappers that add locking for\npaths outside of the core interrupt code.\n\nIn particular, irq_type is updated holding igate, therefore testing\nis_intx() requires holding igate. For example clearing DisINTx from\nconfig space can otherwise race changes of the interrupt configuration.\n\nThis aligns interfaces which may trigger the INTx eventfd into two\ncamps, one side serialized by igate and the other only enabled while\nINTx is configured. A subsequent patch introduces synchronization for\nthe latter flows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26810",
"url": "https://www.suse.com/security/cve/CVE-2024-26810"
},
{
"category": "external",
"summary": "SUSE Bug 1222803 for CVE-2024-26810",
"url": "https://bugzilla.suse.com/1222803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-26810"
},
{
"cve": "CVE-2024-40980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: replace spin_lock by raw_spin_lock\n\ntrace_drop_common() is called with preemption disabled, and it acquires\na spin_lock. This is problematic for RT kernels because spin_locks are\nsleeping locks in this configuration, which causes the following splat:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47\npreempt_count: 1, expected: 0\nRCU nest depth: 2, expected: 2\n5 locks held by rcuc/47/449:\n #0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210\n #1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130\n #2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210\n #3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70\n #4: ff1100086ee07520 (\u0026data-\u003elock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290\nirq event stamp: 139909\nhardirqs last enabled at (139908): [\u003cffffffffb1df2b33\u003e] _raw_spin_unlock_irqrestore+0x63/0x80\nhardirqs last disabled at (139909): [\u003cffffffffb19bd03d\u003e] trace_drop_common.constprop.0+0x26d/0x290\nsoftirqs last enabled at (139892): [\u003cffffffffb07a1083\u003e] __local_bh_enable_ip+0x103/0x170\nsoftirqs last disabled at (139898): [\u003cffffffffb0909b33\u003e] rcu_cpu_kthread+0x93/0x1f0\nPreemption disabled at:\n[\u003cffffffffb1de786b\u003e] rt_mutex_slowunlock+0xab/0x2e0\nCPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7\nHardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x8c/0xd0\n dump_stack+0x14/0x20\n __might_resched+0x21e/0x2f0\n rt_spin_lock+0x5e/0x130\n ? trace_drop_common.constprop.0+0xb5/0x290\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_drop_common.constprop.0+0xb5/0x290\n ? preempt_count_sub+0x1c/0xd0\n ? _raw_spin_unlock_irqrestore+0x4a/0x80\n ? __pfx_trace_drop_common.constprop.0+0x10/0x10\n ? rt_mutex_slowunlock+0x26a/0x2e0\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_rt_mutex_slowunlock+0x10/0x10\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_kfree_skb_hit+0x15/0x20\n trace_kfree_skb+0xe9/0x150\n kfree_skb_reason+0x7b/0x110\n skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_skb_queue_purge_reason.part.0+0x10/0x10\n ? mark_lock.part.0+0x8a/0x520\n...\n\ntrace_drop_common() also disables interrupts, but this is a minor issue\nbecause we could easily replace it with a local_lock.\n\nReplace the spin_lock with raw_spin_lock to avoid sleeping in atomic\ncontext.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40980",
"url": "https://www.suse.com/security/cve/CVE-2024-40980"
},
{
"category": "external",
"summary": "SUSE Bug 1227937 for CVE-2024-40980",
"url": "https://bugzilla.suse.com/1227937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-40980"
},
{
"cve": "CVE-2024-41055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: prevent derefencing NULL ptr in pfn_section_valid()\n\nCommit 5ec8e8ea8b77 (\"mm/sparsemem: fix race in accessing\nmemory_section-\u003eusage\") changed pfn_section_valid() to add a READ_ONCE()\ncall around \"ms-\u003eusage\" to fix a race with section_deactivate() where\nms-\u003eusage can be cleared. The READ_ONCE() call, by itself, is not enough\nto prevent NULL pointer dereference. We need to check its value before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41055",
"url": "https://www.suse.com/security/cve/CVE-2024-41055"
},
{
"category": "external",
"summary": "SUSE Bug 1228521 for CVE-2024-41055",
"url": "https://bugzilla.suse.com/1228521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-41055"
},
{
"cve": "CVE-2024-44974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44974",
"url": "https://www.suse.com/security/cve/CVE-2024-44974"
},
{
"category": "external",
"summary": "SUSE Bug 1230235 for CVE-2024-44974",
"url": "https://bugzilla.suse.com/1230235"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-44974"
},
{
"cve": "CVE-2024-45009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the \"remove single subflow\" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \u0027subflow\u0027 endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\u0027s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45009",
"url": "https://www.suse.com/security/cve/CVE-2024-45009"
},
{
"category": "external",
"summary": "SUSE Bug 1230438 for CVE-2024-45009",
"url": "https://bugzilla.suse.com/1230438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-45009"
},
{
"cve": "CVE-2024-45010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \u0027subflow\u0027 endp as available\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the \"remove single address\" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \u0027signal\u0027 endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\u0027subflow\u0027 endpoints, and here it is a \u0027signal\u0027 endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \u0027subflow\u0027 endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45010",
"url": "https://www.suse.com/security/cve/CVE-2024-45010"
},
{
"category": "external",
"summary": "SUSE Bug 1230439 for CVE-2024-45010",
"url": "https://bugzilla.suse.com/1230439"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-45010"
},
{
"cve": "CVE-2024-47701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid OOB when system.data xattr changes underneath the filesystem\n\nWhen looking up for an entry in an inlined directory, if e_value_offs is\nchanged underneath the filesystem by some change in the block device, it\nwill lead to an out-of-bounds access that KASAN detects as an UAF.\n\nEXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.\nloop0: detected capacity change from 2048 to 2047\n==================================================================\nBUG: KASAN: use-after-free in ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\nRead of size 1 at addr ffff88803e91130f by task syz-executor269/5103\n\nCPU: 0 UID: 0 PID: 5103 Comm: syz-executor269 Not tainted 6.11.0-rc4-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\n ext4_find_inline_entry+0x4be/0x5e0 fs/ext4/inline.c:1697\n __ext4_find_entry+0x2b4/0x1b30 fs/ext4/namei.c:1573\n ext4_lookup_entry fs/ext4/namei.c:1727 [inline]\n ext4_lookup+0x15f/0x750 fs/ext4/namei.c:1795\n lookup_one_qstr_excl+0x11f/0x260 fs/namei.c:1633\n filename_create+0x297/0x540 fs/namei.c:3980\n do_symlinkat+0xf9/0x3a0 fs/namei.c:4587\n __do_sys_symlinkat fs/namei.c:4610 [inline]\n __se_sys_symlinkat fs/namei.c:4607 [inline]\n __x64_sys_symlinkat+0x95/0xb0 fs/namei.c:4607\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f3e73ced469\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff4d40c258 EFLAGS: 00000246 ORIG_RAX: 000000000000010a\nRAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f3e73ced469\nRDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0\nRBP: 0000000000000000 R08: 00007fff4d40c290 R09: 00007fff4d40c290\nR10: 0023706f6f6c2f76 R11: 0000000000000246 R12: 00007fff4d40c27c\nR13: 0000000000000003 R14: 431bde82d7b634db R15: 00007fff4d40c2b0\n \u003c/TASK\u003e\n\nCalling ext4_xattr_ibody_find right after reading the inode with\next4_get_inode_loc will lead to a check of the validity of the xattrs,\navoiding this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47701",
"url": "https://www.suse.com/security/cve/CVE-2024-47701"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1231920 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1231920"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-47701"
},
{
"cve": "CVE-2024-49884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix slab-use-after-free in ext4_split_extent_at()\n\nWe hit the following use-after-free:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_split_extent_at+0xba8/0xcc0\nRead of size 2 at addr ffff88810548ed08 by task kworker/u20:0/40\nCPU: 0 PID: 40 Comm: kworker/u20:0 Not tainted 6.9.0-dirty #724\nCall Trace:\n \u003cTASK\u003e\n kasan_report+0x93/0xc0\n ext4_split_extent_at+0xba8/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nAllocated by task 40:\n __kmalloc_noprof+0x1ac/0x480\n ext4_find_extent+0xf3b/0x1e70\n ext4_ext_map_blocks+0x188/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nFreed by task 40:\n kfree+0xf1/0x2b0\n ext4_find_extent+0xa71/0x1e70\n ext4_ext_insert_extent+0xa22/0x3260\n ext4_split_extent_at+0x3ef/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n==================================================================\n\nThe flow of issue triggering is as follows:\n\next4_split_extent_at\n path = *ppath\n ext4_ext_insert_extent(ppath)\n ext4_ext_create_new_leaf(ppath)\n ext4_find_extent(orig_path)\n path = *orig_path\n read_extent_tree_block\n // return -ENOMEM or -EIO\n ext4_free_ext_path(path)\n kfree(path)\n *orig_path = NULL\n a. If err is -ENOMEM:\n ext4_ext_dirty(path + path-\u003ep_depth)\n // path use-after-free !!!\n b. If err is -EIO and we have EXT_DEBUG defined:\n ext4_ext_show_leaf(path)\n eh = path[depth].p_hdr\n // path also use-after-free !!!\n\nSo when trying to zeroout or fix the extent length, call ext4_find_extent()\nto update the path.\n\nIn addition we use *ppath directly as an ext4_ext_show_leaf() input to\navoid possible use-after-free when EXT_DEBUG is defined, and to avoid\nunnecessary path updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49884",
"url": "https://www.suse.com/security/cve/CVE-2024-49884"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232198 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1232198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-49884"
},
{
"cve": "CVE-2024-49950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49950"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix uaf in l2cap_connect\n\n[Syzbot reported]\nBUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\nRead of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nWorkqueue: hci2 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\n l2cap_connect_req net/bluetooth/l2cap_core.c:4080 [inline]\n l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline]\n l2cap_recv_frame+0xf0b/0x8eb0 net/bluetooth/l2cap_core.c:6825\n l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514\n hci_acldata_packet net/bluetooth/hci_core.c:3791 [inline]\n hci_rx_work+0xaab/0x1610 net/bluetooth/hci_core.c:4028\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n...\n\nFreed by task 5245:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579\n poison_slab_object+0xf7/0x160 mm/kasan/common.c:240\n __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2256 [inline]\n slab_free mm/slub.c:4477 [inline]\n kfree+0x12a/0x3b0 mm/slub.c:4598\n l2cap_conn_free net/bluetooth/l2cap_core.c:1810 [inline]\n kref_put include/linux/kref.h:65 [inline]\n l2cap_conn_put net/bluetooth/l2cap_core.c:1822 [inline]\n l2cap_conn_del+0x59d/0x730 net/bluetooth/l2cap_core.c:1802\n l2cap_connect_cfm+0x9e6/0xf80 net/bluetooth/l2cap_core.c:7241\n hci_connect_cfm include/net/bluetooth/hci_core.h:1960 [inline]\n hci_conn_failed+0x1c3/0x370 net/bluetooth/hci_conn.c:1265\n hci_abort_conn_sync+0x75a/0xb50 net/bluetooth/hci_sync.c:5583\n abort_conn_sync+0x197/0x360 net/bluetooth/hci_conn.c:2917\n hci_cmd_sync_work+0x1a4/0x410 net/bluetooth/hci_sync.c:328\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49950",
"url": "https://www.suse.com/security/cve/CVE-2024-49950"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232159 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1232159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-49950"
},
{
"cve": "CVE-2024-50029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50029"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync\n\nThis checks if the ACL connection remains valid as it could be destroyed\nwhile hci_enhanced_setup_sync is pending on cmd_sync leading to the\nfollowing trace:\n\nBUG: KASAN: slab-use-after-free in hci_enhanced_setup_sync+0x91b/0xa60\nRead of size 1 at addr ffff888002328ffd by task kworker/u5:2/37\n\nCPU: 0 UID: 0 PID: 37 Comm: kworker/u5:2 Not tainted 6.11.0-rc6-01300-g810be445d8d6 #7099\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ? hci_enhanced_setup_sync+0x91b/0xa60\n print_report+0x152/0x4c0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n ? __virt_addr_valid+0x1fa/0x420\n ? hci_enhanced_setup_sync+0x91b/0xa60\n kasan_report+0xda/0x1b0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n hci_enhanced_setup_sync+0x91b/0xa60\n ? __pfx_hci_enhanced_setup_sync+0x10/0x10\n ? __pfx___mutex_lock+0x10/0x10\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n ? __pfx_lock_acquire+0x10/0x10\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x167/0x240\n worker_thread+0x5b7/0xf60\n ? __kthread_parkme+0xac/0x1c0\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x293/0x360\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2f/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 34:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n __hci_conn_add+0x187/0x17d0\n hci_connect_sco+0x2e1/0xb90\n sco_sock_connect+0x2a2/0xb80\n __sys_connect+0x227/0x2a0\n __x64_sys_connect+0x6d/0xb0\n do_syscall_64+0x71/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 37:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x101/0x160\n kfree+0xd0/0x250\n device_release+0x9a/0x210\n kobject_put+0x151/0x280\n hci_conn_del+0x448/0xbf0\n hci_abort_conn_sync+0x46f/0x980\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n worker_thread+0x5b7/0xf60\n kthread+0x293/0x360\n ret_from_fork+0x2f/0x70\n ret_from_fork_asm+0x1a/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50029",
"url": "https://www.suse.com/security/cve/CVE-2024-50029"
},
{
"category": "external",
"summary": "SUSE Bug 1231949 for CVE-2024-50029",
"url": "https://bugzilla.suse.com/1231949"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-50029"
},
{
"cve": "CVE-2024-50036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not delay dst_entries_add() in dst_release()\n\ndst_entries_add() uses per-cpu data that might be freed at netns\ndismantle from ip6_route_net_exit() calling dst_entries_destroy()\n\nBefore ip6_route_net_exit() can be called, we release all\nthe dsts associated with this netns, via calls to dst_release(),\nwhich waits an rcu grace period before calling dst_destroy()\n\ndst_entries_add() use in dst_destroy() is racy, because\ndst_entries_destroy() could have been called already.\n\nDecrementing the number of dsts must happen sooner.\n\nNotes:\n\n1) in CONFIG_XFRM case, dst_destroy() can call\n dst_release_immediate(child), this might also cause UAF\n if the child does not have DST_NOCOUNT set.\n IPSEC maintainers might take a look and see how to address this.\n\n2) There is also discussion about removing this count of dst,\n which might happen in future kernels.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50036",
"url": "https://www.suse.com/security/cve/CVE-2024-50036"
},
{
"category": "external",
"summary": "SUSE Bug 1231912 for CVE-2024-50036",
"url": "https://bugzilla.suse.com/1231912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-50036"
},
{
"cve": "CVE-2024-50073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50073"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Fix use-after-free in gsm_cleanup_mux\n\nBUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0\ndrivers/tty/n_gsm.c:3160 [n_gsm]\nRead of size 8 at addr ffff88815fe99c00 by task poc/3379\nCPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56\nHardware name: VMware, Inc. VMware Virtual Platform/440BX\nDesktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n \u003cTASK\u003e\n gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]\n __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389\n update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500\n __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846\n __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107\n __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]\n ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195\n ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79\n __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338\n __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\nAllocated by task 65:\n gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]\n gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]\n gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]\n gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]\n tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391\n tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39\n flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445\n process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229\n worker_thread+0x3dc/0x950 kernel/workqueue.c:3391\n kthread+0x2a3/0x370 kernel/kthread.c:389\n ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257\n\nFreed by task 3367:\n kfree+0x126/0x420 mm/slub.c:4580\n gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\n[Analysis]\ngsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux\ncan be freed by multi threads through ioctl,which leads\nto the occurrence of uaf. Protect it by gsm tx lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50073",
"url": "https://www.suse.com/security/cve/CVE-2024-50073"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232520 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1232520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "important"
}
],
"title": "CVE-2024-50073"
},
{
"cve": "CVE-2024-50085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow\n\nSyzkaller reported this splat:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n Read of size 4 at addr ffff8880569ac858 by task syz.1.2799/14662\n\n CPU: 0 UID: 0 PID: 14662 Comm: syz.1.2799 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:914 [inline]\n mptcp_nl_remove_id_zero_address+0x305/0x4a0 net/mptcp/pm_netlink.c:1572\n mptcp_pm_nl_del_addr_doit+0x5c9/0x770 net/mptcp/pm_netlink.c:1603\n genl_family_rcv_msg_doit+0x202/0x2f0 net/netlink/genetlink.c:1115\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0x565/0x800 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x165/0x410 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg net/socket.c:744 [inline]\n ____sys_sendmsg+0x9ae/0xb40 net/socket.c:2607\n ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661\n __sys_sendmsg+0x117/0x1f0 net/socket.c:2690\n do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]\n __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386\n do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411\n entry_SYSENTER_compat_after_hwframe+0x84/0x8e\n RIP: 0023:0xf7fe4579\n Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 \u003c5d\u003e 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00\n RSP: 002b:00000000f574556c EFLAGS: 00000296 ORIG_RAX: 0000000000000172\n RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000020000140\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\n Allocated by task 5387:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kmalloc_noprof include/linux/slab.h:878 [inline]\n kzalloc_noprof include/linux/slab.h:1014 [inline]\n subflow_create_ctx+0x87/0x2a0 net/mptcp/subflow.c:1803\n subflow_ulp_init+0xc3/0x4d0 net/mptcp/subflow.c:1956\n __tcp_set_ulp net/ipv4/tcp_ulp.c:146 [inline]\n tcp_set_ulp+0x326/0x7f0 net/ipv4/tcp_ulp.c:167\n mptcp_subflow_create_socket+0x4ae/0x10a0 net/mptcp/subflow.c:1764\n __mptcp_subflow_connect+0x3cc/0x1490 net/mptcp/subflow.c:1592\n mptcp_pm_create_subflow_or_signal_addr+0xbda/0x23a0 net/mptcp/pm_netlink.c:642\n mptcp_pm_nl_fully_established net/mptcp/pm_netlink.c:650 [inline]\n mptcp_pm_nl_work+0x3a1/0x4f0 net/mptcp/pm_netlink.c:943\n mptcp_worker+0x15a/0x1240 net/mptcp/protocol.c:2777\n process_one_work+0x958/0x1b30 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/ke\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50085",
"url": "https://www.suse.com/security/cve/CVE-2024-50085"
},
{
"category": "external",
"summary": "SUSE Bug 1232508 for CVE-2024-50085",
"url": "https://bugzilla.suse.com/1232508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-50085"
},
{
"cve": "CVE-2024-50115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory\n\nIgnore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits\n4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn\u0027t\nenforce 32-byte alignment of nCR3.\n\nIn the absolute worst case scenario, failure to ignore bits 4:0 can result\nin an out-of-bounds read, e.g. if the target page is at the end of a\nmemslot, and the VMM isn\u0027t using guard pages.\n\nPer the APM:\n\n The CR3 register points to the base address of the page-directory-pointer\n table. The page-directory-pointer table is aligned on a 32-byte boundary,\n with the low 5 address bits 4:0 assumed to be 0.\n\nAnd the SDM\u0027s much more explicit:\n\n 4:0 Ignored\n\nNote, KVM gets this right when loading PDPTRs, it\u0027s only the nSVM flow\nthat is broken.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50115",
"url": "https://www.suse.com/security/cve/CVE-2024-50115"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232919 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "external",
"summary": "SUSE Bug 1233019 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1233019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "important"
}
],
"title": "CVE-2024-50115"
},
{
"cve": "CVE-2024-50142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset\n\nThis expands the validation introduced in commit 07bf7908950a (\"xfrm:\nValidate address prefix lengths in the xfrm selector.\")\n\nsyzbot created an SA with\n usersa.sel.family = AF_UNSPEC\n usersa.sel.prefixlen_s = 128\n usersa.family = AF_INET\n\nBecause of the AF_UNSPEC selector, verify_newsa_info doesn\u0027t put\nlimits on prefixlen_{s,d}. But then copy_from_user_state sets\nx-\u003esel.family to usersa.family (AF_INET). Do the same conversion in\nverify_newsa_info before validating prefixlen_{s,d}, since that\u0027s how\nprefixlen is going to be used later on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50142",
"url": "https://www.suse.com/security/cve/CVE-2024-50142"
},
{
"category": "external",
"summary": "SUSE Bug 1233028 for CVE-2024-50142",
"url": "https://bugzilla.suse.com/1233028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-50142"
},
{
"cve": "CVE-2024-50185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50185"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle consistently DSS corruption\n\nBugged peer implementation can send corrupted DSS options, consistently\nhitting a few warning in the data path. Use DEBUG_NET assertions, to\navoid the splat on some builds and handle consistently the error, dumping\nrelated MIBs and performing fallback and/or reset according to the\nsubflow type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50185",
"url": "https://www.suse.com/security/cve/CVE-2024-50185"
},
{
"category": "external",
"summary": "SUSE Bug 1233109 for CVE-2024-50185",
"url": "https://bugzilla.suse.com/1233109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-50185"
},
{
"cve": "CVE-2024-50294",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50294"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix missing locking causing hanging calls\n\nIf a call gets aborted (e.g. because kafs saw a signal) between it being\nqueued for connection and the I/O thread picking up the call, the abort\nwill be prioritised over the connection and it will be removed from\nlocal-\u003enew_client_calls by rxrpc_disconnect_client_call() without a lock\nbeing held. This may cause other calls on the list to disappear if a race\noccurs.\n\nFix this by taking the client_call_lock when removing a call from whatever\nlist its -\u003ewait_link happens to be on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50294",
"url": "https://www.suse.com/security/cve/CVE-2024-50294"
},
{
"category": "external",
"summary": "SUSE Bug 1233483 for CVE-2024-50294",
"url": "https://bugzilla.suse.com/1233483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-50294"
},
{
"cve": "CVE-2024-53123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: error out earlier on disconnect\n\nEric reported a division by zero splat in the MPTCP protocol:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainted\n6.12.0-rc5-syzkaller-00291-g05b92660cdfe #0\nHardware name: Google Google Compute Engine/Google Compute Engine,\nBIOS Google 09/13/2024\nRIP: 0010:__tcp_select_window+0x5b4/0x1310 net/ipv4/tcp_output.c:3163\nCode: f6 44 01 e3 89 df e8 9b 75 09 f8 44 39 f3 0f 8d 11 ff ff ff e8\n0d 74 09 f8 45 89 f4 e9 04 ff ff ff e8 00 74 09 f8 44 89 f0 99 \u003cf7\u003e 7c\n24 14 41 29 d6 45 89 f4 e9 ec fe ff ff e8 e8 73 09 f8 48 89\nRSP: 0018:ffffc900041f7930 EFLAGS: 00010293\nRAX: 0000000000017e67 RBX: 0000000000017e67 RCX: ffffffff8983314b\nRDX: 0000000000000000 RSI: ffffffff898331b0 RDI: 0000000000000004\nRBP: 00000000005d6000 R08: 0000000000000004 R09: 0000000000017e67\nR10: 0000000000003e80 R11: 0000000000000000 R12: 0000000000003e80\nR13: ffff888031d9b440 R14: 0000000000017e67 R15: 00000000002eb000\nFS: 00007feb5d7f16c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007feb5d8adbb8 CR3: 0000000074e4c000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n__tcp_cleanup_rbuf+0x3e7/0x4b0 net/ipv4/tcp.c:1493\nmptcp_rcv_space_adjust net/mptcp/protocol.c:2085 [inline]\nmptcp_recvmsg+0x2156/0x2600 net/mptcp/protocol.c:2289\ninet_recvmsg+0x469/0x6a0 net/ipv4/af_inet.c:885\nsock_recvmsg_nosec net/socket.c:1051 [inline]\nsock_recvmsg+0x1b2/0x250 net/socket.c:1073\n__sys_recvfrom+0x1a5/0x2e0 net/socket.c:2265\n__do_sys_recvfrom net/socket.c:2283 [inline]\n__se_sys_recvfrom net/socket.c:2279 [inline]\n__x64_sys_recvfrom+0xe0/0x1c0 net/socket.c:2279\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7feb5d857559\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d\n01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007feb5d7f1208 EFLAGS: 00000246 ORIG_RAX: 000000000000002d\nRAX: ffffffffffffffda RBX: 00007feb5d8e1318 RCX: 00007feb5d857559\nRDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 00007feb5d8e1310 R08: 0000000000000000 R09: ffffffff81000000\nR10: 0000000000000100 R11: 0000000000000246 R12: 00007feb5d8e131c\nR13: 00007feb5d8ae074 R14: 000000800000000e R15: 00000000fffffdef\n\nand provided a nice reproducer.\n\nThe root cause is the current bad handling of racing disconnect.\nAfter the blamed commit below, sk_wait_data() can return (with\nerror) with the underlying socket disconnected and a zero rcv_mss.\n\nCatch the error and return without performing any additional\noperations on the current socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53123",
"url": "https://www.suse.com/security/cve/CVE-2024-53123"
},
{
"category": "external",
"summary": "SUSE Bug 1234070 for CVE-2024-53123",
"url": "https://bugzilla.suse.com/1234070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-53123"
},
{
"cve": "CVE-2024-53147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix out-of-bounds access of directory entries\n\nIn the case of the directory size is greater than or equal to\nthe cluster size, if start_clu becomes an EOF cluster(an invalid\ncluster) due to file system corruption, then the directory entry\nwhere ei-\u003ehint_femp.eidx hint is outside the directory, resulting\nin an out-of-bounds access, which may cause further file system\ncorruption.\n\nThis commit adds a check for start_clu, if it is an invalid cluster,\nthe file or directory will be treated as empty.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53147",
"url": "https://www.suse.com/security/cve/CVE-2024-53147"
},
{
"category": "external",
"summary": "SUSE Bug 1234857 for CVE-2024-53147",
"url": "https://bugzilla.suse.com/1234857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-53147"
},
{
"cve": "CVE-2024-53173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.0: Fix a use-after-free problem in the asynchronous open()\n\nYang Erkun reports that when two threads are opening files at the same\ntime, and are forced to abort before a reply is seen, then the call to\nnfs_release_seqid() in nfs4_opendata_free() can result in a\nuse-after-free of the pointer to the defunct rpc task of the other\nthread.\nThe fix is to ensure that if the RPC call is aborted before the call to\nnfs_wait_on_sequence() is complete, then we must call nfs_release_seqid()\nin nfs4_open_release() before the rpc_task is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53173",
"url": "https://www.suse.com/security/cve/CVE-2024-53173"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234891 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "external",
"summary": "SUSE Bug 1234892 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "important"
}
],
"title": "CVE-2024-53173"
},
{
"cve": "CVE-2024-53176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53176"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: During unmount, ensure all cached dir instances drop their dentry\n\nThe unmount process (cifs_kill_sb() calling close_all_cached_dirs()) can\nrace with various cached directory operations, which ultimately results\nin dentries not being dropped and these kernel BUGs:\n\nBUG: Dentry ffff88814f37e358{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nVFS: Busy inodes after unmount of cifs (cifs)\n------------[ cut here ]------------\nkernel BUG at fs/super.c:661!\n\nThis happens when a cfid is in the process of being cleaned up when, and\nhas been removed from the cfids-\u003eentries list, including:\n\n- Receiving a lease break from the server\n- Server reconnection triggers invalidate_all_cached_dirs(), which\n removes all the cfids from the list\n- The laundromat thread decides to expire an old cfid.\n\nTo solve these problems, dropping the dentry is done in queued work done\nin a newly-added cfid_put_wq workqueue, and close_all_cached_dirs()\nflushes that workqueue after it drops all the dentries of which it\u0027s\naware. This is a global workqueue (rather than scoped to a mount), but\nthe queued work is minimal.\n\nThe final cleanup work for cleaning up a cfid is performed via work\nqueued in the serverclose_wq workqueue; this is done separate from\ndropping the dentries so that close_all_cached_dirs() doesn\u0027t block on\nany server operations.\n\nBoth of these queued works expect to invoked with a cfid reference and\na tcon reference to avoid those objects from being freed while the work\nis ongoing.\n\nWhile we\u0027re here, add proper locking to close_all_cached_dirs(), and\nlocking around the freeing of cfid-\u003edentry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53176",
"url": "https://www.suse.com/security/cve/CVE-2024-53176"
},
{
"category": "external",
"summary": "SUSE Bug 1234894 for CVE-2024-53176",
"url": "https://bugzilla.suse.com/1234894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-53176"
},
{
"cve": "CVE-2024-53177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: prevent use-after-free due to open_cached_dir error paths\n\nIf open_cached_dir() encounters an error parsing the lease from the\nserver, the error handling may race with receiving a lease break,\nresulting in open_cached_dir() freeing the cfid while the queued work is\npending.\n\nUpdate open_cached_dir() to drop refs rather than directly freeing the\ncfid.\n\nHave cached_dir_lease_break(), cfids_laundromat_worker(), and\ninvalidate_all_cached_dirs() clear has_lease immediately while still\nholding cfids-\u003ecfid_list_lock, and then use this to also simplify the\nreference counting in cfids_laundromat_worker() and\ninvalidate_all_cached_dirs().\n\nFixes this KASAN splat (which manually injects an error and lease break\nin open_cached_dir()):\n\n==================================================================\nBUG: KASAN: slab-use-after-free in smb2_cached_lease_break+0x27/0xb0\nRead of size 8 at addr ffff88811cc24c10 by task kworker/3:1/65\n\nCPU: 3 UID: 0 PID: 65 Comm: kworker/3:1 Not tainted 6.12.0-rc6-g255cf264e6e5-dirty #87\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nWorkqueue: cifsiod smb2_cached_lease_break\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x77/0xb0\n print_report+0xce/0x660\n kasan_report+0xd3/0x110\n smb2_cached_lease_break+0x27/0xb0\n process_one_work+0x50a/0xc50\n worker_thread+0x2ba/0x530\n kthread+0x17c/0x1c0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n open_cached_dir+0xa7d/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x51/0x70\n kfree+0x174/0x520\n open_cached_dir+0x97f/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nLast potentially related work creation:\n kasan_save_stack+0x33/0x60\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x32/0x100\n __queue_work+0x5c9/0x870\n queue_work_on+0x82/0x90\n open_cached_dir+0x1369/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe buggy address belongs to the object at ffff88811cc24c00\n which belongs to the cache kmalloc-1k of size 1024\nThe buggy address is located 16 bytes inside of\n freed 1024-byte region [ffff88811cc24c00, ffff88811cc25000)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53177",
"url": "https://www.suse.com/security/cve/CVE-2024-53177"
},
{
"category": "external",
"summary": "SUSE Bug 1234896 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "external",
"summary": "SUSE Bug 1235103 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1235103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "important"
}
],
"title": "CVE-2024-53177"
},
{
"cve": "CVE-2024-53178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53178"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: Don\u0027t leak cfid when reconnect races with open_cached_dir\n\nopen_cached_dir() may either race with the tcon reconnection even before\ncompound_send_recv() or directly trigger a reconnection via\nSMB2_open_init() or SMB_query_info_init().\n\nThe reconnection process invokes invalidate_all_cached_dirs() via\ncifs_mark_open_files_invalid(), which removes all cfids from the\ncfids-\u003eentries list but doesn\u0027t drop a ref if has_lease isn\u0027t true. This\nresults in the currently-being-constructed cfid not being on the list,\nbut still having a refcount of 2. It leaks if returned from\nopen_cached_dir().\n\nFix this by setting cfid-\u003ehas_lease when the ref is actually taken; the\ncfid will not be used by other threads until it has a valid time.\n\nAddresses these kmemleaks:\n\nunreferenced object 0xffff8881090c4000 (size 1024):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 32 bytes):\n 00 01 00 00 00 00 ad de 22 01 00 00 00 00 ad de ........\".......\n 00 ca 45 22 81 88 ff ff f8 dc 4f 04 81 88 ff ff ..E\"......O.....\n backtrace (crc 6f58c20f):\n [\u003cffffffff8b895a1e\u003e] __kmalloc_cache_noprof+0x2be/0x350\n [\u003cffffffff8bda06e3\u003e] open_cached_dir+0x993/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\nunreferenced object 0xffff8881044fdcf8 (size 8):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 8 bytes):\n 00 cc cc cc cc cc cc cc ........\n backtrace (crc 10c106a9):\n [\u003cffffffff8b89a3d3\u003e] __kmalloc_node_track_caller_noprof+0x363/0x480\n [\u003cffffffff8b7d7256\u003e] kstrdup+0x36/0x60\n [\u003cffffffff8bda0700\u003e] open_cached_dir+0x9b0/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAnd addresses these BUG splats when unmounting the SMB filesystem:\n\nBUG: Dentry ffff888140590ba0{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nWARNING: CPU: 3 PID: 3433 at fs/dcache.c:1536 umount_check+0xd0/0x100\nModules linked in:\nCPU: 3 UID: 0 PID: 3433 Comm: bash Not tainted 6.12.0-rc4-g850925a8133c-dirty #49\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nRIP: 0010:umount_check+0xd0/0x100\nCode: 8d 7c 24 40 e8 31 5a f4 ff 49 8b 54 24 40 41 56 49 89 e9 45 89 e8 48 89 d9 41 57 48 89 de 48 c7 c7 80 e7 db ac e8 f0 72 9a ff \u003c0f\u003e 0b 58 31 c0 5a 5b 5d 41 5c 41 5d 41 5e 41 5f e9 2b e5 5d 01 41\nRSP: 0018:ffff88811cc27978 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888140590ba0 RCX: ffffffffaaf20bae\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881f6fb6f40\nRBP: ffff8881462ec000 R08: 0000000000000001 R09: ffffed1023984ee3\nR10: ffff88811cc2771f R11: 00000000016cfcc0 R12: ffff888134383e08\nR13: 0000000000000002 R14: ffff8881462ec668 R15: ffffffffaceab4c0\nFS: 00007f23bfa98740(0000) GS:ffff8881f6f80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556de4a6f808 CR3: 0000000123c80000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n d_walk+0x6a/0x530\n shrink_dcache_for_umount+0x6a/0x200\n generic_shutdown_super+0x52/0x2a0\n kill_anon_super+0x22/0x40\n cifs_kill_sb+0x159/0x1e0\n deactivate_locked_super+0x66/0xe0\n cleanup_mnt+0x140/0x210\n task_work_run+0xfb/0x170\n syscall_exit_to_user_mode+0x29f/0x2b0\n do_syscall_64+0xa1/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f23bfb93ae7\nCode: ff ff ff ff c3 66 0f 1f 44 00 00 48 8b 0d 11 93 0d 00 f7 d8 64 89 01 b8 ff ff ff ff eb bf 0f 1f 44 00 00 b8 50 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d e9 92 0d 00 f7 d8 64 89 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53178",
"url": "https://www.suse.com/security/cve/CVE-2024-53178"
},
{
"category": "external",
"summary": "SUSE Bug 1234895 for CVE-2024-53178",
"url": "https://bugzilla.suse.com/1234895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-53178"
},
{
"cve": "CVE-2024-53226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53226"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()\n\nib_map_mr_sg() allows ULPs to specify NULL as the sg_offset argument.\nThe driver needs to check whether it is a NULL pointer before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53226",
"url": "https://www.suse.com/security/cve/CVE-2024-53226"
},
{
"category": "external",
"summary": "SUSE Bug 1236576 for CVE-2024-53226",
"url": "https://bugzilla.suse.com/1236576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-53226"
},
{
"cve": "CVE-2024-53239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: 6fire: Release resources at card release\n\nThe current 6fire code tries to release the resources right after the\ncall of usb6fire_chip_abort(). But at this moment, the card object\nmight be still in use (as we\u0027re calling snd_card_free_when_closed()).\n\nFor avoid potential UAFs, move the release of resources to the card\u0027s\nprivate_free instead of the manual call of usb6fire_chip_destroy() at\nthe USB disconnect callback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53239",
"url": "https://www.suse.com/security/cve/CVE-2024-53239"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235054 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "external",
"summary": "SUSE Bug 1235055 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "important"
}
],
"title": "CVE-2024-53239"
},
{
"cve": "CVE-2024-56539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()\n\nReplace one-element array with a flexible-array member in `struct\nmwifiex_ie_types_wildcard_ssid_params` to fix the following warning\non a MT8173 Chromebook (mt8173-elm-hana):\n\n[ 356.775250] ------------[ cut here ]------------\n[ 356.784543] memcpy: detected field-spanning write (size 6) of single field \"wildcard_ssid_tlv-\u003essid\" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1)\n[ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex]\n\nThe \"(size 6)\" above is exactly the length of the SSID of the network\nthis device was connected to. The source of the warning looks like:\n\n ssid_len = user_scan_in-\u003essid_list[i].ssid_len;\n [...]\n memcpy(wildcard_ssid_tlv-\u003essid,\n user_scan_in-\u003essid_list[i].ssid, ssid_len);\n\nThere is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this\nstruct, but it already didn\u0027t account for the size of the one-element\narray, so it doesn\u0027t need to be changed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56539",
"url": "https://www.suse.com/security/cve/CVE-2024-56539"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234963 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "external",
"summary": "SUSE Bug 1234964 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "important"
}
],
"title": "CVE-2024-56539"
},
{
"cve": "CVE-2024-56548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: don\u0027t query the device logical block size multiple times\n\nDevices block sizes may change. One of these cases is a loop device by\nusing ioctl LOOP_SET_BLOCK_SIZE.\n\nWhile this may cause other issues like IO being rejected, in the case of\nhfsplus, it will allocate a block by using that size and potentially write\nout-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the\nlatter function reads a different io_size.\n\nUsing a new min_io_size initally set to sb_min_blocksize works for the\npurposes of the original fix, since it will be set to the max between\nHFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the\nmax between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not\ninitialized.\n\nTested by mounting an hfsplus filesystem with loop block sizes 512, 1024\nand 4096.\n\nThe produced KASAN report before the fix looks like this:\n\n[ 419.944641] ==================================================================\n[ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a\n[ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678\n[ 419.947612]\n[ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84\n[ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 419.950035] Call Trace:\n[ 419.950384] \u003cTASK\u003e\n[ 419.950676] dump_stack_lvl+0x57/0x78\n[ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.951830] print_report+0x14c/0x49e\n[ 419.952361] ? __virt_addr_valid+0x267/0x278\n[ 419.952979] ? kmem_cache_debug_flags+0xc/0x1d\n[ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.954231] kasan_report+0x89/0xb0\n[ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955367] hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10\n[ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9\n[ 419.957214] ? _raw_spin_unlock+0x1a/0x2e\n[ 419.957772] hfsplus_fill_super+0x348/0x1590\n[ 419.958355] ? hlock_class+0x4c/0x109\n[ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.959499] ? __pfx_string+0x10/0x10\n[ 419.960006] ? lock_acquire+0x3e2/0x454\n[ 419.960532] ? bdev_name.constprop.0+0xce/0x243\n[ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10\n[ 419.961799] ? pointer+0x3f0/0x62f\n[ 419.962277] ? __pfx_pointer+0x10/0x10\n[ 419.962761] ? vsnprintf+0x6c4/0xfba\n[ 419.963178] ? __pfx_vsnprintf+0x10/0x10\n[ 419.963621] ? setup_bdev_super+0x376/0x3b3\n[ 419.964029] ? snprintf+0x9d/0xd2\n[ 419.964344] ? __pfx_snprintf+0x10/0x10\n[ 419.964675] ? lock_acquired+0x45c/0x5e9\n[ 419.965016] ? set_blocksize+0x139/0x1c1\n[ 419.965381] ? sb_set_blocksize+0x6d/0xae\n[ 419.965742] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.966179] mount_bdev+0x12f/0x1bf\n[ 419.966512] ? __pfx_mount_bdev+0x10/0x10\n[ 419.966886] ? vfs_parse_fs_string+0xce/0x111\n[ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10\n[ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10\n[ 419.968073] legacy_get_tree+0x104/0x178\n[ 419.968414] vfs_get_tree+0x86/0x296\n[ 419.968751] path_mount+0xba3/0xd0b\n[ 419.969157] ? __pfx_path_mount+0x10/0x10\n[ 419.969594] ? kmem_cache_free+0x1e2/0x260\n[ 419.970311] do_mount+0x99/0xe0\n[ 419.970630] ? __pfx_do_mount+0x10/0x10\n[ 419.971008] __do_sys_mount+0x199/0x1c9\n[ 419.971397] do_syscall_64+0xd0/0x135\n[ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 419.972233] RIP: 0033:0x7c3cb812972e\n[ 419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48\n[ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5\n[ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e\n[ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI:\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56548",
"url": "https://www.suse.com/security/cve/CVE-2024-56548"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235073 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "external",
"summary": "SUSE Bug 1235074 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "important"
}
],
"title": "CVE-2024-56548"
},
{
"cve": "CVE-2024-56568",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56568"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/arm-smmu: Defer probe of clients after smmu device bound\n\nNull pointer dereference occurs due to a race between smmu\ndriver probe and client driver probe, when of_dma_configure()\nfor client is called after the iommu_device_register() for smmu driver\nprobe has executed but before the driver_bound() for smmu driver\nhas been called.\n\nFollowing is how the race occurs:\n\nT1:Smmu device probe\t\tT2: Client device probe\n\nreally_probe()\narm_smmu_device_probe()\niommu_device_register()\n\t\t\t\t\treally_probe()\n\t\t\t\t\tplatform_dma_configure()\n\t\t\t\t\tof_dma_configure()\n\t\t\t\t\tof_dma_configure_id()\n\t\t\t\t\tof_iommu_configure()\n\t\t\t\t\tiommu_probe_device()\n\t\t\t\t\tiommu_init_device()\n\t\t\t\t\tarm_smmu_probe_device()\n\t\t\t\t\tarm_smmu_get_by_fwnode()\n\t\t\t\t\t\tdriver_find_device_by_fwnode()\n\t\t\t\t\t\tdriver_find_device()\n\t\t\t\t\t\tnext_device()\n\t\t\t\t\t\tklist_next()\n\t\t\t\t\t\t /* null ptr\n\t\t\t\t\t\t assigned to smmu */\n\t\t\t\t\t/* null ptr dereference\n\t\t\t\t\t while smmu-\u003estreamid_mask */\ndriver_bound()\n\tklist_add_tail()\n\nWhen this null smmu pointer is dereferenced later in\narm_smmu_probe_device, the device crashes.\n\nFix this by deferring the probe of the client device\nuntil the smmu device has bound to the arm smmu driver.\n\n[will: Add comment]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56568",
"url": "https://www.suse.com/security/cve/CVE-2024-56568"
},
{
"category": "external",
"summary": "SUSE Bug 1235032 for CVE-2024-56568",
"url": "https://bugzilla.suse.com/1235032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-56568"
},
{
"cve": "CVE-2024-56579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56579"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: amphion: Set video drvdata before register video device\n\nThe video drvdata should be set before the video device is registered,\notherwise video_drvdata() may return NULL in the open() file ops, and led\nto oops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56579",
"url": "https://www.suse.com/security/cve/CVE-2024-56579"
},
{
"category": "external",
"summary": "SUSE Bug 1236575 for CVE-2024-56579",
"url": "https://bugzilla.suse.com/1236575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-56579"
},
{
"cve": "CVE-2024-56605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56605"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()\n\nbt_sock_alloc() allocates the sk object and attaches it to the provided\nsock object. On error l2cap_sock_alloc() frees the sk object, but the\ndangling pointer is still attached to the sock object, which may create\nuse-after-free in other code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56605",
"url": "https://www.suse.com/security/cve/CVE-2024-56605"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235061 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "external",
"summary": "SUSE Bug 1235062 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "important"
}
],
"title": "CVE-2024-56605"
},
{
"cve": "CVE-2024-56633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg\n\nThe current sk memory accounting logic in __SK_REDIRECT is pre-uncharging\ntosend bytes, which is either msg-\u003esg.size or a smaller value apply_bytes.\n\nPotential problems with this strategy are as follows:\n\n- If the actual sent bytes are smaller than tosend, we need to charge some\n bytes back, as in line 487, which is okay but seems not clean.\n\n- When tosend is set to apply_bytes, as in line 417, and (ret \u003c 0), we may\n miss uncharging (msg-\u003esg.size - apply_bytes) bytes.\n\n[...]\n415 tosend = msg-\u003esg.size;\n416 if (psock-\u003eapply_bytes \u0026\u0026 psock-\u003eapply_bytes \u003c tosend)\n417 tosend = psock-\u003eapply_bytes;\n[...]\n443 sk_msg_return(sk, msg, tosend);\n444 release_sock(sk);\n446 origsize = msg-\u003esg.size;\n447 ret = tcp_bpf_sendmsg_redir(sk_redir, redir_ingress,\n448 msg, tosend, flags);\n449 sent = origsize - msg-\u003esg.size;\n[...]\n454 lock_sock(sk);\n455 if (unlikely(ret \u003c 0)) {\n456 int free = sk_msg_free_nocharge(sk, msg);\n458 if (!cork)\n459 *copied -= free;\n460 }\n[...]\n487 if (eval == __SK_REDIRECT)\n488 sk_mem_charge(sk, tosend - sent);\n[...]\n\nWhen running the selftest test_txmsg_redir_wait_sndmem with txmsg_apply,\nthe following warning will be reported:\n\n------------[ cut here ]------------\nWARNING: CPU: 6 PID: 57 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x190/0x1a0\nModules linked in:\nCPU: 6 UID: 0 PID: 57 Comm: kworker/6:0 Not tainted 6.12.0-rc1.bm.1-amd64+ #43\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nWorkqueue: events sk_psock_destroy\nRIP: 0010:inet_sock_destruct+0x190/0x1a0\nRSP: 0018:ffffad0a8021fe08 EFLAGS: 00010206\nRAX: 0000000000000011 RBX: ffff9aab4475b900 RCX: ffff9aab481a0800\nRDX: 0000000000000303 RSI: 0000000000000011 RDI: ffff9aab4475b900\nRBP: ffff9aab4475b990 R08: 0000000000000000 R09: ffff9aab40050ec0\nR10: 0000000000000000 R11: ffff9aae6fdb1d01 R12: ffff9aab49c60400\nR13: ffff9aab49c60598 R14: ffff9aab49c60598 R15: dead000000000100\nFS: 0000000000000000(0000) GS:ffff9aae6fd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffec7e47bd8 CR3: 00000001a1a1c004 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x89/0x130\n? inet_sock_destruct+0x190/0x1a0\n? report_bug+0xfc/0x1e0\n? handle_bug+0x5c/0xa0\n? exc_invalid_op+0x17/0x70\n? asm_exc_invalid_op+0x1a/0x20\n? inet_sock_destruct+0x190/0x1a0\n__sk_destruct+0x25/0x220\nsk_psock_destroy+0x2b2/0x310\nprocess_scheduled_works+0xa3/0x3e0\nworker_thread+0x117/0x240\n? __pfx_worker_thread+0x10/0x10\nkthread+0xcf/0x100\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x31/0x40\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\n\nIn __SK_REDIRECT, a more concise way is delaying the uncharging after sent\nbytes are finalized, and uncharge this value. When (ret \u003c 0), we shall\ninvoke sk_msg_free.\n\nSame thing happens in case __SK_DROP, when tosend is set to apply_bytes,\nwe may miss uncharging (msg-\u003esg.size - apply_bytes) bytes. The same\nwarning will be reported in selftest.\n\n[...]\n468 case __SK_DROP:\n469 default:\n470 sk_msg_free_partial(sk, msg, tosend);\n471 sk_msg_apply_bytes(psock, tosend);\n472 *copied -= (tosend + delta);\n473 return -EACCES;\n[...]\n\nSo instead of sk_msg_free_partial we can do sk_msg_free here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56633",
"url": "https://www.suse.com/security/cve/CVE-2024-56633"
},
{
"category": "external",
"summary": "SUSE Bug 1235485 for CVE-2024-56633",
"url": "https://bugzilla.suse.com/1235485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-56633"
},
{
"cve": "CVE-2024-56647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix icmp host relookup triggering ip_rt_bug\n\narp link failure may trigger ip_rt_bug while xfrm enabled, call trace is:\n\nWARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20\nModules linked in:\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:ip_rt_bug+0x14/0x20\nCall Trace:\n \u003cIRQ\u003e\n ip_send_skb+0x14/0x40\n __icmp_send+0x42d/0x6a0\n ipv4_link_failure+0xe2/0x1d0\n arp_error_report+0x3c/0x50\n neigh_invalidate+0x8d/0x100\n neigh_timer_handler+0x2e1/0x330\n call_timer_fn+0x21/0x120\n __run_timer_base.part.0+0x1c9/0x270\n run_timer_softirq+0x4c/0x80\n handle_softirqs+0xac/0x280\n irq_exit_rcu+0x62/0x80\n sysvec_apic_timer_interrupt+0x77/0x90\n\nThe script below reproduces this scenario:\nip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \\\n\tdir out priority 0 ptype main flag localok icmp\nip l a veth1 type veth\nip a a 192.168.141.111/24 dev veth0\nip l s veth0 up\nping 192.168.141.155 -c 1\n\nicmp_route_lookup() create input routes for locally generated packets\nwhile xfrm relookup ICMP traffic.Then it will set input route\n(dst-\u003eout = ip_rt_bug) to skb for DESTUNREACH.\n\nFor ICMP err triggered by locally generated packets, dst-\u003edev of output\nroute is loopback. Generally, xfrm relookup verification is not required\non loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1).\n\nSkip icmp relookup for locally generated packets to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56647",
"url": "https://www.suse.com/security/cve/CVE-2024-56647"
},
{
"category": "external",
"summary": "SUSE Bug 1235435 for CVE-2024-56647",
"url": "https://bugzilla.suse.com/1235435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-56647"
},
{
"cve": "CVE-2024-56720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56720"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Several fixes to bpf_msg_pop_data\n\nSeveral fixes to bpf_msg_pop_data,\n1. In sk_msg_shift_left, we should put_page\n2. if (len == 0), return early is better\n3. pop the entire sk_msg (last == msg-\u003esg.size) should be supported\n4. Fix for the value of variable \"a\"\n5. In sk_msg_shift_left, after shifting, i has already pointed to the next\nelement. Addtional sk_msg_iter_var_next may result in BUG.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56720",
"url": "https://www.suse.com/security/cve/CVE-2024-56720"
},
{
"category": "external",
"summary": "SUSE Bug 1235592 for CVE-2024-56720",
"url": "https://bugzilla.suse.com/1235592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-56720"
},
{
"cve": "CVE-2024-57889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking\n\nIf a device uses MCP23xxx IO expander to receive IRQs, the following\nbug can happen:\n\n BUG: sleeping function called from invalid context\n at kernel/locking/mutex.c:283\n in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ...\n preempt_count: 1, expected: 0\n ...\n Call Trace:\n ...\n __might_resched+0x104/0x10e\n __might_sleep+0x3e/0x62\n mutex_lock+0x20/0x4c\n regmap_lock_mutex+0x10/0x18\n regmap_update_bits_base+0x2c/0x66\n mcp23s08_irq_set_type+0x1ae/0x1d6\n __irq_set_trigger+0x56/0x172\n __setup_irq+0x1e6/0x646\n request_threaded_irq+0xb6/0x160\n ...\n\nWe observed the problem while experimenting with a touchscreen driver which\nused MCP23017 IO expander (I2C).\n\nThe regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from\nconcurrent accesses, which is the default for regmaps without .fast_io,\n.disable_locking, etc.\n\nmcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter\nlocks the mutex.\n\nHowever, __setup_irq() locks desc-\u003elock spinlock before calling these\nfunctions. As a result, the system tries to lock the mutex whole holding\nthe spinlock.\n\nIt seems, the internal regmap locks are not needed in this driver at all.\nmcp-\u003elock seems to protect the regmap from concurrent accesses already,\nexcept, probably, in mcp_pinconf_get/set.\n\nmcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under\nchip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes\nmcp-\u003elock and enables regmap caching, so that the potentially slow I2C\naccesses are deferred until chip_bus_unlock().\n\nThe accesses to the regmap from mcp23s08_probe_one() do not need additional\nlocking.\n\nIn all remaining places where the regmap is accessed, except\nmcp_pinconf_get/set(), the driver already takes mcp-\u003elock.\n\nThis patch adds locking in mcp_pinconf_get/set() and disables internal\nlocking in the regmap config. Among other things, it fixes the sleeping\nin atomic context described above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57889",
"url": "https://www.suse.com/security/cve/CVE-2024-57889"
},
{
"category": "external",
"summary": "SUSE Bug 1236573 for CVE-2024-57889",
"url": "https://bugzilla.suse.com/1236573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-57889"
},
{
"cve": "CVE-2024-57948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: check local interfaces before deleting sdata list\n\nsyzkaller reported a corrupted list in ieee802154_if_remove. [1]\n\nRemove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4\nhardware device from the system.\n\nCPU0\t\t\t\t\tCPU1\n====\t\t\t\t\t====\ngenl_family_rcv_msg_doit\t\tieee802154_unregister_hw\nieee802154_del_iface\t\t\tieee802154_remove_interfaces\nrdev_del_virtual_intf_deprecated\tlist_del(\u0026sdata-\u003elist)\nieee802154_if_remove\nlist_del_rcu\n\nThe net device has been unregistered, since the rcu grace period,\nunregistration must be run before ieee802154_if_remove.\n\nTo avoid this issue, add a check for local-\u003einterfaces before deleting\nsdata list.\n\n[1]\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 UID: 0 PID: 6277 Comm: syz-executor157 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:__list_del_entry_valid_or_report+0xf4/0x140 lib/list_debug.c:56\nCode: e8 a1 7e 00 07 90 0f 0b 48 c7 c7 e0 37 60 8c 4c 89 fe e8 8f 7e 00 07 90 0f 0b 48 c7 c7 40 38 60 8c 4c 89 fe e8 7d 7e 00 07 90 \u003c0f\u003e 0b 48 c7 c7 a0 38 60 8c 4c 89 fe e8 6b 7e 00 07 90 0f 0b 48 c7\nRSP: 0018:ffffc9000490f3d0 EFLAGS: 00010246\nRAX: 000000000000004e RBX: dead000000000122 RCX: d211eee56bb28d00\nRDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\nRBP: ffff88805b278dd8 R08: ffffffff8174a12c R09: 1ffffffff2852f0d\nR10: dffffc0000000000 R11: fffffbfff2852f0e R12: dffffc0000000000\nR13: dffffc0000000000 R14: dead000000000100 R15: ffff88805b278cc0\nFS: 0000555572f94380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000056262e4a3000 CR3: 0000000078496000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __list_del_entry_valid include/linux/list.h:124 [inline]\n __list_del_entry include/linux/list.h:215 [inline]\n list_del_rcu include/linux/rculist.h:157 [inline]\n ieee802154_if_remove+0x86/0x1e0 net/mac802154/iface.c:687\n rdev_del_virtual_intf_deprecated net/ieee802154/rdev-ops.h:24 [inline]\n ieee802154_del_iface+0x2c0/0x5c0 net/ieee802154/nl-phy.c:323\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:744\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2607\n ___sys_sendmsg net/socket.c:2661 [inline]\n __sys_sendmsg+0x292/0x380 net/socket.c:2690\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57948",
"url": "https://www.suse.com/security/cve/CVE-2024-57948"
},
{
"category": "external",
"summary": "SUSE Bug 1236677 for CVE-2024-57948",
"url": "https://bugzilla.suse.com/1236677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-57948"
},
{
"cve": "CVE-2024-57994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()\n\nJakub added a lockdep_assert_no_hardirq() check in __page_pool_put_page()\nto increase test coverage.\n\nsyzbot found a splat caused by hard irq blocking in\nptr_ring_resize_multiple() [1]\n\nAs current users of ptr_ring_resize_multiple() do not require\nhard irqs being masked, replace it to only block BH.\n\nRename helpers to better reflect they are safe against BH only.\n\n- ptr_ring_resize_multiple() to ptr_ring_resize_multiple_bh()\n- skb_array_resize_multiple() to skb_array_resize_multiple_bh()\n\n[1]\n\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 __page_pool_put_page net/core/page_pool.c:709 [inline]\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nModules linked in:\nCPU: 1 UID: 0 PID: 9150 Comm: syz.1.1052 Not tainted 6.11.0-rc3-syzkaller-00202-gf8669d7b5f5d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:__page_pool_put_page net/core/page_pool.c:709 [inline]\nRIP: 0010:page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nCode: 74 0e e8 7c aa fb f7 eb 43 e8 75 aa fb f7 eb 3c 65 8b 1d 38 a8 6a 76 31 ff 89 de e8 a3 ae fb f7 85 db 74 0b e8 5a aa fb f7 90 \u003c0f\u003e 0b 90 eb 1d 65 8b 1d 15 a8 6a 76 31 ff 89 de e8 84 ae fb f7 85\nRSP: 0018:ffffc9000bda6b58 EFLAGS: 00010083\nRAX: ffffffff8997e523 RBX: 0000000000000000 RCX: 0000000000040000\nRDX: ffffc9000fbd0000 RSI: 0000000000001842 RDI: 0000000000001843\nRBP: 0000000000000000 R08: ffffffff8997df2c R09: 1ffffd40003a000d\nR10: dffffc0000000000 R11: fffff940003a000e R12: ffffea0001d00040\nR13: ffff88802e8a4000 R14: dffffc0000000000 R15: 00000000ffffffff\nFS: 00007fb7aaf716c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fa15a0d4b72 CR3: 00000000561b0000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n tun_ptr_free drivers/net/tun.c:617 [inline]\n __ptr_ring_swap_queue include/linux/ptr_ring.h:571 [inline]\n ptr_ring_resize_multiple_noprof include/linux/ptr_ring.h:643 [inline]\n tun_queue_resize drivers/net/tun.c:3694 [inline]\n tun_device_event+0xaaf/0x1080 drivers/net/tun.c:3714\n notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93\n call_netdevice_notifiers_extack net/core/dev.c:2032 [inline]\n call_netdevice_notifiers net/core/dev.c:2046 [inline]\n dev_change_tx_queue_len+0x158/0x2a0 net/core/dev.c:9024\n do_setlink+0xff6/0x41f0 net/core/rtnetlink.c:2923\n rtnl_setlink+0x40d/0x5a0 net/core/rtnetlink.c:3201\n rtnetlink_rcv_msg+0x73f/0xcf0 net/core/rtnetlink.c:6647\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2550",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57994",
"url": "https://www.suse.com/security/cve/CVE-2024-57994"
},
{
"category": "external",
"summary": "SUSE Bug 1237901 for CVE-2024-57994",
"url": "https://bugzilla.suse.com/1237901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-57994"
},
{
"cve": "CVE-2025-21636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21636"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.probe_interval\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21636",
"url": "https://www.suse.com/security/cve/CVE-2025-21636"
},
{
"category": "external",
"summary": "SUSE Bug 1236113 for CVE-2025-21636",
"url": "https://bugzilla.suse.com/1236113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21636"
},
{
"cve": "CVE-2025-21637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21637"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: udp_port: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21637",
"url": "https://www.suse.com/security/cve/CVE-2025-21637"
},
{
"category": "external",
"summary": "SUSE Bug 1236114 for CVE-2025-21637",
"url": "https://bugzilla.suse.com/1236114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21637"
},
{
"cve": "CVE-2025-21638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: auth_enable: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21638",
"url": "https://www.suse.com/security/cve/CVE-2025-21638"
},
{
"category": "external",
"summary": "SUSE Bug 1236115 for CVE-2025-21638",
"url": "https://bugzilla.suse.com/1236115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21638"
},
{
"cve": "CVE-2025-21639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21639"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: rto_min/max: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.rto_min/max\u0027 is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21639",
"url": "https://www.suse.com/security/cve/CVE-2025-21639"
},
{
"category": "external",
"summary": "SUSE Bug 1236122 for CVE-2025-21639",
"url": "https://bugzilla.suse.com/1236122"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21639"
},
{
"cve": "CVE-2025-21640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.sctp_hmac_alg\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21640",
"url": "https://www.suse.com/security/cve/CVE-2025-21640"
},
{
"category": "external",
"summary": "SUSE Bug 1236123 for CVE-2025-21640",
"url": "https://bugzilla.suse.com/1236123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21640"
},
{
"cve": "CVE-2025-21647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: add bounds checks to host bulk flow fairness counts\n\nEven though we fixed a logic error in the commit cited below, syzbot\nstill managed to trigger an underflow of the per-host bulk flow\ncounters, leading to an out of bounds memory access.\n\nTo avoid any such logic errors causing out of bounds memory accesses,\nthis commit factors out all accesses to the per-host bulk flow counters\nto a series of helpers that perform bounds-checking before any\nincrements and decrements. This also has the benefit of improving\nreadability by moving the conditional checks for the flow mode into\nthese helpers, instead of having them spread out throughout the\ncode (which was the cause of the original logic error).\n\nAs part of this change, the flow quantum calculation is consolidated\ninto a helper function, which means that the dithering applied to the\nost load scaling is now applied both in the DRR rotation and when a\nsparse flow\u0027s quantum is first initiated. The only user-visible effect\nof this is that the maximum packet size that can be sent while a flow\nstays sparse will now vary with +/- one byte in some cases. This should\nnot make a noticeable difference in practice, and thus it\u0027s not worth\ncomplicating the code to preserve the old behaviour.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21647",
"url": "https://www.suse.com/security/cve/CVE-2025-21647"
},
{
"category": "external",
"summary": "SUSE Bug 1236133 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "external",
"summary": "SUSE Bug 1236134 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "important"
}
],
"title": "CVE-2025-21647"
},
{
"cve": "CVE-2025-21665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilemap: avoid truncating 64-bit offset to 32 bits\n\nOn 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a\n64-bit value to 32 bits, leading to a possible infinite loop when writing\nto an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21665",
"url": "https://www.suse.com/security/cve/CVE-2025-21665"
},
{
"category": "external",
"summary": "SUSE Bug 1236684 for CVE-2025-21665",
"url": "https://bugzilla.suse.com/1236684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21665"
},
{
"cve": "CVE-2025-21667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21667"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: avoid avoid truncating 64-bit offset to 32 bits\n\non 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a\n32-bit position due to folio_next_index() returning an unsigned long.\nThis could lead to an infinite loop when writing to an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21667",
"url": "https://www.suse.com/security/cve/CVE-2025-21667"
},
{
"category": "external",
"summary": "SUSE Bug 1236681 for CVE-2025-21667",
"url": "https://bugzilla.suse.com/1236681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21667"
},
{
"cve": "CVE-2025-21668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8mp-blk-ctrl: add missing loop break condition\n\nCurrently imx8mp_blk_ctrl_remove() will continue the for loop\nuntil an out-of-bounds exception occurs.\n\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : dev_pm_domain_detach+0x8/0x48\nlr : imx8mp_blk_ctrl_shutdown+0x58/0x90\nsp : ffffffc084f8bbf0\nx29: ffffffc084f8bbf0 x28: ffffff80daf32ac0 x27: 0000000000000000\nx26: ffffffc081658d78 x25: 0000000000000001 x24: ffffffc08201b028\nx23: ffffff80d0db9490 x22: ffffffc082340a78 x21: 00000000000005b0\nx20: ffffff80d19bc180 x19: 000000000000000a x18: ffffffffffffffff\nx17: ffffffc080a39e08 x16: ffffffc080a39c98 x15: 4f435f464f006c72\nx14: 0000000000000004 x13: ffffff80d0172110 x12: 0000000000000000\nx11: ffffff80d0537740 x10: ffffff80d05376c0 x9 : ffffffc0808ed2d8\nx8 : ffffffc084f8bab0 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : ffffff80d19b9420 x4 : fffffffe03466e60 x3 : 0000000080800077\nx2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000000\nCall trace:\n dev_pm_domain_detach+0x8/0x48\n platform_shutdown+0x2c/0x48\n device_shutdown+0x158/0x268\n kernel_restart_prepare+0x40/0x58\n kernel_kexec+0x58/0xe8\n __do_sys_reboot+0x198/0x258\n __arm64_sys_reboot+0x2c/0x40\n invoke_syscall+0x5c/0x138\n el0_svc_common.constprop.0+0x48/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x38/0xc8\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x190/0x198\nCode: 8128c2d0 ffffffc0 aa1e03e9 d503201f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21668",
"url": "https://www.suse.com/security/cve/CVE-2025-21668"
},
{
"category": "external",
"summary": "SUSE Bug 1236682 for CVE-2025-21668",
"url": "https://bugzilla.suse.com/1236682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21668"
},
{
"cve": "CVE-2025-21673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double free of TCP_Server_Info::hostname\n\nWhen shutting down the server in cifs_put_tcp_session(), cifsd thread\nmight be reconnecting to multiple DFS targets before it realizes it\nshould exit the loop, so @server-\u003ehostname can\u0027t be freed as long as\ncifsd thread isn\u0027t done. Otherwise the following can happen:\n\n RIP: 0010:__slab_free+0x223/0x3c0\n Code: 5e 41 5f c3 cc cc cc cc 4c 89 de 4c 89 cf 44 89 44 24 08 4c 89\n 1c 24 e8 fb cf 8e 00 44 8b 44 24 08 4c 8b 1c 24 e9 5f fe ff ff \u003c0f\u003e\n 0b 41 f7 45 08 00 0d 21 00 0f 85 2d ff ff ff e9 1f ff ff ff 80\n RSP: 0018:ffffb26180dbfd08 EFLAGS: 00010246\n RAX: ffff8ea34728e510 RBX: ffff8ea34728e500 RCX: 0000000000800068\n RDX: 0000000000800068 RSI: 0000000000000000 RDI: ffff8ea340042400\n RBP: ffffe112041ca380 R08: 0000000000000001 R09: 0000000000000000\n R10: 6170732e31303000 R11: 70726f632e786563 R12: ffff8ea34728e500\n R13: ffff8ea340042400 R14: ffff8ea34728e500 R15: 0000000000800068\n FS: 0000000000000000(0000) GS:ffff8ea66fd80000(0000)\n 000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ffc25376080 CR3: 000000012a2ba001 CR4:\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? show_trace_log_lvl+0x1c4/0x2df\n ? show_trace_log_lvl+0x1c4/0x2df\n ? __reconnect_target_unlocked+0x3e/0x160 [cifs]\n ? __die_body.cold+0x8/0xd\n ? die+0x2b/0x50\n ? do_trap+0xce/0x120\n ? __slab_free+0x223/0x3c0\n ? do_error_trap+0x65/0x80\n ? __slab_free+0x223/0x3c0\n ? exc_invalid_op+0x4e/0x70\n ? __slab_free+0x223/0x3c0\n ? asm_exc_invalid_op+0x16/0x20\n ? __slab_free+0x223/0x3c0\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? __kmalloc+0x4b/0x140\n __reconnect_target_unlocked+0x3e/0x160 [cifs]\n reconnect_dfs_server+0x145/0x430 [cifs]\n cifs_handle_standard+0x1ad/0x1d0 [cifs]\n cifs_demultiplex_thread+0x592/0x730 [cifs]\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n kthread+0xdd/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x50\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21673",
"url": "https://www.suse.com/security/cve/CVE-2025-21673"
},
{
"category": "external",
"summary": "SUSE Bug 1236689 for CVE-2025-21673",
"url": "https://bugzilla.suse.com/1236689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21673"
},
{
"cve": "CVE-2025-21680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: Avoid out-of-bounds access in get_imix_entries\n\nPassing a sufficient amount of imix entries leads to invalid access to the\npkt_dev-\u003eimix_entries array because of the incorrect boundary check.\n\nUBSAN: array-index-out-of-bounds in net/core/pktgen.c:874:24\nindex 20 is out of range for type \u0027imix_pkt [20]\u0027\nCPU: 2 PID: 1210 Comm: bash Not tainted 6.10.0-rc1 #121\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl lib/dump_stack.c:117\n__ubsan_handle_out_of_bounds lib/ubsan.c:429\nget_imix_entries net/core/pktgen.c:874\npktgen_if_write net/core/pktgen.c:1063\npde_write fs/proc/inode.c:334\nproc_reg_write fs/proc/inode.c:346\nvfs_write fs/read_write.c:593\nksys_write fs/read_write.c:644\ndo_syscall_64 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe arch/x86/entry/entry_64.S:130\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[ fp: allow to fill the array completely; minor changelog cleanup ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21680",
"url": "https://www.suse.com/security/cve/CVE-2025-21680"
},
{
"category": "external",
"summary": "SUSE Bug 1236700 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "external",
"summary": "SUSE Bug 1236701 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "important"
}
],
"title": "CVE-2025-21680"
},
{
"cve": "CVE-2025-21681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: fix lockup on tx to unregistering netdev with carrier\n\nCommit in a fixes tag attempted to fix the issue in the following\nsequence of calls:\n\n do_output\n -\u003e ovs_vport_send\n -\u003e dev_queue_xmit\n -\u003e __dev_queue_xmit\n -\u003e netdev_core_pick_tx\n -\u003e skb_tx_hash\n\nWhen device is unregistering, the \u0027dev-\u003ereal_num_tx_queues\u0027 goes to\nzero and the \u0027while (unlikely(hash \u003e= qcount))\u0027 loop inside the\n\u0027skb_tx_hash\u0027 becomes infinite, locking up the core forever.\n\nBut unfortunately, checking just the carrier status is not enough to\nfix the issue, because some devices may still be in unregistering\nstate while reporting carrier status OK.\n\nOne example of such device is a net/dummy. It sets carrier ON\non start, but it doesn\u0027t implement .ndo_stop to set the carrier off.\nAnd it makes sense, because dummy doesn\u0027t really have a carrier.\nTherefore, while this device is unregistering, it\u0027s still easy to hit\nthe infinite loop in the skb_tx_hash() from the OVS datapath. There\nmight be other drivers that do the same, but dummy by itself is\nimportant for the OVS ecosystem, because it is frequently used as a\npacket sink for tcpdump while debugging OVS deployments. And when the\nissue is hit, the only way to recover is to reboot.\n\nFix that by also checking if the device is running. The running\nstate is handled by the net core during unregistering, so it covers\nunregistering case better, and we don\u0027t really need to send packets\nto devices that are not running anyway.\n\nWhile only checking the running state might be enough, the carrier\ncheck is preserved. The running and the carrier states seem disjoined\nthroughout the code and different drivers. And other core functions\nlike __dev_direct_xmit() check both before attempting to transmit\na packet. So, it seems safer to check both flags in OVS as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21681",
"url": "https://www.suse.com/security/cve/CVE-2025-21681"
},
{
"category": "external",
"summary": "SUSE Bug 1236702 for CVE-2025-21681",
"url": "https://bugzilla.suse.com/1236702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21681"
},
{
"cve": "CVE-2025-21684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21684"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: xilinx: Convert gpio_lock to raw spinlock\n\nirq_chip functions may be called in raw spinlock context. Therefore, we\nmust also use a raw spinlock for our own internal locking.\n\nThis fixes the following lockdep splat:\n\n[ 5.349336] =============================\n[ 5.353349] [ BUG: Invalid wait context ]\n[ 5.357361] 6.13.0-rc5+ #69 Tainted: G W\n[ 5.363031] -----------------------------\n[ 5.367045] kworker/u17:1/44 is trying to lock:\n[ 5.371587] ffffff88018b02c0 (\u0026chip-\u003egpio_lock){....}-{3:3}, at: xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.380079] other info that might help us debug this:\n[ 5.385138] context-{5:5}\n[ 5.387762] 5 locks held by kworker/u17:1/44:\n[ 5.392123] #0: ffffff8800014958 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3204)\n[ 5.402260] #1: ffffffc082fcbdd8 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3205)\n[ 5.411528] #2: ffffff880172c900 (\u0026dev-\u003emutex){....}-{4:4}, at: __device_attach (drivers/base/dd.c:1006)\n[ 5.419929] #3: ffffff88039c8268 (request_class#2){+.+.}-{4:4}, at: __setup_irq (kernel/irq/internals.h:156 kernel/irq/manage.c:1596)\n[ 5.428331] #4: ffffff88039c80c8 (lock_class#2){....}-{2:2}, at: __setup_irq (kernel/irq/manage.c:1614)\n[ 5.436472] stack backtrace:\n[ 5.439359] CPU: 2 UID: 0 PID: 44 Comm: kworker/u17:1 Tainted: G W 6.13.0-rc5+ #69\n[ 5.448690] Tainted: [W]=WARN\n[ 5.451656] Hardware name: xlnx,zynqmp (DT)\n[ 5.455845] Workqueue: events_unbound deferred_probe_work_func\n[ 5.461699] Call trace:\n[ 5.464147] show_stack+0x18/0x24 C\n[ 5.467821] dump_stack_lvl (lib/dump_stack.c:123)\n[ 5.471501] dump_stack (lib/dump_stack.c:130)\n[ 5.474824] __lock_acquire (kernel/locking/lockdep.c:4828 kernel/locking/lockdep.c:4898 kernel/locking/lockdep.c:5176)\n[ 5.478758] lock_acquire (arch/arm64/include/asm/percpu.h:40 kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851 kernel/locking/lockdep.c:5814)\n[ 5.482429] _raw_spin_lock_irqsave (include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\n[ 5.486797] xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.490737] irq_enable (kernel/irq/internals.h:236 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345)\n[ 5.494060] __irq_startup (kernel/irq/internals.h:241 kernel/irq/chip.c:180 kernel/irq/chip.c:250)\n[ 5.497645] irq_startup (kernel/irq/chip.c:270)\n[ 5.501143] __setup_irq (kernel/irq/manage.c:1807)\n[ 5.504728] request_threaded_irq (kernel/irq/manage.c:2208)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21684",
"url": "https://www.suse.com/security/cve/CVE-2025-21684"
},
{
"category": "external",
"summary": "SUSE Bug 1236952 for CVE-2025-21684",
"url": "https://bugzilla.suse.com/1236952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21684"
},
{
"cve": "CVE-2025-21687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/platform: check the bounds of read/write syscalls\n\ncount and offset are passed from user space and not checked, only\noffset is capped to 40 bits, which can be used to read/write out of\nbounds of the device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21687",
"url": "https://www.suse.com/security/cve/CVE-2025-21687"
},
{
"category": "external",
"summary": "SUSE Bug 1237045 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "external",
"summary": "SUSE Bug 1237046 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "important"
}
],
"title": "CVE-2025-21687"
},
{
"cve": "CVE-2025-21688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21688"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Assign job pointer to NULL before signaling the fence\n\nIn commit e4b5ccd392b9 (\"drm/v3d: Ensure job pointer is set to NULL\nafter job completion\"), we introduced a change to assign the job pointer\nto NULL after completing a job, indicating job completion.\n\nHowever, this approach created a race condition between the DRM\nscheduler workqueue and the IRQ execution thread. As soon as the fence is\nsignaled in the IRQ execution thread, a new job starts to be executed.\nThis results in a race condition where the IRQ execution thread sets the\njob pointer to NULL simultaneously as the `run_job()` function assigns\na new job to the pointer.\n\nThis race condition can lead to a NULL pointer dereference if the IRQ\nexecution thread sets the job pointer to NULL after `run_job()` assigns\nit to the new job. When the new job completes and the GPU emits an\ninterrupt, `v3d_irq()` is triggered, potentially causing a crash.\n\n[ 466.310099] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0\n[ 466.318928] Mem abort info:\n[ 466.321723] ESR = 0x0000000096000005\n[ 466.325479] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 466.330807] SET = 0, FnV = 0\n[ 466.333864] EA = 0, S1PTW = 0\n[ 466.337010] FSC = 0x05: level 1 translation fault\n[ 466.341900] Data abort info:\n[ 466.344783] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 466.350285] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 466.355350] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 466.360677] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000089772000\n[ 466.367140] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 466.375875] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[ 466.382163] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device algif_hash algif_skcipher af_alg bnep binfmt_misc vc4 snd_soc_hdmi_codec drm_display_helper cec brcmfmac_wcc spidev rpivid_hevc(C) drm_client_lib brcmfmac hci_uart drm_dma_helper pisp_be btbcm brcmutil snd_soc_core aes_ce_blk v4l2_mem2mem bluetooth aes_ce_cipher snd_compress videobuf2_dma_contig ghash_ce cfg80211 gf128mul snd_pcm_dmaengine videobuf2_memops ecdh_generic sha2_ce ecc videobuf2_v4l2 snd_pcm v3d sha256_arm64 rfkill videodev snd_timer sha1_ce libaes gpu_sched snd videobuf2_common sha1_generic drm_shmem_helper mc rp1_pio drm_kms_helper raspberrypi_hwmon spi_bcm2835 gpio_keys i2c_brcmstb rp1 raspberrypi_gpiomem rp1_mailbox rp1_adc nvmem_rmem uio_pdrv_genirq uio i2c_dev drm ledtrig_pattern drm_panel_orientation_quirks backlight fuse dm_mod ip_tables x_tables ipv6\n[ 466.458429] CPU: 0 UID: 1000 PID: 2008 Comm: chromium Tainted: G C 6.13.0-v8+ #18\n[ 466.467336] Tainted: [C]=CRAP\n[ 466.470306] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\n[ 466.476157] pstate: 404000c9 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 466.483143] pc : v3d_irq+0x118/0x2e0 [v3d]\n[ 466.487258] lr : __handle_irq_event_percpu+0x60/0x228\n[ 466.492327] sp : ffffffc080003ea0\n[ 466.495646] x29: ffffffc080003ea0 x28: ffffff80c0c94200 x27: 0000000000000000\n[ 466.502807] x26: ffffffd08dd81d7b x25: ffffff80c0c94200 x24: ffffff8003bdc200\n[ 466.509969] x23: 0000000000000001 x22: 00000000000000a7 x21: 0000000000000000\n[ 466.517130] x20: ffffff8041bb0000 x19: 0000000000000001 x18: 0000000000000000\n[ 466.524291] x17: ffffffafadfb0000 x16: ffffffc080000000 x15: 0000000000000000\n[ 466.531452] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 466.538613] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffffd08c527eb0\n[ 466.545777] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n[ 466.552941] x5 : ffffffd08c4100d0 x4 : ffffffafadfb0000 x3 : ffffffc080003f70\n[ 466.560102] x2 : ffffffc0829e8058 x1 : 0000000000000001 x0 : 0000000000000000\n[ 466.567263] Call trace:\n[ 466.569711] v3d_irq+0x118/0x2e0 [v3d] (P)\n[ 466.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21688",
"url": "https://www.suse.com/security/cve/CVE-2025-21688"
},
{
"category": "external",
"summary": "SUSE Bug 1237007 for CVE-2025-21688",
"url": "https://bugzilla.suse.com/1237007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21688"
},
{
"cve": "CVE-2025-21689",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21689"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()\n\nThis patch addresses a null-ptr-deref in qt2_process_read_urb() due to\nan incorrect bounds check in the following:\n\n if (newport \u003e serial-\u003enum_ports) {\n dev_err(\u0026port-\u003edev,\n \"%s - port change to invalid port: %i\\n\",\n __func__, newport);\n break;\n }\n\nThe condition doesn\u0027t account for the valid range of the serial-\u003eport\nbuffer, which is from 0 to serial-\u003enum_ports - 1. When newport is equal\nto serial-\u003enum_ports, the assignment of \"port\" in the\nfollowing code is out-of-bounds and NULL:\n\n serial_priv-\u003ecurrent_port = newport;\n port = serial-\u003eport[serial_priv-\u003ecurrent_port];\n\nThe fix checks if newport is greater than or equal to serial-\u003enum_ports\nindicating it is out-of-bounds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21689",
"url": "https://www.suse.com/security/cve/CVE-2025-21689"
},
{
"category": "external",
"summary": "SUSE Bug 1237017 for CVE-2025-21689",
"url": "https://bugzilla.suse.com/1237017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21689"
},
{
"cve": "CVE-2025-21690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21690"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Ratelimit warning logs to prevent VM denial of service\n\nIf there\u0027s a persistent error in the hypervisor, the SCSI warning for\nfailed I/O can flood the kernel log and max out CPU utilization,\npreventing troubleshooting from the VM side. Ratelimit the warning so\nit doesn\u0027t DoS the VM.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21690",
"url": "https://www.suse.com/security/cve/CVE-2025-21690"
},
{
"category": "external",
"summary": "SUSE Bug 1237025 for CVE-2025-21690",
"url": "https://bugzilla.suse.com/1237025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21690"
},
{
"cve": "CVE-2025-21692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan \u003cg1042620637@gmail.com\u003e found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [ 18.852298] ------------[ cut here ]------------\n [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [ 18.853743] index 18446744073709551615 is out of range for type \u0027ets_class [16]\u0027\n [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [ 18.856532] Call Trace:\n [ 18.857441] \u003cTASK\u003e\n [ 18.858227] dump_stack_lvl+0xc2/0xf0\n [ 18.859607] dump_stack+0x10/0x20\n [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0\n [ 18.864022] ets_class_change+0x3d6/0x3f0\n [ 18.864322] tc_ctl_tclass+0x251/0x910\n [ 18.864587] ? lock_acquire+0x5e/0x140\n [ 18.865113] ? __mutex_lock+0x9c/0xe70\n [ 18.866009] ? __mutex_lock+0xa34/0xe70\n [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0\n [ 18.866806] ? __lock_acquire+0x578/0xc10\n [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [ 18.867503] netlink_rcv_skb+0x59/0x110\n [ 18.867776] rtnetlink_rcv+0x15/0x30\n [ 18.868159] netlink_unicast+0x1c3/0x2b0\n [ 18.868440] netlink_sendmsg+0x239/0x4b0\n [ 18.868721] ____sys_sendmsg+0x3e2/0x410\n [ 18.869012] ___sys_sendmsg+0x88/0xe0\n [ 18.869276] ? rseq_ip_fixup+0x198/0x260\n [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190\n [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0\n [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220\n [ 18.870547] ? do_syscall_64+0x93/0x150\n [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290\n [ 18.871157] __sys_sendmsg+0x69/0xd0\n [ 18.871416] __x64_sys_sendmsg+0x1d/0x30\n [ 18.871699] x64_sys_call+0x9e2/0x2670\n [ 18.871979] do_syscall_64+0x87/0x150\n [ 18.873280] ? do_syscall_64+0x93/0x150\n [ 18.874742] ? lock_release+0x7b/0x160\n [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0\n [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210\n [ 18.879608] ? irqentry_exit+0x77/0xb0\n [ 18.879808] ? clear_bhb_loop+0x15/0x70\n [ 18.880023] ? clear_bhb_loop+0x15/0x70\n [ 18.880223] ? clear_bhb_loop+0x15/0x70\n [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [ 18.880683] RIP: 0033:0x44a957\n [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [ 18.888395] \u003c/TASK\u003e\n [ 18.888610] ---[ end trace ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21692",
"url": "https://www.suse.com/security/cve/CVE-2025-21692"
},
{
"category": "external",
"summary": "SUSE Bug 1237028 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "external",
"summary": "SUSE Bug 1237048 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "important"
}
],
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Ensure job pointer is set to NULL after job completion\n\nAfter a job completes, the corresponding pointer in the device must\nbe set to NULL. Failing to do so triggers a warning when unloading\nthe driver, as it appears the job is still active. To prevent this,\nassign the job pointer to NULL after completing the job, indicating\nthe job has finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21697",
"url": "https://www.suse.com/security/cve/CVE-2025-21697"
},
{
"category": "external",
"summary": "SUSE Bug 1237132 for CVE-2025-21697",
"url": "https://bugzilla.suse.com/1237132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "low"
}
],
"title": "CVE-2025-21697"
},
{
"cve": "CVE-2025-21699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Truncate address space when flipping GFS2_DIF_JDATA flag\n\nTruncate an inode\u0027s address space when flipping the GFS2_DIF_JDATA flag:\ndepending on that flag, the pages in the address space will either use\nbuffer heads or iomap_folio_state structs, and we cannot mix the two.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21699",
"url": "https://www.suse.com/security/cve/CVE-2025-21699"
},
{
"category": "external",
"summary": "SUSE Bug 1237139 for CVE-2025-21699",
"url": "https://bugzilla.suse.com/1237139"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21699"
},
{
"cve": "CVE-2025-21700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: Disallow replacing of child qdisc from one parent to another\n\nLion Ackermann was able to create a UAF which can be abused for privilege\nescalation with the following script\n\nStep 1. create root qdisc\ntc qdisc add dev lo root handle 1:0 drr\n\nstep2. a class for packet aggregation do demonstrate uaf\ntc class add dev lo classid 1:1 drr\n\nstep3. a class for nesting\ntc class add dev lo classid 1:2 drr\n\nstep4. a class to graft qdisc to\ntc class add dev lo classid 1:3 drr\n\nstep5.\ntc qdisc add dev lo parent 1:1 handle 2:0 plug limit 1024\n\nstep6.\ntc qdisc add dev lo parent 1:2 handle 3:0 drr\n\nstep7.\ntc class add dev lo classid 3:1 drr\n\nstep 8.\ntc qdisc add dev lo parent 3:1 handle 4:0 pfifo\n\nstep 9. Display the class/qdisc layout\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nstep10. trigger the bug \u003c=== prevented by this patch\ntc qdisc replace dev lo parent 1:3 handle 4:0\n\nstep 11. Redisplay again the qdiscs/classes\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 1:3 root leaf 4: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 refcnt 2 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nObserve that a) parent for 4:0 does not change despite the replace request.\nThere can only be one parent. b) refcount has gone up by two for 4:0 and\nc) both class 1:3 and 3:1 are pointing to it.\n\nStep 12. send one packet to plug\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10001))\nstep13. send one packet to the grafted fifo\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10003))\n\nstep14. lets trigger the uaf\ntc class delete dev lo classid 1:3\ntc class delete dev lo classid 1:1\n\nThe semantics of \"replace\" is for a del/add _on the same node_ and not\na delete from one node(3:1) and add to another node (1:3) as in step10.\nWhile we could \"fix\" with a more complex approach there could be\nconsequences to expectations so the patch takes the preventive approach of\n\"disallow such config\".\n\nJoint work with Lion Ackermann \u003cnnamrec@gmail.com\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21700",
"url": "https://www.suse.com/security/cve/CVE-2025-21700"
},
{
"category": "external",
"summary": "SUSE Bug 1237159 for CVE-2025-21700",
"url": "https://bugzilla.suse.com/1237159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21700"
},
{
"cve": "CVE-2025-21705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21705"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle fastopen disconnect correctly\n\nSyzbot was able to trigger a data stream corruption:\n\n WARNING: CPU: 0 PID: 9846 at net/mptcp/protocol.c:1024 __mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Modules linked in:\n CPU: 0 UID: 0 PID: 9846 Comm: syz-executor351 Not tainted 6.13.0-rc2-syzkaller-00059-g00a5acdbf398 #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\n RIP: 0010:__mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Code: fa ff ff 48 8b 4c 24 18 80 e1 07 fe c1 38 c1 0f 8c 8e fa ff ff 48 8b 7c 24 18 e8 e0 db 54 f6 e9 7f fa ff ff e8 e6 80 ee f5 90 \u003c0f\u003e 0b 90 4c 8b 6c 24 40 4d 89 f4 e9 04 f5 ff ff 44 89 f1 80 e1 07\n RSP: 0018:ffffc9000c0cf400 EFLAGS: 00010293\n RAX: ffffffff8bb0dd5a RBX: ffff888033f5d230 RCX: ffff888059ce8000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000c0cf518 R08: ffffffff8bb0d1dd R09: 1ffff110170c8928\n R10: dffffc0000000000 R11: ffffed10170c8929 R12: 0000000000000000\n R13: ffff888033f5d220 R14: dffffc0000000000 R15: ffff8880592b8000\n FS: 00007f6e866496c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f6e86f491a0 CR3: 00000000310e6000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n __mptcp_clean_una_wakeup+0x7f/0x2d0 net/mptcp/protocol.c:1074\n mptcp_release_cb+0x7cb/0xb30 net/mptcp/protocol.c:3493\n release_sock+0x1aa/0x1f0 net/core/sock.c:3640\n inet_wait_for_connect net/ipv4/af_inet.c:609 [inline]\n __inet_stream_connect+0x8bd/0xf30 net/ipv4/af_inet.c:703\n mptcp_sendmsg_fastopen+0x2a2/0x530 net/mptcp/protocol.c:1755\n mptcp_sendmsg+0x1884/0x1b10 net/mptcp/protocol.c:1830\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f6e86ebfe69\n Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007f6e86649168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f6e86f491b8 RCX: 00007f6e86ebfe69\n RDX: 0000000030004001 RSI: 0000000020000080 RDI: 0000000000000003\n RBP: 00007f6e86f491b0 R08: 00007f6e866496c0 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6e86f491bc\n R13: 000000000000006e R14: 00007ffe445d9420 R15: 00007ffe445d9508\n \u003c/TASK\u003e\n\nThe root cause is the bad handling of disconnect() generated internally\nby the MPTCP protocol in case of connect FASTOPEN errors.\n\nAddress the issue increasing the socket disconnect counter even on such\na case, to allow other threads waiting on the same socket lock to\nproperly error out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21705",
"url": "https://www.suse.com/security/cve/CVE-2025-21705"
},
{
"category": "external",
"summary": "SUSE Bug 1238525 for CVE-2025-21705",
"url": "https://bugzilla.suse.com/1238525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21705"
},
{
"cve": "CVE-2025-21715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21715"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: davicom: fix UAF in dm9000_drv_remove\n\ndm is netdev private data and it cannot be\nused after free_netdev() call. Using dm after free_netdev()\ncan cause UAF bug. Fix it by moving free_netdev() at the end of the\nfunction.\n\nThis is similar to the issue fixed in commit\nad297cd2db89 (\"net: qcom/emac: fix UAF in emac_remove\").\n\nThis bug is detected by our static analysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21715",
"url": "https://www.suse.com/security/cve/CVE-2025-21715"
},
{
"category": "external",
"summary": "SUSE Bug 1237889 for CVE-2025-21715",
"url": "https://bugzilla.suse.com/1237889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21715"
},
{
"cve": "CVE-2025-21716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21716"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix uninit-value in vxlan_vnifilter_dump()\n\nKMSAN reported an uninit-value access in vxlan_vnifilter_dump() [1].\n\nIf the length of the netlink message payload is less than\nsizeof(struct tunnel_msg), vxlan_vnifilter_dump() accesses bytes\nbeyond the message. This can lead to uninit-value access. Fix this by\nreturning an error in such situations.\n\n[1]\nBUG: KMSAN: uninit-value in vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6786\n netlink_dump+0x93e/0x15f0 net/netlink/af_netlink.c:2317\n __netlink_dump_start+0x716/0xd60 net/netlink/af_netlink.c:2432\n netlink_dump_start include/linux/netlink.h:340 [inline]\n rtnetlink_dump_start net/core/rtnetlink.c:6815 [inline]\n rtnetlink_rcv_msg+0x1256/0x14a0 net/core/rtnetlink.c:6882\n netlink_rcv_skb+0x467/0x660 net/netlink/af_netlink.c:2542\n rtnetlink_rcv+0x35/0x40 net/core/rtnetlink.c:6944\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0xed6/0x1290 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x1092/0x1230 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4110 [inline]\n slab_alloc_node mm/slub.c:4153 [inline]\n kmem_cache_alloc_node_noprof+0x800/0xe80 mm/slub.c:4205\n kmalloc_reserve+0x13b/0x4b0 net/core/skbuff.c:587\n __alloc_skb+0x347/0x7d0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1323 [inline]\n netlink_alloc_large_skb+0xa5/0x280 net/netlink/af_netlink.c:1196\n netlink_sendmsg+0xac9/0x1230 net/netlink/af_netlink.c:1866\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 30991 Comm: syz.4.10630 Not tainted 6.12.0-10694-gc44daa7e3c73 #29\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21716",
"url": "https://www.suse.com/security/cve/CVE-2025-21716"
},
{
"category": "external",
"summary": "SUSE Bug 1237891 for CVE-2025-21716",
"url": "https://bugzilla.suse.com/1237891"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21716"
},
{
"cve": "CVE-2025-21719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmr: do not call mr_mfc_uses_dev() for unres entries\n\nsyzbot found that calling mr_mfc_uses_dev() for unres entries\nwould crash [1], because c-\u003emfc_un.res.minvif / c-\u003emfc_un.res.maxvif\nalias to \"struct sk_buff_head unresolved\", which contain two pointers.\n\nThis code never worked, lets remove it.\n\n[1]\nUnable to handle kernel paging request at virtual address ffff5fff2d536613\nKASAN: maybe wild-memory-access in range [0xfffefff96a9b3098-0xfffefff96a9b309f]\nModules linked in:\nCPU: 1 UID: 0 PID: 7321 Comm: syz.0.16 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline]\n pc : mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334\n lr : mr_mfc_uses_dev net/ipv4/ipmr_base.c:289 [inline]\n lr : mr_table_dump+0x694/0x8b0 net/ipv4/ipmr_base.c:334\nCall trace:\n mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline] (P)\n mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334 (P)\n mr_rtm_dumproute+0x254/0x454 net/ipv4/ipmr_base.c:382\n ipmr_rtm_dumproute+0x248/0x4b4 net/ipv4/ipmr.c:2648\n rtnl_dump_all+0x2e4/0x4e8 net/core/rtnetlink.c:4327\n rtnl_dumpit+0x98/0x1d0 net/core/rtnetlink.c:6791\n netlink_dump+0x4f0/0xbc0 net/netlink/af_netlink.c:2317\n netlink_recvmsg+0x56c/0xe64 net/netlink/af_netlink.c:1973\n sock_recvmsg_nosec net/socket.c:1033 [inline]\n sock_recvmsg net/socket.c:1055 [inline]\n sock_read_iter+0x2d8/0x40c net/socket.c:1125\n new_sync_read fs/read_write.c:484 [inline]\n vfs_read+0x740/0x970 fs/read_write.c:565\n ksys_read+0x15c/0x26c fs/read_write.c:708",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21719",
"url": "https://www.suse.com/security/cve/CVE-2025-21719"
},
{
"category": "external",
"summary": "SUSE Bug 1238860 for CVE-2025-21719",
"url": "https://bugzilla.suse.com/1238860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21719"
},
{
"cve": "CVE-2025-21724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()\n\nResolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index()\nwhere shifting the constant \"1\" (of type int) by bitmap-\u003emapped.pgshift\n(an unsigned long value) could result in undefined behavior.\n\nThe constant \"1\" defaults to a 32-bit \"int\", and when \"pgshift\" exceeds\n31 (e.g., pgshift = 63) the shift operation overflows, as the result\ncannot be represented in a 32-bit type.\n\nTo resolve this, the constant is updated to \"1UL\", promoting it to an\nunsigned long type to match the operand\u0027s type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21724",
"url": "https://www.suse.com/security/cve/CVE-2025-21724"
},
{
"category": "external",
"summary": "SUSE Bug 1238863 for CVE-2025-21724",
"url": "https://bugzilla.suse.com/1238863"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21724"
},
{
"cve": "CVE-2025-21725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix oops due to unset link speed\n\nIt isn\u0027t guaranteed that NETWORK_INTERFACE_INFO::LinkSpeed will always\nbe set by the server, so the client must handle any values and then\nprevent oopses like below from happening:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 1323 Comm: cat Not tainted 6.13.0-rc7 #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41\n04/01/2014\nRIP: 0010:cifs_debug_data_proc_show+0xa45/0x1460 [cifs] Code: 00 00 48\n89 df e8 3b cd 1b c1 41 f6 44 24 2c 04 0f 84 50 01 00 00 48 89 ef e8\ne7 d0 1b c1 49 8b 44 24 18 31 d2 49 8d 7c 24 28 \u003c48\u003e f7 74 24 18 48 89\nc3 e8 6e cf 1b c1 41 8b 6c 24 28 49 8d 7c 24\nRSP: 0018:ffffc90001817be0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88811230022c RCX: ffffffffc041bd99\nRDX: 0000000000000000 RSI: 0000000000000567 RDI: ffff888112300228\nRBP: ffff888112300218 R08: fffff52000302f5f R09: ffffed1022fa58ac\nR10: ffff888117d2c566 R11: 00000000fffffffe R12: ffff888112300200\nR13: 000000012a15343f R14: 0000000000000001 R15: ffff888113f2db58\nFS: 00007fe27119e740(0000) GS:ffff888148600000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fe2633c5000 CR3: 0000000124da0000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? die+0x2e/0x50\n ? do_trap+0x159/0x1b0\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? do_error_trap+0x90/0x130\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? exc_divide_error+0x39/0x50\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? asm_exc_divide_error+0x1a/0x20\n ? cifs_debug_data_proc_show+0xa39/0x1460 [cifs]\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? seq_read_iter+0x42e/0x790\n seq_read_iter+0x19a/0x790\n proc_reg_read_iter+0xbe/0x110\n ? __pfx_proc_reg_read_iter+0x10/0x10\n vfs_read+0x469/0x570\n ? do_user_addr_fault+0x398/0x760\n ? __pfx_vfs_read+0x10/0x10\n ? find_held_lock+0x8a/0xa0\n ? __pfx_lock_release+0x10/0x10\n ksys_read+0xd3/0x170\n ? __pfx_ksys_read+0x10/0x10\n ? __rcu_read_unlock+0x50/0x270\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe271288911\nCode: 00 48 8b 15 01 25 10 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8\n20 ad 01 00 f3 0f 1e fa 80 3d b5 a7 10 00 00 74 13 31 c0 0f 05 \u003c48\u003e 3d\n00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec\nRSP: 002b:00007ffe87c079d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\nRAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007fe271288911\nRDX: 0000000000040000 RSI: 00007fe2633c6000 RDI: 0000000000000003\nRBP: 00007ffe87c07a00 R08: 0000000000000000 R09: 00007fe2713e6380\nR10: 0000000000000022 R11: 0000000000000246 R12: 0000000000040000\nR13: 00007fe2633c6000 R14: 0000000000000003 R15: 0000000000000000\n \u003c/TASK\u003e\n\nFix this by setting cifs_server_iface::speed to a sane value (1Gbps)\nby default when link speed is unset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21725",
"url": "https://www.suse.com/security/cve/CVE-2025-21725"
},
{
"category": "external",
"summary": "SUSE Bug 1238877 for CVE-2025-21725",
"url": "https://bugzilla.suse.com/1238877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21725"
},
{
"cve": "CVE-2025-21728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Send signals asynchronously if !preemptible\n\nBPF programs can execute in all kinds of contexts and when a program\nrunning in a non-preemptible context uses the bpf_send_signal() kfunc,\nit will cause issues because this kfunc can sleep.\nChange `irqs_disabled()` to `!preemptible()`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21728",
"url": "https://www.suse.com/security/cve/CVE-2025-21728"
},
{
"category": "external",
"summary": "SUSE Bug 1237879 for CVE-2025-21728",
"url": "https://bugzilla.suse.com/1237879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21728"
},
{
"cve": "CVE-2025-21767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21767"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context\n\nThe following bug report happened with a PREEMPT_RT kernel:\n\n BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog\n preempt_count: 1, expected: 0\n RCU nest depth: 0, expected: 0\n get_random_u32+0x4f/0x110\n clocksource_verify_choose_cpus+0xab/0x1a0\n clocksource_verify_percpu.part.0+0x6b/0x330\n clocksource_watchdog_kthread+0x193/0x1a0\n\nIt is due to the fact that clocksource_verify_choose_cpus() is invoked with\npreemption disabled. This function invokes get_random_u32() to obtain\nrandom numbers for choosing CPUs. The batched_entropy_32 local lock and/or\nthe base_crng.lock spinlock in driver/char/random.c will be acquired during\nthe call. In PREEMPT_RT kernel, they are both sleeping locks and so cannot\nbe acquired in atomic context.\n\nFix this problem by using migrate_disable() to allow smp_processor_id() to\nbe reliably used without introducing atomic context. preempt_disable() is\nthen called after clocksource_verify_choose_cpus() but before the\nclocksource measurement is being run to avoid introducing unexpected\nlatency.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21767",
"url": "https://www.suse.com/security/cve/CVE-2025-21767"
},
{
"category": "external",
"summary": "SUSE Bug 1238509 for CVE-2025-21767",
"url": "https://bugzilla.suse.com/1238509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21767"
},
{
"cve": "CVE-2025-21790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21790"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: check vxlan_vnigroup_init() return value\n\nvxlan_init() must check vxlan_vnigroup_init() success\notherwise a crash happens later, spotted by syzbot.\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000002c: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000160-0x0000000000000167]\nCPU: 0 UID: 0 PID: 7313 Comm: syz-executor147 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:vxlan_vnigroup_uninit+0x89/0x500 drivers/net/vxlan/vxlan_vnifilter.c:912\nCode: 00 48 8b 44 24 08 4c 8b b0 98 41 00 00 49 8d 86 60 01 00 00 48 89 c2 48 89 44 24 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 4d 04 00 00 49 8b 86 60 01 00 00 48 ba 00 00 00\nRSP: 0018:ffffc9000cc1eea8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8672effb\nRDX: 000000000000002c RSI: ffffffff8672ecb9 RDI: ffff8880461b4f18\nRBP: ffff8880461b4ef4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000020000\nR13: ffff8880461b0d80 R14: 0000000000000000 R15: dffffc0000000000\nFS: 00007fecfa95d6c0(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fecfa95cfb8 CR3: 000000004472c000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vxlan_uninit+0x1ab/0x200 drivers/net/vxlan/vxlan_core.c:2942\n unregister_netdevice_many_notify+0x12d6/0x1f30 net/core/dev.c:11824\n unregister_netdevice_many net/core/dev.c:11866 [inline]\n unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11736\n register_netdevice+0x1829/0x1eb0 net/core/dev.c:10901\n __vxlan_dev_create+0x7c6/0xa30 drivers/net/vxlan/vxlan_core.c:3981\n vxlan_newlink+0xd1/0x130 drivers/net/vxlan/vxlan_core.c:4407\n rtnl_newlink_create net/core/rtnetlink.c:3795 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21790",
"url": "https://www.suse.com/security/cve/CVE-2025-21790"
},
{
"category": "external",
"summary": "SUSE Bug 1238753 for CVE-2025-21790",
"url": "https://bugzilla.suse.com/1238753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21790"
},
{
"cve": "CVE-2025-21795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21795"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: fix hang in nfsd4_shutdown_callback\n\nIf nfs4_client is in courtesy state then there is no point to send\nthe callback. This causes nfsd4_shutdown_callback to hang since\ncl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP\nnotifies NFSD that the connection was dropped.\n\nThis patch modifies nfsd4_run_cb_work to skip the RPC call if\nnfs4_client is in courtesy state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21795",
"url": "https://www.suse.com/security/cve/CVE-2025-21795"
},
{
"category": "external",
"summary": "SUSE Bug 1238759 for CVE-2025-21795",
"url": "https://bugzilla.suse.com/1238759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21795"
},
{
"cve": "CVE-2025-21799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21799"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()\n\nWhen getting the IRQ we use k3_udma_glue_tx_get_irq() which returns\nnegative error value on error. So not NULL check is not sufficient\nto deteremine if IRQ is valid. Check that IRQ is greater then zero\nto ensure it is valid.\n\nThere is no issue at probe time but at runtime user can invoke\n.set_channels which results in the following call chain.\nam65_cpsw_set_channels()\n am65_cpsw_nuss_update_tx_rx_chns()\n am65_cpsw_nuss_remove_tx_chns()\n am65_cpsw_nuss_init_tx_chns()\n\nAt this point if am65_cpsw_nuss_init_tx_chns() fails due to\nk3_udma_glue_tx_get_irq() then tx_chn-\u003eirq will be set to a\nnegative value.\n\nThen, at subsequent .set_channels with higher channel count we\nwill attempt to free an invalid IRQ in am65_cpsw_nuss_remove_tx_chns()\nleading to a kernel warning.\n\nThe issue is present in the original commit that introduced this driver,\nalthough there, am65_cpsw_nuss_update_tx_rx_chns() existed as\nam65_cpsw_nuss_update_tx_chns().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21799",
"url": "https://www.suse.com/security/cve/CVE-2025-21799"
},
{
"category": "external",
"summary": "SUSE Bug 1238739 for CVE-2025-21799",
"url": "https://bugzilla.suse.com/1238739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21799"
},
{
"cve": "CVE-2025-21802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21802"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix oops when unload drivers paralleling\n\nWhen unload hclge driver, it tries to disable sriov first for each\nae_dev node from hnae3_ae_dev_list. If user unloads hns3 driver at\nthe time, because it removes all the ae_dev nodes, and it may cause\noops.\n\nBut we can\u0027t simply use hnae3_common_lock for this. Because in the\nprocess flow of pci_disable_sriov(), it will trigger the remove flow\nof VF, which will also take hnae3_common_lock.\n\nTo fixes it, introduce a new mutex to protect the unload process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21802",
"url": "https://www.suse.com/security/cve/CVE-2025-21802"
},
{
"category": "external",
"summary": "SUSE Bug 1238751 for CVE-2025-21802",
"url": "https://bugzilla.suse.com/1238751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21802"
}
]
}
suse-su-2025:20270-1
Vulnerability from csaf_suse
Published
2025-04-17 14:37
Modified
2025-04-17 14:37
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- CVE-2024-27415: netfilter: br_netfilter: skip conntrack input hook for promisc packets (bsc#1224757).
- CVE-2024-35910: kABI fix for tcp: properly terminate timers for kernel sockets (bsc#1224489).
- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).
- CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858).
- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).
- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).
- CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439).
- CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769).
- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).
- CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711).
- CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712).
- CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733).
- CVE-2024-49940: l2tp: prevent possible tunnel refcount underflow (bsc#1232812).
- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).
- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).
- CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910).
- CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389).
- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).
- CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060).
- CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028).
- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).
- CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248).
- CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221).
- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).
- CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).
- CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074).
- CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157).
- CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222).
- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).
- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).
- CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715).
- CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729).
- CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244).
- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).
- CVE-2024-56638: kABI fix for "netfilter: nft_inner: incorrect percpu area handling under softirq" (bsc#1235524).
- CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436).
- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501).
- CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455).
- CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589).
- CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591).
- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).
- CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936).
- CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621).
- CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637).
- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).
- CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973).
- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).
- CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532).
- CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).
- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).
- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
- CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104).
- CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990).
- CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997).
- CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970).
- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).
- CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111).
- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113).
- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114).
- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115).
- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122).
- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123).
- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).
- CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206).
- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).
- CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680).
- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).
- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).
- CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).
- CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).
- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).
- CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).
- CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698).
- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).
- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).
- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).
- CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).
- CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528).
- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).
- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).
- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).
- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).
- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).
- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).
- CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874).
- CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494).
- CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506).
- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).
- CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496).
- CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882).
- CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738).
- CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763).
- CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775).
- CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780).
- CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897).
- CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906).
- CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754).
- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).
- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).
- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).
- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).
- CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746).
- CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971).
- CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066).
- CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512).
- CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479).
- CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486).
- CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478).
- CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483).
- CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474).
- CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475).
- CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482).
- CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481).
- CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191).
- CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183).
- CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184).
- CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168).
- CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185).
- CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189).
- CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171).
- CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176).
- CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167).
- CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173).
- CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186).
- CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581).
- CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585).
- CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587).
- CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600).
- CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591).
- CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639).
- CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed
if hclge_ptp_get_cycle returns an error (bsc#1240720).
- CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level > 2 (bsc#1240742).
- CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815).
- CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816).
- CVE-2025-21969: Bluetooth: L2CAP: Fix build errors in some archs (bsc#1240784).
- CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819).
- CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813).
- CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812).
- CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612).
- CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795).
- CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797).
- CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684).
The following non-security bugs were fixed:
- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).
- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).
- ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes).
- ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes).
- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).
- ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes).
- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).
- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).
- ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes).
- ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes).
- ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes).
- ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes).
- ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes).
- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).
- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).
- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).
- ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes).
- ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes).
- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes).
- ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes).
- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).
- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes).
- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes).
- ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes).
- ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes).
- ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes).
- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).
- ALSA: seq: Make dependency on UMP clearer (git-fixes).
- ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes).
- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes).
- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).
- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).
- ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes).
- ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes).
- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).
- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).
- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).
- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).
- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes).
- ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes).
- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).
- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).
- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).
- ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes).
- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes).
- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes).
- ASoC: cs35l41: check the return value from spi_setup() (git-fixes).
- ASoC: es8328: fix route from DAC to output (git-fixes).
- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).
- ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes).
- ASoC: ops: Consistently treat platform_max as control value (git-fixes).
- ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes).
- ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes).
- ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes).
- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).
- ASoC: rt722-sdca: add missing readable registers (git-fixes).
- ASoC: tas2764: Fix power control mask (stable-fixes).
- ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes).
- ASoC: tas2770: Fix volume scale (stable-fixes).
- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).
- Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes).
- Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes).
- Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes).
- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).
- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).
- Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes).
- Bluetooth: hci_event: Fix enabling passive scanning (git-fixes).
- Documentation: qat: fix auto_reset attribute details (git-fixes).
- Documentation: qat: fix auto_reset section (git-fixes).
- Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes).
- Fix memory-hotplug regression (bsc#1237504)
- Grab mm lock before grabbing pt lock (git-fixes).
- HID: Enable playstation driver independently of sony driver (git-fixes).
- HID: Wacom: Add PCI Wacom device support (stable-fixes).
- HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes).
- HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes).
- HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes).
- HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes).
- HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes).
- HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes).
- HID: hid-steam: Add Deck IMU support (stable-fixes).
- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).
- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).
- HID: hid-steam: Clean up locking (stable-fixes).
- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).
- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).
- HID: hid-steam: Fix cleanup in probe() (git-fixes).
- HID: hid-steam: Fix use-after-free when detaching device (git-fixes).
- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).
- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).
- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).
- HID: hid-steam: remove pointless error message (stable-fixes).
- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).
- HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes).
- HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes).
- HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes).
- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes).
- HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes).
- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes).
- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).
- HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes).
- HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes).
- IB/mad: Check available slots before posting receive WRs (git-fixes)
- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)
- Input: ads7846 - fix gpiod allocation (git-fixes).
- Input: allocate keycode for phone linking (stable-fixes).
- Input: i8042 - add required quirks for missing old boardnames (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes).
- Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes).
- Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes).
- Input: iqs7222 - preserve system status register (git-fixes).
- Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes).
- Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes).
- Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes).
- Input: xpad - add multiple supported devices (stable-fixes).
- Input: xpad - add support for TECNO Pocket Go (stable-fixes).
- Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes).
- Input: xpad - rename QH controller to Legion Go S (stable-fixes).
- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).
- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).
- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).
- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).
- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).
- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).
- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).
- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)
- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).
- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).
- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).
- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).
- KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf SPTE (git-fixes).
- KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes).
- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).
- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).
- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).
- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).
- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).
- KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes).
- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).
- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).
- Move upstreamed ACPI patch into sorted section
- Move upstreamed PCI and initramfs patches into sorted section
- Move upstreamed nfsd and sunrpc patches into sorted section
- Move upstreamed powerpc and SCSI patches into sorted section
- PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes).
- PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes).
- PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853)
- PCI/DOE: Support discovery version 2 (bsc#1237853)
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).
- PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes).
- PCI: Avoid reset when disabled via sysfs (git-fixes).
- PCI: Fix BAR resizing when VF BARs are assigned (git-fixes).
- PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes).
- PCI: Fix reference leak in pci_register_host_bridge() (git-fixes).
- PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes).
- PCI: Use downstream bridges for distributing resources (bsc#1237325).
- PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes).
- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes).
- PCI: brcmstb: Fix potential premature regulator disabling (git-fixes).
- PCI: brcmstb: Set generation limit before PCIe link up (git-fixes).
- PCI: brcmstb: Use internal register to change link capability (git-fixes).
- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes).
- PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes).
- PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes).
- PCI: hookup irq_get_affinity callback (bsc#1236896).
- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).
- PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes).
- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).
- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes).
- PM: sleep: Adjust check before setting power.must_resume (git-fixes).
- PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes).
- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).
- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes)
- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes)
- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)
- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)
- RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes)
- RDMA/efa: Reset device on probe failure (git-fixes)
- RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes)
- RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes)
- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)
- RDMA/hns: Fix missing xa_destroy() (git-fixes)
- RDMA/hns: Fix soft lockup during bt pages loop (git-fixes)
- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes)
- RDMA/hns: Fix wrong value of max_sge_rd (git-fixes)
- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).
- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).
- RDMA/mlx5: Fix AH static rate parsing (git-fixes)
- RDMA/mlx5: Fix MR cache initialization error flow (git-fixes)
- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)
- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)
- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)
- RDMA/mlx5: Fix cache entry update on dereg error (git-fixes)
- RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes)
- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)
- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes)
- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)
- RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes)
- RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes)
- RDMA/rxe: Improve newline in printing messages (git-fixes)
- Reapply "wifi: ath11k: restore country code during resume" (bsc#1207948).
- Revert "blk-throttle: Fix IO hang for a corner case" (git-fixes).
- Revert "dm: requeue IO if mapping table not yet available" (git-fixes).
- Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" (git-fixes).
- Revert "drm/amd/display: Use HW lock mgr for PSR1" (stable-fixes).
- Revert "leds-pca955x: Remove the unused function pca95xx_num_led_regs()" (stable-fixes).
- Revert "wifi: ath11k: restore country code during resume" (bsc#1207948).
- Revert "wifi: ath11k: support hibernation" (bsc#1207948).
- SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes).
- SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes).
- SUNRPC: convert RPC_TASK_* constants to enum (git-fixes).
- UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes).
- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).
- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).
- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).
- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).
- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).
- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).
- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).
- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes).
- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).
- USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes).
- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).
- USB: serial: option: drop MeiG Smart defines (stable-fixes).
- USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes).
- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).
- USB: serial: option: match on interface class for Telit FN990B (stable-fixes).
- Update "drm/mgag200: Added support for the new device G200eH5" (jsc#PED-12094)
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes).
- accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes).
- acct: block access to kernel internal filesystems (git-fixes).
- acct: perform last write from workqueue (git-fixes).
- acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes).
- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).
- af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435).
- af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435).
- af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334).
- affs: do not write overlarge OFS data block size fields (git-fixes).
- affs: generate OFS sequence numbers starting at 1 (git-fixes).
- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).
- arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052)
- arch_topology: init capacity_freq_ref to 0 (bsc#1238052)
- arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052)
- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)
- arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes)
- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)
- arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052)
- arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052)
- arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052)
- arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052)
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)
- arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes)
- arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes)
- arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes)
- arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes)
- arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes)
- arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes)
- arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes)
- arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes)
- arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes)
- arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes)
- arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes)
- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes)
- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes)
- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes)
- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes)
- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)
- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)
- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)
- arm64: mm: Correct the update of max_pfn (git-fixes)
- arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes)
- arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes)
- ata: ahci: Add mask_port_map module parameter (git-fixes).
- ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes).
- ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes).
- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).
- ata: libata: Fix NCQ Non-Data log not supported print (git-fixes).
- ata: pata_parport: add custom version of wait_after_reset (git-fixes).
- ata: pata_parport: fit3: implement IDE command set registers (git-fixes).
- ata: pata_serverworks: Do not use the term blacklist (git-fixes).
- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes).
- ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes).
- auxdisplay: panel: Fix an API misuse in panel.c (git-fixes).
- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes).
- batman-adv: Drop unmanaged ELP metric worker (git-fixes).
- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).
- batman-adv: Ignore own maximum aggregation size during RX (git-fixes).
- batman-adv: fix panic during interface removal (git-fixes).
- bio-integrity: do not restrict the size of integrity metadata (git-fixes).
- bitmap: introduce generic optimized bitmap_size() (git-fixes).
- blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558).
- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).
- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).
- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).
- blk-mq: add number of queue calc helper (bsc#1236897).
- blk-mq: create correct map for fallback case (bsc#1236896).
- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).
- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).
- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).
- blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes).
- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).
- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).
- blk_iocost: remove some duplicate irq disable/enables (git-fixes).
- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).
- block: Clear zone limits for a non-zoned stacked queue (git-fixes).
- block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes).
- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).
- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).
- block: Provide bdev_open_* functions (git-fixes).
- block: Remove special-casing of compound pages (git-fixes).
- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).
- block: add a disk_has_partscan helper (git-fixes).
- block: add a partscan sysfs attribute for disks (git-fixes).
- block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes).
- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).
- block: change rq_integrity_vec to respect the iterator (git-fixes).
- block: cleanup and fix batch completion adding conditions (git-fixes).
- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).
- block: do not revert iter for -EIOCBQUEUED (git-fixes).
- block: ensure we hold a queue reference when using queue limits (git-fixes).
- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).
- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).
- block: fix integer overflow in BLKSECDISCARD (git-fixes).
- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).
- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).
- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).
- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).
- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).
- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).
- block: retry call probe after request_module in blk_request_module (git-fixes).
- block: return unsigned int from bdev_io_min (git-fixes).
- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).
- block: support to account io_ticks precisely (git-fixes).
- block: use the right type for stub rq_integrity_vec() (git-fixes).
- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).
- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).
- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).
- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).
- bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes).
- bpf: Check size for BTF-based ctx access of pointer members (git-fixes).
- bpf: Fix a verifier verbose message (git-fixes).
- bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes).
- bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes).
- bpf: Use -Wno-error in certain tests when building with GCC (git-fixes).
- bpf: avoid holding freeze_mutex during mmap operation (git-fixes).
- bpf: fix potential error return (git-fixes).
- bpf: prevent r10 register from being marked as precise (git-fixes).
- bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes).
- broadcom: fix supported flag check in periodic output function (git-fixes).
- btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605).
- btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045).
- btrfs: drop the backref cache during relocation if we commit (bsc#1239605).
- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).
- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).
- btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045).
- btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045).
- btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045).
- bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes).
- bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes).
- bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes).
- bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes).
- bus: simple-pm-bus: fix forced runtime PM use (git-fixes).
- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).
- can: ctucanfd: handle skb allocation failure (git-fixes).
- can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes).
- can: flexcan: disable transceiver during system PM (git-fixes).
- can: flexcan: only change CAN state when link up in system PM (git-fixes).
- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).
- can: rcar_canfd: Fix page entries in the AFL list (git-fixes).
- can: ucan: fix out of bound read in strscpy() source (git-fixes).
- cdx: Fix possible UAF error in driver_override_show() (git-fixes).
- char: misc: deallocate static minor in error path (git-fixes).
- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).
- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).
- cifs: Remove intermediate object of failed create reparse call (git-fixes).
- cifs: commands that are retried should have replay flag set (bsc#1231432).
- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).
- cifs: helper function to check replayable error codes (bsc#1231432).
- cifs: new mount option called retrans (bsc#1231432).
- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).
- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).
- cifs: update desired access while requesting for directory lease (git-fixes).
- cifs: update the same create_guid on replay (git-fixes).
- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).
- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).
- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).
- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).
- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).
- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).
- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).
- clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes).
- config: Set gcc version (jsc#PED-12251).
- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).
- counter: fix privdata alignment (git-fixes).
- counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes).
- counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes).
- cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856)
- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).
- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).
- cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707).
- cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856)
- cpufreq/cppc: Move and rename (bsc#1237856)
- cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052)
- cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052)
- cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052)
Keep the feature disabled by default on x86_64
- cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856)
- cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856)
- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).
- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).
- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).
- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).
- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).
- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).
- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).
- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).
- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).
- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).
- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).
- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).
- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).
- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).
- cpumask: add cpumask_weight_andnot() (bsc#1239015).
- cpumask: define cleanup function for cpumasks (bsc#1239015).
- crypto: ccp - Fix check for the primary ASP device (git-fixes).
- crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes).
- crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes).
- crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes).
- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).
- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).
- crypto: hisilicon/sec2 - fix for sec spec check (git-fixes).
- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).
- crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416).
- crypto: iaa - Change desc->priv to 0 (jsc#PED-12416).
- crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416).
- crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416).
- crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416).
- crypto: iaa - Remove header table code (jsc#PED-12416).
- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416).
- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init()
- crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416).
- crypto: iaa - Test the correct request flag (git-fixes).
- crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416).
- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416).
- crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416).
- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416).
- crypto: iaa - remove unneeded semicolon (jsc#PED-12416).
- crypto: nx - Fix uninitialised hv_nxc on error (git-fixes).
- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416).
- crypto: qat - Constify struct pm_status_row (jsc#PED-12416).
- crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416).
- crypto: qat - Fix spelling mistake "Invalide" -> "Invalid" (jsc#PED-12416).
- crypto: qat - Fix typo "accelaration" (jsc#PED-12416).
- crypto: qat - Fix typo (jsc#PED-12416).
- crypto: qat - Remove trailing space after \n newline (jsc#PED-12416).
- crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416).
- crypto: qat - add admin msgs for telemetry (jsc#PED-12416).
- crypto: qat - add auto reset on error (jsc#PED-12416).
- crypto: qat - add bank save and restore flows (jsc#PED-12416).
- crypto: qat - add fatal error notification (jsc#PED-12416).
- crypto: qat - add fatal error notify method (jsc#PED-12416).
- crypto: qat - add heartbeat error simulator (jsc#PED-12416).
- crypto: qat - add interface for live migration (jsc#PED-12416).
- crypto: qat - add support for 420xx devices (jsc#PED-12416).
- crypto: qat - add support for device telemetry (jsc#PED-12416).
- crypto: qat - add support for ring pair level telemetry (jsc#PED-12416).
- crypto: qat - adf_get_etr_base() helper (jsc#PED-12416).
- crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416).
- crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416).
- crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416).
- crypto: qat - disable arbitration before reset (jsc#PED-12416).
- crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416).
- crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416).
- crypto: qat - fix "Full Going True" macro definition (jsc#PED-12416).
- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416).
- crypto: qat - fix comment structure (jsc#PED-12416).
- crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416).
- crypto: qat - fix recovery flow for VFs (jsc#PED-12416).
- crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416).
- crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416).
- crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416).
- crypto: qat - implement interface for live migration (jsc#PED-12416).
- crypto: qat - improve aer error reset handling (jsc#PED-12416).
- crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416).
- crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416).
- crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416).
- crypto: qat - limit heartbeat notifications (jsc#PED-12416).
- crypto: qat - make adf_ctl_class constant (jsc#PED-12416).
- crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416).
- crypto: qat - move PFVF compat checker to a function (jsc#PED-12416).
- crypto: qat - move fw config related structures (jsc#PED-12416).
- crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416).
- crypto: qat - re-enable sriov after pf reset (jsc#PED-12416).
- crypto: qat - relocate CSR access code (jsc#PED-12416).
- crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416).
- crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416).
- crypto: qat - remove access to parity register for QAT GEN4 (git-fixes).
- crypto: qat - remove unnecessary description from comment (jsc#PED-12416).
- crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416).
- crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416).
- crypto: qat - set parity error mask for qat_420xx (git-fixes).
- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416).
- crypto: qat - update PFVF protocol for recovery (jsc#PED-12416).
- crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416).
- crypto: qat - validate slices count returned by FW (jsc#PED-12416).
- crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416).
- cxgb4: Avoid removal of uninserted tid (git-fixes).
- cxgb4: use port number to set mac addr (git-fixes).
- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).
- dlm: fix srcu_read_lock() return type to int (git-fixes).
- dlm: prevent NPD when writing a positive value to event_done (git-fixes).
- dm array: fix cursor index when skipping across block boundaries (git-fixes).
- dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes).
- dm init: Handle minors larger than 255 (git-fixes).
- dm integrity: fix out-of-range warning (git-fixes).
- dm persistent data: fix memory allocation failure (git-fixes).
- dm resume: do not return EINVAL when signalled (git-fixes).
- dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes).
- dm thin: Add missing destroy_work_on_stack() (git-fixes).
- dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes).
- dm-crypt: track tag_offset in convert_context (git-fixes).
- dm-delay: fix hung task introduced by kthread mode (git-fixes).
- dm-delay: fix max_delay calculations (git-fixes).
- dm-delay: fix workqueue delay_timer race (git-fixes).
- dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes).
- dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes).
- dm-integrity: align the outgoing bio in integrity_recheck (git-fixes).
- dm-integrity: fix a race condition when accessing recalc_sector (git-fixes).
- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes).
- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes).
- dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes).
- dm: Fix typo in error message (git-fixes).
- dma: kmsan: export kmsan_handle_dma() for modules (git-fixes).
- doc/README.SUSE: Point to the updated version of LKMPG
- doc: update managed_irq documentation (bsc#1236897).
- driver core: Remove needless return in void API device_remove_group() (git-fixes).
- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).
- drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes).
- drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes).
- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes).
- drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes).
- drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes).
- drm/amd/display: Fix HPD after gpu reset (stable-fixes).
- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes).
- drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes).
- drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes).
- drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes).
- drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes).
- drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes).
- drm/amd/pm/smu11: Prevent division by zero (git-fixes).
- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).
- drm/amd/pm: Prevent division by zero (git-fixes).
- drm/amd: Keep display off while going into S4 (stable-fixes).
- drm/amdgpu/dma_buf: fix page_link check (git-fixes).
- drm/amdgpu/gfx11: fix num_mec (git-fixes).
- drm/amdgpu/umsch: declare umsch firmware (git-fixes).
- drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes).
- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes).
- drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes).
- drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to
avoid Priority Inversion in SRIOV (git-fixes).
- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).
- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).
- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).
- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).
- drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes).
- drm/amdkfd: only flush the validate MES contex (stable-fixes).
- drm/atomic: Filter out redundant DPMS calls (stable-fixes).
- drm/bridge: Fix spelling mistake "gettin" -> "getting" (git-fixes).
- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).
- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).
- drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes).
- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).
- drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes).
- drm/dp_mst: Add a helper to queue a topology probe (stable-fixes).
- drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes).
- drm/dp_mst: Fix drm RAD print (git-fixes).
- drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes).
- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes).
- drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes).
- drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes).
- drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes).
- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).
- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).
- drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes).
- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).
- drm/i915/huc: Fix fence not released on early probe errors (git-fixes).
- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).
- drm/i915/selftests: avoid using uninitialized context (git-fixes).
- drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes).
- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).
- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).
- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).
- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).
- drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes).
- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes).
- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes).
- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes).
- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)
- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).
- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes).
- drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes).
- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).
- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).
- drm/msm/dpu: do not use active in atomic_check() (git-fixes).
- drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes).
- drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes).
- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).
- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).
- drm/msm: Avoid rounding up to one jiffy (git-fixes).
- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).
- drm/nouveau: Do not override forced connector status (stable-fixes).
- drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes).
- drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes).
- drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes).
- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes).
- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes).
- drm/repaper: fix integer overflows in repeat functions (git-fixes).
- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).
- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).
- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).
- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).
- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).
- drm/sched: Fix fence reference count leak (git-fixes).
- drm/sched: Fix preprocessor guard (git-fixes).
- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes).
- drm/ssd130x: ensure ssd132x pitch is correct (git-fixes).
- drm/ssd130x: fix ssd132x encoding (git-fixes).
- drm/sti: remove duplicate object names (git-fixes).
- drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes).
- drm/virtio: New fence for every plane update (stable-fixes).
- drm/vkms: Fix use after free and double free on init error (git-fixes).
- drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes).
- drm: xlnx: zynqmp: Fix max dma segment size (git-fixes).
- dummycon: fix default rows/cols (git-fixes).
- eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes).
- efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349).
- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).
- efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes).
- eth: gve: use appropriate helper to set xdp_features (git-fixes).
- exfat: convert to ctime accessor functions (git-fixes).
- exfat: do not zero the extended part (bsc#1237356).
- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).
- exfat: fix file being changed by unaligned direct write (git-fixes).
- exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes).
- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).
- exfat: fix zero the unwritten part for dio read (git-fixes).
- fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes).
- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).
- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).
- fbdev: sm501fb: Add some geometry checks (git-fixes).
- firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes).
- firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes).
- firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes).
- firmware: cs_dsp: Remove async regmap writes (git-fixes).
- firmware: imx-scu: fix OF node leak in .probe() (git-fixes).
- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).
- flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994).
- futex: Do not include process MM in futex key on no-MMU (git-fixes).
- gpio: aggregator: protect driver attr handlers against module unload (git-fixes).
- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).
- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).
- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).
- gpio: pca953x: Improve interrupt support (git-fixes).
- gpio: rcar: Fix missing of_node_put() call (git-fixes).
- gpio: rcar: Use raw_spinlock to protect register access (stable-fixes).
- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).
- gpio: tegra186: fix resource handling in ACPI probe path (git-fixes).
- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).
- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).
- gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes).
- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes).
- gup: make the stack expansion warning a bit more targeted (bsc#1238214).
- hfs: Sanity check the root record (git-fixes).
- hwmon: (ad7314) Validate leading zero bits and return error (git-fixes).
- hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes).
- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes).
- hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes).
- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes).
- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).
- i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes).
- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes).
- i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes).
- i2c: ls2x: Fix frequency division register access (git-fixes).
- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).
- i2c: omap: fix IRQ storms (git-fixes).
- i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes).
- i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes).
- i3c: master: svc: Fix missing the IBI rules (git-fixes).
- i3c: master: svc: Use readsb helper for reading MDB (git-fixes).
- iavf: allow changing VLAN state without calling PF (git-fixes).
- ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518).
- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).
- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).
- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).
- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).
- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).
- ice: fix max values for dpll pin phase adjust (git-fixes).
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).
- ice: gather page_count()'s of each frag right before XDP prog call (git-fixes).
- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).
- ice: put Rx buffers after being done with current frame (git-fixes).
- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).
- ice: use internal pf id instead of function number (git-fixes).
- idpf: add read memory barrier when checking descriptor done bit (git-fixes).
- idpf: call set_real_num_queues in idpf_open (bsc#1236661).
- idpf: convert workqueues to unbound (git-fixes).
- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).
- idpf: fix handling rsc packet with a single segment (git-fixes).
- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).
- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).
- igc: return early when failing to read EECD register (git-fixes).
- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes).
- iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes).
- iio: adc: ad4130: Fix comparison of channel setups (git-fixes).
- iio: adc: ad7124: Fix comparison of channel configs (git-fixes).
- iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes).
- iio: dac: ad3552r: clear reset status flag (git-fixes).
- iio: filter: admv8818: Force initialization of SDO (git-fixes).
- include/linux/mmzone.h: clean up watermark accessors (bsc#1239600).
- include: net: add static inline dst_dev_overhead() to dst.h (git-fixes).
- init: add initramfs_internal.h (bsc#1232848).
- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).
- initramfs: allocate heap buffers together (bsc#1232848).
- initramfs: fix hardlink hash leak without TRAILER (bsc#1232848).
- intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes).
- intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes).
- intel_th: pci: Add Arrow Lake support (stable-fixes).
- intel_th: pci: Add Panther Lake-H support (stable-fixes).
- intel_th: pci: Add Panther Lake-P/U support (stable-fixes).
- ioam6: improve checks on user data (git-fixes).
- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).
- iommu/vt-d: Fix suspicious RCU usage (git-fixes).
- ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994).
- ipv4: use RCU protection in inet_select_addr() (bsc#1239994).
- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994).
- ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994).
- ipv4: use RCU protection in rt_is_expired() (bsc#1239994).
- ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes).
- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes).
- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes).
- ipv6: Use RCU in ip6_input() (bsc#1239994).
- ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes).
- ipv6: avoid atomic fragment on GSO packets (git-fixes).
- ipv6: fib6_rules: flush route cache when rule is changed (git-fixes).
- ipv6: fib: hide unused 'pn' variable (git-fixes).
- ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes).
- ipv6: fix potential NULL deref in fib6_add() (git-fixes).
- ipv6: icmp: convert to dev_net_rcu() (bsc#1239994).
- ipv6: introduce dst_rt6_info() helper (git-fixes).
- ipv6: ioam: block BH from ioam6_output() (git-fixes).
- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes).
- ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).
- ipv6: sr: add missing seg6_local_exit (git-fixes).
- ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes).
- ipv6: take care of scope when choosing the src addr (git-fixes).
- jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes).
- jfs: add check read-only before txBeginAnon() call (git-fixes).
- jfs: add index corruption check to DT_GETPAGE() (git-fixes).
- jfs: fix slab-out-of-bounds read in ea_get() (git-fixes).
- jfs: reject on-disk inodes of an unsupported type (git-fixes).
- kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes)
- kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).
- kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).
- kABI fix for netlink: terminate outstanding dump on socket close (git-fixes).
- kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes).
- kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes).
- kABI workaround for intel-ish-hid (git-fixes).
- kABI workaround for soc_mixer_control changes (git-fixes).
- kabi: fix bus type (bsc#1236896).
- kabi: fix group_cpus_evenly (bsc#1236897).
- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).
- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).
- kbuild: hdrcheck: fix cross build with clang (git-fixes).
- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).
- kernel-binary: Support livepatch_rt with merged RT branch
- kernel-source: Also replace bin/env
- kunit: qemu_configs: sparc: use Zilog console (git-fixes).
- l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes).
- l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes).
- l2tp: fix lockdep splat (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes).
- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).
- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).
- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).
- lib: 842: Improve error handling in sw842_compress() (git-fixes).
- lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes).
- lib: stackinit: hide never-taken branch from compiler (stable-fixes).
- libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Rename perf_cpu_map__default_new() to
perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698
jsc#PED-12309).
- libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309).
- lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes).
- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).
- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).
- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).
- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).
- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).
- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).
- md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes).
- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).
- md/md-cluster: fix spares warnings for __le64 (git-fixes).
- md/raid0: do not free conf on raid0_run failure (git-fixes).
- md/raid1: do not free conf on raid0_run failure (git-fixes).
- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).
- md: Do not flush sync_work in md_write_start() (git-fixes).
- md: convert comma to semicolon (git-fixes).
- mdacon: rework dependency list (git-fixes).
- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).
- media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes).
- media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes).
- media: i2c: adv748x: Fix test pattern selection mask (git-fixes).
- media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes).
- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes).
- media: i2c: ov7251: Set enable GPIO low in probe (git-fixes).
- media: ov08x40: Fix hblank out of range issue (git-fixes).
- media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes).
- media: platform: stm32: Add check for clk_enable() (git-fixes).
- media: siano: Fix error handling in smsdvb_module_init() (git-fixes).
- media: streamzap: fix race between device disconnection and urb callback (git-fixes).
- media: streamzap: prevent processing IR data on URB failure (git-fixes).
- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).
- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).
- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).
- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes).
- media: venus: hfi: add a check to handle OOB in sfr region (git-fixes).
- media: venus: hfi: add check to handle incorrect queue size (git-fixes).
- media: venus: hfi_parser: add check to avoid out of bound access (git-fixes).
- media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes).
- media: verisilicon: HEVC: Initialize start_bit field (git-fixes).
- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).
- media: vim2m: print device name after registering device (git-fixes).
- media: visl: Fix ERANGE error when setting enum controls (git-fixes).
- mei: me: add panther lake P DID (stable-fixes).
- memblock tests: fix warning: "__ALIGN_KERNEL" redefined (git-fixes).
- memory: mtk-smi: Add ostd setting for mt8192 (git-fixes).
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes).
- mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes).
- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).
- mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes).
- mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes).
- mfd: syscon: Fix race in device_node_get_regmap() (git-fixes).
- mfd: syscon: Remove extern from function prototypes (stable-fixes).
- mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes).
- mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)).
- mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600).
- mm: accept to promo watermark (bsc#1239600).
- mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600).
- mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600).
- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)
- mm: zswap: move allocations during CPU init outside the lock (git-fixes).
- mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes).
- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).
- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).
- mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes).
- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes).
- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).
- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes).
- mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes).
- mptcp: export local_address (git-fixes)
- mptcp: fix NL PM announced address accounting (git-fixes)
- mptcp: fix data races on local_id (git-fixes)
- mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)
- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)
- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)
- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)
- mptcp: pm: deny endp with signal + subflow + port (git-fixes)
- mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes)
- mptcp: pm: do not try to create sf if alloc failed (git-fixes)
- mptcp: pm: fullmesh: select the right ID later (git-fixes)
- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)
- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)
- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)
- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)
- mptcp: pm: re-using ID of unused removed subflows (git-fixes)
- mptcp: pm: reduce indentation blocks (git-fixes)
- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)
- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)
- mptcp: unify pm get_local_id interfaces (git-fixes)
- mptcp: unify pm set_flags interfaces (git-fixes)
- mtd: Add check for devm_kcalloc() (git-fixes).
- mtd: Replace kcalloc() with devm_kcalloc() (git-fixes).
- mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes).
- mtd: nand: Fix a kdoc comment (git-fixes).
- mtd: rawnand: Add status chack in r852_ready() (git-fixes).
- mtd: rawnand: brcmnand: fix PM resume warning (git-fixes).
- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).
- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).
- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).
- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).
- nbd: Fix signal handling (git-fixes).
- nbd: Improve the documentation of the locking assumptions (git-fixes).
- nbd: do not allow reconnect after disconnect (git-fixes).
- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994).
- ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994).
- net l2tp: drop flow hash on forward (git-fixes).
- net/mlx5: Correct TASR typo into TSAR (git-fixes).
- net/mlx5: Fix RDMA TX steering prio (git-fixes).
- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).
- net/mlx5: SF, Fix add port error handling (git-fixes).
- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).
- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).
- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).
- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).
- net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes).
- net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes).
- net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes).
- net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes).
- net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes).
- net/sched: flower: Add lock protection when remove filter handle (git-fixes).
- net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes).
- net/sched: tbf: correct backlog statistic for GSO packets (git-fixes).
- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).
- net: Fix undefined behavior in netdev name allocation (bsc#1233749).
- net: add dev_net_rcu() helper (bsc#1239994).
- net: avoid UAF on deleted altname (bsc#1233749).
- net: check for altname conflicts when changing netdev's netns (bsc#1233749).
- net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes).
- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).
- net: do not send a MOVE event when netdev changes netns (bsc#1233749).
- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).
- net: fix ifname in netlink ntf during netns move (bsc#1233749).
- net: fix removing a namespace with conflicting altnames (bsc#1233749).
- net: free altname using an RCU callback (bsc#1233749).
- net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes).
- net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes).
- net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes).
- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes).
- net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes).
- net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes).
- net: ipv6: ioam6: code alignment (git-fixes).
- net: ipv6: ioam6: new feature tunsrc (git-fixes).
- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes).
- net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes).
- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes).
- net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).
- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).
- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: mana: Allow variable size indirection table (bsc#1239016).
- net: mana: Assigning IRQ affinity on HT cores (bsc#1239015).
- net: mana: Avoid open coded arithmetic (bsc#1239016).
- net: mana: Cleanup "mana" debugfs dir after cleanup of all children (bsc#1236760).
- net: mana: Enable debugfs files for MANA device (bsc#1236758).
- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015).
- net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015).
- net: mana: Support holes in device list reply msg (git-fixes).
- net: mana: add a function to spread IRQs per CPUs (bsc#1239015).
- net: mana: cleanup mana struct after debugfs_remove() (git-fixes).
- net: move altnames together with the netdevice (bsc#1233749).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- net: reduce indentation of __dev_alloc_name() (bsc#1233749).
- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).
- net: remove else after return in dev_prep_valid_name() (bsc#1233749).
- net: rose: lock the socket in rose_bind() (git-fixes).
- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).
- net: smc: fix spurious error message from __sock_release() (bsc#1237126).
- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).
- net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes).
- net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes).
- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480).
- net: use unrcu_pointer() helper (git-fixes).
- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).
- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes).
- net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes).
- net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes).
- net_sched: sch_sfq: handle bigger packets (git-fixes).
- nfs: clear SB_RDONLY before getting superblock (bsc#1238565).
- nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565).
- nfsd: clear acl_access/acl_default after releasing them (git-fixes).
- nfsd: put dl_stid if fail to queue dl_recall (git-fixes).
- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).
- ntb: Force physically contiguous allocation of rx ring buffers (git-fixes).
- ntb: intel: Fix using link status DB's (git-fixes).
- ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes).
- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes).
- ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes).
- ntb_perf: Fix printk format (git-fixes).
- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).
- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).
- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).
- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).
- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).
- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).
- null_blk: fix validation of block size (git-fixes).
- nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649).
- nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649).
- nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649).
- nvme-fc: use ctrl state getter (git-fixes).
- nvme-ioctl: fix leaked requests on mapping error (git-fixes).
- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).
- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).
- nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes).
- nvme-pci: remove stale comment (git-fixes).
- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).
- nvme-tcp: Fix a C2HTermReq error message (git-fixes).
- nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes).
- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).
- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes).
- nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes).
- nvme/ioctl: add missing space in err message (git-fixes).
- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).
- nvme: introduce nvme_disk_is_ns_head helper (git-fixes).
- nvme: make nvme_tls_attrs_group static (git-fixes).
- nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes).
- nvme: move passthrough logging attribute to head (git-fixes).
- nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649).
- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- nvme: tcp: Fix compilation warning with W=1 (git-fixes).
- nvmet-fc: Remove unused functions (git-fixes).
- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes).
- nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes).
- nvmet: Fix crash when a namespace is disabled (git-fixes).
- nvmet: remove old function prototype (git-fixes).
- objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes).
- objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes).
- objtool: Fix segfault in ignore_unreachable_insn() (git-fixes).
- ocfs2: check dir i_size in ocfs2_find_entry (git-fixes).
- ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes).
- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).
- ocfs2: handle a symlink read error correctly (git-fixes).
- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes).
- ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes).
- orangefs: fix a oob in orangefs_debug_write (git-fixes).
- padata: Clean up in padata_do_multithreaded() (bsc#1237563).
- padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563).
- padata: fix sysfs store callback check (git-fixes).
- partitions: ldm: remove the initial kernel-doc notation (git-fixes).
- partitions: mac: fix handling of bogus partition table (git-fixes).
- perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).
- perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).
- perf tools: annotate asm_pure_loop.S (bsc#1239906).
- perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309).
- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).
- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).
- phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes).
- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes).
- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).
- pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes).
- pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes).
- pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes).
- pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes).
- pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes).
- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).
- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).
- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).
- platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes).
- platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes).
- platform/x86: ISST: Correct command storage data length (git-fixes).
- platform/x86: ISST: Ignore minor version change (bsc#1237452).
- platform/x86: acer-wmi: Ignore AC events (stable-fixes).
- platform/x86: dell-ddv: Fix temperature calculation (git-fixes).
- platform/x86: int3472: Check for adev == NULL (stable-fixes).
- platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes).
- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes).
- platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes).
- platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes).
- pnfs/flexfiles: retry getting layout segment for reads (git-fixes).
- power: supply: da9150-fg: fix potential overflow (git-fixes).
- power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes).
- powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes).
- powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes).
- powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes).
- powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes).
- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).
- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).
- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).
- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).
- powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573).
- powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573).
- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid
mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932).
- powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055).
- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).
- powerpc: Stop using no_llseek (bsc#1239573).
- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).
- r8169: enable SG/TSO on selected chip versions per default (bsc#1235874).
- rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes).
- rapidio: fix an API misues when rio_add_net() fails (git-fixes).
- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).
- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).
- rbd: do not move requests to the running list on errors (git-fixes).
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).
- regmap-irq: Add missing kfree() (git-fixes).
- regulator: check that dummy regulator has been probed before using it (stable-fixes).
- regulator: core: Fix deadlock in create_regulator() (git-fixes).
- regulator: dummy: force synchronous probing (git-fixes).
- rndis_host: Flag RNDIS modems as WWAN devices (git-fixes).
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- rpm/release-projects: Update the ALP projects again (bsc#1231293).
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013).
- s390/cio: Fix CHPID "configure" attribute caching (git-fixes bsc#1240979).
- s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205).
- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).
- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).
- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).
- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).
- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).
- s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978).
- s390/pci: Ignore RID for isolated VFs (bsc#1236752).
- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).
- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).
- s390/pci: Use topology ID for multi-function devices (bsc#1236752).
- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).
- s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594).
- s390/topology: Improve topology detection (bsc#1236591).
- s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595).
- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).
- sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743).
- sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052)
- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).
- scsi: core: Clear driver private data when retrying request (git-fixes).
- scsi: core: Do not retry I/Os during depopulation (git-fixes).
- scsi: core: Handle depopulation and restoration in progress (git-fixes).
- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).
- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).
- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).
- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).
- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).
- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).
- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).
- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).
- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).
- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).
- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).
- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).
- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).
- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).
- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).
- scsi: myrb: Remove dead code (git-fixes).
- scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).
- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).
- scsi: sg: Enable runtime power management (git-fixes).
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).
- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375).
- selftest: hugetlb_dio: fix test naming (git-fixes).
- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).
- selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes).
- selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes).
- selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes).
- selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes).
- selftests/bpf: add fp-leaking precise subprog result tests (git-fixes).
- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).
- selftests/mm/cow: fix the incorrect error handling (git-fixes).
- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).
- selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes).
- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).
- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).
- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).
- selftests: mptcp: close fd_in before returning in main_loop (git-fixes).
- selftests: mptcp: connect: -f: no reconnect (git-fixes).
- selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes).
- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).
- selinux: Implement mptcp_add_subflow hook (bsc#1240375).
- seq_file: add helper macro to define attribute for rw file (jsc#PED-12416).
- serial: 8250: Fix fifo underflow on flush (git-fixes).
- serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes).
- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).
- slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes).
- smb3: fix creating FIFOs when mounting with "sfu" mount option (git-fixes).
- smb3: request handle caching when caching directories (bsc#1231432).
- smb3: retrying on failed server close (bsc#1231432).
- smb: cached directories can be more than root file handle (bsc#1231432).
- smb: cilent: set reparse mount points as automounts (git-fixes).
- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).
- smb: client: Fix minor whitespace errors and warnings (git-fixes).
- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).
- smb: client: add support for WSL reparse points (git-fixes).
- smb: client: allow creating special files via reparse points (git-fixes).
- smb: client: allow creating symlinks via reparse points (git-fixes).
- smb: client: cleanup smb2_query_reparse_point() (git-fixes).
- smb: client: destroy cfid_put_wq on module exit (git-fixes).
- smb: client: do not query reparse points twice on symlinks (git-fixes).
- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).
- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).
- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).
- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).
- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).
- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).
- smb: client: fix hardlinking of reparse points (git-fixes).
- smb: client: fix missing mode bits for SMB symlinks (git-fixes).
- smb: client: fix open_cached_dir retries with 'hard' mount option (bsc#1240616).
- smb: client: fix possible double free in smb2_set_ea() (git-fixes).
- smb: client: fix potential broken compound request (git-fixes).
- smb: client: fix renaming of reparse points (git-fixes).
- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).
- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).
- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).
- smb: client: handle path separator of created SMB symlinks (git-fixes).
- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).
- smb: client: ignore unhandled reparse tags (git-fixes).
- smb: client: implement ->query_reparse_point() for SMB1 (git-fixes).
- smb: client: instantiate when creating SFU files (git-fixes).
- smb: client: introduce ->parse_reparse_point() (git-fixes).
- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).
- smb: client: introduce cifs_sfu_make_node() (git-fixes).
- smb: client: introduce reparse mount option (git-fixes).
- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).
- smb: client: move most of reparse point handling code to common file (git-fixes).
- smb: client: move some params to cifs_open_info_data (bsc#1231432).
- smb: client: optimise reparse point querying (git-fixes).
- smb: client: parse owner/group when creating reparse points (git-fixes).
- smb: client: parse reparse point flag in create response (bsc#1231432).
- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).
- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).
- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).
- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).
- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).
- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).
- smb: client: retry compound request without reusing lease (git-fixes).
- smb: client: return reparse type in /proc/mounts (git-fixes).
- smb: client: reuse file lease key in compound operations (git-fixes).
- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).
- smb: client: set correct file type from NFS reparse points (git-fixes).
- smb: client: stop revalidating reparse points unnecessarily (git-fixes).
- smb: use kernel_connect() and kernel_bind() (git-fixes).
- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).
- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).
- soc: imx8m: Remove global soc_uid (stable-fixes).
- soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes).
- soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes).
- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).
- soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes).
- soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes).
- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).
- soc: qcom: pdr: Fix the potential deadlock (git-fixes).
- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).
- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).
- soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes).
- soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes).
- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).
- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).
- spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes).
- spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes).
- spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes).
- spi: sn-f-ospi: Fix division by zero (git-fixes).
- splice: do not checksum AF_UNIX sockets (bsc#1240333).
- staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes).
- sunrpc: suppress warnings for unused procfs functions (git-fixes).
- supported.conf: add now-included qat_420xx (external, intel)
- tcp: Add memory barrier to tcp_push() (git-fixes).
- tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes).
- tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes).
- tcp: Defer ts_recent changes until req is owned (git-fixes).
- tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes).
- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes).
- tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes).
- tcp: Update window clamping condition (git-fixes).
- tcp: add tcp_done_with_error() helper (git-fixes).
- tcp: adjust rcvq_space after updating scaling ratio (git-fixes).
- tcp: annotate data-races around tp->window_clamp (git-fixes).
- tcp: avoid premature drops in tcp_add_backlog() (git-fixes).
- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes).
- tcp: check mptcp-level constraints for backlog coalescing (git-fixes).
- tcp: check space before adding MPTCP SYN options (git-fixes).
- tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes).
- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes).
- tcp: define initial scaling factor value as a macro (git-fixes).
- tcp: derive delack_max from rto_min (git-fixes).
- tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes).
- tcp: fix cookie_init_timestamp() overflows (git-fixes).
- tcp: fix forever orphan socket caused by tcp_abort (git-fixes).
- tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes).
- tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes).
- tcp: fix mid stream window clamp (git-fixes).
- tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes).
- tcp: fix race in tcp_write_err() (git-fixes).
- tcp: fix races in tcp_abort() (git-fixes).
- tcp: fix races in tcp_v_err() (git-fixes).
- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes).
- tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes).
- tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes).
- tcp: increase the default TCP scaling ratio (git-fixes).
- tcp: introduce tcp_clock_ms() (git-fixes).
- tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes).
- tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes).
- tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes).
- tcp: replace tcp_time_stamp_raw() (git-fixes).
- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).
- thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes).
- thermal: int340x: Add NULL check for adev (git-fixes).
- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).
- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes).
- tools: fix annoying "mkdir -p ..." logs when building tools in parallel (git-fixes).
- tools: move alignment-related macros to new <linux/align.h> (git-fixes).
- topology: Set capacity_freq_ref in all cases (bsc#1238052)
- tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes).
- tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870).
- tpm: do not start chip while suspended (git-fixes).
- tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870).
- tpm: tis: Double the timeout B to 4s (bsc#1235870).
- tpm_tis: Move CRC check to generic send routine (bsc#1235870).
- tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870).
- tty: serial: 8250: Add Brainboxes XC devices (stable-fixes).
- tty: serial: 8250: Add some more device IDs (stable-fixes).
- tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes).
- tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes).
- tty: xilinx_uartps: split sysrq handling (git-fixes).
- ubi: Add a check for ubi_num (git-fixes).
- ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes).
- ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes).
- ubi: correct the calculation of fastmap size (stable-fixes).
- ubi: eba: properly rollback inside self_check_eba (git-fixes).
- ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes).
- ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes).
- ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes).
- ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes).
- ublk: fix error code for unsupported command (git-fixes).
- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).
- ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes).
- ublk: move zone report data out of request pdu (git-fixes).
- ucsi_ccg: Do not show failed to get FW build information error (git-fixes).
- usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes).
- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).
- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes).
- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).
- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).
- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).
- usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes).
- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).
- usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes).
- usb: gadget: Check bmAttributes only if configuration is valid (git-fixes).
- usb: gadget: Fix setting self-powered state on suspend (git-fixes).
- usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes).
- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).
- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).
- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).
- usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).
- usb: hub: lack of clearing xHC resources (git-fixes).
- usb: phy: generic: Use proper helper for property detection (stable-fixes).
- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes).
- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).
- usb: renesas_usbhs: Call clk_put() (git-fixes).
- usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes).
- usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes).
- usb: roles: set switch registered flag early on (git-fixes).
- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes).
- usb: typec: ucsi: Fix NULL pointer access (git-fixes).
- usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes).
- usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes).
- usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes).
- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).
- usb: xhci: correct debug message page size calculation (git-fixes).
- usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes).
- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).
- usbnet: ipheth: document scope of NCM implementation (stable-fixes).
- usbnet:fix NPE during rx_complete (git-fixes).
- util_macros.h: fix/rework find_closest() macros (git-fixes).
- vboxsf: fix building with GCC 15 (stable-fixes).
- vfio/pci: Lock external INTx masking ops (bsc#1222803).
- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).
- virtio-mem: check if the config changed before fake offlining memory (git-fixes).
- virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes).
- virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes).
- virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes).
- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- virtio: hookup irq_get_affinity callback (bsc#1236896).
- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).
- vsock/virtio: cancel close work in the destructor (git-fixes)
- vsock: Keep the binding until socket destruction (git-fixes)
- vsock: reset socket state when de-assigning the transport (git-fixes)
- wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes).
- wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes).
- wifi: ath11k: choose default PM policy for hibernation (bsc#1207948).
- wifi: ath11k: determine PM policy based on machine model (bsc#1207948).
- wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes).
- wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes).
- wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes).
- wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948).
- wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948).
- wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948).
- wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes).
- wifi: ath12k: encode max Tx power in scan channel list command (git-fixes).
- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).
- wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes).
- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).
- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).
- wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes).
- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).
- wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes).
- wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes).
- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).
- wifi: iwlwifi: avoid memory leak (stable-fixes).
- wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes).
- wifi: iwlwifi: limit printed string from FW file (git-fixes).
- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).
- wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes).
- wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes).
- wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes).
- wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes).
- wifi: mt76: Add check for devm_kstrdup() (git-fixes).
- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).
- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).
- wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes).
- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).
- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).
- wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes).
- wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes).
- wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes).
- wifi: mwifiex: Fix premature release of RF calibration data (git-fixes).
- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).
- wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes).
- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).
- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).
- wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes).
- wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes).
- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).
- x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes).
- x86/asm: Make serialize() always_inline (git-fixes).
- x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Temporarily map initrd for microcode loading (git-fixes).
- x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes).
- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).
- x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes).
- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes).
- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).
- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).
- x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes).
- x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes).
- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).
- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes).
- x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes).
- x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes).
- x86/microcode/32: Move early loading after paging enable (git-fixes).
- x86/microcode/amd: Cache builtin microcode too (git-fixes).
- x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes).
- x86/microcode/amd: Use cached microcode for AP load (git-fixes).
- x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes).
- x86/microcode/intel: Add a minimum required revision for late loading (git-fixes).
- x86/microcode/intel: Cleanup code further (git-fixes).
- x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes).
- x86/microcode/intel: Remove debug code (git-fixes).
- x86/microcode/intel: Remove pointless mutex (git-fixes).
- x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes).
- x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes).
- x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes).
- x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes).
- x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes).
- x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes).
- x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes).
- x86/microcode/intel: Simplify early loading (git-fixes).
- x86/microcode/intel: Simplify scan_microcode() (git-fixes).
- x86/microcode/intel: Switch to kvmalloc() (git-fixes).
- x86/microcode/intel: Unify microcode apply() functions (git-fixes).
- x86/microcode: Add per CPU control field (git-fixes).
- x86/microcode: Add per CPU result state (git-fixes).
- x86/microcode: Clarify the late load logic (git-fixes).
- x86/microcode: Clean up mc_cpu_down_prep() (git-fixes).
- x86/microcode: Get rid of the schedule work indirection (git-fixes).
- x86/microcode: Handle "nosmt" correctly (git-fixes).
- x86/microcode: Handle "offline" CPUs correctly (git-fixes).
- x86/microcode: Hide the config knob (git-fixes).
- x86/microcode: Include vendor headers into microcode.h (git-fixes).
- x86/microcode: Make reload_early_microcode() static (git-fixes).
- x86/microcode: Mop up early loading leftovers (git-fixes).
- x86/microcode: Move core specific defines to local header (git-fixes).
- x86/microcode: Prepare for minimal revision check (git-fixes).
- x86/microcode: Protect against instrumentation (git-fixes).
- x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes).
- x86/microcode: Provide new control functions (git-fixes).
- x86/microcode: Remove microcode_mutex (git-fixes).
- x86/microcode: Remove pointless apply() invocation (git-fixes).
- x86/microcode: Rendezvous and load in NMI (git-fixes).
- x86/microcode: Replace the all-in-one rendevous handler (git-fixes).
- x86/microcode: Sanitize __wait_for_cpus() (git-fixes).
- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).
- x86/mm: Remove unused microcode.h include (git-fixes).
- x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes).
- x86/speculation: Add __update_spec_ctrl() helper (git-fixes).
- x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
- xen/swiotlb: relax alignment requirements (git-fixes).
- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes).
- xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes).
- xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701).
- xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701).
- xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes).
- xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550).
- xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550).
- xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes).
- xhci: dbc: Convert to use sysfs_streq() (git-fixes).
- xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes).
- xhci: dbc: Fix STALL transfer event handling (git-fixes).
- xhci: dbc: Replace custom return value with proper Linux error code (git-fixes).
- xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes).
- xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes).
- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).
- xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550).
- xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes).
- xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes).
- xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes).
- xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes).
- xhci: pci: Use standard pattern for device IDs (git-fixes).
- zram: clear IDLE flag after recompression (git-fixes).
- zram: clear IDLE flag in mark_idle() (git-fixes).
- zram: do not mark idle slots that cannot be idle (git-fixes).
- zram: fix potential UAF of zram table (git-fixes).
- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).
- zram: refuse to use zero sized block device as backing device (git-fixes).
- zram: split memory-tracking and ac-time tracking (git-fixes).
Patchnames
SUSE-SLE-Micro-6.1-kernel-14
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).\n- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- CVE-2024-27415: netfilter: br_netfilter: skip conntrack input hook for promisc packets (bsc#1224757).\n- CVE-2024-35910: kABI fix for tcp: properly terminate timers for kernel sockets (bsc#1224489).\n- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).\n- CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858).\n- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).\n- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).\n- CVE-2024-45010: mptcp: pm: only mark \u0027subflow\u0027 endp as available (bsc#1230439).\n- CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769).\n- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).\n- CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711).\n- CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712).\n- CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733).\n- CVE-2024-49940: l2tp: prevent possible tunnel refcount underflow (bsc#1232812).\n- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).\n- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).\n- CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910).\n- CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389).\n- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).\n- CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060).\n- CVE-2024-50142: xfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset (bsc#1233028).\n- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).\n- CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248).\n- CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221).\n- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).\n- CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522).\n- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).\n- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).\n- CVE-2024-53124: net: fix data-races around sk-\u003esk_forward_alloc (bsc#1234074).\n- CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157).\n- CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222).\n- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).\n- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).\n- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).\n- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).\n- CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715).\n- CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729).\n- CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244).\n- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).\n- CVE-2024-56638: kABI fix for \"netfilter: nft_inner: incorrect percpu area handling under softirq\" (bsc#1235524).\n- CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436).\n- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).\n- CVE-2024-56658: net: defer final \u0027struct net\u0027 free in netns dismantle (bsc#1235441).\n- CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501).\n- CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455).\n- CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589).\n- CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591).\n- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).\n- CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936).\n- CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621).\n- CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637).\n- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).\n- CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973).\n- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).\n- CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532).\n- CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).\n- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).\n- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).\n- CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104).\n- CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990).\n- CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997).\n- CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970).\n- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).\n- CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current-\u003ensproxy (bsc#1236111).\n- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy (bsc#1236113).\n- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current-\u003ensproxy (bsc#1236114).\n- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current-\u003ensproxy (bsc#1236115).\n- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current-\u003ensproxy (bsc#1236122).\n- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy (bsc#1236123).\n- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).\n- CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206).\n- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).\n- CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680).\n- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).\n- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).\n- CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).\n- CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).\n- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).\n- CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).\n- CVE-2025-21678: gtp: Destroy device along with udp socket\u0027s netns dismantle (bsc#1236698).\n- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).\n- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).\n- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).\n- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).\n- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).\n- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).\n- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).\n- CVE-2025-21703: netem: Update sch-\u003eq.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).\n- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).\n- CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528).\n- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).\n- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).\n- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).\n- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).\n- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).\n- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).\n- CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874).\n- CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494).\n- CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506).\n- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).\n- CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496).\n- CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882).\n- CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738).\n- CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763).\n- CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775).\n- CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780).\n- CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897).\n- CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906).\n- CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754).\n- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).\n- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).\n- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).\n- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).\n- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).\n- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).\n- CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746).\n- CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971).\n- CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066).\n- CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512).\n- CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479).\n- CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486).\n- CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478).\n- CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483).\n- CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474).\n- CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475).\n- CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482).\n- CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481).\n- CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191).\n- CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183).\n- CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184).\n- CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168).\n- CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185).\n- CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189).\n- CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171).\n- CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176).\n- CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167).\n- CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173).\n- CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186).\n- CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581).\n- CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585).\n- CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587).\n- CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600).\n- CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591).\n- CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639).\n- CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed\n if hclge_ptp_get_cycle returns an error (bsc#1240720).\n- CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level \u003e 2 (bsc#1240742).\n- CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815).\n- CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816).\n- CVE-2025-21969: Bluetooth: L2CAP: Fix build errors in some archs (bsc#1240784).\n- CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819).\n- CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813).\n- CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812).\n- CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612).\n- CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795).\n- CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797).\n- CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684).\n\nThe following non-security bugs were fixed:\n\n- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).\n- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).\n- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).\n- ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes).\n- ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes).\n- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).\n- ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes).\n- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).\n- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).\n- ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes).\n- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes).\n- ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes).\n- ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes).\n- ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes).\n- ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes).\n- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).\n- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).\n- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).\n- ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes).\n- ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes).\n- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes).\n- ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes).\n- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).\n- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes).\n- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes).\n- ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes).\n- ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes).\n- ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes).\n- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).\n- ALSA: seq: Make dependency on UMP clearer (git-fixes).\n- ALSA: seq: remove redundant \u0027tristate\u0027 for SND_SEQ_UMP_CLIENT (stable-fixes).\n- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes).\n- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).\n- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).\n- ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes).\n- ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes).\n- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).\n- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).\n- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).\n- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).\n- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).\n- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes).\n- ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes).\n- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).\n- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).\n- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).\n- ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes).\n- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes).\n- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes).\n- ASoC: cs35l41: check the return value from spi_setup() (git-fixes).\n- ASoC: es8328: fix route from DAC to output (git-fixes).\n- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).\n- ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes).\n- ASoC: ops: Consistently treat platform_max as control value (git-fixes).\n- ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes).\n- ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes).\n- ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes).\n- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).\n- ASoC: rt722-sdca: add missing readable registers (git-fixes).\n- ASoC: tas2764: Fix power control mask (stable-fixes).\n- ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes).\n- ASoC: tas2770: Fix volume scale (stable-fixes).\n- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).\n- Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes).\n- Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes).\n- Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes).\n- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).\n- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).\n- Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes).\n- Bluetooth: hci_event: Fix enabling passive scanning (git-fixes).\n- Documentation: qat: fix auto_reset attribute details (git-fixes).\n- Documentation: qat: fix auto_reset section (git-fixes).\n- Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes).\n- Fix memory-hotplug regression (bsc#1237504)\n- Grab mm lock before grabbing pt lock (git-fixes).\n- HID: Enable playstation driver independently of sony driver (git-fixes).\n- HID: Wacom: Add PCI Wacom device support (stable-fixes).\n- HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes).\n- HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes).\n- HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes).\n- HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes).\n- HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes).\n- HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes).\n- HID: hid-steam: Add Deck IMU support (stable-fixes).\n- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).\n- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).\n- HID: hid-steam: Clean up locking (stable-fixes).\n- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).\n- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).\n- HID: hid-steam: Fix cleanup in probe() (git-fixes).\n- HID: hid-steam: Fix use-after-free when detaching device (git-fixes).\n- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).\n- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).\n- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).\n- HID: hid-steam: remove pointless error message (stable-fixes).\n- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).\n- HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes).\n- HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes).\n- HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes).\n- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes).\n- HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes).\n- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes).\n- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).\n- HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes).\n- HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes).\n- IB/mad: Check available slots before posting receive WRs (git-fixes)\n- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)\n- Input: ads7846 - fix gpiod allocation (git-fixes).\n- Input: allocate keycode for phone linking (stable-fixes).\n- Input: i8042 - add required quirks for missing old boardnames (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes).\n- Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes).\n- Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes).\n- Input: iqs7222 - preserve system status register (git-fixes).\n- Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes).\n- Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes).\n- Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes).\n- Input: xpad - add multiple supported devices (stable-fixes).\n- Input: xpad - add support for TECNO Pocket Go (stable-fixes).\n- Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes).\n- Input: xpad - rename QH controller to Legion Go S (stable-fixes).\n- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).\n- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).\n- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).\n- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).\n- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).\n- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).\n- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).\n- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)\n- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).\n- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).\n- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).\n- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).\n- KVM: x86/mmu: Skip the \"try unsync\" path iff the old SPTE was a leaf SPTE (git-fixes).\n- KVM: x86: AMD\u0027s IBPB is not equivalent to Intel\u0027s IBPB (git-fixes).\n- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).\n- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).\n- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).\n- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).\n- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).\n- KVM: x86: Reject Hyper-V\u0027s SEND_IPI hypercalls if local APIC isn\u0027t in-kernel (git-fixes).\n- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).\n- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).\n- Move upstreamed ACPI patch into sorted section\n- Move upstreamed PCI and initramfs patches into sorted section\n- Move upstreamed nfsd and sunrpc patches into sorted section\n- Move upstreamed powerpc and SCSI patches into sorted section\n- PCI/ACS: Fix \u0027pci=config_acs=\u0027 parameter (git-fixes).\n- PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes).\n- PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853)\n- PCI/DOE: Support discovery version 2 (bsc#1237853)\n- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).\n- PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes).\n- PCI: Avoid reset when disabled via sysfs (git-fixes).\n- PCI: Fix BAR resizing when VF BARs are assigned (git-fixes).\n- PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes).\n- PCI: Fix reference leak in pci_register_host_bridge() (git-fixes).\n- PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes).\n- PCI: Use downstream bridges for distributing resources (bsc#1237325).\n- PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes).\n- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes).\n- PCI: brcmstb: Fix potential premature regulator disabling (git-fixes).\n- PCI: brcmstb: Set generation limit before PCIe link up (git-fixes).\n- PCI: brcmstb: Use internal register to change link capability (git-fixes).\n- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes).\n- PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes).\n- PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes).\n- PCI: hookup irq_get_affinity callback (bsc#1236896).\n- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).\n- PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes).\n- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).\n- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes).\n- PM: sleep: Adjust check before setting power.must_resume (git-fixes).\n- PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes).\n- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).\n- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes)\n- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes)\n- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)\n- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)\n- RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes)\n- RDMA/efa: Reset device on probe failure (git-fixes)\n- RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes)\n- RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes)\n- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)\n- RDMA/hns: Fix missing xa_destroy() (git-fixes)\n- RDMA/hns: Fix soft lockup during bt pages loop (git-fixes)\n- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes)\n- RDMA/hns: Fix wrong value of max_sge_rd (git-fixes)\n- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).\n- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).\n- RDMA/mlx5: Fix AH static rate parsing (git-fixes)\n- RDMA/mlx5: Fix MR cache initialization error flow (git-fixes)\n- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)\n- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)\n- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)\n- RDMA/mlx5: Fix cache entry update on dereg error (git-fixes)\n- RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes)\n- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)\n- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes)\n- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)\n- RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes)\n- RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes)\n- RDMA/rxe: Improve newline in printing messages (git-fixes)\n- Reapply \"wifi: ath11k: restore country code during resume\" (bsc#1207948).\n- Revert \"blk-throttle: Fix IO hang for a corner case\" (git-fixes).\n- Revert \"dm: requeue IO if mapping table not yet available\" (git-fixes).\n- Revert \"drivers/card_reader/rtsx_usb: Restore interrupt based detection\" (git-fixes).\n- Revert \"drm/amd/display: Use HW lock mgr for PSR1\" (stable-fixes).\n- Revert \"leds-pca955x: Remove the unused function pca95xx_num_led_regs()\" (stable-fixes).\n- Revert \"wifi: ath11k: restore country code during resume\" (bsc#1207948).\n- Revert \"wifi: ath11k: support hibernation\" (bsc#1207948).\n- SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes).\n- SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes).\n- SUNRPC: convert RPC_TASK_* constants to enum (git-fixes).\n- UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes).\n- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).\n- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).\n- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).\n- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).\n- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).\n- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).\n- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).\n- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes).\n- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).\n- USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes).\n- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).\n- USB: serial: option: drop MeiG Smart defines (stable-fixes).\n- USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes).\n- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).\n- USB: serial: option: match on interface class for Telit FN990B (stable-fixes).\n- Update \"drm/mgag200: Added support for the new device G200eH5\" (jsc#PED-12094)\n- Use gcc-13 for build on SLE16 (jsc#PED-10028).\n- accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes).\n- accel/qaic: Fix possible data corruption in BOs \u003e 2G (git-fixes).\n- acct: block access to kernel internal filesystems (git-fixes).\n- acct: perform last write from workqueue (git-fixes).\n- acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes).\n- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).\n- af_unix: Annotate data-race of sk-\u003esk_state in unix_stream_read_skb() (bsc#1239435).\n- af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435).\n- af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334).\n- affs: do not write overlarge OFS data block size fields (git-fixes).\n- affs: generate OFS sequence numbers starting at 1 (git-fixes).\n- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).\n- arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052)\n- arch_topology: init capacity_freq_ref to 0 (bsc#1238052)\n- arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052)\n- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)\n- arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes)\n- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)\n- arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052)\n- arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052)\n- arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052)\n- arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052)\n- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)\n- arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes)\n- arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes)\n- arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes)\n- arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes)\n- arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes)\n- arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes)\n- arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes)\n- arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes)\n- arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes)\n- arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes)\n- arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes)\n- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes)\n- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes)\n- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes)\n- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes)\n- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)\n- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)\n- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)\n- arm64: mm: Correct the update of max_pfn (git-fixes)\n- arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes)\n- arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes)\n- ata: ahci: Add mask_port_map module parameter (git-fixes).\n- ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes).\n- ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes).\n- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).\n- ata: libata: Fix NCQ Non-Data log not supported print (git-fixes).\n- ata: pata_parport: add custom version of wait_after_reset (git-fixes).\n- ata: pata_parport: fit3: implement IDE command set registers (git-fixes).\n- ata: pata_serverworks: Do not use the term blacklist (git-fixes).\n- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes).\n- ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes).\n- auxdisplay: panel: Fix an API misuse in panel.c (git-fixes).\n- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes).\n- batman-adv: Drop unmanaged ELP metric worker (git-fixes).\n- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).\n- batman-adv: Ignore own maximum aggregation size during RX (git-fixes).\n- batman-adv: fix panic during interface removal (git-fixes).\n- bio-integrity: do not restrict the size of integrity metadata (git-fixes).\n- bitmap: introduce generic optimized bitmap_size() (git-fixes).\n- blk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage (bsc#1237558).\n- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).\n- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).\n- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).\n- blk-mq: add number of queue calc helper (bsc#1236897).\n- blk-mq: create correct map for fallback case (bsc#1236896).\n- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).\n- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).\n- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).\n- blk-mq: move cpuhp callback registering out of q-\u003esysfs_lock (git-fixes).\n- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).\n- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).\n- blk_iocost: remove some duplicate irq disable/enables (git-fixes).\n- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).\n- block: Clear zone limits for a non-zoned stacked queue (git-fixes).\n- block: Fix elevator_get_default() checking for NULL q-\u003etag_set (git-fixes).\n- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).\n- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).\n- block: Provide bdev_open_* functions (git-fixes).\n- block: Remove special-casing of compound pages (git-fixes).\n- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).\n- block: add a disk_has_partscan helper (git-fixes).\n- block: add a partscan sysfs attribute for disks (git-fixes).\n- block: add check of \u0027minors\u0027 and \u0027first_minor\u0027 in device_add_disk() (git-fixes).\n- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).\n- block: change rq_integrity_vec to respect the iterator (git-fixes).\n- block: cleanup and fix batch completion adding conditions (git-fixes).\n- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).\n- block: do not revert iter for -EIOCBQUEUED (git-fixes).\n- block: ensure we hold a queue reference when using queue limits (git-fixes).\n- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).\n- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).\n- block: fix integer overflow in BLKSECDISCARD (git-fixes).\n- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).\n- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).\n- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).\n- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).\n- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).\n- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).\n- block: retry call probe after request_module in blk_request_module (git-fixes).\n- block: return unsigned int from bdev_io_min (git-fixes).\n- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).\n- block: support to account io_ticks precisely (git-fixes).\n- block: use the right type for stub rq_integrity_vec() (git-fixes).\n- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).\n- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).\n- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).\n- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).\n- bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes).\n- bpf: Check size for BTF-based ctx access of pointer members (git-fixes).\n- bpf: Fix a verifier verbose message (git-fixes).\n- bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes).\n- bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes).\n- bpf: Use -Wno-error in certain tests when building with GCC (git-fixes).\n- bpf: avoid holding freeze_mutex during mmap operation (git-fixes).\n- bpf: fix potential error return (git-fixes).\n- bpf: prevent r10 register from being marked as precise (git-fixes).\n- bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes).\n- broadcom: fix supported flag check in periodic output function (git-fixes).\n- btrfs: check delayed refs when we\u0027re checking if a ref exists (bsc#1239605).\n- btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045).\n- btrfs: drop the backref cache during relocation if we commit (bsc#1239605).\n- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).\n- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).\n- btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045).\n- btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045).\n- btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045).\n- bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes).\n- bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes).\n- bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes).\n- bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes).\n- bus: simple-pm-bus: fix forced runtime PM use (git-fixes).\n- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).\n- can: ctucanfd: handle skb allocation failure (git-fixes).\n- can: etas_es58x: fix potential NULL pointer dereference on udev-\u003eserial (git-fixes).\n- can: flexcan: disable transceiver during system PM (git-fixes).\n- can: flexcan: only change CAN state when link up in system PM (git-fixes).\n- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).\n- can: rcar_canfd: Fix page entries in the AFL list (git-fixes).\n- can: ucan: fix out of bound read in strscpy() source (git-fixes).\n- cdx: Fix possible UAF error in driver_override_show() (git-fixes).\n- char: misc: deallocate static minor in error path (git-fixes).\n- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).\n- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).\n- cifs: Remove intermediate object of failed create reparse call (git-fixes).\n- cifs: commands that are retried should have replay flag set (bsc#1231432).\n- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).\n- cifs: helper function to check replayable error codes (bsc#1231432).\n- cifs: new mount option called retrans (bsc#1231432).\n- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).\n- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).\n- cifs: update desired access while requesting for directory lease (git-fixes).\n- cifs: update the same create_guid on replay (git-fixes).\n- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).\n- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).\n- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).\n- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).\n- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).\n- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).\n- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).\n- clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes).\n- config: Set gcc version (jsc#PED-12251).\n- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).\n- counter: fix privdata alignment (git-fixes).\n- counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes).\n- counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes).\n- cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856)\n- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).\n- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).\n- cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707).\n- cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856)\n- cpufreq/cppc: Move and rename (bsc#1237856)\n- cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052)\n- cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052)\n- cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052)\n Keep the feature disabled by default on x86_64\n- cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856)\n- cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856)\n- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).\n- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).\n- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).\n- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).\n- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).\n- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).\n- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).\n- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).\n- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).\n- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).\n- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).\n- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).\n- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).\n- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).\n- cpumask: add cpumask_weight_andnot() (bsc#1239015).\n- cpumask: define cleanup function for cpumasks (bsc#1239015).\n- crypto: ccp - Fix check for the primary ASP device (git-fixes).\n- crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).\n- crypto: hisilicon/sec2 - fix for sec spec check (git-fixes).\n- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).\n- crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416).\n- crypto: iaa - Change desc-\u003epriv to 0 (jsc#PED-12416).\n- crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416).\n- crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416).\n- crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416).\n- crypto: iaa - Remove header table code (jsc#PED-12416).\n- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416).\n- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init()\n- crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416).\n- crypto: iaa - Test the correct request flag (git-fixes).\n- crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416).\n- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416).\n- crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416).\n- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416).\n- crypto: iaa - remove unneeded semicolon (jsc#PED-12416).\n- crypto: nx - Fix uninitialised hv_nxc on error (git-fixes).\n- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416).\n- crypto: qat - Constify struct pm_status_row (jsc#PED-12416).\n- crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416).\n- crypto: qat - Fix spelling mistake \"Invalide\" -\u003e \"Invalid\" (jsc#PED-12416).\n- crypto: qat - Fix typo \"accelaration\" (jsc#PED-12416).\n- crypto: qat - Fix typo (jsc#PED-12416).\n- crypto: qat - Remove trailing space after \\n newline (jsc#PED-12416).\n- crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416).\n- crypto: qat - add admin msgs for telemetry (jsc#PED-12416).\n- crypto: qat - add auto reset on error (jsc#PED-12416).\n- crypto: qat - add bank save and restore flows (jsc#PED-12416).\n- crypto: qat - add fatal error notification (jsc#PED-12416).\n- crypto: qat - add fatal error notify method (jsc#PED-12416).\n- crypto: qat - add heartbeat error simulator (jsc#PED-12416).\n- crypto: qat - add interface for live migration (jsc#PED-12416).\n- crypto: qat - add support for 420xx devices (jsc#PED-12416).\n- crypto: qat - add support for device telemetry (jsc#PED-12416).\n- crypto: qat - add support for ring pair level telemetry (jsc#PED-12416).\n- crypto: qat - adf_get_etr_base() helper (jsc#PED-12416).\n- crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416).\n- crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416).\n- crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416).\n- crypto: qat - disable arbitration before reset (jsc#PED-12416).\n- crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416).\n- crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416).\n- crypto: qat - fix \"Full Going True\" macro definition (jsc#PED-12416).\n- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416).\n- crypto: qat - fix comment structure (jsc#PED-12416).\n- crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416).\n- crypto: qat - fix recovery flow for VFs (jsc#PED-12416).\n- crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416).\n- crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416).\n- crypto: qat - implement dh fallback for primes \u003e 4K (jsc#PED-12416).\n- crypto: qat - implement interface for live migration (jsc#PED-12416).\n- crypto: qat - improve aer error reset handling (jsc#PED-12416).\n- crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416).\n- crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416).\n- crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416).\n- crypto: qat - limit heartbeat notifications (jsc#PED-12416).\n- crypto: qat - make adf_ctl_class constant (jsc#PED-12416).\n- crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416).\n- crypto: qat - move PFVF compat checker to a function (jsc#PED-12416).\n- crypto: qat - move fw config related structures (jsc#PED-12416).\n- crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416).\n- crypto: qat - re-enable sriov after pf reset (jsc#PED-12416).\n- crypto: qat - relocate CSR access code (jsc#PED-12416).\n- crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416).\n- crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416).\n- crypto: qat - remove access to parity register for QAT GEN4 (git-fixes).\n- crypto: qat - remove unnecessary description from comment (jsc#PED-12416).\n- crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416).\n- crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416).\n- crypto: qat - set parity error mask for qat_420xx (git-fixes).\n- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416).\n- crypto: qat - update PFVF protocol for recovery (jsc#PED-12416).\n- crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416).\n- crypto: qat - validate slices count returned by FW (jsc#PED-12416).\n- crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416).\n- cxgb4: Avoid removal of uninserted tid (git-fixes).\n- cxgb4: use port number to set mac addr (git-fixes).\n- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).\n- dlm: fix srcu_read_lock() return type to int (git-fixes).\n- dlm: prevent NPD when writing a positive value to event_done (git-fixes).\n- dm array: fix cursor index when skipping across block boundaries (git-fixes).\n- dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes).\n- dm init: Handle minors larger than 255 (git-fixes).\n- dm integrity: fix out-of-range warning (git-fixes).\n- dm persistent data: fix memory allocation failure (git-fixes).\n- dm resume: do not return EINVAL when signalled (git-fixes).\n- dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes).\n- dm thin: Add missing destroy_work_on_stack() (git-fixes).\n- dm-crypt: do not update io-\u003esector after kcryptd_crypt_write_io_submit() (git-fixes).\n- dm-crypt: track tag_offset in convert_context (git-fixes).\n- dm-delay: fix hung task introduced by kthread mode (git-fixes).\n- dm-delay: fix max_delay calculations (git-fixes).\n- dm-delay: fix workqueue delay_timer race (git-fixes).\n- dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes).\n- dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes).\n- dm-integrity: align the outgoing bio in integrity_recheck (git-fixes).\n- dm-integrity: fix a race condition when accessing recalc_sector (git-fixes).\n- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes).\n- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes).\n- dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes).\n- dm: Fix typo in error message (git-fixes).\n- dma: kmsan: export kmsan_handle_dma() for modules (git-fixes).\n- doc/README.SUSE: Point to the updated version of LKMPG\n- doc: update managed_irq documentation (bsc#1236897).\n- driver core: Remove needless return in void API device_remove_group() (git-fixes).\n- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).\n- drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes).\n- drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes).\n- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes).\n- drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes).\n- drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes).\n- drm/amd/display: Fix HPD after gpu reset (stable-fixes).\n- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).\n- drm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in resource_build_scaling_params (git-fixes).\n- drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes).\n- drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes).\n- drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes).\n- drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes).\n- drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes).\n- drm/amd/pm/smu11: Prevent division by zero (git-fixes).\n- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).\n- drm/amd/pm: Prevent division by zero (git-fixes).\n- drm/amd: Keep display off while going into S4 (stable-fixes).\n- drm/amdgpu/dma_buf: fix page_link check (git-fixes).\n- drm/amdgpu/gfx11: fix num_mec (git-fixes).\n- drm/amdgpu/umsch: declare umsch firmware (git-fixes).\n- drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes).\n- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes).\n- drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes).\n- drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to\n avoid Priority Inversion in SRIOV (git-fixes).\n- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).\n- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).\n- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).\n- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).\n- drm/amdkfd: Fix Circular Locking Dependency in \u0027svm_range_cpu_invalidate_pagetables\u0027 (git-fixes).\n- drm/amdkfd: only flush the validate MES contex (stable-fixes).\n- drm/atomic: Filter out redundant DPMS calls (stable-fixes).\n- drm/bridge: Fix spelling mistake \"gettin\" -\u003e \"getting\" (git-fixes).\n- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).\n- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).\n- drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes).\n- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).\n- drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes).\n- drm/dp_mst: Add a helper to queue a topology probe (stable-fixes).\n- drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes).\n- drm/dp_mst: Fix drm RAD print (git-fixes).\n- drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes).\n- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes).\n- drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes).\n- drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes).\n- drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes).\n- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).\n- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).\n- drm/i915/dsi: Use TRANS_DDI_FUNC_CTL\u0027s own port width macro (git-fixes).\n- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).\n- drm/i915/huc: Fix fence not released on early probe errors (git-fixes).\n- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).\n- drm/i915/selftests: avoid using uninitialized context (git-fixes).\n- drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes).\n- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).\n- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).\n- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).\n- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).\n- drm/mediatek: dp: drm_err =\u003e dev_err in HPD path to avoid NULL ptr (git-fixes).\n- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes).\n- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes).\n- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes).\n- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)\n- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).\n- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes).\n- drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes).\n- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).\n- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).\n- drm/msm/dpu: do not use active in atomic_check() (git-fixes).\n- drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes).\n- drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes).\n- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).\n- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).\n- drm/msm: Avoid rounding up to one jiffy (git-fixes).\n- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).\n- drm/nouveau: Do not override forced connector status (stable-fixes).\n- drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes).\n- drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes).\n- drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes).\n- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes).\n- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes).\n- drm/repaper: fix integer overflows in repeat functions (git-fixes).\n- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).\n- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).\n- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).\n- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).\n- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).\n- drm/sched: Fix fence reference count leak (git-fixes).\n- drm/sched: Fix preprocessor guard (git-fixes).\n- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes).\n- drm/ssd130x: ensure ssd132x pitch is correct (git-fixes).\n- drm/ssd130x: fix ssd132x encoding (git-fixes).\n- drm/sti: remove duplicate object names (git-fixes).\n- drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes).\n- drm/virtio: New fence for every plane update (stable-fixes).\n- drm/vkms: Fix use after free and double free on init error (git-fixes).\n- drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes).\n- drm: xlnx: zynqmp: Fix max dma segment size (git-fixes).\n- dummycon: fix default rows/cols (git-fixes).\n- eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes).\n- efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349).\n- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).\n- efi: libstub: Use \u0027-std=gnu11\u0027 to fix build with GCC 15 (stable-fixes).\n- eth: gve: use appropriate helper to set xdp_features (git-fixes).\n- exfat: convert to ctime accessor functions (git-fixes).\n- exfat: do not zero the extended part (bsc#1237356).\n- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).\n- exfat: fix file being changed by unaligned direct write (git-fixes).\n- exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes).\n- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).\n- exfat: fix zero the unwritten part for dio read (git-fixes).\n- fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes).\n- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).\n- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).\n- fbdev: sm501fb: Add some geometry checks (git-fixes).\n- firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes).\n- firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes).\n- firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes).\n- firmware: cs_dsp: Remove async regmap writes (git-fixes).\n- firmware: imx-scu: fix OF node leak in .probe() (git-fixes).\n- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).\n- flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994).\n- futex: Do not include process MM in futex key on no-MMU (git-fixes).\n- gpio: aggregator: protect driver attr handlers against module unload (git-fixes).\n- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).\n- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).\n- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).\n- gpio: pca953x: Improve interrupt support (git-fixes).\n- gpio: rcar: Fix missing of_node_put() call (git-fixes).\n- gpio: rcar: Use raw_spinlock to protect register access (stable-fixes).\n- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).\n- gpio: tegra186: fix resource handling in ACPI probe path (git-fixes).\n- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).\n- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).\n- gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes).\n- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes).\n- gup: make the stack expansion warning a bit more targeted (bsc#1238214).\n- hfs: Sanity check the root record (git-fixes).\n- hwmon: (ad7314) Validate leading zero bits and return error (git-fixes).\n- hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes).\n- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes).\n- hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes).\n- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes).\n- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).\n- i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes).\n- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes).\n- i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes).\n- i2c: ls2x: Fix frequency division register access (git-fixes).\n- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).\n- i2c: omap: fix IRQ storms (git-fixes).\n- i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes).\n- i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes).\n- i3c: master: svc: Fix missing the IBI rules (git-fixes).\n- i3c: master: svc: Use readsb helper for reading MDB (git-fixes).\n- iavf: allow changing VLAN state without calling PF (git-fixes).\n- ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518).\n- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).\n- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).\n- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).\n- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).\n- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).\n- ice: fix max values for dpll pin phase adjust (git-fixes).\n- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).\n- ice: gather page_count()\u0027s of each frag right before XDP prog call (git-fixes).\n- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).\n- ice: put Rx buffers after being done with current frame (git-fixes).\n- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).\n- ice: use internal pf id instead of function number (git-fixes).\n- idpf: add read memory barrier when checking descriptor done bit (git-fixes).\n- idpf: call set_real_num_queues in idpf_open (bsc#1236661).\n- idpf: convert workqueues to unbound (git-fixes).\n- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).\n- idpf: fix handling rsc packet with a single segment (git-fixes).\n- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).\n- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).\n- igc: return early when failing to read EECD register (git-fixes).\n- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes).\n- iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes).\n- iio: adc: ad4130: Fix comparison of channel setups (git-fixes).\n- iio: adc: ad7124: Fix comparison of channel configs (git-fixes).\n- iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes).\n- iio: dac: ad3552r: clear reset status flag (git-fixes).\n- iio: filter: admv8818: Force initialization of SDO (git-fixes).\n- include/linux/mmzone.h: clean up watermark accessors (bsc#1239600).\n- include: net: add static inline dst_dev_overhead() to dst.h (git-fixes).\n- init: add initramfs_internal.h (bsc#1232848).\n- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).\n- initramfs: allocate heap buffers together (bsc#1232848).\n- initramfs: fix hardlink hash leak without TRAILER (bsc#1232848).\n- intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes).\n- intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes).\n- intel_th: pci: Add Arrow Lake support (stable-fixes).\n- intel_th: pci: Add Panther Lake-H support (stable-fixes).\n- intel_th: pci: Add Panther Lake-P/U support (stable-fixes).\n- ioam6: improve checks on user data (git-fixes).\n- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).\n- iommu/vt-d: Fix suspicious RCU usage (git-fixes).\n- ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994).\n- ipv4: use RCU protection in inet_select_addr() (bsc#1239994).\n- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994).\n- ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994).\n- ipv4: use RCU protection in rt_is_expired() (bsc#1239994).\n- ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes).\n- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes).\n- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes).\n- ipv6: Use RCU in ip6_input() (bsc#1239994).\n- ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes).\n- ipv6: avoid atomic fragment on GSO packets (git-fixes).\n- ipv6: fib6_rules: flush route cache when rule is changed (git-fixes).\n- ipv6: fib: hide unused \u0027pn\u0027 variable (git-fixes).\n- ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes).\n- ipv6: fix potential NULL deref in fib6_add() (git-fixes).\n- ipv6: icmp: convert to dev_net_rcu() (bsc#1239994).\n- ipv6: introduce dst_rt6_info() helper (git-fixes).\n- ipv6: ioam: block BH from ioam6_output() (git-fixes).\n- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes).\n- ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).\n- ipv6: sr: add missing seg6_local_exit (git-fixes).\n- ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes).\n- ipv6: take care of scope when choosing the src addr (git-fixes).\n- jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes).\n- jfs: add check read-only before txBeginAnon() call (git-fixes).\n- jfs: add index corruption check to DT_GETPAGE() (git-fixes).\n- jfs: fix slab-out-of-bounds read in ea_get() (git-fixes).\n- jfs: reject on-disk inodes of an unsupported type (git-fixes).\n- kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes)\n- kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).\n- kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).\n- kABI fix for netlink: terminate outstanding dump on socket close (git-fixes).\n- kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes).\n- kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes).\n- kABI workaround for intel-ish-hid (git-fixes).\n- kABI workaround for soc_mixer_control changes (git-fixes).\n- kabi: fix bus type (bsc#1236896).\n- kabi: fix group_cpus_evenly (bsc#1236897).\n- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).\n- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).\n- kbuild: hdrcheck: fix cross build with clang (git-fixes).\n- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).\n- kernel-binary: Support livepatch_rt with merged RT branch\n- kernel-source: Also replace bin/env\n- kunit: qemu_configs: sparc: use Zilog console (git-fixes).\n- l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes).\n- l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes).\n- l2tp: fix lockdep splat (git-fixes).\n- leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes).\n- leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes).\n- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).\n- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).\n- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).\n- lib: 842: Improve error handling in sw842_compress() (git-fixes).\n- lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes).\n- lib: stackinit: hide never-taken branch from compiler (stable-fixes).\n- libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Rename perf_cpu_map__default_new() to\n perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698\n jsc#PED-12309).\n- libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309).\n- lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes).\n- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).\n- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).\n- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).\n- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).\n- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).\n- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).\n- md/md-bitmap: add \u0027sync_size\u0027 into struct md_bitmap_stats (git-fixes).\n- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).\n- md/md-cluster: fix spares warnings for __le64 (git-fixes).\n- md/raid0: do not free conf on raid0_run failure (git-fixes).\n- md/raid1: do not free conf on raid0_run failure (git-fixes).\n- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).\n- md: Do not flush sync_work in md_write_start() (git-fixes).\n- md: convert comma to semicolon (git-fixes).\n- mdacon: rework dependency list (git-fixes).\n- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).\n- media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes).\n- media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes).\n- media: i2c: adv748x: Fix test pattern selection mask (git-fixes).\n- media: i2c: ccs: Set the device\u0027s runtime PM status correctly in remove (git-fixes).\n- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes).\n- media: i2c: ov7251: Set enable GPIO low in probe (git-fixes).\n- media: ov08x40: Fix hblank out of range issue (git-fixes).\n- media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes).\n- media: platform: stm32: Add check for clk_enable() (git-fixes).\n- media: siano: Fix error handling in smsdvb_module_init() (git-fixes).\n- media: streamzap: fix race between device disconnection and urb callback (git-fixes).\n- media: streamzap: prevent processing IR data on URB failure (git-fixes).\n- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).\n- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).\n- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).\n- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes).\n- media: venus: hfi: add a check to handle OOB in sfr region (git-fixes).\n- media: venus: hfi: add check to handle incorrect queue size (git-fixes).\n- media: venus: hfi_parser: add check to avoid out of bound access (git-fixes).\n- media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes).\n- media: verisilicon: HEVC: Initialize start_bit field (git-fixes).\n- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).\n- media: vim2m: print device name after registering device (git-fixes).\n- media: visl: Fix ERANGE error when setting enum controls (git-fixes).\n- mei: me: add panther lake P DID (stable-fixes).\n- memblock tests: fix warning: \"__ALIGN_KERNEL\" redefined (git-fixes).\n- memory: mtk-smi: Add ostd setting for mt8192 (git-fixes).\n- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes).\n- mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes).\n- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).\n- mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes).\n- mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes).\n- mfd: syscon: Fix race in device_node_get_regmap() (git-fixes).\n- mfd: syscon: Remove extern from function prototypes (stable-fixes).\n- mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes).\n- mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)).\n- mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600).\n- mm: accept to promo watermark (bsc#1239600).\n- mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600).\n- mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600).\n- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)\n- mm: zswap: move allocations during CPU init outside the lock (git-fixes).\n- mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes).\n- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).\n- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).\n- mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes).\n- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes).\n- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).\n- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes).\n- mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes).\n- mptcp: export local_address (git-fixes)\n- mptcp: fix NL PM announced address accounting (git-fixes)\n- mptcp: fix data races on local_id (git-fixes)\n- mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)\n- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)\n- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)\n- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)\n- mptcp: pm: deny endp with signal + subflow + port (git-fixes)\n- mptcp: pm: do not ignore \u0027subflow\u0027 if \u0027signal\u0027 flag is also set (git-fixes)\n- mptcp: pm: do not try to create sf if alloc failed (git-fixes)\n- mptcp: pm: fullmesh: select the right ID later (git-fixes)\n- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)\n- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)\n- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)\n- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)\n- mptcp: pm: re-using ID of unused removed subflows (git-fixes)\n- mptcp: pm: reduce indentation blocks (git-fixes)\n- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)\n- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)\n- mptcp: unify pm get_local_id interfaces (git-fixes)\n- mptcp: unify pm set_flags interfaces (git-fixes)\n- mtd: Add check for devm_kcalloc() (git-fixes).\n- mtd: Replace kcalloc() with devm_kcalloc() (git-fixes).\n- mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes).\n- mtd: nand: Fix a kdoc comment (git-fixes).\n- mtd: rawnand: Add status chack in r852_ready() (git-fixes).\n- mtd: rawnand: brcmnand: fix PM resume warning (git-fixes).\n- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).\n- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).\n- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).\n- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).\n- nbd: Fix signal handling (git-fixes).\n- nbd: Improve the documentation of the locking assumptions (git-fixes).\n- nbd: do not allow reconnect after disconnect (git-fixes).\n- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994).\n- ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994).\n- net l2tp: drop flow hash on forward (git-fixes).\n- net/mlx5: Correct TASR typo into TSAR (git-fixes).\n- net/mlx5: Fix RDMA TX steering prio (git-fixes).\n- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).\n- net/mlx5: SF, Fix add port error handling (git-fixes).\n- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).\n- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).\n- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).\n- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).\n- net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes).\n- net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes).\n- net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes).\n- net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes).\n- net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes).\n- net/sched: flower: Add lock protection when remove filter handle (git-fixes).\n- net/sched: taprio: make q-\u003epicos_per_byte available to fill_sched_entry() (git-fixes).\n- net/sched: tbf: correct backlog statistic for GSO packets (git-fixes).\n- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).\n- net: Fix undefined behavior in netdev name allocation (bsc#1233749).\n- net: add dev_net_rcu() helper (bsc#1239994).\n- net: avoid UAF on deleted altname (bsc#1233749).\n- net: check for altname conflicts when changing netdev\u0027s netns (bsc#1233749).\n- net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes).\n- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).\n- net: do not send a MOVE event when netdev changes netns (bsc#1233749).\n- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).\n- net: fix ifname in netlink ntf during netns move (bsc#1233749).\n- net: fix removing a namespace with conflicting altnames (bsc#1233749).\n- net: free altname using an RCU callback (bsc#1233749).\n- net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes).\n- net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes).\n- net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes).\n- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes).\n- net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes).\n- net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes).\n- net: ipv6: ioam6: code alignment (git-fixes).\n- net: ipv6: ioam6: new feature tunsrc (git-fixes).\n- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes).\n- net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes).\n- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes).\n- net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).\n- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).\n- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).\n- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).\n- net: mana: Allow variable size indirection table (bsc#1239016).\n- net: mana: Assigning IRQ affinity on HT cores (bsc#1239015).\n- net: mana: Avoid open coded arithmetic (bsc#1239016).\n- net: mana: Cleanup \"mana\" debugfs dir after cleanup of all children (bsc#1236760).\n- net: mana: Enable debugfs files for MANA device (bsc#1236758).\n- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015).\n- net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015).\n- net: mana: Support holes in device list reply msg (git-fixes).\n- net: mana: add a function to spread IRQs per CPUs (bsc#1239015).\n- net: mana: cleanup mana struct after debugfs_remove() (git-fixes).\n- net: move altnames together with the netdevice (bsc#1233749).\n- net: netvsc: Update default VMBus channels (bsc#1236757).\n- net: reduce indentation of __dev_alloc_name() (bsc#1233749).\n- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).\n- net: remove else after return in dev_prep_valid_name() (bsc#1233749).\n- net: rose: lock the socket in rose_bind() (git-fixes).\n- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).\n- net: smc: fix spurious error message from __sock_release() (bsc#1237126).\n- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).\n- net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes).\n- net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes).\n- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480).\n- net: use unrcu_pointer() helper (git-fixes).\n- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).\n- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes).\n- net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes).\n- net_sched: sch_sfq: annotate data-races around q-\u003eperturb_period (git-fixes).\n- net_sched: sch_sfq: handle bigger packets (git-fixes).\n- nfs: clear SB_RDONLY before getting superblock (bsc#1238565).\n- nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565).\n- nfsd: clear acl_access/acl_default after releasing them (git-fixes).\n- nfsd: put dl_stid if fail to queue dl_recall (git-fixes).\n- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).\n- ntb: Force physically contiguous allocation of rx ring buffers (git-fixes).\n- ntb: intel: Fix using link status DB\u0027s (git-fixes).\n- ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes).\n- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes).\n- ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes).\n- ntb_perf: Fix printk format (git-fixes).\n- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).\n- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).\n- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).\n- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).\n- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).\n- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).\n- null_blk: fix validation of block size (git-fixes).\n- nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649).\n- nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649).\n- nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649).\n- nvme-fc: use ctrl state getter (git-fixes).\n- nvme-ioctl: fix leaked requests on mapping error (git-fixes).\n- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).\n- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).\n- nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes).\n- nvme-pci: remove stale comment (git-fixes).\n- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).\n- nvme-tcp: Fix a C2HTermReq error message (git-fixes).\n- nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes).\n- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).\n- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes).\n- nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes).\n- nvme/ioctl: add missing space in err message (git-fixes).\n- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).\n- nvme: introduce nvme_disk_is_ns_head helper (git-fixes).\n- nvme: make nvme_tls_attrs_group static (git-fixes).\n- nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes).\n- nvme: move passthrough logging attribute to head (git-fixes).\n- nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649).\n- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- nvme: tcp: Fix compilation warning with W=1 (git-fixes).\n- nvmet-fc: Remove unused functions (git-fixes).\n- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes).\n- nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes).\n- nvmet: Fix crash when a namespace is disabled (git-fixes).\n- nvmet: remove old function prototype (git-fixes).\n- objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes).\n- objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes).\n- objtool: Fix segfault in ignore_unreachable_insn() (git-fixes).\n- ocfs2: check dir i_size in ocfs2_find_entry (git-fixes).\n- ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes).\n- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).\n- ocfs2: handle a symlink read error correctly (git-fixes).\n- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes).\n- ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes).\n- orangefs: fix a oob in orangefs_debug_write (git-fixes).\n- padata: Clean up in padata_do_multithreaded() (bsc#1237563).\n- padata: Honor the caller\u0027s alignment in case of chunk_size 0 (bsc#1237563).\n- padata: fix sysfs store callback check (git-fixes).\n- partitions: ldm: remove the initial kernel-doc notation (git-fixes).\n- partitions: mac: fix handling of bogus partition table (git-fixes).\n- perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).\n- perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).\n- perf tools: annotate asm_pure_loop.S (bsc#1239906).\n- perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309).\n- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).\n- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).\n- phy: tegra: xusb: reset VBUS \u0026 ID OVERRIDE (git-fixes).\n- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes).\n- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).\n- pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes).\n- pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes).\n- pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes).\n- pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes).\n- pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes).\n- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).\n- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).\n- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).\n- platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes).\n- platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes).\n- platform/x86: ISST: Correct command storage data length (git-fixes).\n- platform/x86: ISST: Ignore minor version change (bsc#1237452).\n- platform/x86: acer-wmi: Ignore AC events (stable-fixes).\n- platform/x86: dell-ddv: Fix temperature calculation (git-fixes).\n- platform/x86: int3472: Check for adev == NULL (stable-fixes).\n- platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes).\n- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes).\n- platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes).\n- platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes).\n- pnfs/flexfiles: retry getting layout segment for reads (git-fixes).\n- power: supply: da9150-fg: fix potential overflow (git-fixes).\n- power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes).\n- powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes).\n- powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes).\n- powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes).\n- powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes).\n- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).\n- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).\n- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).\n- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).\n- powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573).\n- powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573).\n- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid\n mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932).\n- powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055).\n- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).\n- powerpc: Stop using no_llseek (bsc#1239573).\n- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).\n- r8169: enable SG/TSO on selected chip versions per default (bsc#1235874).\n- rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes).\n- rapidio: fix an API misues when rio_add_net() fails (git-fixes).\n- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).\n- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).\n- rbd: do not move requests to the running list on errors (git-fixes).\n- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).\n- regmap-irq: Add missing kfree() (git-fixes).\n- regulator: check that dummy regulator has been probed before using it (stable-fixes).\n- regulator: core: Fix deadlock in create_regulator() (git-fixes).\n- regulator: dummy: force synchronous probing (git-fixes).\n- rndis_host: Flag RNDIS modems as WWAN devices (git-fixes).\n- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)\n- rpm/release-projects: Update the ALP projects again (bsc#1231293).\n- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)\n- rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013).\n- s390/cio: Fix CHPID \"configure\" attribute caching (git-fixes bsc#1240979).\n- s390/cio: rename bitmap_size() -\u003e idset_bitmap_size() (git-fixes bsc#1236205).\n- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).\n- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).\n- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).\n- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).\n- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).\n- s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978).\n- s390/pci: Ignore RID for isolated VFs (bsc#1236752).\n- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).\n- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).\n- s390/pci: Use topology ID for multi-function devices (bsc#1236752).\n- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).\n- s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594).\n- s390/topology: Improve topology detection (bsc#1236591).\n- s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595).\n- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).\n- sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743).\n- sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052)\n- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).\n- scsi: core: Clear driver private data when retrying request (git-fixes).\n- scsi: core: Do not retry I/Os during depopulation (git-fixes).\n- scsi: core: Handle depopulation and restoration in progress (git-fixes).\n- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).\n- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).\n- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).\n- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).\n- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).\n- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).\n- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).\n- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).\n- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).\n- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).\n- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).\n- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).\n- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).\n- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).\n- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).\n- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).\n- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).\n- scsi: myrb: Remove dead code (git-fixes).\n- scsi: qedi: Fix potential deadlock on \u0026qedi_percpu-\u003ep_work_lock (git-fixes).\n- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).\n- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).\n- scsi: sg: Enable runtime power management (git-fixes).\n- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).\n- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).\n- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).\n- scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375).\n- selftest: hugetlb_dio: fix test naming (git-fixes).\n- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).\n- selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes).\n- selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes).\n- selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes).\n- selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes).\n- selftests/bpf: add fp-leaking precise subprog result tests (git-fixes).\n- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).\n- selftests/mm/cow: fix the incorrect error handling (git-fixes).\n- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).\n- selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes).\n- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).\n- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).\n- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).\n- selftests: mptcp: close fd_in before returning in main_loop (git-fixes).\n- selftests: mptcp: connect: -f: no reconnect (git-fixes).\n- selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes).\n- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).\n- selinux: Implement mptcp_add_subflow hook (bsc#1240375).\n- seq_file: add helper macro to define attribute for rw file (jsc#PED-12416).\n- serial: 8250: Fix fifo underflow on flush (git-fixes).\n- serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes).\n- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).\n- slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes).\n- smb3: fix creating FIFOs when mounting with \"sfu\" mount option (git-fixes).\n- smb3: request handle caching when caching directories (bsc#1231432).\n- smb3: retrying on failed server close (bsc#1231432).\n- smb: cached directories can be more than root file handle (bsc#1231432).\n- smb: cilent: set reparse mount points as automounts (git-fixes).\n- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).\n- smb: client: Fix minor whitespace errors and warnings (git-fixes).\n- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).\n- smb: client: add support for WSL reparse points (git-fixes).\n- smb: client: allow creating special files via reparse points (git-fixes).\n- smb: client: allow creating symlinks via reparse points (git-fixes).\n- smb: client: cleanup smb2_query_reparse_point() (git-fixes).\n- smb: client: destroy cfid_put_wq on module exit (git-fixes).\n- smb: client: do not query reparse points twice on symlinks (git-fixes).\n- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).\n- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).\n- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).\n- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).\n- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).\n- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).\n- smb: client: fix hardlinking of reparse points (git-fixes).\n- smb: client: fix missing mode bits for SMB symlinks (git-fixes).\n- smb: client: fix open_cached_dir retries with \u0027hard\u0027 mount option (bsc#1240616).\n- smb: client: fix possible double free in smb2_set_ea() (git-fixes).\n- smb: client: fix potential broken compound request (git-fixes).\n- smb: client: fix renaming of reparse points (git-fixes).\n- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).\n- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).\n- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).\n- smb: client: handle path separator of created SMB symlinks (git-fixes).\n- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).\n- smb: client: ignore unhandled reparse tags (git-fixes).\n- smb: client: implement -\u003equery_reparse_point() for SMB1 (git-fixes).\n- smb: client: instantiate when creating SFU files (git-fixes).\n- smb: client: introduce -\u003eparse_reparse_point() (git-fixes).\n- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).\n- smb: client: introduce cifs_sfu_make_node() (git-fixes).\n- smb: client: introduce reparse mount option (git-fixes).\n- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).\n- smb: client: move most of reparse point handling code to common file (git-fixes).\n- smb: client: move some params to cifs_open_info_data (bsc#1231432).\n- smb: client: optimise reparse point querying (git-fixes).\n- smb: client: parse owner/group when creating reparse points (git-fixes).\n- smb: client: parse reparse point flag in create response (bsc#1231432).\n- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).\n- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).\n- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).\n- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).\n- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).\n- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).\n- smb: client: retry compound request without reusing lease (git-fixes).\n- smb: client: return reparse type in /proc/mounts (git-fixes).\n- smb: client: reuse file lease key in compound operations (git-fixes).\n- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).\n- smb: client: set correct file type from NFS reparse points (git-fixes).\n- smb: client: stop revalidating reparse points unnecessarily (git-fixes).\n- smb: use kernel_connect() and kernel_bind() (git-fixes).\n- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).\n- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).\n- soc: imx8m: Remove global soc_uid (stable-fixes).\n- soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes).\n- soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes).\n- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).\n- soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes).\n- soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes).\n- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).\n- soc: qcom: pdr: Fix the potential deadlock (git-fixes).\n- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).\n- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).\n- soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes).\n- soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes).\n- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).\n- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).\n- spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes).\n- spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes).\n- spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes).\n- spi: sn-f-ospi: Fix division by zero (git-fixes).\n- splice: do not checksum AF_UNIX sockets (bsc#1240333).\n- staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes).\n- sunrpc: suppress warnings for unused procfs functions (git-fixes).\n- supported.conf: add now-included qat_420xx (external, intel)\n- tcp: Add memory barrier to tcp_push() (git-fixes).\n- tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes).\n- tcp: Annotate data-race around sk-\u003esk_mark in tcp_v4_send_reset (git-fixes).\n- tcp: Defer ts_recent changes until req is owned (git-fixes).\n- tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes).\n- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes).\n- tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes).\n- tcp: Update window clamping condition (git-fixes).\n- tcp: add tcp_done_with_error() helper (git-fixes).\n- tcp: adjust rcvq_space after updating scaling ratio (git-fixes).\n- tcp: annotate data-races around tp-\u003ewindow_clamp (git-fixes).\n- tcp: avoid premature drops in tcp_add_backlog() (git-fixes).\n- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes).\n- tcp: check mptcp-level constraints for backlog coalescing (git-fixes).\n- tcp: check space before adding MPTCP SYN options (git-fixes).\n- tcp: clear tp-\u003eretrans_stamp in tcp_rcv_fastopen_synack() (git-fixes).\n- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes).\n- tcp: define initial scaling factor value as a macro (git-fixes).\n- tcp: derive delack_max from rto_min (git-fixes).\n- tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes).\n- tcp: fix cookie_init_timestamp() overflows (git-fixes).\n- tcp: fix forever orphan socket caused by tcp_abort (git-fixes).\n- tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes).\n- tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes).\n- tcp: fix mid stream window clamp (git-fixes).\n- tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes).\n- tcp: fix race in tcp_write_err() (git-fixes).\n- tcp: fix races in tcp_abort() (git-fixes).\n- tcp: fix races in tcp_v_err() (git-fixes).\n- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it\u0027s safe (git-fixes).\n- tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes).\n- tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes).\n- tcp: increase the default TCP scaling ratio (git-fixes).\n- tcp: introduce tcp_clock_ms() (git-fixes).\n- tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes).\n- tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes).\n- tcp: remove 64 KByte limit for initial tp-\u003ercv_wnd value (git-fixes).\n- tcp: replace tcp_time_stamp_raw() (git-fixes).\n- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).\n- thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes).\n- thermal: int340x: Add NULL check for adev (git-fixes).\n- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).\n- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes).\n- tools: fix annoying \"mkdir -p ...\" logs when building tools in parallel (git-fixes).\n- tools: move alignment-related macros to new \u0026lt;linux/align.h\u003e (git-fixes).\n- topology: Set capacity_freq_ref in all cases (bsc#1238052)\n- tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes).\n- tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870).\n- tpm: do not start chip while suspended (git-fixes).\n- tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870).\n- tpm: tis: Double the timeout B to 4s (bsc#1235870).\n- tpm_tis: Move CRC check to generic send routine (bsc#1235870).\n- tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870).\n- tty: serial: 8250: Add Brainboxes XC devices (stable-fixes).\n- tty: serial: 8250: Add some more device IDs (stable-fixes).\n- tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes).\n- tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes).\n- tty: xilinx_uartps: split sysrq handling (git-fixes).\n- ubi: Add a check for ubi_num (git-fixes).\n- ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes).\n- ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes).\n- ubi: correct the calculation of fastmap size (stable-fixes).\n- ubi: eba: properly rollback inside self_check_eba (git-fixes).\n- ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes).\n- ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes).\n- ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes).\n- ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes).\n- ublk: fix error code for unsupported command (git-fixes).\n- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).\n- ublk: move ublk_cancel_dev() out of ub-\u003emutex (git-fixes).\n- ublk: move zone report data out of request pdu (git-fixes).\n- ucsi_ccg: Do not show failed to get FW build information error (git-fixes).\n- usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes).\n- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).\n- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).\n- usb: chipidea: ci_hdrc_imx: decrement device\u0027s refcount in .remove() and in the error path of .probe() (git-fixes).\n- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).\n- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).\n- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).\n- usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes).\n- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).\n- usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes).\n- usb: gadget: Check bmAttributes only if configuration is valid (git-fixes).\n- usb: gadget: Fix setting self-powered state on suspend (git-fixes).\n- usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes).\n- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).\n- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).\n- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).\n- usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes).\n- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).\n- usb: hub: lack of clearing xHC resources (git-fixes).\n- usb: phy: generic: Use proper helper for property detection (stable-fixes).\n- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes).\n- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).\n- usb: renesas_usbhs: Call clk_put() (git-fixes).\n- usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes).\n- usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes).\n- usb: roles: set switch registered flag early on (git-fixes).\n- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes).\n- usb: typec: ucsi: Fix NULL pointer access (git-fixes).\n- usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes).\n- usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes).\n- usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes).\n- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).\n- usb: xhci: correct debug message page size calculation (git-fixes).\n- usb: xhci: remove \u0027retval\u0027 from xhci_pci_resume() (git-fixes).\n- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).\n- usbnet: ipheth: document scope of NCM implementation (stable-fixes).\n- usbnet:fix NPE during rx_complete (git-fixes).\n- util_macros.h: fix/rework find_closest() macros (git-fixes).\n- vboxsf: fix building with GCC 15 (stable-fixes).\n- vfio/pci: Lock external INTx masking ops (bsc#1222803).\n- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).\n- virtio-mem: check if the config changed before fake offlining memory (git-fixes).\n- virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes).\n- virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes).\n- virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes).\n- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- virtio: hookup irq_get_affinity callback (bsc#1236896).\n- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).\n- vsock/virtio: cancel close work in the destructor (git-fixes)\n- vsock: Keep the binding until socket destruction (git-fixes)\n- vsock: reset socket state when de-assigning the transport (git-fixes)\n- wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes).\n- wifi: ath11k: add srng-\u003elock for ath11k_hal_srng_* in monitor mode (git-fixes).\n- wifi: ath11k: choose default PM policy for hibernation (bsc#1207948).\n- wifi: ath11k: determine PM policy based on machine model (bsc#1207948).\n- wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes).\n- wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes).\n- wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes).\n- wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948).\n- wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948).\n- wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948).\n- wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes).\n- wifi: ath12k: encode max Tx power in scan channel list command (git-fixes).\n- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).\n- wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes).\n- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).\n- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).\n- wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes).\n- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).\n- wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes).\n- wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes).\n- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).\n- wifi: iwlwifi: avoid memory leak (stable-fixes).\n- wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes).\n- wifi: iwlwifi: limit printed string from FW file (git-fixes).\n- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).\n- wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes).\n- wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes).\n- wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes).\n- wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes).\n- wifi: mt76: Add check for devm_kstrdup() (git-fixes).\n- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).\n- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).\n- wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes).\n- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).\n- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).\n- wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes).\n- wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes).\n- wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes).\n- wifi: mwifiex: Fix premature release of RF calibration data (git-fixes).\n- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).\n- wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes).\n- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).\n- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).\n- wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes).\n- wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes).\n- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).\n- x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes).\n- x86/asm: Make serialize() always_inline (git-fixes).\n- x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Temporarily map initrd for microcode loading (git-fixes).\n- x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes).\n- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).\n- x86/coco: Replace \u0027static const cc_mask\u0027 with the newly introduced cc_get_mask() function (git-fixes).\n- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes).\n- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).\n- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).\n- x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes).\n- x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes).\n- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).\n- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes).\n- x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes).\n- x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes).\n- x86/microcode/32: Move early loading after paging enable (git-fixes).\n- x86/microcode/amd: Cache builtin microcode too (git-fixes).\n- x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes).\n- x86/microcode/amd: Use cached microcode for AP load (git-fixes).\n- x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes).\n- x86/microcode/intel: Add a minimum required revision for late loading (git-fixes).\n- x86/microcode/intel: Cleanup code further (git-fixes).\n- x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes).\n- x86/microcode/intel: Remove debug code (git-fixes).\n- x86/microcode/intel: Remove pointless mutex (git-fixes).\n- x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes).\n- x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes).\n- x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes).\n- x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes).\n- x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes).\n- x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes).\n- x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes).\n- x86/microcode/intel: Simplify early loading (git-fixes).\n- x86/microcode/intel: Simplify scan_microcode() (git-fixes).\n- x86/microcode/intel: Switch to kvmalloc() (git-fixes).\n- x86/microcode/intel: Unify microcode apply() functions (git-fixes).\n- x86/microcode: Add per CPU control field (git-fixes).\n- x86/microcode: Add per CPU result state (git-fixes).\n- x86/microcode: Clarify the late load logic (git-fixes).\n- x86/microcode: Clean up mc_cpu_down_prep() (git-fixes).\n- x86/microcode: Get rid of the schedule work indirection (git-fixes).\n- x86/microcode: Handle \"nosmt\" correctly (git-fixes).\n- x86/microcode: Handle \"offline\" CPUs correctly (git-fixes).\n- x86/microcode: Hide the config knob (git-fixes).\n- x86/microcode: Include vendor headers into microcode.h (git-fixes).\n- x86/microcode: Make reload_early_microcode() static (git-fixes).\n- x86/microcode: Mop up early loading leftovers (git-fixes).\n- x86/microcode: Move core specific defines to local header (git-fixes).\n- x86/microcode: Prepare for minimal revision check (git-fixes).\n- x86/microcode: Protect against instrumentation (git-fixes).\n- x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes).\n- x86/microcode: Provide new control functions (git-fixes).\n- x86/microcode: Remove microcode_mutex (git-fixes).\n- x86/microcode: Remove pointless apply() invocation (git-fixes).\n- x86/microcode: Rendezvous and load in NMI (git-fixes).\n- x86/microcode: Replace the all-in-one rendevous handler (git-fixes).\n- x86/microcode: Sanitize __wait_for_cpus() (git-fixes).\n- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).\n- x86/mm: Remove unused microcode.h include (git-fixes).\n- x86/platform/olpc: Remove unused variable \u0027len\u0027 in olpc_dt_compatible_match() (git-fixes).\n- x86/speculation: Add __update_spec_ctrl() helper (git-fixes).\n- x86/usercopy: Fix kernel-doc func param name in clean_cache_range()\u0027s description (git-fixes).\n- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).\n- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).\n- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).\n- xen/swiotlb: relax alignment requirements (git-fixes).\n- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes).\n- xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes).\n- xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701).\n- xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701).\n- xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes).\n- xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550).\n- xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550).\n- xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes).\n- xhci: dbc: Convert to use sysfs_streq() (git-fixes).\n- xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes).\n- xhci: dbc: Fix STALL transfer event handling (git-fixes).\n- xhci: dbc: Replace custom return value with proper Linux error code (git-fixes).\n- xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes).\n- xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes).\n- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).\n- xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550).\n- xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes).\n- xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes).\n- xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes).\n- xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes).\n- xhci: pci: Use standard pattern for device IDs (git-fixes).\n- zram: clear IDLE flag after recompression (git-fixes).\n- zram: clear IDLE flag in mark_idle() (git-fixes).\n- zram: do not mark idle slots that cannot be idle (git-fixes).\n- zram: fix potential UAF of zram table (git-fixes).\n- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).\n- zram: refuse to use zero sized block device as backing device (git-fixes).\n- zram: split memory-tracking and ac-time tracking (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-kernel-14",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20270-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20270-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520270-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20270-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021056.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1207948",
"url": "https://bugzilla.suse.com/1207948"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1215211",
"url": "https://bugzilla.suse.com/1215211"
},
{
"category": "self",
"summary": "SUSE Bug 1218470",
"url": "https://bugzilla.suse.com/1218470"
},
{
"category": "self",
"summary": "SUSE Bug 1219367",
"url": "https://bugzilla.suse.com/1219367"
},
{
"category": "self",
"summary": "SUSE Bug 1221651",
"url": "https://bugzilla.suse.com/1221651"
},
{
"category": "self",
"summary": "SUSE Bug 1222649",
"url": "https://bugzilla.suse.com/1222649"
},
{
"category": "self",
"summary": "SUSE Bug 1222672",
"url": "https://bugzilla.suse.com/1222672"
},
{
"category": "self",
"summary": "SUSE Bug 1222803",
"url": "https://bugzilla.suse.com/1222803"
},
{
"category": "self",
"summary": "SUSE Bug 1223047",
"url": "https://bugzilla.suse.com/1223047"
},
{
"category": "self",
"summary": "SUSE Bug 1224013",
"url": "https://bugzilla.suse.com/1224013"
},
{
"category": "self",
"summary": "SUSE Bug 1224049",
"url": "https://bugzilla.suse.com/1224049"
},
{
"category": "self",
"summary": "SUSE Bug 1224489",
"url": "https://bugzilla.suse.com/1224489"
},
{
"category": "self",
"summary": "SUSE Bug 1224610",
"url": "https://bugzilla.suse.com/1224610"
},
{
"category": "self",
"summary": "SUSE Bug 1224757",
"url": "https://bugzilla.suse.com/1224757"
},
{
"category": "self",
"summary": "SUSE Bug 1225533",
"url": "https://bugzilla.suse.com/1225533"
},
{
"category": "self",
"summary": "SUSE Bug 1225606",
"url": "https://bugzilla.suse.com/1225606"
},
{
"category": "self",
"summary": "SUSE Bug 1225742",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "self",
"summary": "SUSE Bug 1225770",
"url": "https://bugzilla.suse.com/1225770"
},
{
"category": "self",
"summary": "SUSE Bug 1225981",
"url": "https://bugzilla.suse.com/1225981"
},
{
"category": "self",
"summary": "SUSE Bug 1226871",
"url": "https://bugzilla.suse.com/1226871"
},
{
"category": "self",
"summary": "SUSE Bug 1227858",
"url": "https://bugzilla.suse.com/1227858"
},
{
"category": "self",
"summary": "SUSE Bug 1227937",
"url": "https://bugzilla.suse.com/1227937"
},
{
"category": "self",
"summary": "SUSE Bug 1228521",
"url": "https://bugzilla.suse.com/1228521"
},
{
"category": "self",
"summary": "SUSE Bug 1228653",
"url": "https://bugzilla.suse.com/1228653"
},
{
"category": "self",
"summary": "SUSE Bug 1228659",
"url": "https://bugzilla.suse.com/1228659"
},
{
"category": "self",
"summary": "SUSE Bug 1229311",
"url": "https://bugzilla.suse.com/1229311"
},
{
"category": "self",
"summary": "SUSE Bug 1229361",
"url": "https://bugzilla.suse.com/1229361"
},
{
"category": "self",
"summary": "SUSE Bug 1230235",
"url": "https://bugzilla.suse.com/1230235"
},
{
"category": "self",
"summary": "SUSE Bug 1230438",
"url": "https://bugzilla.suse.com/1230438"
},
{
"category": "self",
"summary": "SUSE Bug 1230439",
"url": "https://bugzilla.suse.com/1230439"
},
{
"category": "self",
"summary": "SUSE Bug 1230497",
"url": "https://bugzilla.suse.com/1230497"
},
{
"category": "self",
"summary": "SUSE Bug 1230728",
"url": "https://bugzilla.suse.com/1230728"
},
{
"category": "self",
"summary": "SUSE Bug 1230769",
"url": "https://bugzilla.suse.com/1230769"
},
{
"category": "self",
"summary": "SUSE Bug 1230832",
"url": "https://bugzilla.suse.com/1230832"
},
{
"category": "self",
"summary": "SUSE Bug 1231088",
"url": "https://bugzilla.suse.com/1231088"
},
{
"category": "self",
"summary": "SUSE Bug 1231293",
"url": "https://bugzilla.suse.com/1231293"
},
{
"category": "self",
"summary": "SUSE Bug 1231432",
"url": "https://bugzilla.suse.com/1231432"
},
{
"category": "self",
"summary": "SUSE Bug 1231910",
"url": "https://bugzilla.suse.com/1231910"
},
{
"category": "self",
"summary": "SUSE Bug 1231912",
"url": "https://bugzilla.suse.com/1231912"
},
{
"category": "self",
"summary": "SUSE Bug 1231920",
"url": "https://bugzilla.suse.com/1231920"
},
{
"category": "self",
"summary": "SUSE Bug 1231949",
"url": "https://bugzilla.suse.com/1231949"
},
{
"category": "self",
"summary": "SUSE Bug 1232159",
"url": "https://bugzilla.suse.com/1232159"
},
{
"category": "self",
"summary": "SUSE Bug 1232198",
"url": "https://bugzilla.suse.com/1232198"
},
{
"category": "self",
"summary": "SUSE Bug 1232201",
"url": "https://bugzilla.suse.com/1232201"
},
{
"category": "self",
"summary": "SUSE Bug 1232299",
"url": "https://bugzilla.suse.com/1232299"
},
{
"category": "self",
"summary": "SUSE Bug 1232364",
"url": "https://bugzilla.suse.com/1232364"
},
{
"category": "self",
"summary": "SUSE Bug 1232389",
"url": "https://bugzilla.suse.com/1232389"
},
{
"category": "self",
"summary": "SUSE Bug 1232421",
"url": "https://bugzilla.suse.com/1232421"
},
{
"category": "self",
"summary": "SUSE Bug 1232508",
"url": "https://bugzilla.suse.com/1232508"
},
{
"category": "self",
"summary": "SUSE Bug 1232520",
"url": "https://bugzilla.suse.com/1232520"
},
{
"category": "self",
"summary": "SUSE Bug 1232743",
"url": "https://bugzilla.suse.com/1232743"
},
{
"category": "self",
"summary": "SUSE Bug 1232812",
"url": "https://bugzilla.suse.com/1232812"
},
{
"category": "self",
"summary": "SUSE Bug 1232848",
"url": "https://bugzilla.suse.com/1232848"
},
{
"category": "self",
"summary": "SUSE Bug 1232895",
"url": "https://bugzilla.suse.com/1232895"
},
{
"category": "self",
"summary": "SUSE Bug 1232919",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "self",
"summary": "SUSE Bug 1233028",
"url": "https://bugzilla.suse.com/1233028"
},
{
"category": "self",
"summary": "SUSE Bug 1233033",
"url": "https://bugzilla.suse.com/1233033"
},
{
"category": "self",
"summary": "SUSE Bug 1233060",
"url": "https://bugzilla.suse.com/1233060"
},
{
"category": "self",
"summary": "SUSE Bug 1233109",
"url": "https://bugzilla.suse.com/1233109"
},
{
"category": "self",
"summary": "SUSE Bug 1233221",
"url": "https://bugzilla.suse.com/1233221"
},
{
"category": "self",
"summary": "SUSE Bug 1233248",
"url": "https://bugzilla.suse.com/1233248"
},
{
"category": "self",
"summary": "SUSE Bug 1233259",
"url": "https://bugzilla.suse.com/1233259"
},
{
"category": "self",
"summary": "SUSE Bug 1233260",
"url": "https://bugzilla.suse.com/1233260"
},
{
"category": "self",
"summary": "SUSE Bug 1233479",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "self",
"summary": "SUSE Bug 1233483",
"url": "https://bugzilla.suse.com/1233483"
},
{
"category": "self",
"summary": "SUSE Bug 1233522",
"url": "https://bugzilla.suse.com/1233522"
},
{
"category": "self",
"summary": "SUSE Bug 1233551",
"url": "https://bugzilla.suse.com/1233551"
},
{
"category": "self",
"summary": "SUSE Bug 1233557",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "self",
"summary": "SUSE Bug 1233749",
"url": "https://bugzilla.suse.com/1233749"
},
{
"category": "self",
"summary": "SUSE Bug 1234070",
"url": "https://bugzilla.suse.com/1234070"
},
{
"category": "self",
"summary": "SUSE Bug 1234074",
"url": "https://bugzilla.suse.com/1234074"
},
{
"category": "self",
"summary": "SUSE Bug 1234157",
"url": "https://bugzilla.suse.com/1234157"
},
{
"category": "self",
"summary": "SUSE Bug 1234222",
"url": "https://bugzilla.suse.com/1234222"
},
{
"category": "self",
"summary": "SUSE Bug 1234480",
"url": "https://bugzilla.suse.com/1234480"
},
{
"category": "self",
"summary": "SUSE Bug 1234698",
"url": "https://bugzilla.suse.com/1234698"
},
{
"category": "self",
"summary": "SUSE Bug 1234828",
"url": "https://bugzilla.suse.com/1234828"
},
{
"category": "self",
"summary": "SUSE Bug 1234853",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "self",
"summary": "SUSE Bug 1234857",
"url": "https://bugzilla.suse.com/1234857"
},
{
"category": "self",
"summary": "SUSE Bug 1234891",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "self",
"summary": "SUSE Bug 1234894",
"url": "https://bugzilla.suse.com/1234894"
},
{
"category": "self",
"summary": "SUSE Bug 1234895",
"url": "https://bugzilla.suse.com/1234895"
},
{
"category": "self",
"summary": "SUSE Bug 1234896",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "self",
"summary": "SUSE Bug 1234936",
"url": "https://bugzilla.suse.com/1234936"
},
{
"category": "self",
"summary": "SUSE Bug 1234963",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "self",
"summary": "SUSE Bug 1235054",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "self",
"summary": "SUSE Bug 1235061",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "self",
"summary": "SUSE Bug 1235073",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "self",
"summary": "SUSE Bug 1235244",
"url": "https://bugzilla.suse.com/1235244"
},
{
"category": "self",
"summary": "SUSE Bug 1235435",
"url": "https://bugzilla.suse.com/1235435"
},
{
"category": "self",
"summary": "SUSE Bug 1235436",
"url": "https://bugzilla.suse.com/1235436"
},
{
"category": "self",
"summary": "SUSE Bug 1235441",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "self",
"summary": "SUSE Bug 1235455",
"url": "https://bugzilla.suse.com/1235455"
},
{
"category": "self",
"summary": "SUSE Bug 1235485",
"url": "https://bugzilla.suse.com/1235485"
},
{
"category": "self",
"summary": "SUSE Bug 1235501",
"url": "https://bugzilla.suse.com/1235501"
},
{
"category": "self",
"summary": "SUSE Bug 1235524",
"url": "https://bugzilla.suse.com/1235524"
},
{
"category": "self",
"summary": "SUSE Bug 1235550",
"url": "https://bugzilla.suse.com/1235550"
},
{
"category": "self",
"summary": "SUSE Bug 1235589",
"url": "https://bugzilla.suse.com/1235589"
},
{
"category": "self",
"summary": "SUSE Bug 1235591",
"url": "https://bugzilla.suse.com/1235591"
},
{
"category": "self",
"summary": "SUSE Bug 1235592",
"url": "https://bugzilla.suse.com/1235592"
},
{
"category": "self",
"summary": "SUSE Bug 1235599",
"url": "https://bugzilla.suse.com/1235599"
},
{
"category": "self",
"summary": "SUSE Bug 1235609",
"url": "https://bugzilla.suse.com/1235609"
},
{
"category": "self",
"summary": "SUSE Bug 1235621",
"url": "https://bugzilla.suse.com/1235621"
},
{
"category": "self",
"summary": "SUSE Bug 1235637",
"url": "https://bugzilla.suse.com/1235637"
},
{
"category": "self",
"summary": "SUSE Bug 1235698",
"url": "https://bugzilla.suse.com/1235698"
},
{
"category": "self",
"summary": "SUSE Bug 1235711",
"url": "https://bugzilla.suse.com/1235711"
},
{
"category": "self",
"summary": "SUSE Bug 1235712",
"url": "https://bugzilla.suse.com/1235712"
},
{
"category": "self",
"summary": "SUSE Bug 1235715",
"url": "https://bugzilla.suse.com/1235715"
},
{
"category": "self",
"summary": "SUSE Bug 1235729",
"url": "https://bugzilla.suse.com/1235729"
},
{
"category": "self",
"summary": "SUSE Bug 1235733",
"url": "https://bugzilla.suse.com/1235733"
},
{
"category": "self",
"summary": "SUSE Bug 1235761",
"url": "https://bugzilla.suse.com/1235761"
},
{
"category": "self",
"summary": "SUSE Bug 1235870",
"url": "https://bugzilla.suse.com/1235870"
},
{
"category": "self",
"summary": "SUSE Bug 1235874",
"url": "https://bugzilla.suse.com/1235874"
},
{
"category": "self",
"summary": "SUSE Bug 1235914",
"url": "https://bugzilla.suse.com/1235914"
},
{
"category": "self",
"summary": "SUSE Bug 1235932",
"url": "https://bugzilla.suse.com/1235932"
},
{
"category": "self",
"summary": "SUSE Bug 1235933",
"url": "https://bugzilla.suse.com/1235933"
},
{
"category": "self",
"summary": "SUSE Bug 1235973",
"url": "https://bugzilla.suse.com/1235973"
},
{
"category": "self",
"summary": "SUSE Bug 1236099",
"url": "https://bugzilla.suse.com/1236099"
},
{
"category": "self",
"summary": "SUSE Bug 1236111",
"url": "https://bugzilla.suse.com/1236111"
},
{
"category": "self",
"summary": "SUSE Bug 1236113",
"url": "https://bugzilla.suse.com/1236113"
},
{
"category": "self",
"summary": "SUSE Bug 1236114",
"url": "https://bugzilla.suse.com/1236114"
},
{
"category": "self",
"summary": "SUSE Bug 1236115",
"url": "https://bugzilla.suse.com/1236115"
},
{
"category": "self",
"summary": "SUSE Bug 1236122",
"url": "https://bugzilla.suse.com/1236122"
},
{
"category": "self",
"summary": "SUSE Bug 1236123",
"url": "https://bugzilla.suse.com/1236123"
},
{
"category": "self",
"summary": "SUSE Bug 1236133",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "self",
"summary": "SUSE Bug 1236138",
"url": "https://bugzilla.suse.com/1236138"
},
{
"category": "self",
"summary": "SUSE Bug 1236199",
"url": "https://bugzilla.suse.com/1236199"
},
{
"category": "self",
"summary": "SUSE Bug 1236200",
"url": "https://bugzilla.suse.com/1236200"
},
{
"category": "self",
"summary": "SUSE Bug 1236203",
"url": "https://bugzilla.suse.com/1236203"
},
{
"category": "self",
"summary": "SUSE Bug 1236205",
"url": "https://bugzilla.suse.com/1236205"
},
{
"category": "self",
"summary": "SUSE Bug 1236206",
"url": "https://bugzilla.suse.com/1236206"
},
{
"category": "self",
"summary": "SUSE Bug 1236333",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "self",
"summary": "SUSE Bug 1236573",
"url": "https://bugzilla.suse.com/1236573"
},
{
"category": "self",
"summary": "SUSE Bug 1236575",
"url": "https://bugzilla.suse.com/1236575"
},
{
"category": "self",
"summary": "SUSE Bug 1236576",
"url": "https://bugzilla.suse.com/1236576"
},
{
"category": "self",
"summary": "SUSE Bug 1236591",
"url": "https://bugzilla.suse.com/1236591"
},
{
"category": "self",
"summary": "SUSE Bug 1236661",
"url": "https://bugzilla.suse.com/1236661"
},
{
"category": "self",
"summary": "SUSE Bug 1236677",
"url": "https://bugzilla.suse.com/1236677"
},
{
"category": "self",
"summary": "SUSE Bug 1236680",
"url": "https://bugzilla.suse.com/1236680"
},
{
"category": "self",
"summary": "SUSE Bug 1236681",
"url": "https://bugzilla.suse.com/1236681"
},
{
"category": "self",
"summary": "SUSE Bug 1236682",
"url": "https://bugzilla.suse.com/1236682"
},
{
"category": "self",
"summary": "SUSE Bug 1236683",
"url": "https://bugzilla.suse.com/1236683"
},
{
"category": "self",
"summary": "SUSE Bug 1236684",
"url": "https://bugzilla.suse.com/1236684"
},
{
"category": "self",
"summary": "SUSE Bug 1236685",
"url": "https://bugzilla.suse.com/1236685"
},
{
"category": "self",
"summary": "SUSE Bug 1236689",
"url": "https://bugzilla.suse.com/1236689"
},
{
"category": "self",
"summary": "SUSE Bug 1236692",
"url": "https://bugzilla.suse.com/1236692"
},
{
"category": "self",
"summary": "SUSE Bug 1236694",
"url": "https://bugzilla.suse.com/1236694"
},
{
"category": "self",
"summary": "SUSE Bug 1236698",
"url": "https://bugzilla.suse.com/1236698"
},
{
"category": "self",
"summary": "SUSE Bug 1236700",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "self",
"summary": "SUSE Bug 1236702",
"url": "https://bugzilla.suse.com/1236702"
},
{
"category": "self",
"summary": "SUSE Bug 1236752",
"url": "https://bugzilla.suse.com/1236752"
},
{
"category": "self",
"summary": "SUSE Bug 1236757",
"url": "https://bugzilla.suse.com/1236757"
},
{
"category": "self",
"summary": "SUSE Bug 1236758",
"url": "https://bugzilla.suse.com/1236758"
},
{
"category": "self",
"summary": "SUSE Bug 1236759",
"url": "https://bugzilla.suse.com/1236759"
},
{
"category": "self",
"summary": "SUSE Bug 1236760",
"url": "https://bugzilla.suse.com/1236760"
},
{
"category": "self",
"summary": "SUSE Bug 1236761",
"url": "https://bugzilla.suse.com/1236761"
},
{
"category": "self",
"summary": "SUSE Bug 1236821",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "self",
"summary": "SUSE Bug 1236822",
"url": "https://bugzilla.suse.com/1236822"
},
{
"category": "self",
"summary": "SUSE Bug 1236896",
"url": "https://bugzilla.suse.com/1236896"
},
{
"category": "self",
"summary": "SUSE Bug 1236897",
"url": "https://bugzilla.suse.com/1236897"
},
{
"category": "self",
"summary": "SUSE Bug 1236952",
"url": "https://bugzilla.suse.com/1236952"
},
{
"category": "self",
"summary": "SUSE Bug 1236967",
"url": "https://bugzilla.suse.com/1236967"
},
{
"category": "self",
"summary": "SUSE Bug 1236994",
"url": "https://bugzilla.suse.com/1236994"
},
{
"category": "self",
"summary": "SUSE Bug 1237007",
"url": "https://bugzilla.suse.com/1237007"
},
{
"category": "self",
"summary": "SUSE Bug 1237017",
"url": "https://bugzilla.suse.com/1237017"
},
{
"category": "self",
"summary": "SUSE Bug 1237025",
"url": "https://bugzilla.suse.com/1237025"
},
{
"category": "self",
"summary": "SUSE Bug 1237028",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "self",
"summary": "SUSE Bug 1237029",
"url": "https://bugzilla.suse.com/1237029"
},
{
"category": "self",
"summary": "SUSE Bug 1237045",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "self",
"summary": "SUSE Bug 1237126",
"url": "https://bugzilla.suse.com/1237126"
},
{
"category": "self",
"summary": "SUSE Bug 1237132",
"url": "https://bugzilla.suse.com/1237132"
},
{
"category": "self",
"summary": "SUSE Bug 1237139",
"url": "https://bugzilla.suse.com/1237139"
},
{
"category": "self",
"summary": "SUSE Bug 1237155",
"url": "https://bugzilla.suse.com/1237155"
},
{
"category": "self",
"summary": "SUSE Bug 1237158",
"url": "https://bugzilla.suse.com/1237158"
},
{
"category": "self",
"summary": "SUSE Bug 1237159",
"url": "https://bugzilla.suse.com/1237159"
},
{
"category": "self",
"summary": "SUSE Bug 1237164",
"url": "https://bugzilla.suse.com/1237164"
},
{
"category": "self",
"summary": "SUSE Bug 1237232",
"url": "https://bugzilla.suse.com/1237232"
},
{
"category": "self",
"summary": "SUSE Bug 1237234",
"url": "https://bugzilla.suse.com/1237234"
},
{
"category": "self",
"summary": "SUSE Bug 1237313",
"url": "https://bugzilla.suse.com/1237313"
},
{
"category": "self",
"summary": "SUSE Bug 1237325",
"url": "https://bugzilla.suse.com/1237325"
},
{
"category": "self",
"summary": "SUSE Bug 1237356",
"url": "https://bugzilla.suse.com/1237356"
},
{
"category": "self",
"summary": "SUSE Bug 1237415",
"url": "https://bugzilla.suse.com/1237415"
},
{
"category": "self",
"summary": "SUSE Bug 1237452",
"url": "https://bugzilla.suse.com/1237452"
},
{
"category": "self",
"summary": "SUSE Bug 1237504",
"url": "https://bugzilla.suse.com/1237504"
},
{
"category": "self",
"summary": "SUSE Bug 1237521",
"url": "https://bugzilla.suse.com/1237521"
},
{
"category": "self",
"summary": "SUSE Bug 1237530",
"url": "https://bugzilla.suse.com/1237530"
},
{
"category": "self",
"summary": "SUSE Bug 1237558",
"url": "https://bugzilla.suse.com/1237558"
},
{
"category": "self",
"summary": "SUSE Bug 1237562",
"url": "https://bugzilla.suse.com/1237562"
},
{
"category": "self",
"summary": "SUSE Bug 1237563",
"url": "https://bugzilla.suse.com/1237563"
},
{
"category": "self",
"summary": "SUSE Bug 1237565",
"url": "https://bugzilla.suse.com/1237565"
},
{
"category": "self",
"summary": "SUSE Bug 1237571",
"url": "https://bugzilla.suse.com/1237571"
},
{
"category": "self",
"summary": "SUSE Bug 1237848",
"url": "https://bugzilla.suse.com/1237848"
},
{
"category": "self",
"summary": "SUSE Bug 1237849",
"url": "https://bugzilla.suse.com/1237849"
},
{
"category": "self",
"summary": "SUSE Bug 1237853",
"url": "https://bugzilla.suse.com/1237853"
},
{
"category": "self",
"summary": "SUSE Bug 1237856",
"url": "https://bugzilla.suse.com/1237856"
},
{
"category": "self",
"summary": "SUSE Bug 1237873",
"url": "https://bugzilla.suse.com/1237873"
},
{
"category": "self",
"summary": "SUSE Bug 1237874",
"url": "https://bugzilla.suse.com/1237874"
},
{
"category": "self",
"summary": "SUSE Bug 1237875",
"url": "https://bugzilla.suse.com/1237875"
},
{
"category": "self",
"summary": "SUSE Bug 1237876",
"url": "https://bugzilla.suse.com/1237876"
},
{
"category": "self",
"summary": "SUSE Bug 1237877",
"url": "https://bugzilla.suse.com/1237877"
},
{
"category": "self",
"summary": "SUSE Bug 1237879",
"url": "https://bugzilla.suse.com/1237879"
},
{
"category": "self",
"summary": "SUSE Bug 1237881",
"url": "https://bugzilla.suse.com/1237881"
},
{
"category": "self",
"summary": "SUSE Bug 1237882",
"url": "https://bugzilla.suse.com/1237882"
},
{
"category": "self",
"summary": "SUSE Bug 1237885",
"url": "https://bugzilla.suse.com/1237885"
},
{
"category": "self",
"summary": "SUSE Bug 1237889",
"url": "https://bugzilla.suse.com/1237889"
},
{
"category": "self",
"summary": "SUSE Bug 1237890",
"url": "https://bugzilla.suse.com/1237890"
},
{
"category": "self",
"summary": "SUSE Bug 1237891",
"url": "https://bugzilla.suse.com/1237891"
},
{
"category": "self",
"summary": "SUSE Bug 1237894",
"url": "https://bugzilla.suse.com/1237894"
},
{
"category": "self",
"summary": "SUSE Bug 1237897",
"url": "https://bugzilla.suse.com/1237897"
},
{
"category": "self",
"summary": "SUSE Bug 1237900",
"url": "https://bugzilla.suse.com/1237900"
},
{
"category": "self",
"summary": "SUSE Bug 1237901",
"url": "https://bugzilla.suse.com/1237901"
},
{
"category": "self",
"summary": "SUSE Bug 1237906",
"url": "https://bugzilla.suse.com/1237906"
},
{
"category": "self",
"summary": "SUSE Bug 1237907",
"url": "https://bugzilla.suse.com/1237907"
},
{
"category": "self",
"summary": "SUSE Bug 1237911",
"url": "https://bugzilla.suse.com/1237911"
},
{
"category": "self",
"summary": "SUSE Bug 1237912",
"url": "https://bugzilla.suse.com/1237912"
},
{
"category": "self",
"summary": "SUSE Bug 1237950",
"url": "https://bugzilla.suse.com/1237950"
},
{
"category": "self",
"summary": "SUSE Bug 1238052",
"url": "https://bugzilla.suse.com/1238052"
},
{
"category": "self",
"summary": "SUSE Bug 1238212",
"url": "https://bugzilla.suse.com/1238212"
},
{
"category": "self",
"summary": "SUSE Bug 1238214",
"url": "https://bugzilla.suse.com/1238214"
},
{
"category": "self",
"summary": "SUSE Bug 1238303",
"url": "https://bugzilla.suse.com/1238303"
},
{
"category": "self",
"summary": "SUSE Bug 1238347",
"url": "https://bugzilla.suse.com/1238347"
},
{
"category": "self",
"summary": "SUSE Bug 1238368",
"url": "https://bugzilla.suse.com/1238368"
},
{
"category": "self",
"summary": "SUSE Bug 1238474",
"url": "https://bugzilla.suse.com/1238474"
},
{
"category": "self",
"summary": "SUSE Bug 1238475",
"url": "https://bugzilla.suse.com/1238475"
},
{
"category": "self",
"summary": "SUSE Bug 1238479",
"url": "https://bugzilla.suse.com/1238479"
},
{
"category": "self",
"summary": "SUSE Bug 1238494",
"url": "https://bugzilla.suse.com/1238494"
},
{
"category": "self",
"summary": "SUSE Bug 1238496",
"url": "https://bugzilla.suse.com/1238496"
},
{
"category": "self",
"summary": "SUSE Bug 1238497",
"url": "https://bugzilla.suse.com/1238497"
},
{
"category": "self",
"summary": "SUSE Bug 1238500",
"url": "https://bugzilla.suse.com/1238500"
},
{
"category": "self",
"summary": "SUSE Bug 1238501",
"url": "https://bugzilla.suse.com/1238501"
},
{
"category": "self",
"summary": "SUSE Bug 1238502",
"url": "https://bugzilla.suse.com/1238502"
},
{
"category": "self",
"summary": "SUSE Bug 1238503",
"url": "https://bugzilla.suse.com/1238503"
},
{
"category": "self",
"summary": "SUSE Bug 1238506",
"url": "https://bugzilla.suse.com/1238506"
},
{
"category": "self",
"summary": "SUSE Bug 1238507",
"url": "https://bugzilla.suse.com/1238507"
},
{
"category": "self",
"summary": "SUSE Bug 1238509",
"url": "https://bugzilla.suse.com/1238509"
},
{
"category": "self",
"summary": "SUSE Bug 1238510",
"url": "https://bugzilla.suse.com/1238510"
},
{
"category": "self",
"summary": "SUSE Bug 1238511",
"url": "https://bugzilla.suse.com/1238511"
},
{
"category": "self",
"summary": "SUSE Bug 1238512",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "self",
"summary": "SUSE Bug 1238521",
"url": "https://bugzilla.suse.com/1238521"
},
{
"category": "self",
"summary": "SUSE Bug 1238523",
"url": "https://bugzilla.suse.com/1238523"
},
{
"category": "self",
"summary": "SUSE Bug 1238525",
"url": "https://bugzilla.suse.com/1238525"
},
{
"category": "self",
"summary": "SUSE Bug 1238526",
"url": "https://bugzilla.suse.com/1238526"
},
{
"category": "self",
"summary": "SUSE Bug 1238528",
"url": "https://bugzilla.suse.com/1238528"
},
{
"category": "self",
"summary": "SUSE Bug 1238529",
"url": "https://bugzilla.suse.com/1238529"
},
{
"category": "self",
"summary": "SUSE Bug 1238531",
"url": "https://bugzilla.suse.com/1238531"
},
{
"category": "self",
"summary": "SUSE Bug 1238532",
"url": "https://bugzilla.suse.com/1238532"
},
{
"category": "self",
"summary": "SUSE Bug 1238565",
"url": "https://bugzilla.suse.com/1238565"
},
{
"category": "self",
"summary": "SUSE Bug 1238570",
"url": "https://bugzilla.suse.com/1238570"
},
{
"category": "self",
"summary": "SUSE Bug 1238715",
"url": "https://bugzilla.suse.com/1238715"
},
{
"category": "self",
"summary": "SUSE Bug 1238716",
"url": "https://bugzilla.suse.com/1238716"
},
{
"category": "self",
"summary": "SUSE Bug 1238734",
"url": "https://bugzilla.suse.com/1238734"
},
{
"category": "self",
"summary": "SUSE Bug 1238735",
"url": "https://bugzilla.suse.com/1238735"
},
{
"category": "self",
"summary": "SUSE Bug 1238736",
"url": "https://bugzilla.suse.com/1238736"
},
{
"category": "self",
"summary": "SUSE Bug 1238738",
"url": "https://bugzilla.suse.com/1238738"
},
{
"category": "self",
"summary": "SUSE Bug 1238739",
"url": "https://bugzilla.suse.com/1238739"
},
{
"category": "self",
"summary": "SUSE Bug 1238746",
"url": "https://bugzilla.suse.com/1238746"
},
{
"category": "self",
"summary": "SUSE Bug 1238747",
"url": "https://bugzilla.suse.com/1238747"
},
{
"category": "self",
"summary": "SUSE Bug 1238751",
"url": "https://bugzilla.suse.com/1238751"
},
{
"category": "self",
"summary": "SUSE Bug 1238753",
"url": "https://bugzilla.suse.com/1238753"
},
{
"category": "self",
"summary": "SUSE Bug 1238754",
"url": "https://bugzilla.suse.com/1238754"
},
{
"category": "self",
"summary": "SUSE Bug 1238757",
"url": "https://bugzilla.suse.com/1238757"
},
{
"category": "self",
"summary": "SUSE Bug 1238759",
"url": "https://bugzilla.suse.com/1238759"
},
{
"category": "self",
"summary": "SUSE Bug 1238760",
"url": "https://bugzilla.suse.com/1238760"
},
{
"category": "self",
"summary": "SUSE Bug 1238762",
"url": "https://bugzilla.suse.com/1238762"
},
{
"category": "self",
"summary": "SUSE Bug 1238763",
"url": "https://bugzilla.suse.com/1238763"
},
{
"category": "self",
"summary": "SUSE Bug 1238767",
"url": "https://bugzilla.suse.com/1238767"
},
{
"category": "self",
"summary": "SUSE Bug 1238768",
"url": "https://bugzilla.suse.com/1238768"
},
{
"category": "self",
"summary": "SUSE Bug 1238771",
"url": "https://bugzilla.suse.com/1238771"
},
{
"category": "self",
"summary": "SUSE Bug 1238772",
"url": "https://bugzilla.suse.com/1238772"
},
{
"category": "self",
"summary": "SUSE Bug 1238773",
"url": "https://bugzilla.suse.com/1238773"
},
{
"category": "self",
"summary": "SUSE Bug 1238775",
"url": "https://bugzilla.suse.com/1238775"
},
{
"category": "self",
"summary": "SUSE Bug 1238780",
"url": "https://bugzilla.suse.com/1238780"
},
{
"category": "self",
"summary": "SUSE Bug 1238781",
"url": "https://bugzilla.suse.com/1238781"
},
{
"category": "self",
"summary": "SUSE Bug 1238785",
"url": "https://bugzilla.suse.com/1238785"
},
{
"category": "self",
"summary": "SUSE Bug 1238860",
"url": "https://bugzilla.suse.com/1238860"
},
{
"category": "self",
"summary": "SUSE Bug 1238863",
"url": "https://bugzilla.suse.com/1238863"
},
{
"category": "self",
"summary": "SUSE Bug 1238864",
"url": "https://bugzilla.suse.com/1238864"
},
{
"category": "self",
"summary": "SUSE Bug 1238865",
"url": "https://bugzilla.suse.com/1238865"
},
{
"category": "self",
"summary": "SUSE Bug 1238876",
"url": "https://bugzilla.suse.com/1238876"
},
{
"category": "self",
"summary": "SUSE Bug 1238877",
"url": "https://bugzilla.suse.com/1238877"
},
{
"category": "self",
"summary": "SUSE Bug 1238903",
"url": "https://bugzilla.suse.com/1238903"
},
{
"category": "self",
"summary": "SUSE Bug 1238904",
"url": "https://bugzilla.suse.com/1238904"
},
{
"category": "self",
"summary": "SUSE Bug 1238905",
"url": "https://bugzilla.suse.com/1238905"
},
{
"category": "self",
"summary": "SUSE Bug 1238909",
"url": "https://bugzilla.suse.com/1238909"
},
{
"category": "self",
"summary": "SUSE Bug 1238911",
"url": "https://bugzilla.suse.com/1238911"
},
{
"category": "self",
"summary": "SUSE Bug 1238917",
"url": "https://bugzilla.suse.com/1238917"
},
{
"category": "self",
"summary": "SUSE Bug 1238958",
"url": "https://bugzilla.suse.com/1238958"
},
{
"category": "self",
"summary": "SUSE Bug 1238959",
"url": "https://bugzilla.suse.com/1238959"
},
{
"category": "self",
"summary": "SUSE Bug 1238963",
"url": "https://bugzilla.suse.com/1238963"
},
{
"category": "self",
"summary": "SUSE Bug 1238964",
"url": "https://bugzilla.suse.com/1238964"
},
{
"category": "self",
"summary": "SUSE Bug 1238969",
"url": "https://bugzilla.suse.com/1238969"
},
{
"category": "self",
"summary": "SUSE Bug 1238970",
"url": "https://bugzilla.suse.com/1238970"
},
{
"category": "self",
"summary": "SUSE Bug 1238971",
"url": "https://bugzilla.suse.com/1238971"
},
{
"category": "self",
"summary": "SUSE Bug 1238973",
"url": "https://bugzilla.suse.com/1238973"
},
{
"category": "self",
"summary": "SUSE Bug 1238975",
"url": "https://bugzilla.suse.com/1238975"
},
{
"category": "self",
"summary": "SUSE Bug 1238978",
"url": "https://bugzilla.suse.com/1238978"
},
{
"category": "self",
"summary": "SUSE Bug 1238979",
"url": "https://bugzilla.suse.com/1238979"
},
{
"category": "self",
"summary": "SUSE Bug 1238981",
"url": "https://bugzilla.suse.com/1238981"
},
{
"category": "self",
"summary": "SUSE Bug 1238984",
"url": "https://bugzilla.suse.com/1238984"
},
{
"category": "self",
"summary": "SUSE Bug 1238986",
"url": "https://bugzilla.suse.com/1238986"
},
{
"category": "self",
"summary": "SUSE Bug 1238990",
"url": "https://bugzilla.suse.com/1238990"
},
{
"category": "self",
"summary": "SUSE Bug 1238993",
"url": "https://bugzilla.suse.com/1238993"
},
{
"category": "self",
"summary": "SUSE Bug 1238994",
"url": "https://bugzilla.suse.com/1238994"
},
{
"category": "self",
"summary": "SUSE Bug 1238997",
"url": "https://bugzilla.suse.com/1238997"
},
{
"category": "self",
"summary": "SUSE Bug 1239015",
"url": "https://bugzilla.suse.com/1239015"
},
{
"category": "self",
"summary": "SUSE Bug 1239016",
"url": "https://bugzilla.suse.com/1239016"
},
{
"category": "self",
"summary": "SUSE Bug 1239027",
"url": "https://bugzilla.suse.com/1239027"
},
{
"category": "self",
"summary": "SUSE Bug 1239029",
"url": "https://bugzilla.suse.com/1239029"
},
{
"category": "self",
"summary": "SUSE Bug 1239030",
"url": "https://bugzilla.suse.com/1239030"
},
{
"category": "self",
"summary": "SUSE Bug 1239033",
"url": "https://bugzilla.suse.com/1239033"
},
{
"category": "self",
"summary": "SUSE Bug 1239034",
"url": "https://bugzilla.suse.com/1239034"
},
{
"category": "self",
"summary": "SUSE Bug 1239036",
"url": "https://bugzilla.suse.com/1239036"
},
{
"category": "self",
"summary": "SUSE Bug 1239037",
"url": "https://bugzilla.suse.com/1239037"
},
{
"category": "self",
"summary": "SUSE Bug 1239038",
"url": "https://bugzilla.suse.com/1239038"
},
{
"category": "self",
"summary": "SUSE Bug 1239039",
"url": "https://bugzilla.suse.com/1239039"
},
{
"category": "self",
"summary": "SUSE Bug 1239045",
"url": "https://bugzilla.suse.com/1239045"
},
{
"category": "self",
"summary": "SUSE Bug 1239065",
"url": "https://bugzilla.suse.com/1239065"
},
{
"category": "self",
"summary": "SUSE Bug 1239066",
"url": "https://bugzilla.suse.com/1239066"
},
{
"category": "self",
"summary": "SUSE Bug 1239068",
"url": "https://bugzilla.suse.com/1239068"
},
{
"category": "self",
"summary": "SUSE Bug 1239073",
"url": "https://bugzilla.suse.com/1239073"
},
{
"category": "self",
"summary": "SUSE Bug 1239076",
"url": "https://bugzilla.suse.com/1239076"
},
{
"category": "self",
"summary": "SUSE Bug 1239080",
"url": "https://bugzilla.suse.com/1239080"
},
{
"category": "self",
"summary": "SUSE Bug 1239085",
"url": "https://bugzilla.suse.com/1239085"
},
{
"category": "self",
"summary": "SUSE Bug 1239087",
"url": "https://bugzilla.suse.com/1239087"
},
{
"category": "self",
"summary": "SUSE Bug 1239095",
"url": "https://bugzilla.suse.com/1239095"
},
{
"category": "self",
"summary": "SUSE Bug 1239104",
"url": "https://bugzilla.suse.com/1239104"
},
{
"category": "self",
"summary": "SUSE Bug 1239105",
"url": "https://bugzilla.suse.com/1239105"
},
{
"category": "self",
"summary": "SUSE Bug 1239109",
"url": "https://bugzilla.suse.com/1239109"
},
{
"category": "self",
"summary": "SUSE Bug 1239112",
"url": "https://bugzilla.suse.com/1239112"
},
{
"category": "self",
"summary": "SUSE Bug 1239114",
"url": "https://bugzilla.suse.com/1239114"
},
{
"category": "self",
"summary": "SUSE Bug 1239115",
"url": "https://bugzilla.suse.com/1239115"
},
{
"category": "self",
"summary": "SUSE Bug 1239117",
"url": "https://bugzilla.suse.com/1239117"
},
{
"category": "self",
"summary": "SUSE Bug 1239167",
"url": "https://bugzilla.suse.com/1239167"
},
{
"category": "self",
"summary": "SUSE Bug 1239174",
"url": "https://bugzilla.suse.com/1239174"
},
{
"category": "self",
"summary": "SUSE Bug 1239346",
"url": "https://bugzilla.suse.com/1239346"
},
{
"category": "self",
"summary": "SUSE Bug 1239349",
"url": "https://bugzilla.suse.com/1239349"
},
{
"category": "self",
"summary": "SUSE Bug 1239435",
"url": "https://bugzilla.suse.com/1239435"
},
{
"category": "self",
"summary": "SUSE Bug 1239467",
"url": "https://bugzilla.suse.com/1239467"
},
{
"category": "self",
"summary": "SUSE Bug 1239468",
"url": "https://bugzilla.suse.com/1239468"
},
{
"category": "self",
"summary": "SUSE Bug 1239471",
"url": "https://bugzilla.suse.com/1239471"
},
{
"category": "self",
"summary": "SUSE Bug 1239473",
"url": "https://bugzilla.suse.com/1239473"
},
{
"category": "self",
"summary": "SUSE Bug 1239474",
"url": "https://bugzilla.suse.com/1239474"
},
{
"category": "self",
"summary": "SUSE Bug 1239475",
"url": "https://bugzilla.suse.com/1239475"
},
{
"category": "self",
"summary": "SUSE Bug 1239477",
"url": "https://bugzilla.suse.com/1239477"
},
{
"category": "self",
"summary": "SUSE Bug 1239478",
"url": "https://bugzilla.suse.com/1239478"
},
{
"category": "self",
"summary": "SUSE Bug 1239479",
"url": "https://bugzilla.suse.com/1239479"
},
{
"category": "self",
"summary": "SUSE Bug 1239481",
"url": "https://bugzilla.suse.com/1239481"
},
{
"category": "self",
"summary": "SUSE Bug 1239482",
"url": "https://bugzilla.suse.com/1239482"
},
{
"category": "self",
"summary": "SUSE Bug 1239483",
"url": "https://bugzilla.suse.com/1239483"
},
{
"category": "self",
"summary": "SUSE Bug 1239484",
"url": "https://bugzilla.suse.com/1239484"
},
{
"category": "self",
"summary": "SUSE Bug 1239486",
"url": "https://bugzilla.suse.com/1239486"
},
{
"category": "self",
"summary": "SUSE Bug 1239508",
"url": "https://bugzilla.suse.com/1239508"
},
{
"category": "self",
"summary": "SUSE Bug 1239512",
"url": "https://bugzilla.suse.com/1239512"
},
{
"category": "self",
"summary": "SUSE Bug 1239518",
"url": "https://bugzilla.suse.com/1239518"
},
{
"category": "self",
"summary": "SUSE Bug 1239573",
"url": "https://bugzilla.suse.com/1239573"
},
{
"category": "self",
"summary": "SUSE Bug 1239594",
"url": "https://bugzilla.suse.com/1239594"
},
{
"category": "self",
"summary": "SUSE Bug 1239595",
"url": "https://bugzilla.suse.com/1239595"
},
{
"category": "self",
"summary": "SUSE Bug 1239600",
"url": "https://bugzilla.suse.com/1239600"
},
{
"category": "self",
"summary": "SUSE Bug 1239605",
"url": "https://bugzilla.suse.com/1239605"
},
{
"category": "self",
"summary": "SUSE Bug 1239615",
"url": "https://bugzilla.suse.com/1239615"
},
{
"category": "self",
"summary": "SUSE Bug 1239644",
"url": "https://bugzilla.suse.com/1239644"
},
{
"category": "self",
"summary": "SUSE Bug 1239684",
"url": "https://bugzilla.suse.com/1239684"
},
{
"category": "self",
"summary": "SUSE Bug 1239707",
"url": "https://bugzilla.suse.com/1239707"
},
{
"category": "self",
"summary": "SUSE Bug 1239906",
"url": "https://bugzilla.suse.com/1239906"
},
{
"category": "self",
"summary": "SUSE Bug 1239925",
"url": "https://bugzilla.suse.com/1239925"
},
{
"category": "self",
"summary": "SUSE Bug 1239986",
"url": "https://bugzilla.suse.com/1239986"
},
{
"category": "self",
"summary": "SUSE Bug 1239994",
"url": "https://bugzilla.suse.com/1239994"
},
{
"category": "self",
"summary": "SUSE Bug 1240167",
"url": "https://bugzilla.suse.com/1240167"
},
{
"category": "self",
"summary": "SUSE Bug 1240168",
"url": "https://bugzilla.suse.com/1240168"
},
{
"category": "self",
"summary": "SUSE Bug 1240169",
"url": "https://bugzilla.suse.com/1240169"
},
{
"category": "self",
"summary": "SUSE Bug 1240171",
"url": "https://bugzilla.suse.com/1240171"
},
{
"category": "self",
"summary": "SUSE Bug 1240172",
"url": "https://bugzilla.suse.com/1240172"
},
{
"category": "self",
"summary": "SUSE Bug 1240173",
"url": "https://bugzilla.suse.com/1240173"
},
{
"category": "self",
"summary": "SUSE Bug 1240175",
"url": "https://bugzilla.suse.com/1240175"
},
{
"category": "self",
"summary": "SUSE Bug 1240176",
"url": "https://bugzilla.suse.com/1240176"
},
{
"category": "self",
"summary": "SUSE Bug 1240177",
"url": "https://bugzilla.suse.com/1240177"
},
{
"category": "self",
"summary": "SUSE Bug 1240179",
"url": "https://bugzilla.suse.com/1240179"
},
{
"category": "self",
"summary": "SUSE Bug 1240182",
"url": "https://bugzilla.suse.com/1240182"
},
{
"category": "self",
"summary": "SUSE Bug 1240183",
"url": "https://bugzilla.suse.com/1240183"
},
{
"category": "self",
"summary": "SUSE Bug 1240184",
"url": "https://bugzilla.suse.com/1240184"
},
{
"category": "self",
"summary": "SUSE Bug 1240185",
"url": "https://bugzilla.suse.com/1240185"
},
{
"category": "self",
"summary": "SUSE Bug 1240186",
"url": "https://bugzilla.suse.com/1240186"
},
{
"category": "self",
"summary": "SUSE Bug 1240188",
"url": "https://bugzilla.suse.com/1240188"
},
{
"category": "self",
"summary": "SUSE Bug 1240189",
"url": "https://bugzilla.suse.com/1240189"
},
{
"category": "self",
"summary": "SUSE Bug 1240191",
"url": "https://bugzilla.suse.com/1240191"
},
{
"category": "self",
"summary": "SUSE Bug 1240192",
"url": "https://bugzilla.suse.com/1240192"
},
{
"category": "self",
"summary": "SUSE Bug 1240333",
"url": "https://bugzilla.suse.com/1240333"
},
{
"category": "self",
"summary": "SUSE Bug 1240334",
"url": "https://bugzilla.suse.com/1240334"
},
{
"category": "self",
"summary": "SUSE Bug 1240375",
"url": "https://bugzilla.suse.com/1240375"
},
{
"category": "self",
"summary": "SUSE Bug 1240575",
"url": "https://bugzilla.suse.com/1240575"
},
{
"category": "self",
"summary": "SUSE Bug 1240581",
"url": "https://bugzilla.suse.com/1240581"
},
{
"category": "self",
"summary": "SUSE Bug 1240582",
"url": "https://bugzilla.suse.com/1240582"
},
{
"category": "self",
"summary": "SUSE Bug 1240583",
"url": "https://bugzilla.suse.com/1240583"
},
{
"category": "self",
"summary": "SUSE Bug 1240584",
"url": "https://bugzilla.suse.com/1240584"
},
{
"category": "self",
"summary": "SUSE Bug 1240585",
"url": "https://bugzilla.suse.com/1240585"
},
{
"category": "self",
"summary": "SUSE Bug 1240587",
"url": "https://bugzilla.suse.com/1240587"
},
{
"category": "self",
"summary": "SUSE Bug 1240590",
"url": "https://bugzilla.suse.com/1240590"
},
{
"category": "self",
"summary": "SUSE Bug 1240591",
"url": "https://bugzilla.suse.com/1240591"
},
{
"category": "self",
"summary": "SUSE Bug 1240592",
"url": "https://bugzilla.suse.com/1240592"
},
{
"category": "self",
"summary": "SUSE Bug 1240594",
"url": "https://bugzilla.suse.com/1240594"
},
{
"category": "self",
"summary": "SUSE Bug 1240595",
"url": "https://bugzilla.suse.com/1240595"
},
{
"category": "self",
"summary": "SUSE Bug 1240596",
"url": "https://bugzilla.suse.com/1240596"
},
{
"category": "self",
"summary": "SUSE Bug 1240600",
"url": "https://bugzilla.suse.com/1240600"
},
{
"category": "self",
"summary": "SUSE Bug 1240612",
"url": "https://bugzilla.suse.com/1240612"
},
{
"category": "self",
"summary": "SUSE Bug 1240616",
"url": "https://bugzilla.suse.com/1240616"
},
{
"category": "self",
"summary": "SUSE Bug 1240639",
"url": "https://bugzilla.suse.com/1240639"
},
{
"category": "self",
"summary": "SUSE Bug 1240643",
"url": "https://bugzilla.suse.com/1240643"
},
{
"category": "self",
"summary": "SUSE Bug 1240647",
"url": "https://bugzilla.suse.com/1240647"
},
{
"category": "self",
"summary": "SUSE Bug 1240691",
"url": "https://bugzilla.suse.com/1240691"
},
{
"category": "self",
"summary": "SUSE Bug 1240700",
"url": "https://bugzilla.suse.com/1240700"
},
{
"category": "self",
"summary": "SUSE Bug 1240701",
"url": "https://bugzilla.suse.com/1240701"
},
{
"category": "self",
"summary": "SUSE Bug 1240703",
"url": "https://bugzilla.suse.com/1240703"
},
{
"category": "self",
"summary": "SUSE Bug 1240708",
"url": "https://bugzilla.suse.com/1240708"
},
{
"category": "self",
"summary": "SUSE Bug 1240714",
"url": "https://bugzilla.suse.com/1240714"
},
{
"category": "self",
"summary": "SUSE Bug 1240715",
"url": "https://bugzilla.suse.com/1240715"
},
{
"category": "self",
"summary": "SUSE Bug 1240716",
"url": "https://bugzilla.suse.com/1240716"
},
{
"category": "self",
"summary": "SUSE Bug 1240718",
"url": "https://bugzilla.suse.com/1240718"
},
{
"category": "self",
"summary": "SUSE Bug 1240719",
"url": "https://bugzilla.suse.com/1240719"
},
{
"category": "self",
"summary": "SUSE Bug 1240720",
"url": "https://bugzilla.suse.com/1240720"
},
{
"category": "self",
"summary": "SUSE Bug 1240722",
"url": "https://bugzilla.suse.com/1240722"
},
{
"category": "self",
"summary": "SUSE Bug 1240727",
"url": "https://bugzilla.suse.com/1240727"
},
{
"category": "self",
"summary": "SUSE Bug 1240739",
"url": "https://bugzilla.suse.com/1240739"
},
{
"category": "self",
"summary": "SUSE Bug 1240742",
"url": "https://bugzilla.suse.com/1240742"
},
{
"category": "self",
"summary": "SUSE Bug 1240779",
"url": "https://bugzilla.suse.com/1240779"
},
{
"category": "self",
"summary": "SUSE Bug 1240783",
"url": "https://bugzilla.suse.com/1240783"
},
{
"category": "self",
"summary": "SUSE Bug 1240784",
"url": "https://bugzilla.suse.com/1240784"
},
{
"category": "self",
"summary": "SUSE Bug 1240795",
"url": "https://bugzilla.suse.com/1240795"
},
{
"category": "self",
"summary": "SUSE Bug 1240796",
"url": "https://bugzilla.suse.com/1240796"
},
{
"category": "self",
"summary": "SUSE Bug 1240797",
"url": "https://bugzilla.suse.com/1240797"
},
{
"category": "self",
"summary": "SUSE Bug 1240799",
"url": "https://bugzilla.suse.com/1240799"
},
{
"category": "self",
"summary": "SUSE Bug 1240801",
"url": "https://bugzilla.suse.com/1240801"
},
{
"category": "self",
"summary": "SUSE Bug 1240806",
"url": "https://bugzilla.suse.com/1240806"
},
{
"category": "self",
"summary": "SUSE Bug 1240808",
"url": "https://bugzilla.suse.com/1240808"
},
{
"category": "self",
"summary": "SUSE Bug 1240812",
"url": "https://bugzilla.suse.com/1240812"
},
{
"category": "self",
"summary": "SUSE Bug 1240813",
"url": "https://bugzilla.suse.com/1240813"
},
{
"category": "self",
"summary": "SUSE Bug 1240815",
"url": "https://bugzilla.suse.com/1240815"
},
{
"category": "self",
"summary": "SUSE Bug 1240816",
"url": "https://bugzilla.suse.com/1240816"
},
{
"category": "self",
"summary": "SUSE Bug 1240819",
"url": "https://bugzilla.suse.com/1240819"
},
{
"category": "self",
"summary": "SUSE Bug 1240821",
"url": "https://bugzilla.suse.com/1240821"
},
{
"category": "self",
"summary": "SUSE Bug 1240825",
"url": "https://bugzilla.suse.com/1240825"
},
{
"category": "self",
"summary": "SUSE Bug 1240829",
"url": "https://bugzilla.suse.com/1240829"
},
{
"category": "self",
"summary": "SUSE Bug 1240873",
"url": "https://bugzilla.suse.com/1240873"
},
{
"category": "self",
"summary": "SUSE Bug 1240937",
"url": "https://bugzilla.suse.com/1240937"
},
{
"category": "self",
"summary": "SUSE Bug 1240938",
"url": "https://bugzilla.suse.com/1240938"
},
{
"category": "self",
"summary": "SUSE Bug 1240940",
"url": "https://bugzilla.suse.com/1240940"
},
{
"category": "self",
"summary": "SUSE Bug 1240942",
"url": "https://bugzilla.suse.com/1240942"
},
{
"category": "self",
"summary": "SUSE Bug 1240943",
"url": "https://bugzilla.suse.com/1240943"
},
{
"category": "self",
"summary": "SUSE Bug 1240978",
"url": "https://bugzilla.suse.com/1240978"
},
{
"category": "self",
"summary": "SUSE Bug 1240979",
"url": "https://bugzilla.suse.com/1240979"
},
{
"category": "self",
"summary": "SUSE Bug 1241038",
"url": "https://bugzilla.suse.com/1241038"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52831 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52924 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52925 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52926 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52926/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52927 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26634 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26634/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26708 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26810 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26873 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27415 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27415/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35826 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35910 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35910/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38606 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41005 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41077 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41149 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41149/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42307 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43820 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45010 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46736 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46782 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46796 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46858 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47408 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47408/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47701 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47794 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49571 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49884 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49924 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49940 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49940/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49950 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50029 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50036 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50038 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50038/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50073 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50115 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50126 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50140 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50142 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50152 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50185 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50251 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50251/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50258 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50290 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50294 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50294/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50304 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-52559 page",
"url": "https://www.suse.com/security/cve/CVE-2024-52559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53057 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53123 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53124 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53139 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53140 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53147 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53163 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53173 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53177 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53178 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53226 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53239 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53680 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-54683 page",
"url": "https://www.suse.com/security/cve/CVE-2024-54683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56539 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56548 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56579 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56592 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56592/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56605 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56605/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56633 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56638 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56640 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56647 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56658 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56702 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56703 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56718 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56719 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56720 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56751 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56758 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56758/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56770 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56770/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57807 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57834 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57882 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57889 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57900 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57947 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57948 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57973 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57978 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57979 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57979/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57981 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57986 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57990 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57990/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57993 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57996 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57997 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57999 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58002 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58005 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58006 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58007 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58011 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58012 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58013 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58014 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58017 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58018 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58019 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58020 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58034 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58034/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58051 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58052 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58054 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58054/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58057 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58058 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58061 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58069 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58071 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58071/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58072 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58072/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58076 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58078 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58079 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58080 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58083 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58086 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21631 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21635 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21635/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21636 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21637 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21638 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21639 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21640 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21647 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21659 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21665 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21666 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21667 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21668 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21669 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21670 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21671 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21675 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21675/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21678 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21680 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21681 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21684 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21687 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21688 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21689 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21689/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21690 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21693 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21699 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21701 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21703 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21704 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21705 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21706 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21708 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21711 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21714 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21715 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21716 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21718 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21719 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21723 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21727 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21729 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21731 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21732 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21733 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21734 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21735 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21736 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21738 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21739 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21741 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21742 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21743 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21743/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21744 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21745 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21745/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21749 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21750 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21753 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21755 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21755/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21756 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21759 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21759/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21760 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21760/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21761 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21762 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21762/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21763 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21764 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21765 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21765/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21766 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21767 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21772 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21773 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21773/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21775 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21776 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21776/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21779 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21780 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21780/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21781 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21782 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21784 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21784/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21785 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21790 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21793 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21793/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21794 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21796 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21799 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21802 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21804 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21804/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21806 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21810 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21815 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21819 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21820 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21821 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21823 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21825 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21828 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21829 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21830 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21831 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21832 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21835 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21836 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21838 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21838/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21844 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21846 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21847 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21848 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21848/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21850 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21855 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21856 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21857 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21858 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21859 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21861 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21862 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21863 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21864 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21865 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21866 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21871 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21873 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21875 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21876 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21877 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21878 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21883 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21883/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21884 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21885 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21886 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21887 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21887/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21888 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21889 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21890 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21891 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21892 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21892/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21894 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21894/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21895 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21905 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21906 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21908 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21908/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21909 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21909/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21910 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21910/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21912 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21915 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21915/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21916 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21916/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21917 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21917/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21918 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21922 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21922/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21923 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21924 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21927 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21928 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21928/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21930 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21930/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21934 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21935 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21935/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21936 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21936/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21937 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21941 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21941/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21943 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21943/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21948 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21950 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21951 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21951/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21953 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21953/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21956 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21957 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21960 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21960/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21961 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21961/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21966 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21966/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21968 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21969 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21970 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21971 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21972 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21975 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21975/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21978 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21979 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21979/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21981 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21991 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21992 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21992/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21993 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21995 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21996 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22001 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22003 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22003/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22007 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22008 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22009 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22010 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22013 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22014 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-2312 page",
"url": "https://www.suse.com/security/cve/CVE-2025-2312/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-04-17T14:37:10Z",
"generator": {
"date": "2025-04-17T14:37:10Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20270-1",
"initial_release_date": "2025-04-17T14:37:10Z",
"revision_history": [
{
"date": "2025-04-17T14:37:10Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-28.1.aarch64",
"product": {
"name": "kernel-default-6.4.0-28.1.aarch64",
"product_id": "kernel-default-6.4.0-28.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-28.1.21.6.aarch64",
"product": {
"name": "kernel-default-base-6.4.0-28.1.21.6.aarch64",
"product_id": "kernel-default-base-6.4.0-28.1.21.6.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-28.1.aarch64",
"product": {
"name": "kernel-default-devel-6.4.0-28.1.aarch64",
"product_id": "kernel-default-devel-6.4.0-28.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.4.0-28.1.noarch",
"product": {
"name": "kernel-devel-6.4.0-28.1.noarch",
"product_id": "kernel-devel-6.4.0-28.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.4.0-28.1.noarch",
"product": {
"name": "kernel-macros-6.4.0-28.1.noarch",
"product_id": "kernel-macros-6.4.0-28.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-6.4.0-28.1.noarch",
"product": {
"name": "kernel-source-6.4.0-28.1.noarch",
"product_id": "kernel-source-6.4.0-28.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-28.1.s390x",
"product": {
"name": "kernel-default-6.4.0-28.1.s390x",
"product_id": "kernel-default-6.4.0-28.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-28.1.s390x",
"product": {
"name": "kernel-default-devel-6.4.0-28.1.s390x",
"product_id": "kernel-default-devel-6.4.0-28.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-28.1.s390x",
"product": {
"name": "kernel-default-livepatch-6.4.0-28.1.s390x",
"product_id": "kernel-default-livepatch-6.4.0-28.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"product_id": "kernel-livepatch-6_4_0-28-default-1-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-default-6.4.0-28.1.x86_64",
"product_id": "kernel-default-6.4.0-28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-28.1.21.6.x86_64",
"product": {
"name": "kernel-default-base-6.4.0-28.1.21.6.x86_64",
"product_id": "kernel-default-base-6.4.0-28.1.21.6.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-default-devel-6.4.0-28.1.x86_64",
"product_id": "kernel-default-devel-6.4.0-28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-default-livepatch-6.4.0-28.1.x86_64",
"product_id": "kernel-default-livepatch-6.4.0-28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-kvmsmall-6.4.0-28.1.x86_64",
"product_id": "kernel-kvmsmall-6.4.0-28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-28-default-1-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-28.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64"
},
"product_reference": "kernel-default-6.4.0-28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-28.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x"
},
"product_reference": "kernel-default-6.4.0-28.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-default-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-28.1.21.6.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64"
},
"product_reference": "kernel-default-base-6.4.0-28.1.21.6.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-28.1.21.6.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64"
},
"product_reference": "kernel-default-base-6.4.0-28.1.21.6.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-28.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64"
},
"product_reference": "kernel-default-devel-6.4.0-28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-28.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x"
},
"product_reference": "kernel-default-devel-6.4.0-28.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-default-devel-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-28.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x"
},
"product_reference": "kernel-default-livepatch-6.4.0-28.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-default-livepatch-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.4.0-28.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch"
},
"product_reference": "kernel-devel-6.4.0-28.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-kvmsmall-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.4.0-28.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch"
},
"product_reference": "kernel-macros-6.4.0-28.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.4.0-28.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
},
"product_reference": "kernel-source-6.4.0-28.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpu/hotplug: Don\u0027t offline the last non-isolated CPU\n\nIf a system has isolated CPUs via the \"isolcpus=\" command line parameter,\nthen an attempt to offline the last housekeeping CPU will result in a\nWARN_ON() when rebuilding the scheduler domains and a subsequent panic due\nto and unhandled empty CPU mas in partition_sched_domains_locked().\n\ncpuset_hotplug_workfn()\n rebuild_sched_domains_locked()\n ndoms = generate_sched_domains(\u0026doms, \u0026attr);\n cpumask_and(doms[0], top_cpuset.effective_cpus, housekeeping_cpumask(HK_FLAG_DOMAIN));\n\nThus results in an empty CPU mask which triggers the warning and then the\nsubsequent crash:\n\nWARNING: CPU: 4 PID: 80 at kernel/sched/topology.c:2366 build_sched_domains+0x120c/0x1408\nCall trace:\n build_sched_domains+0x120c/0x1408\n partition_sched_domains_locked+0x234/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n rebuild_sched_domains+0x30/0x58\n cpuset_hotplug_workfn+0x2a8/0x930\n\nUnable to handle kernel paging request at virtual address fffe80027ab37080\n partition_sched_domains_locked+0x318/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n\nAside of the resulting crash, it does not make any sense to offline the last\nlast housekeeping CPU.\n\nPrevent this by masking out the non-housekeeping CPUs when selecting a\ntarget CPU for initiating the CPU unplug operation via the work queue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52831",
"url": "https://www.suse.com/security/cve/CVE-2023-52831"
},
{
"category": "external",
"summary": "SUSE Bug 1225533 for CVE-2023-52831",
"url": "https://bugzilla.suse.com/1225533"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2023-52831"
},
{
"cve": "CVE-2023-52924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t skip expired elements during walk\n\nThere is an asymmetry between commit/abort and preparation phase if the\nfollowing conditions are met:\n\n1. set is a verdict map (\"1.2.3.4 : jump foo\")\n2. timeouts are enabled\n\nIn this case, following sequence is problematic:\n\n1. element E in set S refers to chain C\n2. userspace requests removal of set S\n3. kernel does a set walk to decrement chain-\u003euse count for all elements\n from preparation phase\n4. kernel does another set walk to remove elements from the commit phase\n (or another walk to do a chain-\u003euse increment for all elements from\n abort phase)\n\nIf E has already expired in 1), it will be ignored during list walk, so its use count\nwon\u0027t have been changed.\n\nThen, when set is culled, -\u003edestroy callback will zap the element via\nnf_tables_set_elem_destroy(), but this function is only safe for\nelements that have been deactivated earlier from the preparation phase:\nlack of earlier deactivate removes the element but leaks the chain use\ncount, which results in a WARN splat when the chain gets removed later,\nplus a leak of the nft_chain structure.\n\nUpdate pipapo_get() not to skip expired elements, otherwise flush\ncommand reports bogus ENOENT errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52924",
"url": "https://www.suse.com/security/cve/CVE-2023-52924"
},
{
"category": "external",
"summary": "SUSE Bug 1236821 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "external",
"summary": "SUSE Bug 1244630 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1244630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2023-52924"
},
{
"cve": "CVE-2023-52925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t fail inserts if duplicate has expired\n\nnftables selftests fail:\nrun-tests.sh testcases/sets/0044interval_overlap_0\nExpected: 0-2 . 0-3, got:\nW: [FAILED] ./testcases/sets/0044interval_overlap_0: got 1\n\nInsertion must ignore duplicate but expired entries.\n\nMoreover, there is a strange asymmetry in nft_pipapo_activate:\n\nIt refetches the current element, whereas the other -\u003eactivate callbacks\n(bitmap, hash, rhash, rbtree) use elem-\u003epriv.\nSame for .remove: other set implementations take elem-\u003epriv,\nnft_pipapo_remove fetches elem-\u003epriv, then does a relookup,\nremove this.\n\nI suspect this was the reason for the change that prompted the\nremoval of the expired check in pipapo_get() in the first place,\nbut skipping exired elements there makes no sense to me, this helper\nis used for normal get requests, insertions (duplicate check)\nand deactivate callback.\n\nIn first two cases expired elements must be skipped.\n\nFor -\u003edeactivate(), this gets called for DELSETELEM, so it\nseems to me that expired elements should be skipped as well, i.e.\ndelete request should fail with -ENOENT error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52925",
"url": "https://www.suse.com/security/cve/CVE-2023-52925"
},
{
"category": "external",
"summary": "SUSE Bug 1236822 for CVE-2023-52925",
"url": "https://bugzilla.suse.com/1236822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2023-52925"
},
{
"cve": "CVE-2023-52926",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52926"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIORING_OP_READ did not correctly consume the provided buffer list when\nread i/o returned \u003c 0 (except for -EAGAIN and -EIOCBQUEUED return).\nThis can lead to a potential use-after-free when the completion via\nio_rw_done runs at separate context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52926",
"url": "https://www.suse.com/security/cve/CVE-2023-52926"
},
{
"category": "external",
"summary": "SUSE Bug 1237565 for CVE-2023-52926",
"url": "https://bugzilla.suse.com/1237565"
},
{
"category": "external",
"summary": "SUSE Bug 1237567 for CVE-2023-52926",
"url": "https://bugzilla.suse.com/1237567"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2023-52926"
},
{
"cve": "CVE-2023-52927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: allow exp not to be removed in nf_ct_find_expectation\n\nCurrently nf_conntrack_in() calling nf_ct_find_expectation() will\nremove the exp from the hash table. However, in some scenario, we\nexpect the exp not to be removed when the created ct will not be\nconfirmed, like in OVS and TC conntrack in the following patches.\n\nThis patch allows exp not to be removed by setting IPS_CONFIRMED\nin the status of the tmpl.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52927",
"url": "https://www.suse.com/security/cve/CVE-2023-52927"
},
{
"category": "external",
"summary": "SUSE Bug 1239644 for CVE-2023-52927",
"url": "https://bugzilla.suse.com/1239644"
},
{
"category": "external",
"summary": "SUSE Bug 1246016 for CVE-2023-52927",
"url": "https://bugzilla.suse.com/1246016"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2023-52927"
},
{
"cve": "CVE-2024-26634",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26634"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix removing a namespace with conflicting altnames\n\nMark reports a BUG() when a net namespace is removed.\n\n kernel BUG at net/core/dev.c:11520!\n\nPhysical interfaces moved outside of init_net get \"refunded\"\nto init_net when that namespace disappears. The main interface\nname may get overwritten in the process if it would have\nconflicted. We need to also discard all conflicting altnames.\nRecent fixes addressed ensuring that altnames get moved\nwith the main interface, which surfaced this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26634",
"url": "https://www.suse.com/security/cve/CVE-2024-26634"
},
{
"category": "external",
"summary": "SUSE Bug 1221651 for CVE-2024-26634",
"url": "https://bugzilla.suse.com/1221651"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-26634"
},
{
"cve": "CVE-2024-26708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: really cope with fastopen race\n\nFastopen and PM-trigger subflow shutdown can race, as reported by\nsyzkaller.\n\nIn my first attempt to close such race, I missed the fact that\nthe subflow status can change again before the subflow_state_change\ncallback is invoked.\n\nAddress the issue additionally copying with all the states directly\nreachable from TCP_FIN_WAIT1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26708",
"url": "https://www.suse.com/security/cve/CVE-2024-26708"
},
{
"category": "external",
"summary": "SUSE Bug 1222672 for CVE-2024-26708",
"url": "https://bugzilla.suse.com/1222672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-26708"
},
{
"cve": "CVE-2024-26810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Lock external INTx masking ops\n\nMask operations through config space changes to DisINTx may race INTx\nconfiguration changes via ioctl. Create wrappers that add locking for\npaths outside of the core interrupt code.\n\nIn particular, irq_type is updated holding igate, therefore testing\nis_intx() requires holding igate. For example clearing DisINTx from\nconfig space can otherwise race changes of the interrupt configuration.\n\nThis aligns interfaces which may trigger the INTx eventfd into two\ncamps, one side serialized by igate and the other only enabled while\nINTx is configured. A subsequent patch introduces synchronization for\nthe latter flows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26810",
"url": "https://www.suse.com/security/cve/CVE-2024-26810"
},
{
"category": "external",
"summary": "SUSE Bug 1222803 for CVE-2024-26810",
"url": "https://bugzilla.suse.com/1222803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-26810"
},
{
"cve": "CVE-2024-26873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26873"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hisi_sas: Fix a deadlock issue related to automatic dump\n\nIf we issue a disabling PHY command, the device attached with it will go\noffline, if a 2 bit ECC error occurs at the same time, a hung task may be\nfound:\n\n[ 4613.652388] INFO: task kworker/u256:0:165233 blocked for more than 120 seconds.\n[ 4613.666297] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.674809] task:kworker/u256:0 state:D stack: 0 pid:165233 ppid: 2 flags:0x00000208\n[ 4613.683959] Workqueue: 0000:74:02.0_disco_q sas_revalidate_domain [libsas]\n[ 4613.691518] Call trace:\n[ 4613.694678] __switch_to+0xf8/0x17c\n[ 4613.698872] __schedule+0x660/0xee0\n[ 4613.703063] schedule+0xac/0x240\n[ 4613.706994] schedule_timeout+0x500/0x610\n[ 4613.711705] __down+0x128/0x36c\n[ 4613.715548] down+0x240/0x2d0\n[ 4613.719221] hisi_sas_internal_abort_timeout+0x1bc/0x260 [hisi_sas_main]\n[ 4613.726618] sas_execute_internal_abort+0x144/0x310 [libsas]\n[ 4613.732976] sas_execute_internal_abort_dev+0x44/0x60 [libsas]\n[ 4613.739504] hisi_sas_internal_task_abort_dev.isra.0+0xbc/0x1b0 [hisi_sas_main]\n[ 4613.747499] hisi_sas_dev_gone+0x174/0x250 [hisi_sas_main]\n[ 4613.753682] sas_notify_lldd_dev_gone+0xec/0x2e0 [libsas]\n[ 4613.759781] sas_unregister_common_dev+0x4c/0x7a0 [libsas]\n[ 4613.765962] sas_destruct_devices+0xb8/0x120 [libsas]\n[ 4613.771709] sas_do_revalidate_domain.constprop.0+0x1b8/0x31c [libsas]\n[ 4613.778930] sas_revalidate_domain+0x60/0xa4 [libsas]\n[ 4613.784716] process_one_work+0x248/0x950\n[ 4613.789424] worker_thread+0x318/0x934\n[ 4613.793878] kthread+0x190/0x200\n[ 4613.797810] ret_from_fork+0x10/0x18\n[ 4613.802121] INFO: task kworker/u256:4:316722 blocked for more than 120 seconds.\n[ 4613.816026] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.824538] task:kworker/u256:4 state:D stack: 0 pid:316722 ppid: 2 flags:0x00000208\n[ 4613.833670] Workqueue: 0000:74:02.0 hisi_sas_rst_work_handler [hisi_sas_main]\n[ 4613.841491] Call trace:\n[ 4613.844647] __switch_to+0xf8/0x17c\n[ 4613.848852] __schedule+0x660/0xee0\n[ 4613.853052] schedule+0xac/0x240\n[ 4613.856984] schedule_timeout+0x500/0x610\n[ 4613.861695] __down+0x128/0x36c\n[ 4613.865542] down+0x240/0x2d0\n[ 4613.869216] hisi_sas_controller_prereset+0x58/0x1fc [hisi_sas_main]\n[ 4613.876324] hisi_sas_rst_work_handler+0x40/0x8c [hisi_sas_main]\n[ 4613.883019] process_one_work+0x248/0x950\n[ 4613.887732] worker_thread+0x318/0x934\n[ 4613.892204] kthread+0x190/0x200\n[ 4613.896118] ret_from_fork+0x10/0x18\n[ 4613.900423] INFO: task kworker/u256:1:348985 blocked for more than 121 seconds.\n[ 4613.914341] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.922852] task:kworker/u256:1 state:D stack: 0 pid:348985 ppid: 2 flags:0x00000208\n[ 4613.931984] Workqueue: 0000:74:02.0_event_q sas_port_event_worker [libsas]\n[ 4613.939549] Call trace:\n[ 4613.942702] __switch_to+0xf8/0x17c\n[ 4613.946892] __schedule+0x660/0xee0\n[ 4613.951083] schedule+0xac/0x240\n[ 4613.955015] schedule_timeout+0x500/0x610\n[ 4613.959725] wait_for_common+0x200/0x610\n[ 4613.964349] wait_for_completion+0x3c/0x5c\n[ 4613.969146] flush_workqueue+0x198/0x790\n[ 4613.973776] sas_porte_broadcast_rcvd+0x1e8/0x320 [libsas]\n[ 4613.979960] sas_port_event_worker+0x54/0xa0 [libsas]\n[ 4613.985708] process_one_work+0x248/0x950\n[ 4613.990420] worker_thread+0x318/0x934\n[ 4613.994868] kthread+0x190/0x200\n[ 4613.998800] ret_from_fork+0x10/0x18\n\nThis is because when the device goes offline, we obtain the hisi_hba\nsemaphore and send the ABORT_DEV command to the device. However, the\ninternal abort timed out due to the 2 bit ECC error and triggers automatic\ndump. In addition, since the hisi_hba semaphore has been obtained, the dump\ncannot be executed and the controller cannot be reset.\n\nTherefore, the deadlocks occur on the following circular dependencies\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26873",
"url": "https://www.suse.com/security/cve/CVE-2024-26873"
},
{
"category": "external",
"summary": "SUSE Bug 1223047 for CVE-2024-26873",
"url": "https://bugzilla.suse.com/1223047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-26873"
},
{
"cve": "CVE-2024-27415",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27415"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: bridge: confirm multicast packets before passing them up the stack\n\nconntrack nf_confirm logic cannot handle cloned skbs referencing\nthe same nf_conn entry, which will happen for multicast (broadcast)\nframes on bridges.\n\n Example:\n macvlan0\n |\n br0\n / \\\n ethX ethY\n\n ethX (or Y) receives a L2 multicast or broadcast packet containing\n an IP packet, flow is not yet in conntrack table.\n\n 1. skb passes through bridge and fake-ip (br_netfilter)Prerouting.\n -\u003e skb-\u003e_nfct now references a unconfirmed entry\n 2. skb is broad/mcast packet. bridge now passes clones out on each bridge\n interface.\n 3. skb gets passed up the stack.\n 4. In macvlan case, macvlan driver retains clone(s) of the mcast skb\n and schedules a work queue to send them out on the lower devices.\n\n The clone skb-\u003e_nfct is not a copy, it is the same entry as the\n original skb. The macvlan rx handler then returns RX_HANDLER_PASS.\n 5. Normal conntrack hooks (in NF_INET_LOCAL_IN) confirm the orig skb.\n\nThe Macvlan broadcast worker and normal confirm path will race.\n\nThis race will not happen if step 2 already confirmed a clone. In that\ncase later steps perform skb_clone() with skb-\u003e_nfct already confirmed (in\nhash table). This works fine.\n\nBut such confirmation won\u0027t happen when eb/ip/nftables rules dropped the\npackets before they reached the nf_confirm step in postrouting.\n\nPablo points out that nf_conntrack_bridge doesn\u0027t allow use of stateful\nnat, so we can safely discard the nf_conn entry and let inet call\nconntrack again.\n\nThis doesn\u0027t work for bridge netfilter: skb could have a nat\ntransformation. Also bridge nf prevents re-invocation of inet prerouting\nvia \u0027sabotage_in\u0027 hook.\n\nWork around this problem by explicit confirmation of the entry at LOCAL_IN\ntime, before upper layer has a chance to clone the unconfirmed entry.\n\nThe downside is that this disables NAT and conntrack helpers.\n\nAlternative fix would be to add locking to all code parts that deal with\nunconfirmed packets, but even if that could be done in a sane way this\nopens up other problems, for example:\n\n-m physdev --physdev-out eth0 -j SNAT --snat-to 1.2.3.4\n-m physdev --physdev-out eth1 -j SNAT --snat-to 1.2.3.5\n\nFor multicast case, only one of such conflicting mappings will be\ncreated, conntrack only handles 1:1 NAT mappings.\n\nUsers should set create a setup that explicitly marks such traffic\nNOTRACK (conntrack bypass) to avoid this, but we cannot auto-bypass\nthem, ruleset might have accept rules for untracked traffic already,\nso user-visible behaviour would change.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27415",
"url": "https://www.suse.com/security/cve/CVE-2024-27415"
},
{
"category": "external",
"summary": "SUSE Bug 1224757 for CVE-2024-27415",
"url": "https://bugzilla.suse.com/1224757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-27415"
},
{
"cve": "CVE-2024-35826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35826"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix page refcounts for unaligned buffers in __bio_release_pages()\n\nFix an incorrect number of pages being released for buffers that do not\nstart at the beginning of a page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35826",
"url": "https://www.suse.com/security/cve/CVE-2024-35826"
},
{
"category": "external",
"summary": "SUSE Bug 1224610 for CVE-2024-35826",
"url": "https://bugzilla.suse.com/1224610"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-35826"
},
{
"cve": "CVE-2024-35910",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35910"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: properly terminate timers for kernel sockets\n\nWe had various syzbot reports about tcp timers firing after\nthe corresponding netns has been dismantled.\n\nFortunately Josef Bacik could trigger the issue more often,\nand could test a patch I wrote two years ago.\n\nWhen TCP sockets are closed, we call inet_csk_clear_xmit_timers()\nto \u0027stop\u0027 the timers.\n\ninet_csk_clear_xmit_timers() can be called from any context,\nincluding when socket lock is held.\nThis is the reason it uses sk_stop_timer(), aka del_timer().\nThis means that ongoing timers might finish much later.\n\nFor user sockets, this is fine because each running timer\nholds a reference on the socket, and the user socket holds\na reference on the netns.\n\nFor kernel sockets, we risk that the netns is freed before\ntimer can complete, because kernel sockets do not hold\nreference on the netns.\n\nThis patch adds inet_csk_clear_xmit_timers_sync() function\nthat using sk_stop_timer_sync() to make sure all timers\nare terminated before the kernel socket is released.\nModules using kernel sockets close them in their netns exit()\nhandler.\n\nAlso add sock_not_owned_by_me() helper to get LOCKDEP\nsupport : inet_csk_clear_xmit_timers_sync() must not be called\nwhile socket lock is held.\n\nIt is very possible we can revert in the future commit\n3a58f13a881e (\"net: rds: acquire refcount on TCP sockets\")\nwhich attempted to solve the issue in rds only.\n(net/smc/af_smc.c and net/mptcp/subflow.c have similar code)\n\nWe probably can remove the check_net() tests from\ntcp_out_of_resources() and __tcp_close() in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35910",
"url": "https://www.suse.com/security/cve/CVE-2024-35910"
},
{
"category": "external",
"summary": "SUSE Bug 1224489 for CVE-2024-35910",
"url": "https://bugzilla.suse.com/1224489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-35910"
},
{
"cve": "CVE-2024-38606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38606"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - validate slices count returned by FW\n\nThe function adf_send_admin_tl_start() enables the telemetry (TL)\nfeature on a QAT device by sending the ICP_QAT_FW_TL_START message to\nthe firmware. This triggers the FW to start writing TL data to a DMA\nbuffer in memory and returns an array containing the number of\naccelerators of each type (slices) supported by this HW.\nThe pointer to this array is stored in the adf_tl_hw_data data\nstructure called slice_cnt.\n\nThe array slice_cnt is then used in the function tl_print_dev_data()\nto report in debugfs only statistics about the supported accelerators.\nAn incorrect value of the elements in slice_cnt might lead to an out\nof bounds memory read.\nAt the moment, there isn\u0027t an implementation of FW that returns a wrong\nvalue, but for robustness validate the slice count array returned by FW.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38606",
"url": "https://www.suse.com/security/cve/CVE-2024-38606"
},
{
"category": "external",
"summary": "SUSE Bug 1226871 for CVE-2024-38606",
"url": "https://bugzilla.suse.com/1226871"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-38606"
},
{
"cve": "CVE-2024-40980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: replace spin_lock by raw_spin_lock\n\ntrace_drop_common() is called with preemption disabled, and it acquires\na spin_lock. This is problematic for RT kernels because spin_locks are\nsleeping locks in this configuration, which causes the following splat:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47\npreempt_count: 1, expected: 0\nRCU nest depth: 2, expected: 2\n5 locks held by rcuc/47/449:\n #0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210\n #1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130\n #2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210\n #3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70\n #4: ff1100086ee07520 (\u0026data-\u003elock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290\nirq event stamp: 139909\nhardirqs last enabled at (139908): [\u003cffffffffb1df2b33\u003e] _raw_spin_unlock_irqrestore+0x63/0x80\nhardirqs last disabled at (139909): [\u003cffffffffb19bd03d\u003e] trace_drop_common.constprop.0+0x26d/0x290\nsoftirqs last enabled at (139892): [\u003cffffffffb07a1083\u003e] __local_bh_enable_ip+0x103/0x170\nsoftirqs last disabled at (139898): [\u003cffffffffb0909b33\u003e] rcu_cpu_kthread+0x93/0x1f0\nPreemption disabled at:\n[\u003cffffffffb1de786b\u003e] rt_mutex_slowunlock+0xab/0x2e0\nCPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7\nHardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x8c/0xd0\n dump_stack+0x14/0x20\n __might_resched+0x21e/0x2f0\n rt_spin_lock+0x5e/0x130\n ? trace_drop_common.constprop.0+0xb5/0x290\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_drop_common.constprop.0+0xb5/0x290\n ? preempt_count_sub+0x1c/0xd0\n ? _raw_spin_unlock_irqrestore+0x4a/0x80\n ? __pfx_trace_drop_common.constprop.0+0x10/0x10\n ? rt_mutex_slowunlock+0x26a/0x2e0\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_rt_mutex_slowunlock+0x10/0x10\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_kfree_skb_hit+0x15/0x20\n trace_kfree_skb+0xe9/0x150\n kfree_skb_reason+0x7b/0x110\n skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_skb_queue_purge_reason.part.0+0x10/0x10\n ? mark_lock.part.0+0x8a/0x520\n...\n\ntrace_drop_common() also disables interrupts, but this is a minor issue\nbecause we could easily replace it with a local_lock.\n\nReplace the spin_lock with raw_spin_lock to avoid sleeping in atomic\ncontext.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40980",
"url": "https://www.suse.com/security/cve/CVE-2024-40980"
},
{
"category": "external",
"summary": "SUSE Bug 1227937 for CVE-2024-40980",
"url": "https://bugzilla.suse.com/1227937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-40980"
},
{
"cve": "CVE-2024-41005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetpoll: Fix race condition in netpoll_owner_active\n\nKCSAN detected a race condition in netpoll:\n\n\tBUG: KCSAN: data-race in net_rx_action / netpoll_send_skb\n\twrite (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10:\n\tnet_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)\n\u003csnip\u003e\n\tread to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2:\n\tnetpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393)\n\tnetpoll_send_udp (net/core/netpoll.c:?)\n\u003csnip\u003e\n\tvalue changed: 0x0000000a -\u003e 0xffffffff\n\nThis happens because netpoll_owner_active() needs to check if the\ncurrent CPU is the owner of the lock, touching napi-\u003epoll_owner\nnon atomically. The -\u003epoll_owner field contains the current CPU holding\nthe lock.\n\nUse an atomic read to check if the poll owner is the current CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41005",
"url": "https://www.suse.com/security/cve/CVE-2024-41005"
},
{
"category": "external",
"summary": "SUSE Bug 1227858 for CVE-2024-41005",
"url": "https://bugzilla.suse.com/1227858"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-41005"
},
{
"cve": "CVE-2024-41055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: prevent derefencing NULL ptr in pfn_section_valid()\n\nCommit 5ec8e8ea8b77 (\"mm/sparsemem: fix race in accessing\nmemory_section-\u003eusage\") changed pfn_section_valid() to add a READ_ONCE()\ncall around \"ms-\u003eusage\" to fix a race with section_deactivate() where\nms-\u003eusage can be cleared. The READ_ONCE() call, by itself, is not enough\nto prevent NULL pointer dereference. We need to check its value before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41055",
"url": "https://www.suse.com/security/cve/CVE-2024-41055"
},
{
"category": "external",
"summary": "SUSE Bug 1228521 for CVE-2024-41055",
"url": "https://bugzilla.suse.com/1228521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-41055"
},
{
"cve": "CVE-2024-41077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41077"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnull_blk: fix validation of block size\n\nBlock size should be between 512 and PAGE_SIZE and be a power of 2. The current\ncheck does not validate this, so update the check.\n\nWithout this patch, null_blk would Oops due to a null pointer deref when\nloaded with bs=1536 [1].\n\n\n[axboe: remove unnecessary braces and != 0 check]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41077",
"url": "https://www.suse.com/security/cve/CVE-2024-41077"
},
{
"category": "external",
"summary": "SUSE Bug 1228653 for CVE-2024-41077",
"url": "https://bugzilla.suse.com/1228653"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-41077"
},
{
"cve": "CVE-2024-41149",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41149"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: avoid to reuse `hctx` not removed from cpuhp callback list\n\nIf the \u0027hctx\u0027 isn\u0027t removed from cpuhp callback list, we can\u0027t reuse it,\notherwise use-after-free may be triggered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41149",
"url": "https://www.suse.com/security/cve/CVE-2024-41149"
},
{
"category": "external",
"summary": "SUSE Bug 1235698 for CVE-2024-41149",
"url": "https://bugzilla.suse.com/1235698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-41149"
},
{
"cve": "CVE-2024-42307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42307"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential null pointer use in destroy_workqueue in init_cifs error path\n\nDan Carpenter reported a Smack static checker warning:\n fs/smb/client/cifsfs.c:1981 init_cifs()\n error: we previously assumed \u0027serverclose_wq\u0027 could be null (see line 1895)\n\nThe patch which introduced the serverclose workqueue used the wrong\noredering in error paths in init_cifs() for freeing it on errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42307",
"url": "https://www.suse.com/security/cve/CVE-2024-42307"
},
{
"category": "external",
"summary": "SUSE Bug 1229361 for CVE-2024-42307",
"url": "https://bugzilla.suse.com/1229361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-42307"
},
{
"cve": "CVE-2024-43820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43820"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume\n\nrm-raid devices will occasionally trigger the following warning when\nbeing resumed after a table load because DM_RECOVERY_RUNNING is set:\n\nWARNING: CPU: 7 PID: 5660 at drivers/md/dm-raid.c:4105 raid_resume+0xee/0x100 [dm_raid]\n\nThe failing check is:\nWARN_ON_ONCE(test_bit(MD_RECOVERY_RUNNING, \u0026mddev-\u003erecovery));\n\nThis check is designed to make sure that the sync thread isn\u0027t\nregistered, but md_check_recovery can set MD_RECOVERY_RUNNING without\nthe sync_thread ever getting registered. Instead of checking if\nMD_RECOVERY_RUNNING is set, check if sync_thread is non-NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43820",
"url": "https://www.suse.com/security/cve/CVE-2024-43820"
},
{
"category": "external",
"summary": "SUSE Bug 1229311 for CVE-2024-43820",
"url": "https://bugzilla.suse.com/1229311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-43820"
},
{
"cve": "CVE-2024-44974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44974",
"url": "https://www.suse.com/security/cve/CVE-2024-44974"
},
{
"category": "external",
"summary": "SUSE Bug 1230235 for CVE-2024-44974",
"url": "https://bugzilla.suse.com/1230235"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-44974"
},
{
"cve": "CVE-2024-45009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the \"remove single subflow\" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \u0027subflow\u0027 endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\u0027s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45009",
"url": "https://www.suse.com/security/cve/CVE-2024-45009"
},
{
"category": "external",
"summary": "SUSE Bug 1230438 for CVE-2024-45009",
"url": "https://bugzilla.suse.com/1230438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-45009"
},
{
"cve": "CVE-2024-45010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \u0027subflow\u0027 endp as available\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the \"remove single address\" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \u0027signal\u0027 endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\u0027subflow\u0027 endpoints, and here it is a \u0027signal\u0027 endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \u0027subflow\u0027 endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45010",
"url": "https://www.suse.com/security/cve/CVE-2024-45010"
},
{
"category": "external",
"summary": "SUSE Bug 1230439 for CVE-2024-45010",
"url": "https://bugzilla.suse.com/1230439"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-45010"
},
{
"cve": "CVE-2024-46736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46736"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double put of @cfile in smb2_rename_path()\n\nIf smb2_set_path_attr() is called with a valid @cfile and returned\n-EINVAL, we need to call cifs_get_writable_path() again as the\nreference of @cfile was already dropped by previous smb2_compound_op()\ncall.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46736",
"url": "https://www.suse.com/security/cve/CVE-2024-46736"
},
{
"category": "external",
"summary": "SUSE Bug 1230728 for CVE-2024-46736",
"url": "https://bugzilla.suse.com/1230728"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-46736"
},
{
"cve": "CVE-2024-46782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: call nf_unregister_net_hooks() sooner\n\nsyzbot found an use-after-free Read in ila_nf_input [1]\n\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\nthen call nf_unregister_net_hooks().\n\nIt should be done in the reverse way, with a synchronize_rcu().\n\nThis is a good match for a pre_exit() method.\n\n[1]\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\n\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\n __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\n process_backlog+0x662/0x15b0 net/core/dev.c:6108\n __napi_poll+0xcb/0x490 net/core/dev.c:6772\n napi_poll net/core/dev.c:6841 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:6963\n handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\n run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\n smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xbfffffff(buddy)\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\n set_page_owner include/linux/page_owner.h:32 [inline]\n post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\n prep_new_page mm/page_alloc.c:1501 [inline]\n get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\n __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\n __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\n alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\n ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\n __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\n __do_kmalloc_node mm/slub.c:4146 [inline]\n __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\n __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\n bucket_table_alloc lib/rhashtable.c:186 [inline]\n rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\n ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\n ops_ini\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46782",
"url": "https://www.suse.com/security/cve/CVE-2024-46782"
},
{
"category": "external",
"summary": "SUSE Bug 1230769 for CVE-2024-46782",
"url": "https://bugzilla.suse.com/1230769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-46782"
},
{
"cve": "CVE-2024-46796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46796"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double put of @cfile in smb2_set_path_size()\n\nIf smb2_compound_op() is called with a valid @cfile and returned\n-EINVAL, we need to call cifs_get_writable_path() before retrying it\nas the reference of @cfile was already dropped by previous call.\n\nThis fixes the following KASAN splat when running fstests generic/013\nagainst Windows Server 2022:\n\n CIFS: Attempting to mount //w22-fs0/scratch\n run fstests generic/013 at 2024-09-02 19:48:59\n ==================================================================\n BUG: KASAN: slab-use-after-free in detach_if_pending+0xab/0x200\n Write of size 8 at addr ffff88811f1a3730 by task kworker/3:2/176\n\n CPU: 3 UID: 0 PID: 176 Comm: kworker/3:2 Not tainted 6.11.0-rc6 #2\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40\n 04/01/2014\n Workqueue: cifsoplockd cifs_oplock_break [cifs]\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ? detach_if_pending+0xab/0x200\n print_report+0x156/0x4d9\n ? detach_if_pending+0xab/0x200\n ? __virt_addr_valid+0x145/0x300\n ? __phys_addr+0x46/0x90\n ? detach_if_pending+0xab/0x200\n kasan_report+0xda/0x110\n ? detach_if_pending+0xab/0x200\n detach_if_pending+0xab/0x200\n timer_delete+0x96/0xe0\n ? __pfx_timer_delete+0x10/0x10\n ? rcu_is_watching+0x20/0x50\n try_to_grab_pending+0x46/0x3b0\n __cancel_work+0x89/0x1b0\n ? __pfx___cancel_work+0x10/0x10\n ? kasan_save_track+0x14/0x30\n cifs_close_deferred_file+0x110/0x2c0 [cifs]\n ? __pfx_cifs_close_deferred_file+0x10/0x10 [cifs]\n ? __pfx_down_read+0x10/0x10\n cifs_oplock_break+0x4c1/0xa50 [cifs]\n ? __pfx_cifs_oplock_break+0x10/0x10 [cifs]\n ? lock_is_held_type+0x85/0xf0\n ? mark_held_locks+0x1a/0x90\n process_one_work+0x4c6/0x9f0\n ? find_held_lock+0x8a/0xa0\n ? __pfx_process_one_work+0x10/0x10\n ? lock_acquired+0x220/0x550\n ? __list_add_valid_or_report+0x37/0x100\n worker_thread+0x2e4/0x570\n ? __kthread_parkme+0xd1/0xf0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x17f/0x1c0\n ? kthread+0xda/0x1c0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\n Allocated by task 1118:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n cifs_new_fileinfo+0xc8/0x9d0 [cifs]\n cifs_atomic_open+0x467/0x770 [cifs]\n lookup_open.isra.0+0x665/0x8b0\n path_openat+0x4c3/0x1380\n do_filp_open+0x167/0x270\n do_sys_openat2+0x129/0x160\n __x64_sys_creat+0xad/0xe0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 83:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x70\n poison_slab_object+0xe9/0x160\n __kasan_slab_free+0x32/0x50\n kfree+0xf2/0x300\n process_one_work+0x4c6/0x9f0\n worker_thread+0x2e4/0x570\n kthread+0x17f/0x1c0\n ret_from_fork+0x31/0x60\n ret_from_fork_asm+0x1a/0x30\n\n Last potentially related work creation:\n kasan_save_stack+0x30/0x50\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x29/0xe0\n __queue_work+0x5ea/0x760\n queue_work_on+0x6d/0x90\n _cifsFileInfo_put+0x3f6/0x770 [cifs]\n smb2_compound_op+0x911/0x3940 [cifs]\n smb2_set_path_size+0x228/0x270 [cifs]\n cifs_set_file_size+0x197/0x460 [cifs]\n cifs_setattr+0xd9c/0x14b0 [cifs]\n notify_change+0x4e3/0x740\n do_truncate+0xfa/0x180\n vfs_truncate+0x195/0x200\n __x64_sys_truncate+0x109/0x150\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46796",
"url": "https://www.suse.com/security/cve/CVE-2024-46796"
},
{
"category": "external",
"summary": "SUSE Bug 1230832 for CVE-2024-46796",
"url": "https://bugzilla.suse.com/1230832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-46796"
},
{
"cve": "CVE-2024-46858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: Fix uaf in __timer_delete_sync\n\nThere are two paths to access mptcp_pm_del_add_timer, result in a race\ncondition:\n\n CPU1\t\t\t\tCPU2\n ==== ====\n net_rx_action\n napi_poll netlink_sendmsg\n __napi_poll netlink_unicast\n process_backlog netlink_unicast_kernel\n __netif_receive_skb genl_rcv\n __netif_receive_skb_one_core netlink_rcv_skb\n NF_HOOK genl_rcv_msg\n ip_local_deliver_finish genl_family_rcv_msg\n ip_protocol_deliver_rcu genl_family_rcv_msg_doit\n tcp_v4_rcv mptcp_pm_nl_flush_addrs_doit\n tcp_v4_do_rcv mptcp_nl_remove_addrs_list\n tcp_rcv_established mptcp_pm_remove_addrs_and_subflows\n tcp_data_queue remove_anno_list_by_saddr\n mptcp_incoming_options mptcp_pm_del_add_timer\n mptcp_pm_del_add_timer kfree(entry)\n\nIn remove_anno_list_by_saddr(running on CPU2), after leaving the critical\nzone protected by \"pm.lock\", the entry will be released, which leads to the\noccurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1).\n\nKeeping a reference to add_timer inside the lock, and calling\nsk_stop_timer_sync() with this reference, instead of \"entry-\u003eadd_timer\".\n\nMove list_del(\u0026entry-\u003elist) to mptcp_pm_del_add_timer and inside the pm lock,\ndo not directly access any members of the entry outside the pm lock, which\ncan avoid similar \"entry-\u003ex\" uaf.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46858",
"url": "https://www.suse.com/security/cve/CVE-2024-46858"
},
{
"category": "external",
"summary": "SUSE Bug 1231088 for CVE-2024-46858",
"url": "https://bugzilla.suse.com/1231088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-46858"
},
{
"cve": "CVE-2024-47408",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47408"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check smcd_v2_ext_offset when receiving proposal msg\n\nWhen receiving proposal msg in server, the field smcd_v2_ext_offset in\nproposal msg is from the remote client and can not be fully trusted.\nOnce the value of smcd_v2_ext_offset exceed the max value, there has\nthe chance to access wrong address, and crash may happen.\n\nThis patch checks the value of smcd_v2_ext_offset before using it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47408",
"url": "https://www.suse.com/security/cve/CVE-2024-47408"
},
{
"category": "external",
"summary": "SUSE Bug 1235711 for CVE-2024-47408",
"url": "https://bugzilla.suse.com/1235711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-47408"
},
{
"cve": "CVE-2024-47701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid OOB when system.data xattr changes underneath the filesystem\n\nWhen looking up for an entry in an inlined directory, if e_value_offs is\nchanged underneath the filesystem by some change in the block device, it\nwill lead to an out-of-bounds access that KASAN detects as an UAF.\n\nEXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.\nloop0: detected capacity change from 2048 to 2047\n==================================================================\nBUG: KASAN: use-after-free in ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\nRead of size 1 at addr ffff88803e91130f by task syz-executor269/5103\n\nCPU: 0 UID: 0 PID: 5103 Comm: syz-executor269 Not tainted 6.11.0-rc4-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\n ext4_find_inline_entry+0x4be/0x5e0 fs/ext4/inline.c:1697\n __ext4_find_entry+0x2b4/0x1b30 fs/ext4/namei.c:1573\n ext4_lookup_entry fs/ext4/namei.c:1727 [inline]\n ext4_lookup+0x15f/0x750 fs/ext4/namei.c:1795\n lookup_one_qstr_excl+0x11f/0x260 fs/namei.c:1633\n filename_create+0x297/0x540 fs/namei.c:3980\n do_symlinkat+0xf9/0x3a0 fs/namei.c:4587\n __do_sys_symlinkat fs/namei.c:4610 [inline]\n __se_sys_symlinkat fs/namei.c:4607 [inline]\n __x64_sys_symlinkat+0x95/0xb0 fs/namei.c:4607\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f3e73ced469\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff4d40c258 EFLAGS: 00000246 ORIG_RAX: 000000000000010a\nRAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f3e73ced469\nRDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0\nRBP: 0000000000000000 R08: 00007fff4d40c290 R09: 00007fff4d40c290\nR10: 0023706f6f6c2f76 R11: 0000000000000246 R12: 00007fff4d40c27c\nR13: 0000000000000003 R14: 431bde82d7b634db R15: 00007fff4d40c2b0\n \u003c/TASK\u003e\n\nCalling ext4_xattr_ibody_find right after reading the inode with\next4_get_inode_loc will lead to a check of the validity of the xattrs,\navoiding this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47701",
"url": "https://www.suse.com/security/cve/CVE-2024-47701"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1231920 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1231920"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-47701"
},
{
"cve": "CVE-2024-47794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Prevent tailcall infinite loop caused by freplace\n\nThere is a potential infinite loop issue that can occur when using a\ncombination of tail calls and freplace.\n\nIn an upcoming selftest, the attach target for entry_freplace of\ntailcall_freplace.c is subprog_tc of tc_bpf2bpf.c, while the tail call in\nentry_freplace leads to entry_tc. This results in an infinite loop:\n\nentry_tc -\u003e subprog_tc -\u003e entry_freplace --tailcall-\u003e entry_tc.\n\nThe problem arises because the tail_call_cnt in entry_freplace resets to\nzero each time entry_freplace is executed, causing the tail call mechanism\nto never terminate, eventually leading to a kernel panic.\n\nTo fix this issue, the solution is twofold:\n\n1. Prevent updating a program extended by an freplace program to a\n prog_array map.\n2. Prevent extending a program that is already part of a prog_array map\n with an freplace program.\n\nThis ensures that:\n\n* If a program or its subprogram has been extended by an freplace program,\n it can no longer be updated to a prog_array map.\n* If a program has been added to a prog_array map, neither it nor its\n subprograms can be extended by an freplace program.\n\nMoreover, an extension program should not be tailcalled. As such, return\n-EINVAL if the program has a type of BPF_PROG_TYPE_EXT when adding it to a\nprog_array map.\n\nAdditionally, fix a minor code style issue by replacing eight spaces with a\ntab for proper formatting.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47794",
"url": "https://www.suse.com/security/cve/CVE-2024-47794"
},
{
"category": "external",
"summary": "SUSE Bug 1235712 for CVE-2024-47794",
"url": "https://bugzilla.suse.com/1235712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-47794"
},
{
"cve": "CVE-2024-49571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49571"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg\n\nWhen receiving proposal msg in server, the field iparea_offset\nand the field ipv6_prefixes_cnt in proposal msg are from the\nremote client and can not be fully trusted. Especially the\nfield iparea_offset, once exceed the max value, there has the\nchance to access wrong address, and crash may happen.\n\nThis patch checks iparea_offset and ipv6_prefixes_cnt before using them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49571",
"url": "https://www.suse.com/security/cve/CVE-2024-49571"
},
{
"category": "external",
"summary": "SUSE Bug 1235733 for CVE-2024-49571",
"url": "https://bugzilla.suse.com/1235733"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49571"
},
{
"cve": "CVE-2024-49884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix slab-use-after-free in ext4_split_extent_at()\n\nWe hit the following use-after-free:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_split_extent_at+0xba8/0xcc0\nRead of size 2 at addr ffff88810548ed08 by task kworker/u20:0/40\nCPU: 0 PID: 40 Comm: kworker/u20:0 Not tainted 6.9.0-dirty #724\nCall Trace:\n \u003cTASK\u003e\n kasan_report+0x93/0xc0\n ext4_split_extent_at+0xba8/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nAllocated by task 40:\n __kmalloc_noprof+0x1ac/0x480\n ext4_find_extent+0xf3b/0x1e70\n ext4_ext_map_blocks+0x188/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nFreed by task 40:\n kfree+0xf1/0x2b0\n ext4_find_extent+0xa71/0x1e70\n ext4_ext_insert_extent+0xa22/0x3260\n ext4_split_extent_at+0x3ef/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n==================================================================\n\nThe flow of issue triggering is as follows:\n\next4_split_extent_at\n path = *ppath\n ext4_ext_insert_extent(ppath)\n ext4_ext_create_new_leaf(ppath)\n ext4_find_extent(orig_path)\n path = *orig_path\n read_extent_tree_block\n // return -ENOMEM or -EIO\n ext4_free_ext_path(path)\n kfree(path)\n *orig_path = NULL\n a. If err is -ENOMEM:\n ext4_ext_dirty(path + path-\u003ep_depth)\n // path use-after-free !!!\n b. If err is -EIO and we have EXT_DEBUG defined:\n ext4_ext_show_leaf(path)\n eh = path[depth].p_hdr\n // path also use-after-free !!!\n\nSo when trying to zeroout or fix the extent length, call ext4_find_extent()\nto update the path.\n\nIn addition we use *ppath directly as an ext4_ext_show_leaf() input to\navoid possible use-after-free when EXT_DEBUG is defined, and to avoid\nunnecessary path updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49884",
"url": "https://www.suse.com/security/cve/CVE-2024-49884"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232198 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1232198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49884"
},
{
"cve": "CVE-2024-49924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: pxafb: Fix possible use after free in pxafb_task()\n\nIn the pxafb_probe function, it calls the pxafb_init_fbinfo function,\nafter which \u0026fbi-\u003etask is associated with pxafb_task. Moreover,\nwithin this pxafb_init_fbinfo function, the pxafb_blank function\nwithin the \u0026pxafb_ops struct is capable of scheduling work.\n\nIf we remove the module which will call pxafb_remove to make cleanup,\nit will call unregister_framebuffer function which can call\ndo_unregister_framebuffer to free fbi-\u003efb through\nput_fb_info(fb_info), while the work mentioned above will be used.\nThe sequence of operations that may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | pxafb_task\npxafb_remove |\nunregister_framebuffer(info) |\ndo_unregister_framebuffer(fb_info) |\nput_fb_info(fb_info) |\n// free fbi-\u003efb | set_ctrlr_state(fbi, state)\n | __pxafb_lcd_power(fbi, 0)\n | fbi-\u003elcd_power(on, \u0026fbi-\u003efb.var)\n | //use fbi-\u003efb\n\nFix it by ensuring that the work is canceled before proceeding\nwith the cleanup in pxafb_remove.\n\nNote that only root user can remove the driver at runtime.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49924",
"url": "https://www.suse.com/security/cve/CVE-2024-49924"
},
{
"category": "external",
"summary": "SUSE Bug 1232364 for CVE-2024-49924",
"url": "https://bugzilla.suse.com/1232364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49924"
},
{
"cve": "CVE-2024-49940",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49940"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: prevent possible tunnel refcount underflow\n\nWhen a session is created, it sets a backpointer to its tunnel. When\nthe session refcount drops to 0, l2tp_session_free drops the tunnel\nrefcount if session-\u003etunnel is non-NULL. However, session-\u003etunnel is\nset in l2tp_session_create, before the tunnel refcount is incremented\nby l2tp_session_register, which leaves a small window where\nsession-\u003etunnel is non-NULL when the tunnel refcount hasn\u0027t been\nbumped.\n\nMoving the assignment to l2tp_session_register is trivial but\nl2tp_session_create calls l2tp_session_set_header_len which uses\nsession-\u003etunnel to get the tunnel\u0027s encap. Add an encap arg to\nl2tp_session_set_header_len to avoid using session-\u003etunnel.\n\nIf l2tpv3 sessions have colliding IDs, it is possible for\nl2tp_v3_session_get to race with l2tp_session_register and fetch a\nsession which doesn\u0027t yet have session-\u003etunnel set. Add a check for\nthis case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49940",
"url": "https://www.suse.com/security/cve/CVE-2024-49940"
},
{
"category": "external",
"summary": "SUSE Bug 1232812 for CVE-2024-49940",
"url": "https://bugzilla.suse.com/1232812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49940"
},
{
"cve": "CVE-2024-49950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49950"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix uaf in l2cap_connect\n\n[Syzbot reported]\nBUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\nRead of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nWorkqueue: hci2 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\n l2cap_connect_req net/bluetooth/l2cap_core.c:4080 [inline]\n l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline]\n l2cap_recv_frame+0xf0b/0x8eb0 net/bluetooth/l2cap_core.c:6825\n l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514\n hci_acldata_packet net/bluetooth/hci_core.c:3791 [inline]\n hci_rx_work+0xaab/0x1610 net/bluetooth/hci_core.c:4028\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n...\n\nFreed by task 5245:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579\n poison_slab_object+0xf7/0x160 mm/kasan/common.c:240\n __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2256 [inline]\n slab_free mm/slub.c:4477 [inline]\n kfree+0x12a/0x3b0 mm/slub.c:4598\n l2cap_conn_free net/bluetooth/l2cap_core.c:1810 [inline]\n kref_put include/linux/kref.h:65 [inline]\n l2cap_conn_put net/bluetooth/l2cap_core.c:1822 [inline]\n l2cap_conn_del+0x59d/0x730 net/bluetooth/l2cap_core.c:1802\n l2cap_connect_cfm+0x9e6/0xf80 net/bluetooth/l2cap_core.c:7241\n hci_connect_cfm include/net/bluetooth/hci_core.h:1960 [inline]\n hci_conn_failed+0x1c3/0x370 net/bluetooth/hci_conn.c:1265\n hci_abort_conn_sync+0x75a/0xb50 net/bluetooth/hci_sync.c:5583\n abort_conn_sync+0x197/0x360 net/bluetooth/hci_conn.c:2917\n hci_cmd_sync_work+0x1a4/0x410 net/bluetooth/hci_sync.c:328\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49950",
"url": "https://www.suse.com/security/cve/CVE-2024-49950"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232159 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1232159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49950"
},
{
"cve": "CVE-2024-49994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix integer overflow in BLKSECDISCARD\n\nI independently rediscovered\n\n\tcommit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155\n\tblock: fix overflow in blk_ioctl_discard()\n\nbut for secure erase.\n\nSame problem:\n\n\tuint64_t r[2] = {512, 18446744073709551104ULL};\n\tioctl(fd, BLKSECDISCARD, r);\n\nwill enter near infinite loop inside blkdev_issue_secure_erase():\n\n\ta.out: attempt to access beyond end of device\n\tloop0: rw=5, sector=3399043073, nr_sectors = 1024 limit=2048\n\tbio_check_eod: 3286214 callbacks suppressed",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49994",
"url": "https://www.suse.com/security/cve/CVE-2024-49994"
},
{
"category": "external",
"summary": "SUSE Bug 1237757 for CVE-2024-49994",
"url": "https://bugzilla.suse.com/1237757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49994"
},
{
"cve": "CVE-2024-50029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50029"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync\n\nThis checks if the ACL connection remains valid as it could be destroyed\nwhile hci_enhanced_setup_sync is pending on cmd_sync leading to the\nfollowing trace:\n\nBUG: KASAN: slab-use-after-free in hci_enhanced_setup_sync+0x91b/0xa60\nRead of size 1 at addr ffff888002328ffd by task kworker/u5:2/37\n\nCPU: 0 UID: 0 PID: 37 Comm: kworker/u5:2 Not tainted 6.11.0-rc6-01300-g810be445d8d6 #7099\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ? hci_enhanced_setup_sync+0x91b/0xa60\n print_report+0x152/0x4c0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n ? __virt_addr_valid+0x1fa/0x420\n ? hci_enhanced_setup_sync+0x91b/0xa60\n kasan_report+0xda/0x1b0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n hci_enhanced_setup_sync+0x91b/0xa60\n ? __pfx_hci_enhanced_setup_sync+0x10/0x10\n ? __pfx___mutex_lock+0x10/0x10\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n ? __pfx_lock_acquire+0x10/0x10\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x167/0x240\n worker_thread+0x5b7/0xf60\n ? __kthread_parkme+0xac/0x1c0\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x293/0x360\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2f/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 34:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n __hci_conn_add+0x187/0x17d0\n hci_connect_sco+0x2e1/0xb90\n sco_sock_connect+0x2a2/0xb80\n __sys_connect+0x227/0x2a0\n __x64_sys_connect+0x6d/0xb0\n do_syscall_64+0x71/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 37:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x101/0x160\n kfree+0xd0/0x250\n device_release+0x9a/0x210\n kobject_put+0x151/0x280\n hci_conn_del+0x448/0xbf0\n hci_abort_conn_sync+0x46f/0x980\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n worker_thread+0x5b7/0xf60\n kthread+0x293/0x360\n ret_from_fork+0x2f/0x70\n ret_from_fork_asm+0x1a/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50029",
"url": "https://www.suse.com/security/cve/CVE-2024-50029"
},
{
"category": "external",
"summary": "SUSE Bug 1231949 for CVE-2024-50029",
"url": "https://bugzilla.suse.com/1231949"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50029"
},
{
"cve": "CVE-2024-50036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not delay dst_entries_add() in dst_release()\n\ndst_entries_add() uses per-cpu data that might be freed at netns\ndismantle from ip6_route_net_exit() calling dst_entries_destroy()\n\nBefore ip6_route_net_exit() can be called, we release all\nthe dsts associated with this netns, via calls to dst_release(),\nwhich waits an rcu grace period before calling dst_destroy()\n\ndst_entries_add() use in dst_destroy() is racy, because\ndst_entries_destroy() could have been called already.\n\nDecrementing the number of dsts must happen sooner.\n\nNotes:\n\n1) in CONFIG_XFRM case, dst_destroy() can call\n dst_release_immediate(child), this might also cause UAF\n if the child does not have DST_NOCOUNT set.\n IPSEC maintainers might take a look and see how to address this.\n\n2) There is also discussion about removing this count of dst,\n which might happen in future kernels.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50036",
"url": "https://www.suse.com/security/cve/CVE-2024-50036"
},
{
"category": "external",
"summary": "SUSE Bug 1231912 for CVE-2024-50036",
"url": "https://bugzilla.suse.com/1231912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50036"
},
{
"cve": "CVE-2024-50038",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50038"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xtables: avoid NFPROTO_UNSPEC where needed\n\nsyzbot managed to call xt_cluster match via ebtables:\n\n WARNING: CPU: 0 PID: 11 at net/netfilter/xt_cluster.c:72 xt_cluster_mt+0x196/0x780\n [..]\n ebt_do_table+0x174b/0x2a40\n\nModule registers to NFPROTO_UNSPEC, but it assumes ipv4/ipv6 packet\nprocessing. As this is only useful to restrict locally terminating\nTCP/UDP traffic, register this for ipv4 and ipv6 family only.\n\nPablo points out that this is a general issue, direct users of the\nset/getsockopt interface can call into targets/matches that were only\nintended for use with ip(6)tables.\n\nCheck all UNSPEC matches and targets for similar issues:\n\n- matches and targets are fine except if they assume skb_network_header()\n is valid -- this is only true when called from inet layer: ip(6) stack\n pulls the ip/ipv6 header into linear data area.\n- targets that return XT_CONTINUE or other xtables verdicts must be\n restricted too, they are incompatbile with the ebtables traverser, e.g.\n EBT_CONTINUE is a completely different value than XT_CONTINUE.\n\nMost matches/targets are changed to register for NFPROTO_IPV4/IPV6, as\nthey are provided for use by ip(6)tables.\n\nThe MARK target is also used by arptables, so register for NFPROTO_ARP too.\n\nWhile at it, bail out if connbytes fails to enable the corresponding\nconntrack family.\n\nThis change passes the selftests in iptables.git.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50038",
"url": "https://www.suse.com/security/cve/CVE-2024-50038"
},
{
"category": "external",
"summary": "SUSE Bug 1231910 for CVE-2024-50038",
"url": "https://bugzilla.suse.com/1231910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50038"
},
{
"cve": "CVE-2024-50056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c\n\nFix potential dereferencing of ERR_PTR() in find_format_by_pix()\nand uvc_v4l2_enum_format().\n\nFix the following smatch errors:\n\ndrivers/usb/gadget/function/uvc_v4l2.c:124 find_format_by_pix()\nerror: \u0027fmtdesc\u0027 dereferencing possible ERR_PTR()\n\ndrivers/usb/gadget/function/uvc_v4l2.c:392 uvc_v4l2_enum_format()\nerror: \u0027fmtdesc\u0027 dereferencing possible ERR_PTR()\n\nAlso, fix similar issue in uvc_v4l2_try_format() for potential\ndereferencing of ERR_PTR().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50056",
"url": "https://www.suse.com/security/cve/CVE-2024-50056"
},
{
"category": "external",
"summary": "SUSE Bug 1232389 for CVE-2024-50056",
"url": "https://bugzilla.suse.com/1232389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50056"
},
{
"cve": "CVE-2024-50073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50073"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Fix use-after-free in gsm_cleanup_mux\n\nBUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0\ndrivers/tty/n_gsm.c:3160 [n_gsm]\nRead of size 8 at addr ffff88815fe99c00 by task poc/3379\nCPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56\nHardware name: VMware, Inc. VMware Virtual Platform/440BX\nDesktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n \u003cTASK\u003e\n gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]\n __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389\n update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500\n __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846\n __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107\n __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]\n ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195\n ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79\n __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338\n __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\nAllocated by task 65:\n gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]\n gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]\n gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]\n gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]\n tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391\n tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39\n flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445\n process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229\n worker_thread+0x3dc/0x950 kernel/workqueue.c:3391\n kthread+0x2a3/0x370 kernel/kthread.c:389\n ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257\n\nFreed by task 3367:\n kfree+0x126/0x420 mm/slub.c:4580\n gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\n[Analysis]\ngsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux\ncan be freed by multi threads through ioctl,which leads\nto the occurrence of uaf. Protect it by gsm tx lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50073",
"url": "https://www.suse.com/security/cve/CVE-2024-50073"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232520 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1232520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-50073"
},
{
"cve": "CVE-2024-50085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow\n\nSyzkaller reported this splat:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n Read of size 4 at addr ffff8880569ac858 by task syz.1.2799/14662\n\n CPU: 0 UID: 0 PID: 14662 Comm: syz.1.2799 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:914 [inline]\n mptcp_nl_remove_id_zero_address+0x305/0x4a0 net/mptcp/pm_netlink.c:1572\n mptcp_pm_nl_del_addr_doit+0x5c9/0x770 net/mptcp/pm_netlink.c:1603\n genl_family_rcv_msg_doit+0x202/0x2f0 net/netlink/genetlink.c:1115\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0x565/0x800 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x165/0x410 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg net/socket.c:744 [inline]\n ____sys_sendmsg+0x9ae/0xb40 net/socket.c:2607\n ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661\n __sys_sendmsg+0x117/0x1f0 net/socket.c:2690\n do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]\n __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386\n do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411\n entry_SYSENTER_compat_after_hwframe+0x84/0x8e\n RIP: 0023:0xf7fe4579\n Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 \u003c5d\u003e 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00\n RSP: 002b:00000000f574556c EFLAGS: 00000296 ORIG_RAX: 0000000000000172\n RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000020000140\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\n Allocated by task 5387:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kmalloc_noprof include/linux/slab.h:878 [inline]\n kzalloc_noprof include/linux/slab.h:1014 [inline]\n subflow_create_ctx+0x87/0x2a0 net/mptcp/subflow.c:1803\n subflow_ulp_init+0xc3/0x4d0 net/mptcp/subflow.c:1956\n __tcp_set_ulp net/ipv4/tcp_ulp.c:146 [inline]\n tcp_set_ulp+0x326/0x7f0 net/ipv4/tcp_ulp.c:167\n mptcp_subflow_create_socket+0x4ae/0x10a0 net/mptcp/subflow.c:1764\n __mptcp_subflow_connect+0x3cc/0x1490 net/mptcp/subflow.c:1592\n mptcp_pm_create_subflow_or_signal_addr+0xbda/0x23a0 net/mptcp/pm_netlink.c:642\n mptcp_pm_nl_fully_established net/mptcp/pm_netlink.c:650 [inline]\n mptcp_pm_nl_work+0x3a1/0x4f0 net/mptcp/pm_netlink.c:943\n mptcp_worker+0x15a/0x1240 net/mptcp/protocol.c:2777\n process_one_work+0x958/0x1b30 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/ke\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50085",
"url": "https://www.suse.com/security/cve/CVE-2024-50085"
},
{
"category": "external",
"summary": "SUSE Bug 1232508 for CVE-2024-50085",
"url": "https://bugzilla.suse.com/1232508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50085"
},
{
"cve": "CVE-2024-50115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory\n\nIgnore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits\n4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn\u0027t\nenforce 32-byte alignment of nCR3.\n\nIn the absolute worst case scenario, failure to ignore bits 4:0 can result\nin an out-of-bounds read, e.g. if the target page is at the end of a\nmemslot, and the VMM isn\u0027t using guard pages.\n\nPer the APM:\n\n The CR3 register points to the base address of the page-directory-pointer\n table. The page-directory-pointer table is aligned on a 32-byte boundary,\n with the low 5 address bits 4:0 assumed to be 0.\n\nAnd the SDM\u0027s much more explicit:\n\n 4:0 Ignored\n\nNote, KVM gets this right when loading PDPTRs, it\u0027s only the nSVM flow\nthat is broken.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50115",
"url": "https://www.suse.com/security/cve/CVE-2024-50115"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232919 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "external",
"summary": "SUSE Bug 1233019 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1233019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-50115"
},
{
"cve": "CVE-2024-50126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50126"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: use RCU read-side critical section in taprio_dump()\n\nFix possible use-after-free in \u0027taprio_dump()\u0027 by adding RCU\nread-side critical section there. Never seen on x86 but\nfound on a KASAN-enabled arm64 system when investigating\nhttps://syzkaller.appspot.com/bug?extid=b65e0af58423fc8a73aa:\n\n[T15862] BUG: KASAN: slab-use-after-free in taprio_dump+0xa0c/0xbb0\n[T15862] Read of size 4 at addr ffff0000d4bb88f8 by task repro/15862\n[T15862]\n[T15862] CPU: 0 UID: 0 PID: 15862 Comm: repro Not tainted 6.11.0-rc1-00293-gdefaf1a2113a-dirty #2\n[T15862] Hardware name: QEMU QEMU Virtual Machine, BIOS edk2-20240524-5.fc40 05/24/2024\n[T15862] Call trace:\n[T15862] dump_backtrace+0x20c/0x220\n[T15862] show_stack+0x2c/0x40\n[T15862] dump_stack_lvl+0xf8/0x174\n[T15862] print_report+0x170/0x4d8\n[T15862] kasan_report+0xb8/0x1d4\n[T15862] __asan_report_load4_noabort+0x20/0x2c\n[T15862] taprio_dump+0xa0c/0xbb0\n[T15862] tc_fill_qdisc+0x540/0x1020\n[T15862] qdisc_notify.isra.0+0x330/0x3a0\n[T15862] tc_modify_qdisc+0x7b8/0x1838\n[T15862] rtnetlink_rcv_msg+0x3c8/0xc20\n[T15862] netlink_rcv_skb+0x1f8/0x3d4\n[T15862] rtnetlink_rcv+0x28/0x40\n[T15862] netlink_unicast+0x51c/0x790\n[T15862] netlink_sendmsg+0x79c/0xc20\n[T15862] __sock_sendmsg+0xe0/0x1a0\n[T15862] ____sys_sendmsg+0x6c0/0x840\n[T15862] ___sys_sendmsg+0x1ac/0x1f0\n[T15862] __sys_sendmsg+0x110/0x1d0\n[T15862] __arm64_sys_sendmsg+0x74/0xb0\n[T15862] invoke_syscall+0x88/0x2e0\n[T15862] el0_svc_common.constprop.0+0xe4/0x2a0\n[T15862] do_el0_svc+0x44/0x60\n[T15862] el0_svc+0x50/0x184\n[T15862] el0t_64_sync_handler+0x120/0x12c\n[T15862] el0t_64_sync+0x190/0x194\n[T15862]\n[T15862] Allocated by task 15857:\n[T15862] kasan_save_stack+0x3c/0x70\n[T15862] kasan_save_track+0x20/0x3c\n[T15862] kasan_save_alloc_info+0x40/0x60\n[T15862] __kasan_kmalloc+0xd4/0xe0\n[T15862] __kmalloc_cache_noprof+0x194/0x334\n[T15862] taprio_change+0x45c/0x2fe0\n[T15862] tc_modify_qdisc+0x6a8/0x1838\n[T15862] rtnetlink_rcv_msg+0x3c8/0xc20\n[T15862] netlink_rcv_skb+0x1f8/0x3d4\n[T15862] rtnetlink_rcv+0x28/0x40\n[T15862] netlink_unicast+0x51c/0x790\n[T15862] netlink_sendmsg+0x79c/0xc20\n[T15862] __sock_sendmsg+0xe0/0x1a0\n[T15862] ____sys_sendmsg+0x6c0/0x840\n[T15862] ___sys_sendmsg+0x1ac/0x1f0\n[T15862] __sys_sendmsg+0x110/0x1d0\n[T15862] __arm64_sys_sendmsg+0x74/0xb0\n[T15862] invoke_syscall+0x88/0x2e0\n[T15862] el0_svc_common.constprop.0+0xe4/0x2a0\n[T15862] do_el0_svc+0x44/0x60\n[T15862] el0_svc+0x50/0x184\n[T15862] el0t_64_sync_handler+0x120/0x12c\n[T15862] el0t_64_sync+0x190/0x194\n[T15862]\n[T15862] Freed by task 6192:\n[T15862] kasan_save_stack+0x3c/0x70\n[T15862] kasan_save_track+0x20/0x3c\n[T15862] kasan_save_free_info+0x4c/0x80\n[T15862] poison_slab_object+0x110/0x160\n[T15862] __kasan_slab_free+0x3c/0x74\n[T15862] kfree+0x134/0x3c0\n[T15862] taprio_free_sched_cb+0x18c/0x220\n[T15862] rcu_core+0x920/0x1b7c\n[T15862] rcu_core_si+0x10/0x1c\n[T15862] handle_softirqs+0x2e8/0xd64\n[T15862] __do_softirq+0x14/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50126",
"url": "https://www.suse.com/security/cve/CVE-2024-50126"
},
{
"category": "external",
"summary": "SUSE Bug 1232895 for CVE-2024-50126",
"url": "https://bugzilla.suse.com/1232895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50126"
},
{
"cve": "CVE-2024-50140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/core: Disable page allocation in task_tick_mm_cid()\n\nWith KASAN and PREEMPT_RT enabled, calling task_work_add() in\ntask_tick_mm_cid() may cause the following splat.\n\n[ 63.696416] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n[ 63.696416] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 610, name: modprobe\n[ 63.696416] preempt_count: 10001, expected: 0\n[ 63.696416] RCU nest depth: 1, expected: 1\n\nThis problem is caused by the following call trace.\n\n sched_tick() [ acquire rq-\u003e__lock ]\n -\u003e task_tick_mm_cid()\n -\u003e task_work_add()\n -\u003e __kasan_record_aux_stack()\n -\u003e kasan_save_stack()\n -\u003e stack_depot_save_flags()\n -\u003e alloc_pages_mpol_noprof()\n -\u003e __alloc_pages_noprof()\n\t -\u003e get_page_from_freelist()\n\t -\u003e rmqueue()\n\t -\u003e rmqueue_pcplist()\n\t -\u003e __rmqueue_pcplist()\n\t -\u003e rmqueue_bulk()\n\t -\u003e rt_spin_lock()\n\nThe rq lock is a raw_spinlock_t. We can\u0027t sleep while holding\nit. IOW, we can\u0027t call alloc_pages() in stack_depot_save_flags().\n\nThe task_tick_mm_cid() function with its task_work_add() call was\nintroduced by commit 223baf9d17f2 (\"sched: Fix performance regression\nintroduced by mm_cid\") in v6.4 kernel.\n\nFortunately, there is a kasan_record_aux_stack_noalloc() variant that\ncalls stack_depot_save_flags() while not allowing it to allocate\nnew pages. To allow task_tick_mm_cid() to use task_work without\npage allocation, a new TWAF_NO_ALLOC flag is added to enable calling\nkasan_record_aux_stack_noalloc() instead of kasan_record_aux_stack()\nif set. The task_tick_mm_cid() function is modified to add this new flag.\n\nThe possible downside is the missing stack trace in a KASAN report due\nto new page allocation required when task_work_add_noallloc() is called\nwhich should be rare.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50140",
"url": "https://www.suse.com/security/cve/CVE-2024-50140"
},
{
"category": "external",
"summary": "SUSE Bug 1233060 for CVE-2024-50140",
"url": "https://bugzilla.suse.com/1233060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50140"
},
{
"cve": "CVE-2024-50142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset\n\nThis expands the validation introduced in commit 07bf7908950a (\"xfrm:\nValidate address prefix lengths in the xfrm selector.\")\n\nsyzbot created an SA with\n usersa.sel.family = AF_UNSPEC\n usersa.sel.prefixlen_s = 128\n usersa.family = AF_INET\n\nBecause of the AF_UNSPEC selector, verify_newsa_info doesn\u0027t put\nlimits on prefixlen_{s,d}. But then copy_from_user_state sets\nx-\u003esel.family to usersa.family (AF_INET). Do the same conversion in\nverify_newsa_info before validating prefixlen_{s,d}, since that\u0027s how\nprefixlen is going to be used later on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50142",
"url": "https://www.suse.com/security/cve/CVE-2024-50142"
},
{
"category": "external",
"summary": "SUSE Bug 1233028 for CVE-2024-50142",
"url": "https://bugzilla.suse.com/1233028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50142"
},
{
"cve": "CVE-2024-50152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50152"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix possible double free in smb2_set_ea()\n\nClang static checker(scan-build) warning:\nfs/smb/client/smb2ops.c:1304:2: Attempt to free released memory.\n 1304 | kfree(ea);\n | ^~~~~~~~~\n\nThere is a double free in such case:\n\u0027ea is initialized to NULL\u0027 -\u003e \u0027first successful memory allocation for\nea\u0027 -\u003e \u0027something failed, goto sea_exit\u0027 -\u003e \u0027first memory release for ea\u0027\n-\u003e \u0027goto replay_again\u0027 -\u003e \u0027second goto sea_exit before allocate memory\nfor ea\u0027 -\u003e \u0027second memory release for ea resulted in double free\u0027.\n\nRe-initialie \u0027ea\u0027 to NULL near to the replay_again label, it can fix this\ndouble free problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50152",
"url": "https://www.suse.com/security/cve/CVE-2024-50152"
},
{
"category": "external",
"summary": "SUSE Bug 1233033 for CVE-2024-50152",
"url": "https://bugzilla.suse.com/1233033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50152"
},
{
"cve": "CVE-2024-50185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50185"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle consistently DSS corruption\n\nBugged peer implementation can send corrupted DSS options, consistently\nhitting a few warning in the data path. Use DEBUG_NET assertions, to\navoid the splat on some builds and handle consistently the error, dumping\nrelated MIBs and performing fallback and/or reset according to the\nsubflow type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50185",
"url": "https://www.suse.com/security/cve/CVE-2024-50185"
},
{
"category": "external",
"summary": "SUSE Bug 1233109 for CVE-2024-50185",
"url": "https://bugzilla.suse.com/1233109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50185"
},
{
"cve": "CVE-2024-50251",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50251"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_payload: sanitize offset and length before calling skb_checksum()\n\nIf access to offset + length is larger than the skbuff length, then\nskb_checksum() triggers BUG_ON().\n\nskb_checksum() internally subtracts the length parameter while iterating\nover skbuff, BUG_ON(len) at the end of it checks that the expected\nlength to be included in the checksum calculation is fully consumed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50251",
"url": "https://www.suse.com/security/cve/CVE-2024-50251"
},
{
"category": "external",
"summary": "SUSE Bug 1233248 for CVE-2024-50251",
"url": "https://bugzilla.suse.com/1233248"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50251"
},
{
"cve": "CVE-2024-50258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix crash when config small gso_max_size/gso_ipv4_max_size\n\nConfig a small gso_max_size/gso_ipv4_max_size will lead to an underflow\nin sk_dst_gso_max_size(), which may trigger a BUG_ON crash,\nbecause sk-\u003esk_gso_max_size would be much bigger than device limits.\nCall Trace:\ntcp_write_xmit\n tso_segs = tcp_init_tso_segs(skb, mss_now);\n tcp_set_skb_tso_segs\n tcp_skb_pcount_set\n // skb-\u003elen = 524288, mss_now = 8\n // u16 tso_segs = 524288/8 = 65535 -\u003e 0\n tso_segs = DIV_ROUND_UP(skb-\u003elen, mss_now)\n BUG_ON(!tso_segs)\nAdd check for the minimum value of gso_max_size and gso_ipv4_max_size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50258",
"url": "https://www.suse.com/security/cve/CVE-2024-50258"
},
{
"category": "external",
"summary": "SUSE Bug 1233221 for CVE-2024-50258",
"url": "https://bugzilla.suse.com/1233221"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50258"
},
{
"cve": "CVE-2024-50290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50290"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx24116: prevent overflows on SNR calculus\n\nas reported by Coverity, if reading SNR registers fail, a negative\nnumber will be returned, causing an underflow when reading SNR\nregisters.\n\nPrevent that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50290",
"url": "https://www.suse.com/security/cve/CVE-2024-50290"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233479 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "external",
"summary": "SUSE Bug 1233681 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-50290"
},
{
"cve": "CVE-2024-50294",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50294"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix missing locking causing hanging calls\n\nIf a call gets aborted (e.g. because kafs saw a signal) between it being\nqueued for connection and the I/O thread picking up the call, the abort\nwill be prioritised over the connection and it will be removed from\nlocal-\u003enew_client_calls by rxrpc_disconnect_client_call() without a lock\nbeing held. This may cause other calls on the list to disappear if a race\noccurs.\n\nFix this by taking the client_call_lock when removing a call from whatever\nlist its -\u003ewait_link happens to be on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50294",
"url": "https://www.suse.com/security/cve/CVE-2024-50294"
},
{
"category": "external",
"summary": "SUSE Bug 1233483 for CVE-2024-50294",
"url": "https://bugzilla.suse.com/1233483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50294"
},
{
"cve": "CVE-2024-50304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()\n\nThe per-netns IP tunnel hash table is protected by the RTNL mutex and\nip_tunnel_find() is only called from the control path where the mutex is\ntaken.\n\nAdd a lockdep expression to hlist_for_each_entry_rcu() in\nip_tunnel_find() in order to validate that the mutex is held and to\nsilence the suspicious RCU usage warning [1].\n\n[1]\nWARNING: suspicious RCU usage\n6.12.0-rc3-custom-gd95d9a31aceb #139 Not tainted\n-----------------------------\nnet/ipv4/ip_tunnel.c:221 RCU-list traversed in non-reader section!!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n1 lock held by ip/362:\n #0: ffffffff86fc7cb0 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x377/0xf60\n\nstack backtrace:\nCPU: 12 UID: 0 PID: 362 Comm: ip Not tainted 6.12.0-rc3-custom-gd95d9a31aceb #139\nHardware name: Bochs Bochs, BIOS Bochs 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xba/0x110\n lockdep_rcu_suspicious.cold+0x4f/0xd6\n ip_tunnel_find+0x435/0x4d0\n ip_tunnel_newlink+0x517/0x7a0\n ipgre_newlink+0x14c/0x170\n __rtnl_newlink+0x1173/0x19c0\n rtnl_newlink+0x6c/0xa0\n rtnetlink_rcv_msg+0x3cc/0xf60\n netlink_rcv_skb+0x171/0x450\n netlink_unicast+0x539/0x7f0\n netlink_sendmsg+0x8c1/0xd80\n ____sys_sendmsg+0x8f9/0xc20\n ___sys_sendmsg+0x197/0x1e0\n __sys_sendmsg+0x122/0x1f0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50304",
"url": "https://www.suse.com/security/cve/CVE-2024-50304"
},
{
"category": "external",
"summary": "SUSE Bug 1233522 for CVE-2024-50304",
"url": "https://bugzilla.suse.com/1233522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50304"
},
{
"cve": "CVE-2024-52559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-52559"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()\n\nThe \"submit-\u003ecmd[i].size\" and \"submit-\u003ecmd[i].offset\" variables are u32\nvalues that come from the user via the submit_lookup_cmds() function.\nThis addition could lead to an integer wrapping bug so use size_add()\nto prevent that.\n\nPatchwork: https://patchwork.freedesktop.org/patch/624696/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-52559",
"url": "https://www.suse.com/security/cve/CVE-2024-52559"
},
{
"category": "external",
"summary": "SUSE Bug 1238507 for CVE-2024-52559",
"url": "https://bugzilla.suse.com/1238507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-52559"
},
{
"cve": "CVE-2024-53057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT\n\nIn qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed\nto be either root or ingress. This assumption is bogus since it\u0027s valid\nto create egress qdiscs with major handle ffff:\nBudimir Markovic found that for qdiscs like DRR that maintain an active\nclass list, it will cause a UAF with a dangling class pointer.\n\nIn 066a3b5b2346, the concern was to avoid iterating over the ingress\nqdisc since its parent is itself. The proper fix is to stop when parent\nTC_H_ROOT is reached because the only way to retrieve ingress is when a\nhierarchy which does not contain a ffff: major handle call into\nqdisc_lookup with TC_H_MAJ(TC_H_ROOT).\n\nIn the scenario where major ffff: is an egress qdisc in any of the tree\nlevels, the updates will also propagate to TC_H_ROOT, which then the\niteration must stop.\n\n\n net/sched/sch_api.c | 2 +-\n 1 file changed, 1 insertion(+), 1 deletion(-)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53057",
"url": "https://www.suse.com/security/cve/CVE-2024-53057"
},
{
"category": "external",
"summary": "SUSE Bug 1233551 for CVE-2024-53057",
"url": "https://bugzilla.suse.com/1233551"
},
{
"category": "external",
"summary": "SUSE Bug 1245816 for CVE-2024-53057",
"url": "https://bugzilla.suse.com/1245816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-53057"
},
{
"cve": "CVE-2024-53063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvbdev: prevent the risk of out of memory access\n\nThe dvbdev contains a static variable used to store dvb minors.\n\nThe behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set\nor not. When not set, dvb_register_device() won\u0027t check for\nboundaries, as it will rely that a previous call to\ndvb_register_adapter() would already be enforcing it.\n\nOn a similar way, dvb_device_open() uses the assumption\nthat the register functions already did the needed checks.\n\nThis can be fragile if some device ends using different\ncalls. This also generate warnings on static check analysers\nlike Coverity.\n\nSo, add explicit guards to prevent potential risk of OOM issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53063",
"url": "https://www.suse.com/security/cve/CVE-2024-53063"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233557 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "external",
"summary": "SUSE Bug 1233619 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233619"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-53063"
},
{
"cve": "CVE-2024-53123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: error out earlier on disconnect\n\nEric reported a division by zero splat in the MPTCP protocol:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainted\n6.12.0-rc5-syzkaller-00291-g05b92660cdfe #0\nHardware name: Google Google Compute Engine/Google Compute Engine,\nBIOS Google 09/13/2024\nRIP: 0010:__tcp_select_window+0x5b4/0x1310 net/ipv4/tcp_output.c:3163\nCode: f6 44 01 e3 89 df e8 9b 75 09 f8 44 39 f3 0f 8d 11 ff ff ff e8\n0d 74 09 f8 45 89 f4 e9 04 ff ff ff e8 00 74 09 f8 44 89 f0 99 \u003cf7\u003e 7c\n24 14 41 29 d6 45 89 f4 e9 ec fe ff ff e8 e8 73 09 f8 48 89\nRSP: 0018:ffffc900041f7930 EFLAGS: 00010293\nRAX: 0000000000017e67 RBX: 0000000000017e67 RCX: ffffffff8983314b\nRDX: 0000000000000000 RSI: ffffffff898331b0 RDI: 0000000000000004\nRBP: 00000000005d6000 R08: 0000000000000004 R09: 0000000000017e67\nR10: 0000000000003e80 R11: 0000000000000000 R12: 0000000000003e80\nR13: ffff888031d9b440 R14: 0000000000017e67 R15: 00000000002eb000\nFS: 00007feb5d7f16c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007feb5d8adbb8 CR3: 0000000074e4c000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n__tcp_cleanup_rbuf+0x3e7/0x4b0 net/ipv4/tcp.c:1493\nmptcp_rcv_space_adjust net/mptcp/protocol.c:2085 [inline]\nmptcp_recvmsg+0x2156/0x2600 net/mptcp/protocol.c:2289\ninet_recvmsg+0x469/0x6a0 net/ipv4/af_inet.c:885\nsock_recvmsg_nosec net/socket.c:1051 [inline]\nsock_recvmsg+0x1b2/0x250 net/socket.c:1073\n__sys_recvfrom+0x1a5/0x2e0 net/socket.c:2265\n__do_sys_recvfrom net/socket.c:2283 [inline]\n__se_sys_recvfrom net/socket.c:2279 [inline]\n__x64_sys_recvfrom+0xe0/0x1c0 net/socket.c:2279\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7feb5d857559\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d\n01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007feb5d7f1208 EFLAGS: 00000246 ORIG_RAX: 000000000000002d\nRAX: ffffffffffffffda RBX: 00007feb5d8e1318 RCX: 00007feb5d857559\nRDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 00007feb5d8e1310 R08: 0000000000000000 R09: ffffffff81000000\nR10: 0000000000000100 R11: 0000000000000246 R12: 00007feb5d8e131c\nR13: 00007feb5d8ae074 R14: 000000800000000e R15: 00000000fffffdef\n\nand provided a nice reproducer.\n\nThe root cause is the current bad handling of racing disconnect.\nAfter the blamed commit below, sk_wait_data() can return (with\nerror) with the underlying socket disconnected and a zero rcv_mss.\n\nCatch the error and return without performing any additional\noperations on the current socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53123",
"url": "https://www.suse.com/security/cve/CVE-2024-53123"
},
{
"category": "external",
"summary": "SUSE Bug 1234070 for CVE-2024-53123",
"url": "https://bugzilla.suse.com/1234070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53123"
},
{
"cve": "CVE-2024-53124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53124"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix data-races around sk-\u003esk_forward_alloc\n\nSyzkaller reported this warning:\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 16 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x1c5/0x1e0\n Modules linked in:\n CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.12.0-rc5 #26\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n RIP: 0010:inet_sock_destruct+0x1c5/0x1e0\n Code: 24 12 4c 89 e2 5b 48 c7 c7 98 ec bb 82 41 5c e9 d1 18 17 ff 4c 89 e6 5b 48 c7 c7 d0 ec bb 82 41 5c e9 bf 18 17 ff 0f 0b eb 83 \u003c0f\u003e 0b eb 97 0f 0b eb 87 0f 0b e9 68 ff ff ff 66 66 2e 0f 1f 84 00\n RSP: 0018:ffffc9000008bd90 EFLAGS: 00010206\n RAX: 0000000000000300 RBX: ffff88810b172a90 RCX: 0000000000000007\n RDX: 0000000000000002 RSI: 0000000000000300 RDI: ffff88810b172a00\n RBP: ffff88810b172a00 R08: ffff888104273c00 R09: 0000000000100007\n R10: 0000000000020000 R11: 0000000000000006 R12: ffff88810b172a00\n R13: 0000000000000004 R14: 0000000000000000 R15: ffff888237c31f78\n FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ffc63fecac8 CR3: 000000000342e000 CR4: 00000000000006f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0x88/0x130\n ? inet_sock_destruct+0x1c5/0x1e0\n ? report_bug+0x18e/0x1a0\n ? handle_bug+0x53/0x90\n ? exc_invalid_op+0x18/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? inet_sock_destruct+0x1c5/0x1e0\n __sk_destruct+0x2a/0x200\n rcu_do_batch+0x1aa/0x530\n ? rcu_do_batch+0x13b/0x530\n rcu_core+0x159/0x2f0\n handle_softirqs+0xd3/0x2b0\n ? __pfx_smpboot_thread_fn+0x10/0x10\n run_ksoftirqd+0x25/0x30\n smpboot_thread_fn+0xdd/0x1d0\n kthread+0xd3/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n\nIts possible that two threads call tcp_v6_do_rcv()/sk_forward_alloc_add()\nconcurrently when sk-\u003esk_state == TCP_LISTEN with sk-\u003esk_lock unlocked,\nwhich triggers a data-race around sk-\u003esk_forward_alloc:\ntcp_v6_rcv\n tcp_v6_do_rcv\n skb_clone_and_charge_r\n sk_rmem_schedule\n __sk_mem_schedule\n sk_forward_alloc_add()\n skb_set_owner_r\n sk_mem_charge\n sk_forward_alloc_add()\n __kfree_skb\n skb_release_all\n skb_release_head_state\n sock_rfree\n sk_mem_uncharge\n sk_forward_alloc_add()\n sk_mem_reclaim\n // set local var reclaimable\n __sk_mem_reclaim\n sk_forward_alloc_add()\n\nIn this syzkaller testcase, two threads call\ntcp_v6_do_rcv() with skb-\u003etruesize=768, the sk_forward_alloc changes like\nthis:\n (cpu 1) | (cpu 2) | sk_forward_alloc\n ... | ... | 0\n __sk_mem_schedule() | | +4096 = 4096\n | __sk_mem_schedule() | +4096 = 8192\n sk_mem_charge() | | -768 = 7424\n | sk_mem_charge() | -768 = 6656\n ... | ... |\n sk_mem_uncharge() | | +768 = 7424\n reclaimable=7424 | |\n | sk_mem_uncharge() | +768 = 8192\n | reclaimable=8192 |\n __sk_mem_reclaim() | | -4096 = 4096\n | __sk_mem_reclaim() | -8192 = -4096 != 0\n\nThe skb_clone_and_charge_r() should not be called in tcp_v6_do_rcv() when\nsk-\u003esk_state is TCP_LISTEN, it happens later in tcp_v6_syn_recv_sock().\nFix the same issue in dccp_v6_do_rcv().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53124",
"url": "https://www.suse.com/security/cve/CVE-2024-53124"
},
{
"category": "external",
"summary": "SUSE Bug 1234074 for CVE-2024-53124",
"url": "https://bugzilla.suse.com/1234074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53124"
},
{
"cve": "CVE-2024-53139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53139"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: fix possible UAF in sctp_v6_available()\n\nA lockdep report [1] with CONFIG_PROVE_RCU_LIST=y hints\nthat sctp_v6_available() is calling dev_get_by_index_rcu()\nand ipv6_chk_addr() without holding rcu.\n\n[1]\n =============================\n WARNING: suspicious RCU usage\n 6.12.0-rc5-virtme #1216 Tainted: G W\n -----------------------------\n net/core/dev.c:876 RCU-list traversed in non-reader section!!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by sctp_hello/31495:\n #0: ffff9f1ebbdb7418 (sk_lock-AF_INET6){+.+.}-{0:0}, at: sctp_bind (./arch/x86/include/asm/jump_label.h:27 net/sctp/socket.c:315) sctp\n\nstack backtrace:\n CPU: 7 UID: 0 PID: 31495 Comm: sctp_hello Tainted: G W 6.12.0-rc5-virtme #1216\n Tainted: [W]=WARN\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:123)\n lockdep_rcu_suspicious (kernel/locking/lockdep.c:6822)\n dev_get_by_index_rcu (net/core/dev.c:876 (discriminator 7))\n sctp_v6_available (net/sctp/ipv6.c:701) sctp\n sctp_do_bind (net/sctp/socket.c:400 (discriminator 1)) sctp\n sctp_bind (net/sctp/socket.c:320) sctp\n inet6_bind_sk (net/ipv6/af_inet6.c:465)\n ? security_socket_bind (security/security.c:4581 (discriminator 1))\n __sys_bind (net/socket.c:1848 net/socket.c:1869)\n ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340)\n ? do_user_addr_fault (./arch/x86/include/asm/preempt.h:84 (discriminator 13) ./include/linux/rcupdate.h:98 (discriminator 13) ./include/linux/rcupdate.h:882 (discriminator 13) ./include/linux/mm.h:729 (discriminator 13) arch/x86/mm/fault.c:1340 (discriminator 13))\n __x64_sys_bind (net/socket.c:1877 (discriminator 1) net/socket.c:1875 (discriminator 1) net/socket.c:1875 (discriminator 1))\n do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n RIP: 0033:0x7f59b934a1e7\n Code: 44 00 00 48 8b 15 39 8c 0c 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 31 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 09 8c 0c 00 f7 d8 64 89 01 48\nAll code\n========\n 0:\t44 00 00 \tadd %r8b,(%rax)\n 3:\t48 8b 15 39 8c 0c 00 \tmov 0xc8c39(%rip),%rdx # 0xc8c43\n a:\tf7 d8 \tneg %eax\n c:\t64 89 02 \tmov %eax,%fs:(%rdx)\n f:\tb8 ff ff ff ff \tmov $0xffffffff,%eax\n 14:\teb bd \tjmp 0xffffffffffffffd3\n 16:\t66 2e 0f 1f 84 00 00 \tcs nopw 0x0(%rax,%rax,1)\n 1d:\t00 00 00\n 20:\t0f 1f 00 \tnopl (%rax)\n 23:\tb8 31 00 00 00 \tmov $0x31,%eax\n 28:\t0f 05 \tsyscall\n 2a:*\t48 3d 01 f0 ff ff \tcmp $0xfffffffffffff001,%rax\t\t\u003c-- trapping instruction\n 30:\t73 01 \tjae 0x33\n 32:\tc3 \tret\n 33:\t48 8b 0d 09 8c 0c 00 \tmov 0xc8c09(%rip),%rcx # 0xc8c43\n 3a:\tf7 d8 \tneg %eax\n 3c:\t64 89 01 \tmov %eax,%fs:(%rcx)\n 3f:\t48 \trex.W\n\nCode starting with the faulting instruction\n===========================================\n 0:\t48 3d 01 f0 ff ff \tcmp $0xfffffffffffff001,%rax\n 6:\t73 01 \tjae 0x9\n 8:\tc3 \tret\n 9:\t48 8b 0d 09 8c 0c 00 \tmov 0xc8c09(%rip),%rcx # 0xc8c19\n 10:\tf7 d8 \tneg %eax\n 12:\t64 89 01 \tmov %eax,%fs:(%rcx)\n 15:\t48 \trex.W\n RSP: 002b:00007ffe2d0ad398 EFLAGS: 00000202 ORIG_RAX: 0000000000000031\n RAX: ffffffffffffffda RBX: 00007ffe2d0ad3d0 RCX: 00007f59b934a1e7\n RDX: 000000000000001c RSI: 00007ffe2d0ad3d0 RDI: 0000000000000005\n RBP: 0000000000000005 R08: 1999999999999999 R09: 0000000000000000\n R10: 00007f59b9253298 R11: 000000000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53139",
"url": "https://www.suse.com/security/cve/CVE-2024-53139"
},
{
"category": "external",
"summary": "SUSE Bug 1234157 for CVE-2024-53139",
"url": "https://bugzilla.suse.com/1234157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53139"
},
{
"cve": "CVE-2024-53140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: terminate outstanding dump on socket close\n\nNetlink supports iterative dumping of data. It provides the families\nthe following ops:\n - start - (optional) kicks off the dumping process\n - dump - actual dump helper, keeps getting called until it returns 0\n - done - (optional) pairs with .start, can be used for cleanup\nThe whole process is asynchronous and the repeated calls to .dump\ndon\u0027t actually happen in a tight loop, but rather are triggered\nin response to recvmsg() on the socket.\n\nThis gives the user full control over the dump, but also means that\nthe user can close the socket without getting to the end of the dump.\nTo make sure .start is always paired with .done we check if there\nis an ongoing dump before freeing the socket, and if so call .done.\n\nThe complication is that sockets can get freed from BH and .done\nis allowed to sleep. So we use a workqueue to defer the call, when\nneeded.\n\nUnfortunately this does not work correctly. What we defer is not\nthe cleanup but rather releasing a reference on the socket.\nWe have no guarantee that we own the last reference, if someone\nelse holds the socket they may release it in BH and we\u0027re back\nto square one.\n\nThe whole dance, however, appears to be unnecessary. Only the user\ncan interact with dumps, so we can clean up when socket is closed.\nAnd close always happens in process context. Some async code may\nstill access the socket after close, queue notification skbs to it etc.\nbut no dumps can start, end or otherwise make progress.\n\nDelete the workqueue and flush the dump state directly from the release\nhandler. Note that further cleanup is possible in -next, for instance\nwe now always call .done before releasing the main module reference,\nso dump doesn\u0027t have to take a reference of its own.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53140",
"url": "https://www.suse.com/security/cve/CVE-2024-53140"
},
{
"category": "external",
"summary": "SUSE Bug 1234222 for CVE-2024-53140",
"url": "https://bugzilla.suse.com/1234222"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53140"
},
{
"cve": "CVE-2024-53147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix out-of-bounds access of directory entries\n\nIn the case of the directory size is greater than or equal to\nthe cluster size, if start_clu becomes an EOF cluster(an invalid\ncluster) due to file system corruption, then the directory entry\nwhere ei-\u003ehint_femp.eidx hint is outside the directory, resulting\nin an out-of-bounds access, which may cause further file system\ncorruption.\n\nThis commit adds a check for start_clu, if it is an invalid cluster,\nthe file or directory will be treated as empty.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53147",
"url": "https://www.suse.com/security/cve/CVE-2024-53147"
},
{
"category": "external",
"summary": "SUSE Bug 1234857 for CVE-2024-53147",
"url": "https://bugzilla.suse.com/1234857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53147"
},
{
"cve": "CVE-2024-53163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53163"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat/qat_420xx - fix off by one in uof_get_name()\n\nThis is called from uof_get_name_420xx() where \"num_objs\" is the\nARRAY_SIZE() of fw_objs[]. The \u003e needs to be \u003e= to prevent an out of\nbounds access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53163",
"url": "https://www.suse.com/security/cve/CVE-2024-53163"
},
{
"category": "external",
"summary": "SUSE Bug 1234828 for CVE-2024-53163",
"url": "https://bugzilla.suse.com/1234828"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53163"
},
{
"cve": "CVE-2024-53173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.0: Fix a use-after-free problem in the asynchronous open()\n\nYang Erkun reports that when two threads are opening files at the same\ntime, and are forced to abort before a reply is seen, then the call to\nnfs_release_seqid() in nfs4_opendata_free() can result in a\nuse-after-free of the pointer to the defunct rpc task of the other\nthread.\nThe fix is to ensure that if the RPC call is aborted before the call to\nnfs_wait_on_sequence() is complete, then we must call nfs_release_seqid()\nin nfs4_open_release() before the rpc_task is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53173",
"url": "https://www.suse.com/security/cve/CVE-2024-53173"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234891 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "external",
"summary": "SUSE Bug 1234892 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-53173"
},
{
"cve": "CVE-2024-53176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53176"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: During unmount, ensure all cached dir instances drop their dentry\n\nThe unmount process (cifs_kill_sb() calling close_all_cached_dirs()) can\nrace with various cached directory operations, which ultimately results\nin dentries not being dropped and these kernel BUGs:\n\nBUG: Dentry ffff88814f37e358{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nVFS: Busy inodes after unmount of cifs (cifs)\n------------[ cut here ]------------\nkernel BUG at fs/super.c:661!\n\nThis happens when a cfid is in the process of being cleaned up when, and\nhas been removed from the cfids-\u003eentries list, including:\n\n- Receiving a lease break from the server\n- Server reconnection triggers invalidate_all_cached_dirs(), which\n removes all the cfids from the list\n- The laundromat thread decides to expire an old cfid.\n\nTo solve these problems, dropping the dentry is done in queued work done\nin a newly-added cfid_put_wq workqueue, and close_all_cached_dirs()\nflushes that workqueue after it drops all the dentries of which it\u0027s\naware. This is a global workqueue (rather than scoped to a mount), but\nthe queued work is minimal.\n\nThe final cleanup work for cleaning up a cfid is performed via work\nqueued in the serverclose_wq workqueue; this is done separate from\ndropping the dentries so that close_all_cached_dirs() doesn\u0027t block on\nany server operations.\n\nBoth of these queued works expect to invoked with a cfid reference and\na tcon reference to avoid those objects from being freed while the work\nis ongoing.\n\nWhile we\u0027re here, add proper locking to close_all_cached_dirs(), and\nlocking around the freeing of cfid-\u003edentry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53176",
"url": "https://www.suse.com/security/cve/CVE-2024-53176"
},
{
"category": "external",
"summary": "SUSE Bug 1234894 for CVE-2024-53176",
"url": "https://bugzilla.suse.com/1234894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53176"
},
{
"cve": "CVE-2024-53177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: prevent use-after-free due to open_cached_dir error paths\n\nIf open_cached_dir() encounters an error parsing the lease from the\nserver, the error handling may race with receiving a lease break,\nresulting in open_cached_dir() freeing the cfid while the queued work is\npending.\n\nUpdate open_cached_dir() to drop refs rather than directly freeing the\ncfid.\n\nHave cached_dir_lease_break(), cfids_laundromat_worker(), and\ninvalidate_all_cached_dirs() clear has_lease immediately while still\nholding cfids-\u003ecfid_list_lock, and then use this to also simplify the\nreference counting in cfids_laundromat_worker() and\ninvalidate_all_cached_dirs().\n\nFixes this KASAN splat (which manually injects an error and lease break\nin open_cached_dir()):\n\n==================================================================\nBUG: KASAN: slab-use-after-free in smb2_cached_lease_break+0x27/0xb0\nRead of size 8 at addr ffff88811cc24c10 by task kworker/3:1/65\n\nCPU: 3 UID: 0 PID: 65 Comm: kworker/3:1 Not tainted 6.12.0-rc6-g255cf264e6e5-dirty #87\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nWorkqueue: cifsiod smb2_cached_lease_break\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x77/0xb0\n print_report+0xce/0x660\n kasan_report+0xd3/0x110\n smb2_cached_lease_break+0x27/0xb0\n process_one_work+0x50a/0xc50\n worker_thread+0x2ba/0x530\n kthread+0x17c/0x1c0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n open_cached_dir+0xa7d/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x51/0x70\n kfree+0x174/0x520\n open_cached_dir+0x97f/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nLast potentially related work creation:\n kasan_save_stack+0x33/0x60\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x32/0x100\n __queue_work+0x5c9/0x870\n queue_work_on+0x82/0x90\n open_cached_dir+0x1369/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe buggy address belongs to the object at ffff88811cc24c00\n which belongs to the cache kmalloc-1k of size 1024\nThe buggy address is located 16 bytes inside of\n freed 1024-byte region [ffff88811cc24c00, ffff88811cc25000)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53177",
"url": "https://www.suse.com/security/cve/CVE-2024-53177"
},
{
"category": "external",
"summary": "SUSE Bug 1234896 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "external",
"summary": "SUSE Bug 1235103 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1235103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-53177"
},
{
"cve": "CVE-2024-53178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53178"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: Don\u0027t leak cfid when reconnect races with open_cached_dir\n\nopen_cached_dir() may either race with the tcon reconnection even before\ncompound_send_recv() or directly trigger a reconnection via\nSMB2_open_init() or SMB_query_info_init().\n\nThe reconnection process invokes invalidate_all_cached_dirs() via\ncifs_mark_open_files_invalid(), which removes all cfids from the\ncfids-\u003eentries list but doesn\u0027t drop a ref if has_lease isn\u0027t true. This\nresults in the currently-being-constructed cfid not being on the list,\nbut still having a refcount of 2. It leaks if returned from\nopen_cached_dir().\n\nFix this by setting cfid-\u003ehas_lease when the ref is actually taken; the\ncfid will not be used by other threads until it has a valid time.\n\nAddresses these kmemleaks:\n\nunreferenced object 0xffff8881090c4000 (size 1024):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 32 bytes):\n 00 01 00 00 00 00 ad de 22 01 00 00 00 00 ad de ........\".......\n 00 ca 45 22 81 88 ff ff f8 dc 4f 04 81 88 ff ff ..E\"......O.....\n backtrace (crc 6f58c20f):\n [\u003cffffffff8b895a1e\u003e] __kmalloc_cache_noprof+0x2be/0x350\n [\u003cffffffff8bda06e3\u003e] open_cached_dir+0x993/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\nunreferenced object 0xffff8881044fdcf8 (size 8):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 8 bytes):\n 00 cc cc cc cc cc cc cc ........\n backtrace (crc 10c106a9):\n [\u003cffffffff8b89a3d3\u003e] __kmalloc_node_track_caller_noprof+0x363/0x480\n [\u003cffffffff8b7d7256\u003e] kstrdup+0x36/0x60\n [\u003cffffffff8bda0700\u003e] open_cached_dir+0x9b0/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAnd addresses these BUG splats when unmounting the SMB filesystem:\n\nBUG: Dentry ffff888140590ba0{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nWARNING: CPU: 3 PID: 3433 at fs/dcache.c:1536 umount_check+0xd0/0x100\nModules linked in:\nCPU: 3 UID: 0 PID: 3433 Comm: bash Not tainted 6.12.0-rc4-g850925a8133c-dirty #49\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nRIP: 0010:umount_check+0xd0/0x100\nCode: 8d 7c 24 40 e8 31 5a f4 ff 49 8b 54 24 40 41 56 49 89 e9 45 89 e8 48 89 d9 41 57 48 89 de 48 c7 c7 80 e7 db ac e8 f0 72 9a ff \u003c0f\u003e 0b 58 31 c0 5a 5b 5d 41 5c 41 5d 41 5e 41 5f e9 2b e5 5d 01 41\nRSP: 0018:ffff88811cc27978 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888140590ba0 RCX: ffffffffaaf20bae\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881f6fb6f40\nRBP: ffff8881462ec000 R08: 0000000000000001 R09: ffffed1023984ee3\nR10: ffff88811cc2771f R11: 00000000016cfcc0 R12: ffff888134383e08\nR13: 0000000000000002 R14: ffff8881462ec668 R15: ffffffffaceab4c0\nFS: 00007f23bfa98740(0000) GS:ffff8881f6f80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556de4a6f808 CR3: 0000000123c80000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n d_walk+0x6a/0x530\n shrink_dcache_for_umount+0x6a/0x200\n generic_shutdown_super+0x52/0x2a0\n kill_anon_super+0x22/0x40\n cifs_kill_sb+0x159/0x1e0\n deactivate_locked_super+0x66/0xe0\n cleanup_mnt+0x140/0x210\n task_work_run+0xfb/0x170\n syscall_exit_to_user_mode+0x29f/0x2b0\n do_syscall_64+0xa1/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f23bfb93ae7\nCode: ff ff ff ff c3 66 0f 1f 44 00 00 48 8b 0d 11 93 0d 00 f7 d8 64 89 01 b8 ff ff ff ff eb bf 0f 1f 44 00 00 b8 50 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d e9 92 0d 00 f7 d8 64 89 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53178",
"url": "https://www.suse.com/security/cve/CVE-2024-53178"
},
{
"category": "external",
"summary": "SUSE Bug 1234895 for CVE-2024-53178",
"url": "https://bugzilla.suse.com/1234895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53178"
},
{
"cve": "CVE-2024-53226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53226"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()\n\nib_map_mr_sg() allows ULPs to specify NULL as the sg_offset argument.\nThe driver needs to check whether it is a NULL pointer before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53226",
"url": "https://www.suse.com/security/cve/CVE-2024-53226"
},
{
"category": "external",
"summary": "SUSE Bug 1236576 for CVE-2024-53226",
"url": "https://bugzilla.suse.com/1236576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53226"
},
{
"cve": "CVE-2024-53239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: 6fire: Release resources at card release\n\nThe current 6fire code tries to release the resources right after the\ncall of usb6fire_chip_abort(). But at this moment, the card object\nmight be still in use (as we\u0027re calling snd_card_free_when_closed()).\n\nFor avoid potential UAFs, move the release of resources to the card\u0027s\nprivate_free instead of the manual call of usb6fire_chip_destroy() at\nthe USB disconnect callback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53239",
"url": "https://www.suse.com/security/cve/CVE-2024-53239"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235054 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "external",
"summary": "SUSE Bug 1235055 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-53239"
},
{
"cve": "CVE-2024-53680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()\n\nUnder certain kernel configurations when building with Clang/LLVM, the\ncompiler does not generate a return or jump as the terminator\ninstruction for ip_vs_protocol_init(), triggering the following objtool\nwarning during build time:\n\n vmlinux.o: warning: objtool: ip_vs_protocol_init() falls through to next function __initstub__kmod_ip_vs_rr__935_123_ip_vs_rr_init6()\n\nAt runtime, this either causes an oops when trying to load the ipvs\nmodule or a boot-time panic if ipvs is built-in. This same issue has\nbeen reported by the Intel kernel test robot previously.\n\nDigging deeper into both LLVM and the kernel code reveals this to be a\nundefined behavior problem. ip_vs_protocol_init() uses a on-stack buffer\nof 64 chars to store the registered protocol names and leaves it\nuninitialized after definition. The function calls strnlen() when\nconcatenating protocol names into the buffer. With CONFIG_FORTIFY_SOURCE\nstrnlen() performs an extra step to check whether the last byte of the\ninput char buffer is a null character (commit 3009f891bb9f (\"fortify:\nAllow strlen() and strnlen() to pass compile-time known lengths\")).\nThis, together with possibly other configurations, cause the following\nIR to be generated:\n\n define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #5 section \".init.text\" align 16 !kcfi_type !29 {\n %1 = alloca [64 x i8], align 16\n ...\n\n 14: ; preds = %11\n %15 = getelementptr inbounds i8, ptr %1, i64 63\n %16 = load i8, ptr %15, align 1\n %17 = tail call i1 @llvm.is.constant.i8(i8 %16)\n %18 = icmp eq i8 %16, 0\n %19 = select i1 %17, i1 %18, i1 false\n br i1 %19, label %20, label %23\n\n 20: ; preds = %14\n %21 = call i64 @strlen(ptr noundef nonnull dereferenceable(1) %1) #23\n ...\n\n 23: ; preds = %14, %11, %20\n %24 = call i64 @strnlen(ptr noundef nonnull dereferenceable(1) %1, i64 noundef 64) #24\n ...\n }\n\nThe above code calculates the address of the last char in the buffer\n(value %15) and then loads from it (value %16). Because the buffer is\nnever initialized, the LLVM GVN pass marks value %16 as undefined:\n\n %13 = getelementptr inbounds i8, ptr %1, i64 63\n br i1 undef, label %14, label %17\n\nThis gives later passes (SCCP, in particular) more DCE opportunities by\npropagating the undef value further, and eventually removes everything\nafter the load on the uninitialized stack location:\n\n define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #0 section \".init.text\" align 16 !kcfi_type !11 {\n %1 = alloca [64 x i8], align 16\n ...\n\n 12: ; preds = %11\n %13 = getelementptr inbounds i8, ptr %1, i64 63\n unreachable\n }\n\nIn this way, the generated native code will just fall through to the\nnext function, as LLVM does not generate any code for the unreachable IR\ninstruction and leaves the function without a terminator.\n\nZero the on-stack buffer to avoid this possible UB.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53680",
"url": "https://www.suse.com/security/cve/CVE-2024-53680"
},
{
"category": "external",
"summary": "SUSE Bug 1235715 for CVE-2024-53680",
"url": "https://bugzilla.suse.com/1235715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53680"
},
{
"cve": "CVE-2024-54683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-54683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: IDLETIMER: Fix for possible ABBA deadlock\n\nDeletion of the last rule referencing a given idletimer may happen at\nthe same time as a read of its file in sysfs:\n\n| ======================================================\n| WARNING: possible circular locking dependency detected\n| 6.12.0-rc7-01692-g5e9a28f41134-dirty #594 Not tainted\n| ------------------------------------------------------\n| iptables/3303 is trying to acquire lock:\n| ffff8881057e04b8 (kn-\u003eactive#48){++++}-{0:0}, at: __kernfs_remove+0x20\n|\n| but task is already holding lock:\n| ffffffffa0249068 (list_mutex){+.+.}-{3:3}, at: idletimer_tg_destroy_v]\n|\n| which lock already depends on the new lock.\n\nA simple reproducer is:\n\n| #!/bin/bash\n|\n| while true; do\n| iptables -A INPUT -i foo -j IDLETIMER --timeout 10 --label \"testme\"\n| iptables -D INPUT -i foo -j IDLETIMER --timeout 10 --label \"testme\"\n| done \u0026\n| while true; do\n| cat /sys/class/xt_idletimer/timers/testme \u003e/dev/null\n| done\n\nAvoid this by freeing list_mutex right after deleting the element from\nthe list, then continuing with the teardown.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-54683",
"url": "https://www.suse.com/security/cve/CVE-2024-54683"
},
{
"category": "external",
"summary": "SUSE Bug 1235729 for CVE-2024-54683",
"url": "https://bugzilla.suse.com/1235729"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-54683"
},
{
"cve": "CVE-2024-56539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()\n\nReplace one-element array with a flexible-array member in `struct\nmwifiex_ie_types_wildcard_ssid_params` to fix the following warning\non a MT8173 Chromebook (mt8173-elm-hana):\n\n[ 356.775250] ------------[ cut here ]------------\n[ 356.784543] memcpy: detected field-spanning write (size 6) of single field \"wildcard_ssid_tlv-\u003essid\" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1)\n[ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex]\n\nThe \"(size 6)\" above is exactly the length of the SSID of the network\nthis device was connected to. The source of the warning looks like:\n\n ssid_len = user_scan_in-\u003essid_list[i].ssid_len;\n [...]\n memcpy(wildcard_ssid_tlv-\u003essid,\n user_scan_in-\u003essid_list[i].ssid, ssid_len);\n\nThere is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this\nstruct, but it already didn\u0027t account for the size of the one-element\narray, so it doesn\u0027t need to be changed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56539",
"url": "https://www.suse.com/security/cve/CVE-2024-56539"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234963 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "external",
"summary": "SUSE Bug 1234964 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-56539"
},
{
"cve": "CVE-2024-56548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: don\u0027t query the device logical block size multiple times\n\nDevices block sizes may change. One of these cases is a loop device by\nusing ioctl LOOP_SET_BLOCK_SIZE.\n\nWhile this may cause other issues like IO being rejected, in the case of\nhfsplus, it will allocate a block by using that size and potentially write\nout-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the\nlatter function reads a different io_size.\n\nUsing a new min_io_size initally set to sb_min_blocksize works for the\npurposes of the original fix, since it will be set to the max between\nHFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the\nmax between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not\ninitialized.\n\nTested by mounting an hfsplus filesystem with loop block sizes 512, 1024\nand 4096.\n\nThe produced KASAN report before the fix looks like this:\n\n[ 419.944641] ==================================================================\n[ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a\n[ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678\n[ 419.947612]\n[ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84\n[ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 419.950035] Call Trace:\n[ 419.950384] \u003cTASK\u003e\n[ 419.950676] dump_stack_lvl+0x57/0x78\n[ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.951830] print_report+0x14c/0x49e\n[ 419.952361] ? __virt_addr_valid+0x267/0x278\n[ 419.952979] ? kmem_cache_debug_flags+0xc/0x1d\n[ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.954231] kasan_report+0x89/0xb0\n[ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955367] hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10\n[ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9\n[ 419.957214] ? _raw_spin_unlock+0x1a/0x2e\n[ 419.957772] hfsplus_fill_super+0x348/0x1590\n[ 419.958355] ? hlock_class+0x4c/0x109\n[ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.959499] ? __pfx_string+0x10/0x10\n[ 419.960006] ? lock_acquire+0x3e2/0x454\n[ 419.960532] ? bdev_name.constprop.0+0xce/0x243\n[ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10\n[ 419.961799] ? pointer+0x3f0/0x62f\n[ 419.962277] ? __pfx_pointer+0x10/0x10\n[ 419.962761] ? vsnprintf+0x6c4/0xfba\n[ 419.963178] ? __pfx_vsnprintf+0x10/0x10\n[ 419.963621] ? setup_bdev_super+0x376/0x3b3\n[ 419.964029] ? snprintf+0x9d/0xd2\n[ 419.964344] ? __pfx_snprintf+0x10/0x10\n[ 419.964675] ? lock_acquired+0x45c/0x5e9\n[ 419.965016] ? set_blocksize+0x139/0x1c1\n[ 419.965381] ? sb_set_blocksize+0x6d/0xae\n[ 419.965742] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.966179] mount_bdev+0x12f/0x1bf\n[ 419.966512] ? __pfx_mount_bdev+0x10/0x10\n[ 419.966886] ? vfs_parse_fs_string+0xce/0x111\n[ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10\n[ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10\n[ 419.968073] legacy_get_tree+0x104/0x178\n[ 419.968414] vfs_get_tree+0x86/0x296\n[ 419.968751] path_mount+0xba3/0xd0b\n[ 419.969157] ? __pfx_path_mount+0x10/0x10\n[ 419.969594] ? kmem_cache_free+0x1e2/0x260\n[ 419.970311] do_mount+0x99/0xe0\n[ 419.970630] ? __pfx_do_mount+0x10/0x10\n[ 419.971008] __do_sys_mount+0x199/0x1c9\n[ 419.971397] do_syscall_64+0xd0/0x135\n[ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 419.972233] RIP: 0033:0x7c3cb812972e\n[ 419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48\n[ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5\n[ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e\n[ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI:\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56548",
"url": "https://www.suse.com/security/cve/CVE-2024-56548"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235073 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "external",
"summary": "SUSE Bug 1235074 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-56548"
},
{
"cve": "CVE-2024-56579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56579"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: amphion: Set video drvdata before register video device\n\nThe video drvdata should be set before the video device is registered,\notherwise video_drvdata() may return NULL in the open() file ops, and led\nto oops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56579",
"url": "https://www.suse.com/security/cve/CVE-2024-56579"
},
{
"category": "external",
"summary": "SUSE Bug 1236575 for CVE-2024-56579",
"url": "https://bugzilla.suse.com/1236575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56579"
},
{
"cve": "CVE-2024-56592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56592"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Call free_htab_elem() after htab_unlock_bucket()\n\nFor htab of maps, when the map is removed from the htab, it may hold the\nlast reference of the map. bpf_map_fd_put_ptr() will invoke\nbpf_map_free_id() to free the id of the removed map element. However,\nbpf_map_fd_put_ptr() is invoked while holding a bucket lock\n(raw_spin_lock_t), and bpf_map_free_id() attempts to acquire map_idr_lock\n(spinlock_t), triggering the following lockdep warning:\n\n =============================\n [ BUG: Invalid wait context ]\n 6.11.0-rc4+ #49 Not tainted\n -----------------------------\n test_maps/4881 is trying to lock:\n ffffffff84884578 (map_idr_lock){+...}-{3:3}, at: bpf_map_free_id.part.0+0x21/0x70\n other info that might help us debug this:\n context-{5:5}\n 2 locks held by test_maps/4881:\n #0: ffffffff846caf60 (rcu_read_lock){....}-{1:3}, at: bpf_fd_htab_map_update_elem+0xf9/0x270\n #1: ffff888149ced148 (\u0026htab-\u003elockdep_key#2){....}-{2:2}, at: htab_map_update_elem+0x178/0xa80\n stack backtrace:\n CPU: 0 UID: 0 PID: 4881 Comm: test_maps Not tainted 6.11.0-rc4+ #49\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), ...\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6e/0xb0\n dump_stack+0x10/0x20\n __lock_acquire+0x73e/0x36c0\n lock_acquire+0x182/0x450\n _raw_spin_lock_irqsave+0x43/0x70\n bpf_map_free_id.part.0+0x21/0x70\n bpf_map_put+0xcf/0x110\n bpf_map_fd_put_ptr+0x9a/0xb0\n free_htab_elem+0x69/0xe0\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n bpf_map_update_value+0x266/0x380\n __sys_bpf+0x21bb/0x36b0\n __x64_sys_bpf+0x45/0x60\n x64_sys_call+0x1b2a/0x20d0\n do_syscall_64+0x5d/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nOne way to fix the lockdep warning is using raw_spinlock_t for\nmap_idr_lock as well. However, bpf_map_alloc_id() invokes\nidr_alloc_cyclic() after acquiring map_idr_lock, it will trigger a\nsimilar lockdep warning because the slab\u0027s lock (s-\u003ecpu_slab-\u003elock) is\nstill a spinlock.\n\nInstead of changing map_idr_lock\u0027s type, fix the issue by invoking\nhtab_put_fd_value() after htab_unlock_bucket(). However, only deferring\nthe invocation of htab_put_fd_value() is not enough, because the old map\npointers in htab of maps can not be saved during batched deletion.\nTherefore, also defer the invocation of free_htab_elem(), so these\nto-be-freed elements could be linked together similar to lru map.\n\nThere are four callers for -\u003emap_fd_put_ptr:\n\n(1) alloc_htab_elem() (through htab_put_fd_value())\nIt invokes -\u003emap_fd_put_ptr() under a raw_spinlock_t. The invocation of\nhtab_put_fd_value() can not simply move after htab_unlock_bucket(),\nbecause the old element has already been stashed in htab-\u003eextra_elems.\nIt may be reused immediately after htab_unlock_bucket() and the\ninvocation of htab_put_fd_value() after htab_unlock_bucket() may release\nthe newly-added element incorrectly. Therefore, saving the map pointer\nof the old element for htab of maps before unlocking the bucket and\nreleasing the map_ptr after unlock. Beside the map pointer in the old\nelement, should do the same thing for the special fields in the old\nelement as well.\n\n(2) free_htab_elem() (through htab_put_fd_value())\nIts caller includes __htab_map_lookup_and_delete_elem(),\nhtab_map_delete_elem() and __htab_map_lookup_and_delete_batch().\n\nFor htab_map_delete_elem(), simply invoke free_htab_elem() after\nhtab_unlock_bucket(). For __htab_map_lookup_and_delete_batch(), just\nlike lru map, linking the to-be-freed element into node_to_free list\nand invoking free_htab_elem() for these element after unlock. It is safe\nto reuse batch_flink as the link for node_to_free, because these\nelements have been removed from the hash llist.\n\nBecause htab of maps doesn\u0027t support lookup_and_delete operation,\n__htab_map_lookup_and_delete_elem() doesn\u0027t have the problem, so kept\nit as\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56592",
"url": "https://www.suse.com/security/cve/CVE-2024-56592"
},
{
"category": "external",
"summary": "SUSE Bug 1235244 for CVE-2024-56592",
"url": "https://bugzilla.suse.com/1235244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56592"
},
{
"cve": "CVE-2024-56605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56605"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()\n\nbt_sock_alloc() allocates the sk object and attaches it to the provided\nsock object. On error l2cap_sock_alloc() frees the sk object, but the\ndangling pointer is still attached to the sock object, which may create\nuse-after-free in other code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56605",
"url": "https://www.suse.com/security/cve/CVE-2024-56605"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235061 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "external",
"summary": "SUSE Bug 1235062 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-56605"
},
{
"cve": "CVE-2024-56633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg\n\nThe current sk memory accounting logic in __SK_REDIRECT is pre-uncharging\ntosend bytes, which is either msg-\u003esg.size or a smaller value apply_bytes.\n\nPotential problems with this strategy are as follows:\n\n- If the actual sent bytes are smaller than tosend, we need to charge some\n bytes back, as in line 487, which is okay but seems not clean.\n\n- When tosend is set to apply_bytes, as in line 417, and (ret \u003c 0), we may\n miss uncharging (msg-\u003esg.size - apply_bytes) bytes.\n\n[...]\n415 tosend = msg-\u003esg.size;\n416 if (psock-\u003eapply_bytes \u0026\u0026 psock-\u003eapply_bytes \u003c tosend)\n417 tosend = psock-\u003eapply_bytes;\n[...]\n443 sk_msg_return(sk, msg, tosend);\n444 release_sock(sk);\n446 origsize = msg-\u003esg.size;\n447 ret = tcp_bpf_sendmsg_redir(sk_redir, redir_ingress,\n448 msg, tosend, flags);\n449 sent = origsize - msg-\u003esg.size;\n[...]\n454 lock_sock(sk);\n455 if (unlikely(ret \u003c 0)) {\n456 int free = sk_msg_free_nocharge(sk, msg);\n458 if (!cork)\n459 *copied -= free;\n460 }\n[...]\n487 if (eval == __SK_REDIRECT)\n488 sk_mem_charge(sk, tosend - sent);\n[...]\n\nWhen running the selftest test_txmsg_redir_wait_sndmem with txmsg_apply,\nthe following warning will be reported:\n\n------------[ cut here ]------------\nWARNING: CPU: 6 PID: 57 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x190/0x1a0\nModules linked in:\nCPU: 6 UID: 0 PID: 57 Comm: kworker/6:0 Not tainted 6.12.0-rc1.bm.1-amd64+ #43\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nWorkqueue: events sk_psock_destroy\nRIP: 0010:inet_sock_destruct+0x190/0x1a0\nRSP: 0018:ffffad0a8021fe08 EFLAGS: 00010206\nRAX: 0000000000000011 RBX: ffff9aab4475b900 RCX: ffff9aab481a0800\nRDX: 0000000000000303 RSI: 0000000000000011 RDI: ffff9aab4475b900\nRBP: ffff9aab4475b990 R08: 0000000000000000 R09: ffff9aab40050ec0\nR10: 0000000000000000 R11: ffff9aae6fdb1d01 R12: ffff9aab49c60400\nR13: ffff9aab49c60598 R14: ffff9aab49c60598 R15: dead000000000100\nFS: 0000000000000000(0000) GS:ffff9aae6fd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffec7e47bd8 CR3: 00000001a1a1c004 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x89/0x130\n? inet_sock_destruct+0x190/0x1a0\n? report_bug+0xfc/0x1e0\n? handle_bug+0x5c/0xa0\n? exc_invalid_op+0x17/0x70\n? asm_exc_invalid_op+0x1a/0x20\n? inet_sock_destruct+0x190/0x1a0\n__sk_destruct+0x25/0x220\nsk_psock_destroy+0x2b2/0x310\nprocess_scheduled_works+0xa3/0x3e0\nworker_thread+0x117/0x240\n? __pfx_worker_thread+0x10/0x10\nkthread+0xcf/0x100\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x31/0x40\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\n\nIn __SK_REDIRECT, a more concise way is delaying the uncharging after sent\nbytes are finalized, and uncharge this value. When (ret \u003c 0), we shall\ninvoke sk_msg_free.\n\nSame thing happens in case __SK_DROP, when tosend is set to apply_bytes,\nwe may miss uncharging (msg-\u003esg.size - apply_bytes) bytes. The same\nwarning will be reported in selftest.\n\n[...]\n468 case __SK_DROP:\n469 default:\n470 sk_msg_free_partial(sk, msg, tosend);\n471 sk_msg_apply_bytes(psock, tosend);\n472 *copied -= (tosend + delta);\n473 return -EACCES;\n[...]\n\nSo instead of sk_msg_free_partial we can do sk_msg_free here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56633",
"url": "https://www.suse.com/security/cve/CVE-2024-56633"
},
{
"category": "external",
"summary": "SUSE Bug 1235485 for CVE-2024-56633",
"url": "https://bugzilla.suse.com/1235485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56633"
},
{
"cve": "CVE-2024-56638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_inner: incorrect percpu area handling under softirq\n\nSoftirq can interrupt ongoing packet from process context that is\nwalking over the percpu area that contains inner header offsets.\n\nDisable bh and perform three checks before restoring the percpu inner\nheader offsets to validate that the percpu area is valid for this\nskbuff:\n\n1) If the NFT_PKTINFO_INNER_FULL flag is set on, then this skbuff\n has already been parsed before for inner header fetching to\n register.\n\n2) Validate that the percpu area refers to this skbuff using the\n skbuff pointer as a cookie. If there is a cookie mismatch, then\n this skbuff needs to be parsed again.\n\n3) Finally, validate if the percpu area refers to this tunnel type.\n\nOnly after these three checks the percpu area is restored to a on-stack\ncopy and bh is enabled again.\n\nAfter inner header fetching, the on-stack copy is stored back to the\npercpu area.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56638",
"url": "https://www.suse.com/security/cve/CVE-2024-56638"
},
{
"category": "external",
"summary": "SUSE Bug 1235524 for CVE-2024-56638",
"url": "https://bugzilla.suse.com/1235524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56638"
},
{
"cve": "CVE-2024-56640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix LGR and link use-after-free issue\n\nWe encountered a LGR/link use-after-free issue, which manifested as\nthe LGR/link refcnt reaching 0 early and entering the clear process,\nmaking resource access unsafe.\n\n refcount_t: addition on 0; use-after-free.\n WARNING: CPU: 14 PID: 107447 at lib/refcount.c:25 refcount_warn_saturate+0x9c/0x140\n Workqueue: events smc_lgr_terminate_work [smc]\n Call trace:\n refcount_warn_saturate+0x9c/0x140\n __smc_lgr_terminate.part.45+0x2a8/0x370 [smc]\n smc_lgr_terminate_work+0x28/0x30 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nor\n\n refcount_t: underflow; use-after-free.\n WARNING: CPU: 6 PID: 93140 at lib/refcount.c:28 refcount_warn_saturate+0xf0/0x140\n Workqueue: smc_hs_wq smc_listen_work [smc]\n Call trace:\n refcount_warn_saturate+0xf0/0x140\n smcr_link_put+0x1cc/0x1d8 [smc]\n smc_conn_free+0x110/0x1b0 [smc]\n smc_conn_abort+0x50/0x60 [smc]\n smc_listen_find_device+0x75c/0x790 [smc]\n smc_listen_work+0x368/0x8a0 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nIt is caused by repeated release of LGR/link refcnt. One suspect is that\nsmc_conn_free() is called repeatedly because some smc_conn_free() from\nserver listening path are not protected by sock lock.\n\ne.g.\n\nCalls under socklock | smc_listen_work\n-------------------------------------------------------\nlock_sock(sk) | smc_conn_abort\nsmc_conn_free | \\- smc_conn_free\n\\- smcr_link_put | \\- smcr_link_put (duplicated)\nrelease_sock(sk)\n\nSo here add sock lock protection in smc_listen_work() path, making it\nexclusive with other connection operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56640",
"url": "https://www.suse.com/security/cve/CVE-2024-56640"
},
{
"category": "external",
"summary": "SUSE Bug 1235436 for CVE-2024-56640",
"url": "https://bugzilla.suse.com/1235436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56640"
},
{
"cve": "CVE-2024-56647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix icmp host relookup triggering ip_rt_bug\n\narp link failure may trigger ip_rt_bug while xfrm enabled, call trace is:\n\nWARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20\nModules linked in:\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:ip_rt_bug+0x14/0x20\nCall Trace:\n \u003cIRQ\u003e\n ip_send_skb+0x14/0x40\n __icmp_send+0x42d/0x6a0\n ipv4_link_failure+0xe2/0x1d0\n arp_error_report+0x3c/0x50\n neigh_invalidate+0x8d/0x100\n neigh_timer_handler+0x2e1/0x330\n call_timer_fn+0x21/0x120\n __run_timer_base.part.0+0x1c9/0x270\n run_timer_softirq+0x4c/0x80\n handle_softirqs+0xac/0x280\n irq_exit_rcu+0x62/0x80\n sysvec_apic_timer_interrupt+0x77/0x90\n\nThe script below reproduces this scenario:\nip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \\\n\tdir out priority 0 ptype main flag localok icmp\nip l a veth1 type veth\nip a a 192.168.141.111/24 dev veth0\nip l s veth0 up\nping 192.168.141.155 -c 1\n\nicmp_route_lookup() create input routes for locally generated packets\nwhile xfrm relookup ICMP traffic.Then it will set input route\n(dst-\u003eout = ip_rt_bug) to skb for DESTUNREACH.\n\nFor ICMP err triggered by locally generated packets, dst-\u003edev of output\nroute is loopback. Generally, xfrm relookup verification is not required\non loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1).\n\nSkip icmp relookup for locally generated packets to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56647",
"url": "https://www.suse.com/security/cve/CVE-2024-56647"
},
{
"category": "external",
"summary": "SUSE Bug 1235435 for CVE-2024-56647",
"url": "https://bugzilla.suse.com/1235435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56647"
},
{
"cve": "CVE-2024-56658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: defer final \u0027struct net\u0027 free in netns dismantle\n\nIlya reported a slab-use-after-free in dst_destroy [1]\n\nIssue is in xfrm6_net_init() and xfrm4_net_init() :\n\nThey copy xfrm[46]_dst_ops_template into net-\u003exfrm.xfrm[46]_dst_ops.\n\nBut net structure might be freed before all the dst callbacks are\ncalled. So when dst_destroy() calls later :\n\nif (dst-\u003eops-\u003edestroy)\n dst-\u003eops-\u003edestroy(dst);\n\ndst-\u003eops points to the old net-\u003exfrm.xfrm[46]_dst_ops, which has been freed.\n\nSee a relevant issue fixed in :\n\nac888d58869b (\"net: do not delay dst_entries_add() in dst_release()\")\n\nA fix is to queue the \u0027struct net\u0027 to be freed after one\nanother cleanup_net() round (and existing rcu_barrier())\n\n[1]\n\nBUG: KASAN: slab-use-after-free in dst_destroy (net/core/dst.c:112)\nRead of size 8 at addr ffff8882137ccab0 by task swapper/37/0\nDec 03 05:46:18 kernel:\nCPU: 37 UID: 0 PID: 0 Comm: swapper/37 Kdump: loaded Not tainted 6.12.0 #67\nHardware name: Red Hat KVM/RHEL, BIOS 1.16.1-1.el9 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\ndump_stack_lvl (lib/dump_stack.c:124)\nprint_address_description.constprop.0 (mm/kasan/report.c:378)\n? dst_destroy (net/core/dst.c:112)\nprint_report (mm/kasan/report.c:489)\n? dst_destroy (net/core/dst.c:112)\n? kasan_addr_to_slab (mm/kasan/common.c:37)\nkasan_report (mm/kasan/report.c:603)\n? dst_destroy (net/core/dst.c:112)\n? rcu_do_batch (kernel/rcu/tree.c:2567)\ndst_destroy (net/core/dst.c:112)\nrcu_do_batch (kernel/rcu/tree.c:2567)\n? __pfx_rcu_do_batch (kernel/rcu/tree.c:2491)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4339 kernel/locking/lockdep.c:4406)\nrcu_core (kernel/rcu/tree.c:2825)\nhandle_softirqs (kernel/softirq.c:554)\n__irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637)\nirq_exit_rcu (kernel/softirq.c:651)\nsysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1049 arch/x86/kernel/apic/apic.c:1049)\n \u003c/IRQ\u003e\n \u003cTASK\u003e\nasm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702)\nRIP: 0010:default_idle (./arch/x86/include/asm/irqflags.h:37 ./arch/x86/include/asm/irqflags.h:92 arch/x86/kernel/process.c:743)\nCode: 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 6e ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 0f 00 2d c7 c9 27 00 fb f4 \u003cfa\u003e c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90\nRSP: 0018:ffff888100d2fe00 EFLAGS: 00000246\nRAX: 00000000001870ed RBX: 1ffff110201a5fc2 RCX: ffffffffb61a3e46\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffb3d4d123\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed11c7e1835d\nR10: ffff888e3f0c1aeb R11: 0000000000000000 R12: 0000000000000000\nR13: ffff888100d20000 R14: dffffc0000000000 R15: 0000000000000000\n? ct_kernel_exit.constprop.0 (kernel/context_tracking.c:148)\n? cpuidle_idle_call (kernel/sched/idle.c:186)\ndefault_idle_call (./include/linux/cpuidle.h:143 kernel/sched/idle.c:118)\ncpuidle_idle_call (kernel/sched/idle.c:186)\n? __pfx_cpuidle_idle_call (kernel/sched/idle.c:168)\n? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406)\n? tsc_verify_tsc_adjust (arch/x86/kernel/tsc_sync.c:59)\ndo_idle (kernel/sched/idle.c:326)\ncpu_startup_entry (kernel/sched/idle.c:423 (discriminator 1))\nstart_secondary (arch/x86/kernel/smpboot.c:202 arch/x86/kernel/smpboot.c:282)\n? __pfx_start_secondary (arch/x86/kernel/smpboot.c:232)\n? soft_restart_cpu (arch/x86/kernel/head_64.S:452)\ncommon_startup_64 (arch/x86/kernel/head_64.S:414)\n \u003c/TASK\u003e\nDec 03 05:46:18 kernel:\nAllocated by task 12184:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69)\n__kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\nkmem_cache_alloc_noprof (mm/slub.c:4085 mm/slub.c:4134 mm/slub.c:4141)\ncopy_net_ns (net/core/net_namespace.c:421 net/core/net_namespace.c:480)\ncreate_new_namespaces\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56658",
"url": "https://www.suse.com/security/cve/CVE-2024-56658"
},
{
"category": "external",
"summary": "SUSE Bug 1235441 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "external",
"summary": "SUSE Bug 1235442 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-56658"
},
{
"cve": "CVE-2024-56702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Mark raw_tp arguments with PTR_MAYBE_NULL\n\nArguments to a raw tracepoint are tagged as trusted, which carries the\nsemantics that the pointer will be non-NULL. However, in certain cases,\na raw tracepoint argument may end up being NULL. More context about this\nissue is available in [0].\n\nThus, there is a discrepancy between the reality, that raw_tp arguments\ncan actually be NULL, and the verifier\u0027s knowledge, that they are never\nNULL, causing explicit NULL checks to be deleted, and accesses to such\npointers potentially crashing the kernel.\n\nTo fix this, mark raw_tp arguments as PTR_MAYBE_NULL, and then special\ncase the dereference and pointer arithmetic to permit it, and allow\npassing them into helpers/kfuncs; these exceptions are made for raw_tp\nprograms only. Ensure that we don\u0027t do this when ref_obj_id \u003e 0, as in\nthat case this is an acquired object and doesn\u0027t need such adjustment.\n\nThe reason we do mask_raw_tp_trusted_reg logic is because other will\nrecheck in places whether the register is a trusted_reg, and then\nconsider our register as untrusted when detecting the presence of the\nPTR_MAYBE_NULL flag.\n\nTo allow safe dereference, we enable PROBE_MEM marking when we see loads\ninto trusted pointers with PTR_MAYBE_NULL.\n\nWhile trusted raw_tp arguments can also be passed into helpers or kfuncs\nwhere such broken assumption may cause issues, a future patch set will\ntackle their case separately, as PTR_TO_BTF_ID (without PTR_TRUSTED) can\nalready be passed into helpers and causes similar problems. Thus, they\nare left alone for now.\n\nIt is possible that these checks also permit passing non-raw_tp args\nthat are trusted PTR_TO_BTF_ID with null marking. In such a case,\nallowing dereference when pointer is NULL expands allowed behavior, so\nwon\u0027t regress existing programs, and the case of passing these into\nhelpers is the same as above and will be dealt with later.\n\nAlso update the failure case in tp_btf_nullable selftest to capture the\nnew behavior, as the verifier will no longer cause an error when\ndirectly dereference a raw tracepoint argument marked as __nullable.\n\n [0]: https://lore.kernel.org/bpf/ZrCZS6nisraEqehw@jlelli-thinkpadt14gen4.remote.csb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56702",
"url": "https://www.suse.com/security/cve/CVE-2024-56702"
},
{
"category": "external",
"summary": "SUSE Bug 1235501 for CVE-2024-56702",
"url": "https://bugzilla.suse.com/1235501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56702"
},
{
"cve": "CVE-2024-56703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix soft lockups in fib6_select_path under high next hop churn\n\nSoft lockups have been observed on a cluster of Linux-based edge routers\nlocated in a highly dynamic environment. Using the `bird` service, these\nrouters continuously update BGP-advertised routes due to frequently\nchanging nexthop destinations, while also managing significant IPv6\ntraffic. The lockups occur during the traversal of the multipath\ncircular linked-list in the `fib6_select_path` function, particularly\nwhile iterating through the siblings in the list. The issue typically\narises when the nodes of the linked list are unexpectedly deleted\nconcurrently on a different core\u2014indicated by their \u0027next\u0027 and\n\u0027previous\u0027 elements pointing back to the node itself and their reference\ncount dropping to zero. This results in an infinite loop, leading to a\nsoft lockup that triggers a system panic via the watchdog timer.\n\nApply RCU primitives in the problematic code sections to resolve the\nissue. Where necessary, update the references to fib6_siblings to\nannotate or use the RCU APIs.\n\nInclude a test script that reproduces the issue. The script\nperiodically updates the routing table while generating a heavy load\nof outgoing IPv6 traffic through multiple iperf3 clients. It\nconsistently induces infinite soft lockups within a couple of minutes.\n\nKernel log:\n\n 0 [ffffbd13003e8d30] machine_kexec at ffffffff8ceaf3eb\n 1 [ffffbd13003e8d90] __crash_kexec at ffffffff8d0120e3\n 2 [ffffbd13003e8e58] panic at ffffffff8cef65d4\n 3 [ffffbd13003e8ed8] watchdog_timer_fn at ffffffff8d05cb03\n 4 [ffffbd13003e8f08] __hrtimer_run_queues at ffffffff8cfec62f\n 5 [ffffbd13003e8f70] hrtimer_interrupt at ffffffff8cfed756\n 6 [ffffbd13003e8fd0] __sysvec_apic_timer_interrupt at ffffffff8cea01af\n 7 [ffffbd13003e8ff0] sysvec_apic_timer_interrupt at ffffffff8df1b83d\n-- \u003cIRQ stack\u003e --\n 8 [ffffbd13003d3708] asm_sysvec_apic_timer_interrupt at ffffffff8e000ecb\n [exception RIP: fib6_select_path+299]\n RIP: ffffffff8ddafe7b RSP: ffffbd13003d37b8 RFLAGS: 00000287\n RAX: ffff975850b43600 RBX: ffff975850b40200 RCX: 0000000000000000\n RDX: 000000003fffffff RSI: 0000000051d383e4 RDI: ffff975850b43618\n RBP: ffffbd13003d3800 R8: 0000000000000000 R9: ffff975850b40200\n R10: 0000000000000000 R11: 0000000000000000 R12: ffffbd13003d3830\n R13: ffff975850b436a8 R14: ffff975850b43600 R15: 0000000000000007\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n 9 [ffffbd13003d3808] ip6_pol_route at ffffffff8ddb030c\n10 [ffffbd13003d3888] ip6_pol_route_input at ffffffff8ddb068c\n11 [ffffbd13003d3898] fib6_rule_lookup at ffffffff8ddf02b5\n12 [ffffbd13003d3928] ip6_route_input at ffffffff8ddb0f47\n13 [ffffbd13003d3a18] ip6_rcv_finish_core.constprop.0 at ffffffff8dd950d0\n14 [ffffbd13003d3a30] ip6_list_rcv_finish.constprop.0 at ffffffff8dd96274\n15 [ffffbd13003d3a98] ip6_sublist_rcv at ffffffff8dd96474\n16 [ffffbd13003d3af8] ipv6_list_rcv at ffffffff8dd96615\n17 [ffffbd13003d3b60] __netif_receive_skb_list_core at ffffffff8dc16fec\n18 [ffffbd13003d3be0] netif_receive_skb_list_internal at ffffffff8dc176b3\n19 [ffffbd13003d3c50] napi_gro_receive at ffffffff8dc565b9\n20 [ffffbd13003d3c80] ice_receive_skb at ffffffffc087e4f5 [ice]\n21 [ffffbd13003d3c90] ice_clean_rx_irq at ffffffffc0881b80 [ice]\n22 [ffffbd13003d3d20] ice_napi_poll at ffffffffc088232f [ice]\n23 [ffffbd13003d3d80] __napi_poll at ffffffff8dc18000\n24 [ffffbd13003d3db8] net_rx_action at ffffffff8dc18581\n25 [ffffbd13003d3e40] __do_softirq at ffffffff8df352e9\n26 [ffffbd13003d3eb0] run_ksoftirqd at ffffffff8ceffe47\n27 [ffffbd13003d3ec0] smpboot_thread_fn at ffffffff8cf36a30\n28 [ffffbd13003d3ee8] kthread at ffffffff8cf2b39f\n29 [ffffbd13003d3f28] ret_from_fork at ffffffff8ce5fa64\n30 [ffffbd13003d3f50] ret_from_fork_asm at ffffffff8ce03cbb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56703",
"url": "https://www.suse.com/security/cve/CVE-2024-56703"
},
{
"category": "external",
"summary": "SUSE Bug 1235455 for CVE-2024-56703",
"url": "https://bugzilla.suse.com/1235455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56703"
},
{
"cve": "CVE-2024-56718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: protect link down work from execute after lgr freed\n\nlink down work may be scheduled before lgr freed but execute\nafter lgr freed, which may result in crash. So it is need to\nhold a reference before shedule link down work, and put the\nreference after work executed or canceled.\n\nThe relevant crash call stack as follows:\n list_del corruption. prev-\u003enext should be ffffb638c9c0fe20,\n but was 0000000000000000\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:51!\n invalid opcode: 0000 [#1] SMP NOPTI\n CPU: 6 PID: 978112 Comm: kworker/6:119 Kdump: loaded Tainted: G #1\n Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 2221b89 04/01/2014\n Workqueue: events smc_link_down_work [smc]\n RIP: 0010:__list_del_entry_valid.cold+0x31/0x47\n RSP: 0018:ffffb638c9c0fdd8 EFLAGS: 00010086\n RAX: 0000000000000054 RBX: ffff942fb75e5128 RCX: 0000000000000000\n RDX: ffff943520930aa0 RSI: ffff94352091fc80 RDI: ffff94352091fc80\n RBP: 0000000000000000 R08: 0000000000000000 R09: ffffb638c9c0fc38\n R10: ffffb638c9c0fc30 R11: ffffffffa015eb28 R12: 0000000000000002\n R13: ffffb638c9c0fe20 R14: 0000000000000001 R15: ffff942f9cd051c0\n FS: 0000000000000000(0000) GS:ffff943520900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f4f25214000 CR3: 000000025fbae004 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n rwsem_down_write_slowpath+0x17e/0x470\n smc_link_down_work+0x3c/0x60 [smc]\n process_one_work+0x1ac/0x350\n worker_thread+0x49/0x2f0\n ? rescuer_thread+0x360/0x360\n kthread+0x118/0x140\n ? __kthread_bind_mask+0x60/0x60\n ret_from_fork+0x1f/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56718",
"url": "https://www.suse.com/security/cve/CVE-2024-56718"
},
{
"category": "external",
"summary": "SUSE Bug 1235589 for CVE-2024-56718",
"url": "https://bugzilla.suse.com/1235589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56718"
},
{
"cve": "CVE-2024-56719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: fix TSO DMA API usage causing oops\n\nCommit 66600fac7a98 (\"net: stmmac: TSO: Fix unbalanced DMA map/unmap\nfor non-paged SKB data\") moved the assignment of tx_skbuff_dma[]\u0027s\nmembers to be later in stmmac_tso_xmit().\n\nThe buf (dma cookie) and len stored in this structure are passed to\ndma_unmap_single() by stmmac_tx_clean(). The DMA API requires that\nthe dma cookie passed to dma_unmap_single() is the same as the value\nreturned from dma_map_single(). However, by moving the assignment\nlater, this is not the case when priv-\u003edma_cap.addr64 \u003e 32 as \"des\"\nis offset by proto_hdr_len.\n\nThis causes problems such as:\n\n dwc-eth-dwmac 2490000.ethernet eth0: Tx DMA map failed\n\nand with DMA_API_DEBUG enabled:\n\n DMA-API: dwc-eth-dwmac 2490000.ethernet: device driver tries to +free DMA memory it has not allocated [device address=0x000000ffffcf65c0] [size=66 bytes]\n\nFix this by maintaining \"des\" as the original DMA cookie, and use\ntso_des to pass the offset DMA cookie to stmmac_tso_allocator().\n\nFull details of the crashes can be found at:\nhttps://lore.kernel.org/all/d8112193-0386-4e14-b516-37c2d838171a@nvidia.com/\nhttps://lore.kernel.org/all/klkzp5yn5kq5efgtrow6wbvnc46bcqfxs65nz3qy77ujr5turc@bwwhelz2l4dw/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56719",
"url": "https://www.suse.com/security/cve/CVE-2024-56719"
},
{
"category": "external",
"summary": "SUSE Bug 1235591 for CVE-2024-56719",
"url": "https://bugzilla.suse.com/1235591"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56719"
},
{
"cve": "CVE-2024-56720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56720"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Several fixes to bpf_msg_pop_data\n\nSeveral fixes to bpf_msg_pop_data,\n1. In sk_msg_shift_left, we should put_page\n2. if (len == 0), return early is better\n3. pop the entire sk_msg (last == msg-\u003esg.size) should be supported\n4. Fix for the value of variable \"a\"\n5. In sk_msg_shift_left, after shifting, i has already pointed to the next\nelement. Addtional sk_msg_iter_var_next may result in BUG.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56720",
"url": "https://www.suse.com/security/cve/CVE-2024-56720"
},
{
"category": "external",
"summary": "SUSE Bug 1235592 for CVE-2024-56720",
"url": "https://bugzilla.suse.com/1235592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56720"
},
{
"cve": "CVE-2024-56751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56751"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: release nexthop on device removal\n\nThe CI is hitting some aperiodic hangup at device removal time in the\npmtu.sh self-test:\n\nunregister_netdevice: waiting for veth_A-R1 to become free. Usage count = 6\nref_tracker: veth_A-R1@ffff888013df15d8 has 1/5 users at\n\tdst_init+0x84/0x4a0\n\tdst_alloc+0x97/0x150\n\tip6_dst_alloc+0x23/0x90\n\tip6_rt_pcpu_alloc+0x1e6/0x520\n\tip6_pol_route+0x56f/0x840\n\tfib6_rule_lookup+0x334/0x630\n\tip6_route_output_flags+0x259/0x480\n\tip6_dst_lookup_tail.constprop.0+0x5c2/0x940\n\tip6_dst_lookup_flow+0x88/0x190\n\tudp_tunnel6_dst_lookup+0x2a7/0x4c0\n\tvxlan_xmit_one+0xbde/0x4a50 [vxlan]\n\tvxlan_xmit+0x9ad/0xf20 [vxlan]\n\tdev_hard_start_xmit+0x10e/0x360\n\t__dev_queue_xmit+0xf95/0x18c0\n\tarp_solicit+0x4a2/0xe00\n\tneigh_probe+0xaa/0xf0\n\nWhile the first suspect is the dst_cache, explicitly tracking the dst\nowing the last device reference via probes proved such dst is held by\nthe nexthop in the originating fib6_info.\n\nSimilar to commit f5b51fe804ec (\"ipv6: route: purge exception on\nremoval\"), we need to explicitly release the originating fib info when\ndisconnecting a to-be-removed device from a live ipv6 dst: move the\nfib6_info cleanup into ip6_dst_ifdown().\n\nTested running:\n\n./pmtu.sh cleanup_ipv6_exception\n\nin a tight loop for more than 400 iterations with no spat, running an\nunpatched kernel I observed a splat every ~10 iterations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56751",
"url": "https://www.suse.com/security/cve/CVE-2024-56751"
},
{
"category": "external",
"summary": "SUSE Bug 1234936 for CVE-2024-56751",
"url": "https://bugzilla.suse.com/1234936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56751"
},
{
"cve": "CVE-2024-56758",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56758"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: check folio mapping after unlock in relocate_one_folio()\n\nWhen we call btrfs_read_folio() to bring a folio uptodate, we unlock the\nfolio. The result of that is that a different thread can modify the\nmapping (like remove it with invalidate) before we call folio_lock().\nThis results in an invalid page and we need to try again.\n\nIn particular, if we are relocating concurrently with aborting a\ntransaction, this can result in a crash like the following:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP\n CPU: 76 PID: 1411631 Comm: kworker/u322:5\n Workqueue: events_unbound btrfs_reclaim_bgs_work\n RIP: 0010:set_page_extent_mapped+0x20/0xb0\n RSP: 0018:ffffc900516a7be8 EFLAGS: 00010246\n RAX: ffffea009e851d08 RBX: ffffea009e0b1880 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffffc900516a7b90 RDI: ffffea009e0b1880\n RBP: 0000000003573000 R08: 0000000000000001 R09: ffff88c07fd2f3f0\n R10: 0000000000000000 R11: 0000194754b575be R12: 0000000003572000\n R13: 0000000003572fff R14: 0000000000100cca R15: 0000000005582fff\n FS: 0000000000000000(0000) GS:ffff88c07fd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 000000407d00f002 CR4: 00000000007706f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x78/0xc0\n ? page_fault_oops+0x2a8/0x3a0\n ? __switch_to+0x133/0x530\n ? wq_worker_running+0xa/0x40\n ? exc_page_fault+0x63/0x130\n ? asm_exc_page_fault+0x22/0x30\n ? set_page_extent_mapped+0x20/0xb0\n relocate_file_extent_cluster+0x1a7/0x940\n relocate_data_extent+0xaf/0x120\n relocate_block_group+0x20f/0x480\n btrfs_relocate_block_group+0x152/0x320\n btrfs_relocate_chunk+0x3d/0x120\n btrfs_reclaim_bgs_work+0x2ae/0x4e0\n process_scheduled_works+0x184/0x370\n worker_thread+0xc6/0x3e0\n ? blk_add_timer+0xb0/0xb0\n kthread+0xae/0xe0\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork+0x2f/0x40\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n\nThis occurs because cleanup_one_transaction() calls\ndestroy_delalloc_inodes() which calls invalidate_inode_pages2() which\ntakes the folio_lock before setting mapping to NULL. We fail to check\nthis, and subsequently call set_extent_mapping(), which assumes that\nmapping != NULL (in fact it asserts that in debug mode)\n\nNote that the \"fixes\" patch here is not the one that introduced the\nrace (the very first iteration of this code from 2009) but a more recent\nchange that made this particular crash happen in practice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56758",
"url": "https://www.suse.com/security/cve/CVE-2024-56758"
},
{
"category": "external",
"summary": "SUSE Bug 1235621 for CVE-2024-56758",
"url": "https://bugzilla.suse.com/1235621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56758"
},
{
"cve": "CVE-2024-56770",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56770"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: netem: account for backlog updates from child qdisc\n\nIn general, \u0027qlen\u0027 of any classful qdisc should keep track of the\nnumber of packets that the qdisc itself and all of its children holds.\nIn case of netem, \u0027qlen\u0027 only accounts for the packets in its internal\ntfifo. When netem is used with a child qdisc, the child qdisc can use\n\u0027qdisc_tree_reduce_backlog\u0027 to inform its parent, netem, about created\nor dropped SKBs. This function updates \u0027qlen\u0027 and the backlog statistics\nof netem, but netem does not account for changes made by a child qdisc.\n\u0027qlen\u0027 then indicates the wrong number of packets in the tfifo.\nIf a child qdisc creates new SKBs during enqueue and informs its parent\nabout this, netem\u0027s \u0027qlen\u0027 value is increased. When netem dequeues the\nnewly created SKBs from the child, the \u0027qlen\u0027 in netem is not updated.\nIf \u0027qlen\u0027 reaches the configured sch-\u003elimit, the enqueue function stops\nworking, even though the tfifo is not full.\n\nReproduce the bug:\nEnsure that the sender machine has GSO enabled. Configure netem as root\nqdisc and tbf as its child on the outgoing interface of the machine\nas follows:\n$ tc qdisc add dev \u003coif\u003e root handle 1: netem delay 100ms limit 100\n$ tc qdisc add dev \u003coif\u003e parent 1:0 tbf rate 50Mbit burst 1542 latency 50ms\n\nSend bulk TCP traffic out via this interface, e.g., by running an iPerf3\nclient on the machine. Check the qdisc statistics:\n$ tc -s qdisc show dev \u003coif\u003e\n\nStatistics after 10s of iPerf3 TCP test before the fix (note that\nnetem\u0027s backlog \u003e limit, netem stopped accepting packets):\nqdisc netem 1: root refcnt 2 limit 1000 delay 100ms\n Sent 2767766 bytes 1848 pkt (dropped 652, overlimits 0 requeues 0)\n backlog 4294528236b 1155p requeues 0\nqdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms\n Sent 2767766 bytes 1848 pkt (dropped 327, overlimits 7601 requeues 0)\n backlog 0b 0p requeues 0\n\nStatistics after the fix:\nqdisc netem 1: root refcnt 2 limit 1000 delay 100ms\n Sent 37766372 bytes 24974 pkt (dropped 9, overlimits 0 requeues 0)\n backlog 0b 0p requeues 0\nqdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms\n Sent 37766372 bytes 24974 pkt (dropped 327, overlimits 96017 requeues 0)\n backlog 0b 0p requeues 0\n\ntbf segments the GSO SKBs (tbf_segment) and updates the netem\u0027s \u0027qlen\u0027.\nThe interface fully stops transferring packets and \"locks\". In this case,\nthe child qdisc and tfifo are empty, but \u0027qlen\u0027 indicates the tfifo is at\nits limit and no more packets are accepted.\n\nThis patch adds a counter for the entries in the tfifo. Netem\u0027s \u0027qlen\u0027 is\nonly decreased when a packet is returned by its dequeue function, and not\nduring enqueuing into the child qdisc. External updates to \u0027qlen\u0027 are thus\naccounted for and only the behavior of the backlog statistics changes. As\nin other qdiscs, \u0027qlen\u0027 then keeps track of how many packets are held in\nnetem and all of its children. As before, sch-\u003elimit remains as the\nmaximum number of packets in the tfifo. The same applies to netem\u0027s\nbacklog statistics.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56770",
"url": "https://www.suse.com/security/cve/CVE-2024-56770"
},
{
"category": "external",
"summary": "SUSE Bug 1235637 for CVE-2024-56770",
"url": "https://bugzilla.suse.com/1235637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56770"
},
{
"cve": "CVE-2024-57807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57807"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: megaraid_sas: Fix for a potential deadlock\n\nThis fixes a \u0027possible circular locking dependency detected\u0027 warning\n CPU0 CPU1\n ---- ----\n lock(\u0026instance-\u003ereset_mutex);\n lock(\u0026shost-\u003escan_mutex);\n lock(\u0026instance-\u003ereset_mutex);\n lock(\u0026shost-\u003escan_mutex);\n\nFix this by temporarily releasing the reset_mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57807",
"url": "https://www.suse.com/security/cve/CVE-2024-57807"
},
{
"category": "external",
"summary": "SUSE Bug 1235761 for CVE-2024-57807",
"url": "https://bugzilla.suse.com/1235761"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57807"
},
{
"cve": "CVE-2024-57834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57834"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread\n\nsyzbot report a null-ptr-deref in vidtv_mux_stop_thread. [1]\n\nIf dvb-\u003emux is not initialized successfully by vidtv_mux_init() in the\nvidtv_start_streaming(), it will trigger null pointer dereference about mux\nin vidtv_mux_stop_thread().\n\nAdjust the timing of streaming initialization and check it before\nstopping it.\n\n[1]\nKASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f]\nCPU: 0 UID: 0 PID: 5842 Comm: syz-executor248 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:vidtv_mux_stop_thread+0x26/0x80 drivers/media/test-drivers/vidtv/vidtv_mux.c:471\nCode: 90 90 90 90 66 0f 1f 00 55 53 48 89 fb e8 82 2e c8 f9 48 8d bb 28 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c0f\u003e b6 04 02 84 c0 74 02 7e 3b 0f b6 ab 28 01 00 00 31 ff 89 ee e8\nRSP: 0018:ffffc90003f2faa8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff87cfb125\nRDX: 0000000000000025 RSI: ffffffff87d120ce RDI: 0000000000000128\nRBP: ffff888029b8d220 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000003 R12: ffff888029b8d188\nR13: ffffffff8f590aa0 R14: ffffc9000581c5c8 R15: ffff888029a17710\nFS: 00007f7eef5156c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f7eef5e635c CR3: 0000000076ca6000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vidtv_stop_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:209 [inline]\n vidtv_stop_feed+0x151/0x250 drivers/media/test-drivers/vidtv/vidtv_bridge.c:252\n dmx_section_feed_stop_filtering+0x90/0x160 drivers/media/dvb-core/dvb_demux.c:1000\n dvb_dmxdev_feed_stop.isra.0+0x1ee/0x270 drivers/media/dvb-core/dmxdev.c:486\n dvb_dmxdev_filter_stop+0x22a/0x3a0 drivers/media/dvb-core/dmxdev.c:559\n dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline]\n dvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246\n __fput+0x3f8/0xb60 fs/file_table.c:450\n task_work_run+0x14e/0x250 kernel/task_work.c:239\n get_signal+0x1d3/0x2610 kernel/signal.c:2790\n arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337\n exit_to_user_mode_loop kernel/entry/common.c:111 [inline]\n exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218\n do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57834",
"url": "https://www.suse.com/security/cve/CVE-2024-57834"
},
{
"category": "external",
"summary": "SUSE Bug 1238993 for CVE-2024-57834",
"url": "https://bugzilla.suse.com/1238993"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57834"
},
{
"cve": "CVE-2024-57882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57882"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix TCP options overflow.\n\nSyzbot reported the following splat:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 UID: 0 PID: 5836 Comm: sshd Not tainted 6.13.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\nRIP: 0010:_compound_head include/linux/page-flags.h:242 [inline]\nRIP: 0010:put_page+0x23/0x260 include/linux/mm.h:1552\nCode: 90 90 90 90 90 90 90 55 41 57 41 56 53 49 89 fe 48 bd 00 00 00 00 00 fc ff df e8 f8 5e 12 f8 49 8d 5e 08 48 89 d8 48 c1 e8 03 \u003c80\u003e 3c 28 00 74 08 48 89 df e8 8f c7 78 f8 48 8b 1b 48 89 de 48 83\nRSP: 0000:ffffc90003916c90 EFLAGS: 00010202\nRAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888030458000\nRDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: dffffc0000000000 R08: ffffffff898ca81d R09: 1ffff110054414ac\nR10: dffffc0000000000 R11: ffffed10054414ad R12: 0000000000000007\nR13: ffff88802a20a542 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f34f496e800(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f9d6ec9ec28 CR3: 000000004d260000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n skb_page_unref include/linux/skbuff_ref.h:43 [inline]\n __skb_frag_unref include/linux/skbuff_ref.h:56 [inline]\n skb_release_data+0x483/0x8a0 net/core/skbuff.c:1119\n skb_release_all net/core/skbuff.c:1190 [inline]\n __kfree_skb+0x55/0x70 net/core/skbuff.c:1204\n tcp_clean_rtx_queue net/ipv4/tcp_input.c:3436 [inline]\n tcp_ack+0x2442/0x6bc0 net/ipv4/tcp_input.c:4032\n tcp_rcv_state_process+0x8eb/0x44e0 net/ipv4/tcp_input.c:6805\n tcp_v4_do_rcv+0x77d/0xc70 net/ipv4/tcp_ipv4.c:1939\n tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2351\n ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n __netif_receive_skb_one_core net/core/dev.c:5672 [inline]\n __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5785\n process_backlog+0x662/0x15b0 net/core/dev.c:6117\n __napi_poll+0xcb/0x490 net/core/dev.c:6883\n napi_poll net/core/dev.c:6952 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:7074\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0x57/0xc0 arch/x86/kernel/apic/apic.c:1049\n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702\nRIP: 0033:0x7f34f4519ad5\nCode: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83\nRSP: 002b:00007ffec5b32ce0 EFLAGS: 00000246\nRAX: 0000000000000001 RBX: 00000000000668a0 RCX: 00007f34f4519ad5\nRDX: 00007ffec5b32d00 RSI: 0000000000000004 RDI: 0000564f4bc6cae0\nRBP: 0000564f4bc6b5a0 R08: 0000000000000008 R09: 0000000000000000\nR10: 00007ffec5b32de8 R11: 0000000000000246 R12: 0000564f48ea8aa4\nR13: 0000000000000001 R14: 0000564f48ea93e8 R15: 00007ffec5b32d68\n \u003c/TASK\u003e\n\nEric noted a probable shinfo-\u003enr_frags corruption, which indeed\noccurs.\n\nThe root cause is a buggy MPTCP option len computation in some\ncircumstances: the ADD_ADDR option should be mutually exclusive\nwith DSS since the blamed commit.\n\nStill, mptcp_established_options_add_addr() tries to set the\nrelevant info in mptcp_out_options, if \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57882",
"url": "https://www.suse.com/security/cve/CVE-2024-57882"
},
{
"category": "external",
"summary": "SUSE Bug 1235914 for CVE-2024-57882",
"url": "https://bugzilla.suse.com/1235914"
},
{
"category": "external",
"summary": "SUSE Bug 1235916 for CVE-2024-57882",
"url": "https://bugzilla.suse.com/1235916"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-57882"
},
{
"cve": "CVE-2024-57889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking\n\nIf a device uses MCP23xxx IO expander to receive IRQs, the following\nbug can happen:\n\n BUG: sleeping function called from invalid context\n at kernel/locking/mutex.c:283\n in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ...\n preempt_count: 1, expected: 0\n ...\n Call Trace:\n ...\n __might_resched+0x104/0x10e\n __might_sleep+0x3e/0x62\n mutex_lock+0x20/0x4c\n regmap_lock_mutex+0x10/0x18\n regmap_update_bits_base+0x2c/0x66\n mcp23s08_irq_set_type+0x1ae/0x1d6\n __irq_set_trigger+0x56/0x172\n __setup_irq+0x1e6/0x646\n request_threaded_irq+0xb6/0x160\n ...\n\nWe observed the problem while experimenting with a touchscreen driver which\nused MCP23017 IO expander (I2C).\n\nThe regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from\nconcurrent accesses, which is the default for regmaps without .fast_io,\n.disable_locking, etc.\n\nmcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter\nlocks the mutex.\n\nHowever, __setup_irq() locks desc-\u003elock spinlock before calling these\nfunctions. As a result, the system tries to lock the mutex whole holding\nthe spinlock.\n\nIt seems, the internal regmap locks are not needed in this driver at all.\nmcp-\u003elock seems to protect the regmap from concurrent accesses already,\nexcept, probably, in mcp_pinconf_get/set.\n\nmcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under\nchip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes\nmcp-\u003elock and enables regmap caching, so that the potentially slow I2C\naccesses are deferred until chip_bus_unlock().\n\nThe accesses to the regmap from mcp23s08_probe_one() do not need additional\nlocking.\n\nIn all remaining places where the regmap is accessed, except\nmcp_pinconf_get/set(), the driver already takes mcp-\u003elock.\n\nThis patch adds locking in mcp_pinconf_get/set() and disables internal\nlocking in the regmap config. Among other things, it fixes the sleeping\nin atomic context described above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57889",
"url": "https://www.suse.com/security/cve/CVE-2024-57889"
},
{
"category": "external",
"summary": "SUSE Bug 1236573 for CVE-2024-57889",
"url": "https://bugzilla.suse.com/1236573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57889"
},
{
"cve": "CVE-2024-57900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57900"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: serialize calls to nf_register_net_hooks()\n\nsyzbot found a race in ila_add_mapping() [1]\n\ncommit 031ae72825ce (\"ila: call nf_unregister_net_hooks() sooner\")\nattempted to fix a similar issue.\n\nLooking at the syzbot repro, we have concurrent ILA_CMD_ADD commands.\n\nAdd a mutex to make sure at most one thread is calling nf_register_net_hooks().\n\n[1]\n BUG: KASAN: slab-use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: slab-use-after-free in __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604\nRead of size 4 at addr ffff888028f40008 by task dhcpcd/5501\n\nCPU: 1 UID: 0 PID: 5501 Comm: dhcpcd Not tainted 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:489\n kasan_report+0xd9/0x110 mm/kasan/report.c:602\n rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:127 [inline]\n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n ila_nf_input+0x1ee/0x620 net/ipv6/ila/ila_xlat.c:185\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xbb/0x200 net/netfilter/core.c:626\n nf_hook.constprop.0+0x42e/0x750 include/linux/netfilter.h:269\n NF_HOOK include/linux/netfilter.h:312 [inline]\n ipv6_rcv+0xa4/0x680 net/ipv6/ip6_input.c:309\n __netif_receive_skb_one_core+0x12e/0x1e0 net/core/dev.c:5672\n __netif_receive_skb+0x1d/0x160 net/core/dev.c:5785\n process_backlog+0x443/0x15f0 net/core/dev.c:6117\n __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:6883\n napi_poll net/core/dev.c:6952 [inline]\n net_rx_action+0xa94/0x1010 net/core/dev.c:7074\n handle_softirqs+0x213/0x8f0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0x109/0x170 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57900",
"url": "https://www.suse.com/security/cve/CVE-2024-57900"
},
{
"category": "external",
"summary": "SUSE Bug 1235973 for CVE-2024-57900",
"url": "https://bugzilla.suse.com/1235973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57900"
},
{
"cve": "CVE-2024-57947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_set_pipapo: fix initial map fill\n\nThe initial buffer has to be inited to all-ones, but it must restrict\nit to the size of the first field, not the total field size.\n\nAfter each round in the map search step, the result and the fill map\nare swapped, so if we have a set where f-\u003ebsize of the first element\nis smaller than m-\u003ebsize_max, those one-bits are leaked into future\nrounds result map.\n\nThis makes pipapo find an incorrect matching results for sets where\nfirst field size is not the largest.\n\nFollowup patch adds a test case to nft_concat_range.sh selftest script.\n\nThanks to Stefano Brivio for pointing out that we need to zero out\nthe remainder explicitly, only correcting memset() argument isn\u0027t enough.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57947",
"url": "https://www.suse.com/security/cve/CVE-2024-57947"
},
{
"category": "external",
"summary": "SUSE Bug 1236333 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "external",
"summary": "SUSE Bug 1245799 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1245799"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-57947"
},
{
"cve": "CVE-2024-57948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: check local interfaces before deleting sdata list\n\nsyzkaller reported a corrupted list in ieee802154_if_remove. [1]\n\nRemove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4\nhardware device from the system.\n\nCPU0\t\t\t\t\tCPU1\n====\t\t\t\t\t====\ngenl_family_rcv_msg_doit\t\tieee802154_unregister_hw\nieee802154_del_iface\t\t\tieee802154_remove_interfaces\nrdev_del_virtual_intf_deprecated\tlist_del(\u0026sdata-\u003elist)\nieee802154_if_remove\nlist_del_rcu\n\nThe net device has been unregistered, since the rcu grace period,\nunregistration must be run before ieee802154_if_remove.\n\nTo avoid this issue, add a check for local-\u003einterfaces before deleting\nsdata list.\n\n[1]\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 UID: 0 PID: 6277 Comm: syz-executor157 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:__list_del_entry_valid_or_report+0xf4/0x140 lib/list_debug.c:56\nCode: e8 a1 7e 00 07 90 0f 0b 48 c7 c7 e0 37 60 8c 4c 89 fe e8 8f 7e 00 07 90 0f 0b 48 c7 c7 40 38 60 8c 4c 89 fe e8 7d 7e 00 07 90 \u003c0f\u003e 0b 48 c7 c7 a0 38 60 8c 4c 89 fe e8 6b 7e 00 07 90 0f 0b 48 c7\nRSP: 0018:ffffc9000490f3d0 EFLAGS: 00010246\nRAX: 000000000000004e RBX: dead000000000122 RCX: d211eee56bb28d00\nRDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\nRBP: ffff88805b278dd8 R08: ffffffff8174a12c R09: 1ffffffff2852f0d\nR10: dffffc0000000000 R11: fffffbfff2852f0e R12: dffffc0000000000\nR13: dffffc0000000000 R14: dead000000000100 R15: ffff88805b278cc0\nFS: 0000555572f94380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000056262e4a3000 CR3: 0000000078496000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __list_del_entry_valid include/linux/list.h:124 [inline]\n __list_del_entry include/linux/list.h:215 [inline]\n list_del_rcu include/linux/rculist.h:157 [inline]\n ieee802154_if_remove+0x86/0x1e0 net/mac802154/iface.c:687\n rdev_del_virtual_intf_deprecated net/ieee802154/rdev-ops.h:24 [inline]\n ieee802154_del_iface+0x2c0/0x5c0 net/ieee802154/nl-phy.c:323\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:744\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2607\n ___sys_sendmsg net/socket.c:2661 [inline]\n __sys_sendmsg+0x292/0x380 net/socket.c:2690\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57948",
"url": "https://www.suse.com/security/cve/CVE-2024-57948"
},
{
"category": "external",
"summary": "SUSE Bug 1236677 for CVE-2024-57948",
"url": "https://bugzilla.suse.com/1236677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57948"
},
{
"cve": "CVE-2024-57973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57973"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrdma/cxgb4: Prevent potential integer overflow on 32bit\n\nThe \"gl-\u003etot_len\" variable is controlled by the user. It comes from\nprocess_responses(). On 32bit systems, the \"gl-\u003etot_len + sizeof(struct\ncpl_pass_accept_req) + sizeof(struct rss_header)\" addition could have an\ninteger wrapping bug. Use size_add() to prevent this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57973",
"url": "https://www.suse.com/security/cve/CVE-2024-57973"
},
{
"category": "external",
"summary": "SUSE Bug 1238531 for CVE-2024-57973",
"url": "https://bugzilla.suse.com/1238531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57973"
},
{
"cve": "CVE-2024-57974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudp: Deal with race between UDP socket address change and rehash\n\nIf a UDP socket changes its local address while it\u0027s receiving\ndatagrams, as a result of connect(), there is a period during which\na lookup operation might fail to find it, after the address is changed\nbut before the secondary hash (port and address) and the four-tuple\nhash (local and remote ports and addresses) are updated.\n\nSecondary hash chains were introduced by commit 30fff9231fad (\"udp:\nbind() optimisation\") and, as a result, a rehash operation became\nneeded to make a bound socket reachable again after a connect().\n\nThis operation was introduced by commit 719f835853a9 (\"udp: add\nrehash on connect()\") which isn\u0027t however a complete fix: the\nsocket will be found once the rehashing completes, but not while\nit\u0027s pending.\n\nThis is noticeable with a socat(1) server in UDP4-LISTEN mode, and a\nclient sending datagrams to it. After the server receives the first\ndatagram (cf. _xioopen_ipdgram_listen()), it issues a connect() to\nthe address of the sender, in order to set up a directed flow.\n\nNow, if the client, running on a different CPU thread, happens to\nsend a (subsequent) datagram while the server\u0027s socket changes its\naddress, but is not rehashed yet, this will result in a failed\nlookup and a port unreachable error delivered to the client, as\napparent from the following reproducer:\n\n LEN=$(($(cat /proc/sys/net/core/wmem_default) / 4))\n dd if=/dev/urandom bs=1 count=${LEN} of=tmp.in\n\n while :; do\n \ttaskset -c 1 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,trunc \u0026\n \tsleep 0.1 || sleep 1\n \ttaskset -c 2 socat OPEN:tmp.in UDP4:localhost:1337,shut-null\n \twait\n done\n\nwhere the client will eventually get ECONNREFUSED on a write()\n(typically the second or third one of a given iteration):\n\n 2024/11/13 21:28:23 socat[46901] E write(6, 0x556db2e3c000, 8192): Connection refused\n\nThis issue was first observed as a seldom failure in Podman\u0027s tests\nchecking UDP functionality while using pasta(1) to connect the\ncontainer\u0027s network namespace, which leads us to a reproducer with\nthe lookup error resulting in an ICMP packet on a tap device:\n\n LOCAL_ADDR=\"$(ip -j -4 addr show|jq -rM \u0027.[] | .addr_info[0] | select(.scope == \"global\").local\u0027)\"\n\n while :; do\n \t./pasta --config-net -p pasta.pcap -u 1337 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,trunc \u0026\n \tsleep 0.2 || sleep 1\n \tsocat OPEN:tmp.in UDP4:${LOCAL_ADDR}:1337,shut-null\n \twait\n \tcmp tmp.in tmp.out\n done\n\nOnce this fails:\n\n tmp.in tmp.out differ: char 8193, line 29\n\nwe can finally have a look at what\u0027s going on:\n\n $ tshark -r pasta.pcap\n 1 0.000000 :: ? ff02::16 ICMPv6 110 Multicast Listener Report Message v2\n 2 0.168690 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 3 0.168767 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 4 0.168806 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 5 0.168827 c6:47:05:8d:dc:04 ? Broadcast ARP 42 Who has 88.198.0.161? Tell 88.198.0.164\n 6 0.168851 9a:55:9a:55:9a:55 ? c6:47:05:8d:dc:04 ARP 42 88.198.0.161 is at 9a:55:9a:55:9a:55\n 7 0.168875 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 8 0.168896 88.198.0.164 ? 88.198.0.161 ICMP 590 Destination unreachable (Port unreachable)\n 9 0.168926 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 10 0.168959 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 11 0.168989 88.198.0.161 ? 88.198.0.164 UDP 4138 60260 ? 1337 Len=4096\n 12 0.169010 88.198.0.161 ? 88.198.0.164 UDP 42 60260 ? 1337 Len=0\n\nOn the third datagram received, the network namespace of the container\ninitiates an ARP lookup to deliver the ICMP message.\n\nIn another variant of this reproducer, starting the client with:\n\n strace -f pasta --config-net -u 1337 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,tru\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57974",
"url": "https://www.suse.com/security/cve/CVE-2024-57974"
},
{
"category": "external",
"summary": "SUSE Bug 1238532 for CVE-2024-57974",
"url": "https://bugzilla.suse.com/1238532"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57974"
},
{
"cve": "CVE-2024-57978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Fix potential error pointer dereference in detach_pm()\n\nThe proble is on the first line:\n\n\tif (jpeg-\u003epd_dev[i] \u0026\u0026 !pm_runtime_suspended(jpeg-\u003epd_dev[i]))\n\nIf jpeg-\u003epd_dev[i] is an error pointer, then passing it to\npm_runtime_suspended() will lead to an Oops. The other conditions\ncheck for both error pointers and NULL, but it would be more clear to\nuse the IS_ERR_OR_NULL() check for that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57978",
"url": "https://www.suse.com/security/cve/CVE-2024-57978"
},
{
"category": "external",
"summary": "SUSE Bug 1238523 for CVE-2024-57978",
"url": "https://bugzilla.suse.com/1238523"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57978"
},
{
"cve": "CVE-2024-57979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57979"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npps: Fix a use-after-free\n\nOn a board running ntpd and gpsd, I\u0027m seeing a consistent use-after-free\nin sys_exit() from gpsd when rebooting:\n\n pps pps1: removed\n ------------[ cut here ]------------\n kobject: \u0027(null)\u0027 (00000000db4bec24): is not initialized, yet kobject_put() is being called.\n WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150\n CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1\n Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : kobject_put+0x120/0x150\n lr : kobject_put+0x120/0x150\n sp : ffffffc0803d3ae0\n x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001\n x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440\n x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600\n x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20\n x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000\n x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n kobject_put+0x120/0x150\n cdev_put+0x20/0x3c\n __fput+0x2c4/0x2d8\n ____fput+0x1c/0x38\n task_work_run+0x70/0xfc\n do_exit+0x2a0/0x924\n do_group_exit+0x34/0x90\n get_signal+0x7fc/0x8c0\n do_signal+0x128/0x13b4\n do_notify_resume+0xdc/0x160\n el0_svc+0xd4/0xf8\n el0t_64_sync_handler+0x140/0x14c\n el0t_64_sync+0x190/0x194\n ---[ end trace 0000000000000000 ]---\n\n...followed by more symptoms of corruption, with similar stacks:\n\n refcount_t: underflow; use-after-free.\n kernel BUG at lib/list_debug.c:62!\n Kernel panic - not syncing: Oops - BUG: Fatal exception\n\nThis happens because pps_device_destruct() frees the pps_device with the\nembedded cdev immediately after calling cdev_del(), but, as the comment\nabove cdev_del() notes, fops for previously opened cdevs are still\ncallable even after cdev_del() returns. I think this bug has always\nbeen there: I can\u0027t explain why it suddenly started happening every time\nI reboot this particular board.\n\nIn commit d953e0e837e6 (\"pps: Fix a use-after free bug when\nunregistering a source.\"), George Spelvin suggested removing the\nembedded cdev. That seems like the simplest way to fix this, so I\u0027ve\nimplemented his suggestion, using __register_chrdev() with pps_idr\nbecoming the source of truth for which minor corresponds to which\ndevice.\n\nBut now that pps_idr defines userspace visibility instead of cdev_add(),\nwe need to be sure the pps-\u003edev refcount can\u0027t reach zero while\nuserspace can still find it again. So, the idr_remove() call moves to\npps_unregister_cdev(), and pps_idr now holds a reference to pps-\u003edev.\n\n pps_core: source serial1 got cdev (251:1)\n \u003c...\u003e\n pps pps1: removed\n pps_core: unregistering pps1\n pps_core: deallocating pps1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57979",
"url": "https://www.suse.com/security/cve/CVE-2024-57979"
},
{
"category": "external",
"summary": "SUSE Bug 1238521 for CVE-2024-57979",
"url": "https://bugzilla.suse.com/1238521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57979"
},
{
"cve": "CVE-2024-57980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix double free in error path\n\nIf the uvc_status_init() function fails to allocate the int_urb, it will\nfree the dev-\u003estatus pointer but doesn\u0027t reset the pointer to NULL. This\nresults in the kfree() call in uvc_status_cleanup() trying to\ndouble-free the memory. Fix it by resetting the dev-\u003estatus pointer to\nNULL after freeing it.\n\nReviewed by: Ricardo Ribalda \u003cribalda@chromium.org\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57980",
"url": "https://www.suse.com/security/cve/CVE-2024-57980"
},
{
"category": "external",
"summary": "SUSE Bug 1237911 for CVE-2024-57980",
"url": "https://bugzilla.suse.com/1237911"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57980"
},
{
"cve": "CVE-2024-57981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Fix NULL pointer dereference on certain command aborts\n\nIf a command is queued to the final usable TRB of a ring segment, the\nenqueue pointer is advanced to the subsequent link TRB and no further.\nIf the command is later aborted, when the abort completion is handled\nthe dequeue pointer is advanced to the first TRB of the next segment.\n\nIf no further commands are queued, xhci_handle_stopped_cmd_ring() sees\nthe ring pointers unequal and assumes that there is a pending command,\nso it calls xhci_mod_cmd_timer() which crashes if cur_cmd was NULL.\n\nDon\u0027t attempt timer setup if cur_cmd is NULL. The subsequent doorbell\nring likely is unnecessary too, but it\u0027s harmless. Leave it alone.\n\nThis is probably Bug 219532, but no confirmation has been received.\n\nThe issue has been independently reproduced and confirmed fixed using\na USB MCU programmed to NAK the Status stage of SET_ADDRESS forever.\nEverything continued working normally after several prevented crashes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57981",
"url": "https://www.suse.com/security/cve/CVE-2024-57981"
},
{
"category": "external",
"summary": "SUSE Bug 1237912 for CVE-2024-57981",
"url": "https://bugzilla.suse.com/1237912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57981"
},
{
"cve": "CVE-2024-57986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57986"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: Fix assumption that Resolution Multipliers must be in Logical Collections\n\nA report in 2019 by the syzbot fuzzer was found to be connected to two\nerrors in the HID core associated with Resolution Multipliers. One of\nthe errors was fixed by commit ea427a222d8b (\"HID: core: Fix deadloop\nin hid_apply_multiplier.\"), but the other has not been fixed.\n\nThis error arises because hid_apply_multipler() assumes that every\nResolution Multiplier control is contained in a Logical Collection,\ni.e., there\u0027s no way the routine can ever set multiplier_collection to\nNULL. This is in spite of the fact that the function starts with a\nbig comment saying:\n\n\t * \"The Resolution Multiplier control must be contained in the same\n\t * Logical Collection as the control(s) to which it is to be applied.\n\t ...\n\t * If no Logical Collection is\n\t * defined, the Resolution Multiplier is associated with all\n\t * controls in the report.\"\n\t * HID Usage Table, v1.12, Section 4.3.1, p30\n\t *\n\t * Thus, search from the current collection upwards until we find a\n\t * logical collection...\n\nThe comment and the code overlook the possibility that none of the\ncollections found may be a Logical Collection.\n\nThe fix is to set the multiplier_collection pointer to NULL if the\ncollection found isn\u0027t a Logical Collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57986",
"url": "https://www.suse.com/security/cve/CVE-2024-57986"
},
{
"category": "external",
"summary": "SUSE Bug 1237907 for CVE-2024-57986",
"url": "https://bugzilla.suse.com/1237907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57986"
},
{
"cve": "CVE-2024-57990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57990"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925: fix off by one in mt7925_load_clc()\n\nThis comparison should be \u003e= instead of \u003e to prevent an out of bounds\nread and write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57990",
"url": "https://www.suse.com/security/cve/CVE-2024-57990"
},
{
"category": "external",
"summary": "SUSE Bug 1237900 for CVE-2024-57990",
"url": "https://bugzilla.suse.com/1237900"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57990"
},
{
"cve": "CVE-2024-57993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check\n\nsyzbot has found a type mismatch between a USB pipe and the transfer\nendpoint, which is triggered by the hid-thrustmaster driver[1].\nThere is a number of similar, already fixed issues [2].\nIn this case as in others, implementing check for endpoint type fixes the issue.\n\n[1] https://syzkaller.appspot.com/bug?extid=040e8b3db6a96908d470\n[2] https://syzkaller.appspot.com/bug?extid=348331f63b034f89b622",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57993",
"url": "https://www.suse.com/security/cve/CVE-2024-57993"
},
{
"category": "external",
"summary": "SUSE Bug 1237894 for CVE-2024-57993",
"url": "https://bugzilla.suse.com/1237894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57993"
},
{
"cve": "CVE-2024-57994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()\n\nJakub added a lockdep_assert_no_hardirq() check in __page_pool_put_page()\nto increase test coverage.\n\nsyzbot found a splat caused by hard irq blocking in\nptr_ring_resize_multiple() [1]\n\nAs current users of ptr_ring_resize_multiple() do not require\nhard irqs being masked, replace it to only block BH.\n\nRename helpers to better reflect they are safe against BH only.\n\n- ptr_ring_resize_multiple() to ptr_ring_resize_multiple_bh()\n- skb_array_resize_multiple() to skb_array_resize_multiple_bh()\n\n[1]\n\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 __page_pool_put_page net/core/page_pool.c:709 [inline]\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nModules linked in:\nCPU: 1 UID: 0 PID: 9150 Comm: syz.1.1052 Not tainted 6.11.0-rc3-syzkaller-00202-gf8669d7b5f5d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:__page_pool_put_page net/core/page_pool.c:709 [inline]\nRIP: 0010:page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nCode: 74 0e e8 7c aa fb f7 eb 43 e8 75 aa fb f7 eb 3c 65 8b 1d 38 a8 6a 76 31 ff 89 de e8 a3 ae fb f7 85 db 74 0b e8 5a aa fb f7 90 \u003c0f\u003e 0b 90 eb 1d 65 8b 1d 15 a8 6a 76 31 ff 89 de e8 84 ae fb f7 85\nRSP: 0018:ffffc9000bda6b58 EFLAGS: 00010083\nRAX: ffffffff8997e523 RBX: 0000000000000000 RCX: 0000000000040000\nRDX: ffffc9000fbd0000 RSI: 0000000000001842 RDI: 0000000000001843\nRBP: 0000000000000000 R08: ffffffff8997df2c R09: 1ffffd40003a000d\nR10: dffffc0000000000 R11: fffff940003a000e R12: ffffea0001d00040\nR13: ffff88802e8a4000 R14: dffffc0000000000 R15: 00000000ffffffff\nFS: 00007fb7aaf716c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fa15a0d4b72 CR3: 00000000561b0000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n tun_ptr_free drivers/net/tun.c:617 [inline]\n __ptr_ring_swap_queue include/linux/ptr_ring.h:571 [inline]\n ptr_ring_resize_multiple_noprof include/linux/ptr_ring.h:643 [inline]\n tun_queue_resize drivers/net/tun.c:3694 [inline]\n tun_device_event+0xaaf/0x1080 drivers/net/tun.c:3714\n notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93\n call_netdevice_notifiers_extack net/core/dev.c:2032 [inline]\n call_netdevice_notifiers net/core/dev.c:2046 [inline]\n dev_change_tx_queue_len+0x158/0x2a0 net/core/dev.c:9024\n do_setlink+0xff6/0x41f0 net/core/rtnetlink.c:2923\n rtnl_setlink+0x40d/0x5a0 net/core/rtnetlink.c:3201\n rtnetlink_rcv_msg+0x73f/0xcf0 net/core/rtnetlink.c:6647\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2550",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57994",
"url": "https://www.suse.com/security/cve/CVE-2024-57994"
},
{
"category": "external",
"summary": "SUSE Bug 1237901 for CVE-2024-57994",
"url": "https://bugzilla.suse.com/1237901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57994"
},
{
"cve": "CVE-2024-57996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: don\u0027t allow 1 packet limit\n\nThe current implementation does not work correctly with a limit of\n1. iproute2 actually checks for this and this patch adds the check in\nkernel as well.\n\nThis fixes the following syzkaller reported crash:\n\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:210:6\nindex 65535 is out of range for type \u0027struct sfq_head[128]\u0027\nCPU: 0 PID: 2569 Comm: syz-executor101 Not tainted 5.10.0-smp-DEV #1\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n __dump_stack lib/dump_stack.c:79 [inline]\n dump_stack+0x125/0x19f lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:148 [inline]\n __ubsan_handle_out_of_bounds+0xed/0x120 lib/ubsan.c:347\n sfq_link net/sched/sch_sfq.c:210 [inline]\n sfq_dec+0x528/0x600 net/sched/sch_sfq.c:238\n sfq_dequeue+0x39b/0x9d0 net/sched/sch_sfq.c:500\n sfq_reset+0x13/0x50 net/sched/sch_sfq.c:525\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n tbf_reset+0x3d/0x100 net/sched/sch_tbf.c:319\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n dev_reset_queue+0x8c/0x140 net/sched/sch_generic.c:1296\n netdev_for_each_tx_queue include/linux/netdevice.h:2350 [inline]\n dev_deactivate_many+0x6dc/0xc20 net/sched/sch_generic.c:1362\n __dev_close_many+0x214/0x350 net/core/dev.c:1468\n dev_close_many+0x207/0x510 net/core/dev.c:1506\n unregister_netdevice_many+0x40f/0x16b0 net/core/dev.c:10738\n unregister_netdevice_queue+0x2be/0x310 net/core/dev.c:10695\n unregister_netdevice include/linux/netdevice.h:2893 [inline]\n __tun_detach+0x6b6/0x1600 drivers/net/tun.c:689\n tun_detach drivers/net/tun.c:705 [inline]\n tun_chr_close+0x104/0x1b0 drivers/net/tun.c:3640\n __fput+0x203/0x840 fs/file_table.c:280\n task_work_run+0x129/0x1b0 kernel/task_work.c:185\n exit_task_work include/linux/task_work.h:33 [inline]\n do_exit+0x5ce/0x2200 kernel/exit.c:931\n do_group_exit+0x144/0x310 kernel/exit.c:1046\n __do_sys_exit_group kernel/exit.c:1057 [inline]\n __se_sys_exit_group kernel/exit.c:1055 [inline]\n __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1055\n do_syscall_64+0x6c/0xd0\n entry_SYSCALL_64_after_hwframe+0x61/0xcb\nRIP: 0033:0x7fe5e7b52479\nCode: Unable to access opcode bytes at RIP 0x7fe5e7b5244f.\nRSP: 002b:00007ffd3c800398 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe5e7b52479\nRDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000\nRBP: 00007fe5e7bcd2d0 R08: ffffffffffffffb8 R09: 0000000000000014\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5e7bcd2d0\nR13: 0000000000000000 R14: 00007fe5e7bcdd20 R15: 00007fe5e7b24270\n\nThe crash can be also be reproduced with the following (with a tc\nrecompiled to allow for sfq limits of 1):\n\ntc qdisc add dev dummy0 handle 1: root tbf rate 1Kbit burst 100b lat 1s\n../iproute2-6.9.0/tc/tc qdisc add dev dummy0 handle 2: parent 1:10 sfq limit 1\nifconfig dummy0 up\nping -I dummy0 -f -c2 -W0.1 8.8.8.8\nsleep 1\n\nScenario that triggers the crash:\n\n* the first packet is sent and queued in TBF and SFQ; qdisc qlen is 1\n\n* TBF dequeues: it peeks from SFQ which moves the packet to the\n gso_skb list and keeps qdisc qlen set to 1. TBF is out of tokens so\n it schedules itself for later.\n\n* the second packet is sent and TBF tries to queues it to SFQ. qdisc\n qlen is now 2 and because the SFQ limit is 1 the packet is dropped\n by SFQ. At this point qlen is 1, and all of the SFQ slots are empty,\n however q-\u003etail is not NULL.\n\nAt this point, assuming no more packets are queued, when sch_dequeue\nruns again it will decrement the qlen for the current empty slot\ncausing an underflow and the subsequent out of bounds access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57996",
"url": "https://www.suse.com/security/cve/CVE-2024-57996"
},
{
"category": "external",
"summary": "SUSE Bug 1239076 for CVE-2024-57996",
"url": "https://bugzilla.suse.com/1239076"
},
{
"category": "external",
"summary": "SUSE Bug 1239077 for CVE-2024-57996",
"url": "https://bugzilla.suse.com/1239077"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-57996"
},
{
"cve": "CVE-2024-57997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57997"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wcn36xx: fix channel survey memory allocation size\n\nKASAN reported a memory allocation issue in wcn-\u003echan_survey\ndue to incorrect size calculation.\nThis commit uses kcalloc to allocate memory for wcn-\u003echan_survey,\nensuring proper initialization and preventing the use of uninitialized\nvalues when there are no frames on the channel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57997",
"url": "https://www.suse.com/security/cve/CVE-2024-57997"
},
{
"category": "external",
"summary": "SUSE Bug 1238529 for CVE-2024-57997",
"url": "https://bugzilla.suse.com/1238529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57997"
},
{
"cve": "CVE-2024-57999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57999"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW\n\nPower Hypervisor can possibily allocate MMIO window intersecting with\nDynamic DMA Window (DDW) range, which is over 32-bit addressing.\n\nThese MMIO pages needs to be marked as reserved so that IOMMU doesn\u0027t map\nDMA buffers in this range.\n\nThe current code is not marking these pages correctly which is resulting\nin LPAR to OOPS while booting. The stack is at below\n\nBUG: Unable to handle kernel data access on read at 0xc00800005cd40000\nFaulting instruction address: 0xc00000000005cdac\nOops: Kernel access of bad area, sig: 11 [#1]\nLE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries\nModules linked in: af_packet rfkill ibmveth(X) lpfc(+) nvmet_fc nvmet nvme_keyring crct10dif_vpmsum nvme_fc nvme_fabrics nvme_core be2net(+) nvme_auth rtc_generic nfsd auth_rpcgss nfs_acl lockd grace sunrpc fuse configfs ip_tables x_tables xfs libcrc32c dm_service_time ibmvfc(X) scsi_transport_fc vmx_crypto gf128mul crc32c_vpmsum dm_mirror dm_region_hash dm_log dm_multipath dm_mod sd_mod scsi_dh_emc scsi_dh_rdac scsi_dh_alua t10_pi crc64_rocksoft_generic crc64_rocksoft sg crc64 scsi_mod\nSupported: Yes, External\nCPU: 8 PID: 241 Comm: kworker/8:1 Kdump: loaded Not tainted 6.4.0-150600.23.14-default #1 SLE15-SP6 b44ee71c81261b9e4bab5e0cde1f2ed891d5359b\nHardware name: IBM,9080-M9S POWER9 (raw) 0x4e2103 0xf000005 of:IBM,FW950.B0 (VH950_149) hv:phyp pSeries\nWorkqueue: events work_for_cpu_fn\nNIP: c00000000005cdac LR: c00000000005e830 CTR: 0000000000000000\nREGS: c00001400c9ff770 TRAP: 0300 Not tainted (6.4.0-150600.23.14-default)\nMSR: 800000000280b033 \u003cSF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE\u003e CR: 24228448 XER: 00000001\nCFAR: c00000000005cdd4 DAR: c00800005cd40000 DSISR: 40000000 IRQMASK: 0\nGPR00: c00000000005e830 c00001400c9ffa10 c000000001987d00 c00001400c4fe800\nGPR04: 0000080000000000 0000000000000001 0000000004000000 0000000000800000\nGPR08: 0000000004000000 0000000000000001 c00800005cd40000 ffffffffffffffff\nGPR12: 0000000084228882 c00000000a4c4f00 0000000000000010 0000080000000000\nGPR16: c00001400c4fe800 0000000004000000 0800000000000000 c00000006088b800\nGPR20: c00001401a7be980 c00001400eff3800 c000000002a2da68 000000000000002b\nGPR24: c0000000026793a8 c000000002679368 000000000000002a c0000000026793c8\nGPR28: 000008007effffff 0000080000000000 0000000000800000 c00001400c4fe800\nNIP [c00000000005cdac] iommu_table_reserve_pages+0xac/0x100\nLR [c00000000005e830] iommu_init_table+0x80/0x1e0\nCall Trace:\n[c00001400c9ffa10] [c00000000005e810] iommu_init_table+0x60/0x1e0 (unreliable)\n[c00001400c9ffa90] [c00000000010356c] iommu_bypass_supported_pSeriesLP+0x9cc/0xe40\n[c00001400c9ffc30] [c00000000005c300] dma_iommu_dma_supported+0xf0/0x230\n[c00001400c9ffcb0] [c00000000024b0c4] dma_supported+0x44/0x90\n[c00001400c9ffcd0] [c00000000024b14c] dma_set_mask+0x3c/0x80\n[c00001400c9ffd00] [c0080000555b715c] be_probe+0xc4/0xb90 [be2net]\n[c00001400c9ffdc0] [c000000000986f3c] local_pci_probe+0x6c/0x110\n[c00001400c9ffe40] [c000000000188f28] work_for_cpu_fn+0x38/0x60\n[c00001400c9ffe70] [c00000000018e454] process_one_work+0x314/0x620\n[c00001400c9fff10] [c00000000018f280] worker_thread+0x2b0/0x620\n[c00001400c9fff90] [c00000000019bb18] kthread+0x148/0x150\n[c00001400c9fffe0] [c00000000000ded8] start_kernel_thread+0x14/0x18\n\nThere are 2 issues in the code\n\n1. The index is \"int\" while the address is \"unsigned long\". This results in\n negative value when setting the bitmap.\n\n2. The DMA offset is page shifted but the MMIO range is used as-is (64-bit\n address). MMIO address needs to be page shifted as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57999",
"url": "https://www.suse.com/security/cve/CVE-2024-57999"
},
{
"category": "external",
"summary": "SUSE Bug 1238526 for CVE-2024-57999",
"url": "https://bugzilla.suse.com/1238526"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57999"
},
{
"cve": "CVE-2024-58002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58002"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Remove dangling pointers\n\nWhen an async control is written, we copy a pointer to the file handle\nthat started the operation. That pointer will be used when the device is\ndone. Which could be anytime in the future.\n\nIf the user closes that file descriptor, its structure will be freed,\nand there will be one dangling pointer per pending async control, that\nthe driver will try to use.\n\nClean all the dangling pointers during release().\n\nTo avoid adding a performance penalty in the most common case (no async\noperation), a counter has been introduced with some logic to make sure\nthat it is properly handled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58002",
"url": "https://www.suse.com/security/cve/CVE-2024-58002"
},
{
"category": "external",
"summary": "SUSE Bug 1238503 for CVE-2024-58002",
"url": "https://bugzilla.suse.com/1238503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58002"
},
{
"cve": "CVE-2024-58005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Change to kvalloc() in eventlog/acpi.c\n\nThe following failure was reported on HPE ProLiant D320:\n\n[ 10.693310][ T1] tpm_tis STM0925:00: 2.0 TPM (device-id 0x3, rev-id 0)\n[ 10.848132][ T1] ------------[ cut here ]------------\n[ 10.853559][ T1] WARNING: CPU: 59 PID: 1 at mm/page_alloc.c:4727 __alloc_pages_noprof+0x2ca/0x330\n[ 10.862827][ T1] Modules linked in:\n[ 10.866671][ T1] CPU: 59 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-lp155.2.g52785e2-default #1 openSUSE Tumbleweed (unreleased) 588cd98293a7c9eba9013378d807364c088c9375\n[ 10.882741][ T1] Hardware name: HPE ProLiant DL320 Gen12/ProLiant DL320 Gen12, BIOS 1.20 10/28/2024\n[ 10.892170][ T1] RIP: 0010:__alloc_pages_noprof+0x2ca/0x330\n[ 10.898103][ T1] Code: 24 08 e9 4a fe ff ff e8 34 36 fa ff e9 88 fe ff ff 83 fe 0a 0f 86 b3 fd ff ff 80 3d 01 e7 ce 01 00 75 09 c6 05 f8 e6 ce 01 01 \u003c0f\u003e 0b 45 31 ff e9 e5 fe ff ff f7 c2 00 00 08 00 75 42 89 d9 80 e1\n[ 10.917750][ T1] RSP: 0000:ffffb7cf40077980 EFLAGS: 00010246\n[ 10.923777][ T1] RAX: 0000000000000000 RBX: 0000000000040cc0 RCX: 0000000000000000\n[ 10.931727][ T1] RDX: 0000000000000000 RSI: 000000000000000c RDI: 0000000000040cc0\n\nThe above transcript shows that ACPI pointed a 16 MiB buffer for the log\nevents because RSI maps to the \u0027order\u0027 parameter of __alloc_pages_noprof().\nAddress the bug by moving from devm_kmalloc() to devm_add_action() and\nkvmalloc() and devm_add_action().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58005",
"url": "https://www.suse.com/security/cve/CVE-2024-58005"
},
{
"category": "external",
"summary": "SUSE Bug 1237873 for CVE-2024-58005",
"url": "https://bugzilla.suse.com/1237873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58005"
},
{
"cve": "CVE-2024-58006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58006"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()\n\nIn commit 4284c88fff0e (\"PCI: designware-ep: Allow pci_epc_set_bar() update\ninbound map address\") set_bar() was modified to support dynamically\nchanging the backing physical address of a BAR that was already configured.\n\nThis means that set_bar() can be called twice, without ever calling\nclear_bar() (as calling clear_bar() would clear the BAR\u0027s PCI address\nassigned by the host).\n\nThis can only be done if the new BAR size/flags does not differ from the\nexisting BAR configuration. Add these missing checks.\n\nIf we allow set_bar() to set e.g. a new BAR size that differs from the\nexisting BAR size, the new address translation range will be smaller than\nthe BAR size already determined by the host, which would mean that a read\npast the new BAR size would pass the iATU untranslated, which could allow\nthe host to read memory not belonging to the new struct pci_epf_bar.\n\nWhile at it, add comments which clarifies the support for dynamically\nchanging the physical address of a BAR. (Which was also missing.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58006",
"url": "https://www.suse.com/security/cve/CVE-2024-58006"
},
{
"category": "external",
"summary": "SUSE Bug 1238772 for CVE-2024-58006",
"url": "https://bugzilla.suse.com/1238772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58006"
},
{
"cve": "CVE-2024-58007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58007"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: socinfo: Avoid out of bounds read of serial number\n\nOn MSM8916 devices, the serial number exposed in sysfs is constant and does\nnot change across individual devices. It\u0027s always:\n\n db410c:/sys/devices/soc0$ cat serial_number\n 2644893864\n\nThe firmware used on MSM8916 exposes SOCINFO_VERSION(0, 8), which does not\nhave support for the serial_num field in the socinfo struct. There is an\nexisting check to avoid exposing the serial number in that case, but it\u0027s\nnot correct: When checking the item_size returned by SMEM, we need to make\nsure the *end* of the serial_num is within bounds, instead of comparing\nwith the *start* offset. The serial_number currently exposed on MSM8916\ndevices is just an out of bounds read of whatever comes after the socinfo\nstruct in SMEM.\n\nFix this by changing offsetof() to offsetofend(), so that the size of the\nfield is also taken into account.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58007",
"url": "https://www.suse.com/security/cve/CVE-2024-58007"
},
{
"category": "external",
"summary": "SUSE Bug 1238511 for CVE-2024-58007",
"url": "https://bugzilla.suse.com/1238511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58007"
},
{
"cve": "CVE-2024-58009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc\n\nA NULL sock pointer is passed into l2cap_sock_alloc() when it is called\nfrom l2cap_sock_new_connection_cb() and the error handling paths should\nalso be aware of it.\n\nSeemingly a more elegant solution would be to swap bt_sock_alloc() and\nl2cap_chan_create() calls since they are not interdependent to that moment\nbut then l2cap_chan_create() adds the soon to be deallocated and still\ndummy-initialized channel to the global list accessible by many L2CAP\npaths. The channel would be removed from the list in short period of time\nbut be a bit more straight-forward here and just check for NULL instead of\nchanging the order of function calls.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58009",
"url": "https://www.suse.com/security/cve/CVE-2024-58009"
},
{
"category": "external",
"summary": "SUSE Bug 1238760 for CVE-2024-58009",
"url": "https://bugzilla.suse.com/1238760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58009"
},
{
"cve": "CVE-2024-58011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58011"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: int3472: Check for adev == NULL\n\nNot all devices have an ACPI companion fwnode, so adev might be NULL. This\ncan e.g. (theoretically) happen when a user manually binds one of\nthe int3472 drivers to another i2c/platform device through sysfs.\n\nAdd a check for adev not being set and return -ENODEV in that case to\navoid a possible NULL pointer deref in skl_int3472_get_acpi_buffer().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58011",
"url": "https://www.suse.com/security/cve/CVE-2024-58011"
},
{
"category": "external",
"summary": "SUSE Bug 1239080 for CVE-2024-58011",
"url": "https://bugzilla.suse.com/1239080"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58011"
},
{
"cve": "CVE-2024-58012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58012"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params\n\nEach cpu DAI should associate with a widget. However, the topology might\nnot create the right number of DAI widgets for aggregated amps. And it\nwill cause NULL pointer deference.\nCheck that the DAI widget associated with the CPU DAI is valid to prevent\nNULL pointer deference due to missing DAI widgets in topologies with\naggregated amps.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58012",
"url": "https://www.suse.com/security/cve/CVE-2024-58012"
},
{
"category": "external",
"summary": "SUSE Bug 1239104 for CVE-2024-58012",
"url": "https://bugzilla.suse.com/1239104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58012"
},
{
"cve": "CVE-2024-58013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync\n\nThis fixes the following crash:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543\nRead of size 8 at addr ffff88814128f898 by task kworker/u9:4/5961\n\nCPU: 1 UID: 0 PID: 5961 Comm: kworker/u9:4 Not tainted 6.12.0-syzkaller-10684-gf1cd565ce577 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543\n hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nAllocated by task 16026:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4314\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n mgmt_pending_new+0x65/0x250 net/bluetooth/mgmt_util.c:269\n mgmt_pending_add+0x36/0x120 net/bluetooth/mgmt_util.c:296\n remove_adv_monitor+0x102/0x1b0 net/bluetooth/mgmt.c:5568\n hci_mgmt_cmd+0xc47/0x11d0 net/bluetooth/hci_sock.c:1712\n hci_sock_sendmsg+0x7b8/0x11c0 net/bluetooth/hci_sock.c:1832\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:726\n sock_write_iter+0x2d7/0x3f0 net/socket.c:1147\n new_sync_write fs/read_write.c:586 [inline]\n vfs_write+0xaeb/0xd30 fs/read_write.c:679\n ksys_write+0x18f/0x2b0 fs/read_write.c:731\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 16022:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2338 [inline]\n slab_free mm/slub.c:4598 [inline]\n kfree+0x196/0x420 mm/slub.c:4746\n mgmt_pending_foreach+0xd1/0x130 net/bluetooth/mgmt_util.c:259\n __mgmt_power_off+0x183/0x430 net/bluetooth/mgmt.c:9550\n hci_dev_close_sync+0x6c4/0x11c0 net/bluetooth/hci_sync.c:5208\n hci_dev_do_close net/bluetooth/hci_core.c:483 [inline]\n hci_dev_close+0x112/0x210 net/bluetooth/hci_core.c:508\n sock_do_ioctl+0x158/0x460 net/socket.c:1209\n sock_ioctl+0x626/0x8e0 net/socket.c:1328\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58013",
"url": "https://www.suse.com/security/cve/CVE-2024-58013"
},
{
"category": "external",
"summary": "SUSE Bug 1239095 for CVE-2024-58013",
"url": "https://bugzilla.suse.com/1239095"
},
{
"category": "external",
"summary": "SUSE Bug 1239096 for CVE-2024-58013",
"url": "https://bugzilla.suse.com/1239096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-58013"
},
{
"cve": "CVE-2024-58014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58014"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()\n\nIn \u0027wlc_phy_iqcal_gainparams_nphy()\u0027, add gain range check to WARN()\ninstead of possible out-of-bounds \u0027tbl_iqcal_gainparams_nphy\u0027 access.\nCompile tested only.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58014",
"url": "https://www.suse.com/security/cve/CVE-2024-58014"
},
{
"category": "external",
"summary": "SUSE Bug 1239109 for CVE-2024-58014",
"url": "https://bugzilla.suse.com/1239109"
},
{
"category": "external",
"summary": "SUSE Bug 1239110 for CVE-2024-58014",
"url": "https://bugzilla.suse.com/1239110"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-58014"
},
{
"cve": "CVE-2024-58017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58017"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nprintk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX\n\nShifting 1 \u003c\u003c 31 on a 32-bit int causes signed integer overflow, which\nleads to undefined behavior. To prevent this, cast 1 to u32 before\nperforming the shift, ensuring well-defined behavior.\n\nThis change explicitly avoids any potential overflow by ensuring that\nthe shift occurs on an unsigned 32-bit integer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58017",
"url": "https://www.suse.com/security/cve/CVE-2024-58017"
},
{
"category": "external",
"summary": "SUSE Bug 1239112 for CVE-2024-58017",
"url": "https://bugzilla.suse.com/1239112"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58017"
},
{
"cve": "CVE-2024-58018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58018"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvkm: correctly calculate the available space of the GSP cmdq buffer\n\nr535_gsp_cmdq_push() waits for the available page in the GSP cmdq\nbuffer when handling a large RPC request. When it sees at least one\navailable page in the cmdq, it quits the waiting with the amount of\nfree buffer pages in the queue.\n\nUnfortunately, it always takes the [write pointer, buf_size) as\navailable buffer pages before rolling back and wrongly calculates the\nsize of the data should be copied. Thus, it can overwrite the RPC\nrequest that GSP is currently reading, which causes GSP hang due\nto corrupted RPC request:\n\n[ 549.209389] ------------[ cut here ]------------\n[ 549.214010] WARNING: CPU: 8 PID: 6314 at drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c:116 r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.225678] Modules linked in: nvkm(E+) gsp_log(E) snd_seq_dummy(E) snd_hrtimer(E) snd_seq(E) snd_timer(E) snd_seq_device(E) snd(E) soundcore(E) rfkill(E) qrtr(E) vfat(E) fat(E) ipmi_ssif(E) amd_atl(E) intel_rapl_msr(E) intel_rapl_common(E) mlx5_ib(E) amd64_edac(E) edac_mce_amd(E) kvm_amd(E) ib_uverbs(E) kvm(E) ib_core(E) acpi_ipmi(E) ipmi_si(E) mxm_wmi(E) ipmi_devintf(E) rapl(E) i2c_piix4(E) wmi_bmof(E) joydev(E) ptdma(E) acpi_cpufreq(E) k10temp(E) pcspkr(E) ipmi_msghandler(E) xfs(E) libcrc32c(E) ast(E) i2c_algo_bit(E) crct10dif_pclmul(E) drm_shmem_helper(E) nvme_tcp(E) crc32_pclmul(E) ahci(E) drm_kms_helper(E) libahci(E) nvme_fabrics(E) crc32c_intel(E) nvme(E) cdc_ether(E) mlx5_core(E) nvme_core(E) usbnet(E) drm(E) libata(E) ccp(E) ghash_clmulni_intel(E) mii(E) t10_pi(E) mlxfw(E) sp5100_tco(E) psample(E) pci_hyperv_intf(E) wmi(E) dm_multipath(E) sunrpc(E) dm_mirror(E) dm_region_hash(E) dm_log(E) dm_mod(E) be2iscsi(E) bnx2i(E) cnic(E) uio(E) cxgb4i(E) cxgb4(E) tls(E) libcxgbi(E) libcxgb(E) qla4xxx(E)\n[ 549.225752] iscsi_boot_sysfs(E) iscsi_tcp(E) libiscsi_tcp(E) libiscsi(E) scsi_transport_iscsi(E) fuse(E) [last unloaded: gsp_log(E)]\n[ 549.326293] CPU: 8 PID: 6314 Comm: insmod Tainted: G E 6.9.0-rc6+ #1\n[ 549.334039] Hardware name: ASRockRack 1U1G-MILAN/N/ROMED8-NL, BIOS L3.12E 09/06/2022\n[ 549.341781] RIP: 0010:r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.347343] Code: 08 00 00 89 da c1 e2 0c 48 8d ac 11 00 10 00 00 48 8b 0c 24 48 85 c9 74 1f c1 e0 0c 4c 8d 6d 30 83 e8 30 89 01 e9 68 ff ff ff \u003c0f\u003e 0b 49 c7 c5 92 ff ff ff e9 5a ff ff ff ba ff ff ff ff be c0 0c\n[ 549.366090] RSP: 0018:ffffacbccaaeb7d0 EFLAGS: 00010246\n[ 549.371315] RAX: 0000000000000000 RBX: 0000000000000012 RCX: 0000000000923e28\n[ 549.378451] RDX: 0000000000000000 RSI: 0000000055555554 RDI: ffffacbccaaeb730\n[ 549.385590] RBP: 0000000000000001 R08: ffff8bd14d235f70 R09: ffff8bd14d235f70\n[ 549.392721] R10: 0000000000000002 R11: ffff8bd14d233864 R12: 0000000000000020\n[ 549.399854] R13: ffffacbccaaeb818 R14: 0000000000000020 R15: ffff8bb298c67000\n[ 549.406988] FS: 00007f5179244740(0000) GS:ffff8bd14d200000(0000) knlGS:0000000000000000\n[ 549.415076] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 549.420829] CR2: 00007fa844000010 CR3: 00000001567dc005 CR4: 0000000000770ef0\n[ 549.427963] PKRU: 55555554\n[ 549.430672] Call Trace:\n[ 549.433126] \u003cTASK\u003e\n[ 549.435233] ? __warn+0x7f/0x130\n[ 549.438473] ? r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.443426] ? report_bug+0x18a/0x1a0\n[ 549.447098] ? handle_bug+0x3c/0x70\n[ 549.450589] ? exc_invalid_op+0x14/0x70\n[ 549.454430] ? asm_exc_invalid_op+0x16/0x20\n[ 549.458619] ? r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.463565] r535_gsp_msg_recv+0x46/0x230 [nvkm]\n[ 549.468257] r535_gsp_rpc_push+0x106/0x160 [nvkm]\n[ 549.473033] r535_gsp_rpc_rm_ctrl_push+0x40/0x130 [nvkm]\n[ 549.478422] nvidia_grid_init_vgpu_types+0xbc/0xe0 [nvkm]\n[ 549.483899] nvidia_grid_init+0xb1/0xd0 [nvkm]\n[ 549.488420] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 549.493213] nvkm_device_pci_probe+0x305/0x420 [nvkm]\n[ 549.498338] local_pci_probe+0x46/\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58018",
"url": "https://www.suse.com/security/cve/CVE-2024-58018"
},
{
"category": "external",
"summary": "SUSE Bug 1238990 for CVE-2024-58018",
"url": "https://bugzilla.suse.com/1238990"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58018"
},
{
"cve": "CVE-2024-58019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvkm/gsp: correctly advance the read pointer of GSP message queue\n\nA GSP event message consists three parts: message header, RPC header,\nmessage body. GSP calculates the number of pages to write from the\ntotal size of a GSP message. This behavior can be observed from the\nmovement of the write pointer.\n\nHowever, nvkm takes only the size of RPC header and message body as\nthe message size when advancing the read pointer. When handling a\ntwo-page GSP message in the non rollback case, It wrongly takes the\nmessage body of the previous message as the message header of the next\nmessage. As the \"message length\" tends to be zero, in the calculation of\nsize needs to be copied (0 - size of (message header)), the size needs to\nbe copied will be \"0xffffffxx\". It also triggers a kernel panic due to a\nNULL pointer error.\n\n[ 547.614102] msg: 00000f90: ff ff ff ff ff ff ff ff 40 d7 18 fb 8b 00 00 00 ........@.......\n[ 547.622533] msg: 00000fa0: 00 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 ................\n[ 547.630965] msg: 00000fb0: ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ................\n[ 547.639397] msg: 00000fc0: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................\n[ 547.647832] nvkm 0000:c1:00.0: gsp: peek msg rpc fn:0 len:0x0/0xffffffffffffffe0\n[ 547.655225] nvkm 0000:c1:00.0: gsp: get msg rpc fn:0 len:0x0/0xffffffffffffffe0\n[ 547.662532] BUG: kernel NULL pointer dereference, address: 0000000000000020\n[ 547.669485] #PF: supervisor read access in kernel mode\n[ 547.674624] #PF: error_code(0x0000) - not-present page\n[ 547.679755] PGD 0 P4D 0\n[ 547.682294] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 547.686643] CPU: 22 PID: 322 Comm: kworker/22:1 Tainted: G E 6.9.0-rc6+ #1\n[ 547.694893] Hardware name: ASRockRack 1U1G-MILAN/N/ROMED8-NL, BIOS L3.12E 09/06/2022\n[ 547.702626] Workqueue: events r535_gsp_msgq_work [nvkm]\n[ 547.707921] RIP: 0010:r535_gsp_msg_recv+0x87/0x230 [nvkm]\n[ 547.713375] Code: 00 8b 70 08 48 89 e1 31 d2 4c 89 f7 e8 12 f5 ff ff 48 89 c5 48 85 c0 0f 84 cf 00 00 00 48 81 fd 00 f0 ff ff 0f 87 c4 00 00 00 \u003c8b\u003e 55 10 41 8b 46 30 85 d2 0f 85 f6 00 00 00 83 f8 04 76 10 ba 05\n[ 547.732119] RSP: 0018:ffffabe440f87e10 EFLAGS: 00010203\n[ 547.737335] RAX: 0000000000000010 RBX: 0000000000000008 RCX: 000000000000003f\n[ 547.744461] RDX: 0000000000000000 RSI: ffffabe4480a8030 RDI: 0000000000000010\n[ 547.751585] RBP: 0000000000000010 R08: 0000000000000000 R09: ffffabe440f87bb0\n[ 547.758707] R10: ffffabe440f87dc8 R11: 0000000000000010 R12: 0000000000000000\n[ 547.765834] R13: 0000000000000000 R14: ffff9351df1e5000 R15: 0000000000000000\n[ 547.772958] FS: 0000000000000000(0000) GS:ffff93708eb00000(0000) knlGS:0000000000000000\n[ 547.781035] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 547.786771] CR2: 0000000000000020 CR3: 00000003cc220002 CR4: 0000000000770ef0\n[ 547.793896] PKRU: 55555554\n[ 547.796600] Call Trace:\n[ 547.799046] \u003cTASK\u003e\n[ 547.801152] ? __die+0x20/0x70\n[ 547.804211] ? page_fault_oops+0x75/0x170\n[ 547.808221] ? print_hex_dump+0x100/0x160\n[ 547.812226] ? exc_page_fault+0x64/0x150\n[ 547.816152] ? asm_exc_page_fault+0x22/0x30\n[ 547.820341] ? r535_gsp_msg_recv+0x87/0x230 [nvkm]\n[ 547.825184] r535_gsp_msgq_work+0x42/0x50 [nvkm]\n[ 547.829845] process_one_work+0x196/0x3d0\n[ 547.833861] worker_thread+0x2fc/0x410\n[ 547.837613] ? __pfx_worker_thread+0x10/0x10\n[ 547.841885] kthread+0xdf/0x110\n[ 547.845031] ? __pfx_kthread+0x10/0x10\n[ 547.848775] ret_from_fork+0x30/0x50\n[ 547.852354] ? __pfx_kthread+0x10/0x10\n[ 547.856097] ret_from_fork_asm+0x1a/0x30\n[ 547.860019] \u003c/TASK\u003e\n[ 547.862208] Modules linked in: nvkm(E) gsp_log(E) snd_seq_dummy(E) snd_hrtimer(E) snd_seq(E) snd_timer(E) snd_seq_device(E) snd(E) soundcore(E) rfkill(E) qrtr(E) vfat(E) fat(E) ipmi_ssif(E) amd_atl(E) intel_rapl_msr(E) intel_rapl_common(E) amd64_edac(E) mlx5_ib(E) edac_mce_amd(E) kvm_amd\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58019",
"url": "https://www.suse.com/security/cve/CVE-2024-58019"
},
{
"category": "external",
"summary": "SUSE Bug 1238997 for CVE-2024-58019",
"url": "https://bugzilla.suse.com/1238997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58019"
},
{
"cve": "CVE-2024-58020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: multitouch: Add NULL check in mt_input_configured\n\ndevm_kasprintf() can return a NULL pointer on failure,but this\nreturned value in mt_input_configured() is not checked.\nAdd NULL check in mt_input_configured(), to handle kernel NULL\npointer dereference error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58020",
"url": "https://www.suse.com/security/cve/CVE-2024-58020"
},
{
"category": "external",
"summary": "SUSE Bug 1239346 for CVE-2024-58020",
"url": "https://bugzilla.suse.com/1239346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58020"
},
{
"cve": "CVE-2024-58034",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58034"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()\n\nAs of_find_node_by_name() release the reference of the argument device\nnode, tegra_emc_find_node_by_ram_code() releases some device nodes while\nstill in use, resulting in possible UAFs. According to the bindings and\nthe in-tree DTS files, the \"emc-tables\" node is always device\u0027s child\nnode with the property \"nvidia,use-ram-code\", and the \"lpddr2\" node is a\nchild of the \"emc-tables\" node. Thus utilize the\nfor_each_child_of_node() macro and of_get_child_by_name() instead of\nof_find_node_by_name() to simplify the code.\n\nThis bug was found by an experimental verification tool that I am\ndeveloping.\n\n[krzysztof: applied v1, adjust the commit msg to incorporate v2 parts]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58034",
"url": "https://www.suse.com/security/cve/CVE-2024-58034"
},
{
"category": "external",
"summary": "SUSE Bug 1238773 for CVE-2024-58034",
"url": "https://bugzilla.suse.com/1238773"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58034"
},
{
"cve": "CVE-2024-58051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi: ipmb: Add check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this\nreturned value is not checked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58051",
"url": "https://www.suse.com/security/cve/CVE-2024-58051"
},
{
"category": "external",
"summary": "SUSE Bug 1238963 for CVE-2024-58051",
"url": "https://bugzilla.suse.com/1238963"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58051"
},
{
"cve": "CVE-2024-58052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table\n\nThe function atomctrl_get_smc_sclk_range_table() does not check the return\nvalue of smu_atom_get_data_table(). If smu_atom_get_data_table() fails to\nretrieve SMU_Info table, it returns NULL which is later dereferenced.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\nIn practice this should never happen as this code only gets called\non polaris chips and the vbios data table will always be present on\nthose chips.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58052",
"url": "https://www.suse.com/security/cve/CVE-2024-58052"
},
{
"category": "external",
"summary": "SUSE Bug 1238986 for CVE-2024-58052",
"url": "https://bugzilla.suse.com/1238986"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58052"
},
{
"cve": "CVE-2024-58054",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58054"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: media: max96712: fix kernel oops when removing module\n\nThe following kernel oops is thrown when trying to remove the max96712\nmodule:\n\nUnable to handle kernel paging request at virtual address 00007375746174db\nMem abort info:\n ESR = 0x0000000096000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=000000010af89000\n[00007375746174db] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 0000000096000004 [#1] PREEMPT SMP\nModules linked in: crct10dif_ce polyval_ce mxc_jpeg_encdec flexcan\n snd_soc_fsl_sai snd_soc_fsl_asoc_card snd_soc_fsl_micfil dwc_mipi_csi2\n imx_csi_formatter polyval_generic v4l2_jpeg imx_pcm_dma can_dev\n snd_soc_imx_audmux snd_soc_wm8962 snd_soc_imx_card snd_soc_fsl_utils\n max96712(C-) rpmsg_ctrl rpmsg_char pwm_fan fuse\n [last unloaded: imx8_isi]\nCPU: 0 UID: 0 PID: 754 Comm: rmmod\n\t Tainted: G C 6.12.0-rc6-06364-g327fec852c31 #17\nTainted: [C]=CRAP\nHardware name: NXP i.MX95 19X19 board (DT)\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : led_put+0x1c/0x40\nlr : v4l2_subdev_put_privacy_led+0x48/0x58\nsp : ffff80008699bbb0\nx29: ffff80008699bbb0 x28: ffff00008ac233c0 x27: 0000000000000000\nx26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\nx23: ffff000080cf1170 x22: ffff00008b53bd00 x21: ffff8000822ad1c8\nx20: ffff000080ff5c00 x19: ffff00008b53be40 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000004 x13: ffff0000800f8010 x12: 0000000000000000\nx11: ffff000082acf5c0 x10: ffff000082acf478 x9 : ffff0000800f8010\nx8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff6364626d\nx5 : 8080808000000000 x4 : 0000000000000020 x3 : 00000000553a3dc1\nx2 : ffff00008ac233c0 x1 : ffff00008ac233c0 x0 : ff00737574617473\nCall trace:\n led_put+0x1c/0x40\n v4l2_subdev_put_privacy_led+0x48/0x58\n v4l2_async_unregister_subdev+0x2c/0x1a4\n max96712_remove+0x1c/0x38 [max96712]\n i2c_device_remove+0x2c/0x9c\n device_remove+0x4c/0x80\n device_release_driver_internal+0x1cc/0x228\n driver_detach+0x4c/0x98\n bus_remove_driver+0x6c/0xbc\n driver_unregister+0x30/0x60\n i2c_del_driver+0x54/0x64\n max96712_i2c_driver_exit+0x18/0x1d0 [max96712]\n __arm64_sys_delete_module+0x1a4/0x290\n invoke_syscall+0x48/0x10c\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0xd8\n el0t_64_sync_handler+0x120/0x12c\n el0t_64_sync+0x190/0x194\nCode: f9000bf3 aa0003f3 f9402800 f9402000 (f9403400)\n---[ end trace 0000000000000000 ]---\n\nThis happens because in v4l2_i2c_subdev_init(), the i2c_set_cliendata()\nis called again and the data is overwritten to point to sd, instead of\npriv. So, in remove(), the wrong pointer is passed to\nv4l2_async_unregister_subdev(), leading to a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58054",
"url": "https://www.suse.com/security/cve/CVE-2024-58054"
},
{
"category": "external",
"summary": "SUSE Bug 1238975 for CVE-2024-58054",
"url": "https://bugzilla.suse.com/1238975"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58054"
},
{
"cve": "CVE-2024-58055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_tcm: Don\u0027t free command immediately\n\nDon\u0027t prematurely free the command. Wait for the status completion of\nthe sense status. It can be freed then. Otherwise we will double-free\nthe command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58055",
"url": "https://www.suse.com/security/cve/CVE-2024-58055"
},
{
"category": "external",
"summary": "SUSE Bug 1238959 for CVE-2024-58055",
"url": "https://bugzilla.suse.com/1238959"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58055"
},
{
"cve": "CVE-2024-58056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: core: Fix ida_free call while not allocated\n\nIn the rproc_alloc() function, on error, put_device(\u0026rproc-\u003edev) is\ncalled, leading to the call of the rproc_type_release() function.\nAn error can occurs before ida_alloc is called.\n\nIn such case in rproc_type_release(), the condition (rproc-\u003eindex \u003e= 0) is\ntrue as rproc-\u003eindex has been initialized to 0.\nida_free() is called reporting a warning:\n[ 4.181906] WARNING: CPU: 1 PID: 24 at lib/idr.c:525 ida_free+0x100/0x164\n[ 4.186378] stm32-display-dsi 5a000000.dsi: Fixed dependency cycle(s) with /soc/dsi@5a000000/panel@0\n[ 4.188854] ida_free called for id=0 which is not allocated.\n[ 4.198256] mipi-dsi 5a000000.dsi.0: Fixed dependency cycle(s) with /soc/dsi@5a000000\n[ 4.203556] Modules linked in: panel_orisetech_otm8009a dw_mipi_dsi_stm(+) gpu_sched dw_mipi_dsi stm32_rproc stm32_crc32 stm32_ipcc(+) optee(+)\n[ 4.224307] CPU: 1 UID: 0 PID: 24 Comm: kworker/u10:0 Not tainted 6.12.0 #442\n[ 4.231481] Hardware name: STM32 (Device Tree Support)\n[ 4.236627] Workqueue: events_unbound deferred_probe_work_func\n[ 4.242504] Call trace:\n[ 4.242522] unwind_backtrace from show_stack+0x10/0x14\n[ 4.250218] show_stack from dump_stack_lvl+0x50/0x64\n[ 4.255274] dump_stack_lvl from __warn+0x80/0x12c\n[ 4.260134] __warn from warn_slowpath_fmt+0x114/0x188\n[ 4.265199] warn_slowpath_fmt from ida_free+0x100/0x164\n[ 4.270565] ida_free from rproc_type_release+0x38/0x60\n[ 4.275832] rproc_type_release from device_release+0x30/0xa0\n[ 4.281601] device_release from kobject_put+0xc4/0x294\n[ 4.286762] kobject_put from rproc_alloc.part.0+0x208/0x28c\n[ 4.292430] rproc_alloc.part.0 from devm_rproc_alloc+0x80/0xc4\n[ 4.298393] devm_rproc_alloc from stm32_rproc_probe+0xd0/0x844 [stm32_rproc]\n[ 4.305575] stm32_rproc_probe [stm32_rproc] from platform_probe+0x5c/0xbc\n\nCalling ida_alloc earlier in rproc_alloc ensures that the rproc-\u003eindex is\nproperly set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58056",
"url": "https://www.suse.com/security/cve/CVE-2024-58056"
},
{
"category": "external",
"summary": "SUSE Bug 1238981 for CVE-2024-58056",
"url": "https://bugzilla.suse.com/1238981"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58056"
},
{
"cve": "CVE-2024-58057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: convert workqueues to unbound\n\nWhen a workqueue is created with `WQ_UNBOUND`, its work items are\nserved by special worker-pools, whose host workers are not bound to\nany specific CPU. In the default configuration (i.e. when\n`queue_delayed_work` and friends do not specify which CPU to run the\nwork item on), `WQ_UNBOUND` allows the work item to be executed on any\nCPU in the same node of the CPU it was enqueued on. While this\nsolution potentially sacrifices locality, it avoids contention with\nother processes that might dominate the CPU time of the processor the\nwork item was scheduled on.\n\nThis is not just a theoretical problem: in a particular scenario\nmisconfigured process was hogging most of the time from CPU0, leaving\nless than 0.5% of its CPU time to the kworker. The IDPF workqueues\nthat were using the kworker on CPU0 suffered large completion delays\nas a result, causing performance degradation, timeouts and eventual\nsystem crash.\n\n\n* I have also run a manual test to gauge the performance\n improvement. The test consists of an antagonist process\n (`./stress --cpu 2`) consuming as much of CPU 0 as possible. This\n process is run under `taskset 01` to bind it to CPU0, and its\n priority is changed with `chrt -pQ 9900 10000 ${pid}` and\n `renice -n -20 ${pid}` after start.\n\n Then, the IDPF driver is forced to prefer CPU0 by editing all calls\n to `queue_delayed_work`, `mod_delayed_work`, etc... to use CPU 0.\n\n Finally, `ktraces` for the workqueue events are collected.\n\n Without the current patch, the antagonist process can force\n arbitrary delays between `workqueue_queue_work` and\n `workqueue_execute_start`, that in my tests were as high as\n `30ms`. With the current patch applied, the workqueue can be\n migrated to another unloaded CPU in the same node, and, keeping\n everything else equal, the maximum delay I could see was `6us`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58057",
"url": "https://www.suse.com/security/cve/CVE-2024-58057"
},
{
"category": "external",
"summary": "SUSE Bug 1238969 for CVE-2024-58057",
"url": "https://bugzilla.suse.com/1238969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58057"
},
{
"cve": "CVE-2024-58058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: skip dumping tnc tree when zroot is null\n\nClearing slab cache will free all znode in memory and make\nc-\u003ezroot.znode = NULL, then dumping tnc tree will access\nc-\u003ezroot.znode which cause null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58058",
"url": "https://www.suse.com/security/cve/CVE-2024-58058"
},
{
"category": "external",
"summary": "SUSE Bug 1238979 for CVE-2024-58058",
"url": "https://bugzilla.suse.com/1238979"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58058"
},
{
"cve": "CVE-2024-58061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: prohibit deactivating all links\n\nIn the internal API this calls this is a WARN_ON, but that\nshould remain since internally we want to know about bugs\nthat may cause this. Prevent deactivating all links in the\ndebugfs write directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58061",
"url": "https://www.suse.com/security/cve/CVE-2024-58061"
},
{
"category": "external",
"summary": "SUSE Bug 1238973 for CVE-2024-58061",
"url": "https://bugzilla.suse.com/1238973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58061"
},
{
"cve": "CVE-2024-58063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: fix memory leaks and invalid access at probe error path\n\nDeinitialize at reverse order when probe fails.\n\nWhen init_sw_vars fails, rtl_deinit_core should not be called, specially\nnow that it destroys the rtl_wq workqueue.\n\nAnd call rtl_pci_deinit and deinit_sw_vars, otherwise, memory will be\nleaked.\n\nRemove pci_set_drvdata call as it will already be cleaned up by the core\ndriver code and could lead to memory leaks too. cf. commit 8d450935ae7f\n(\"wireless: rtlwifi: remove unnecessary pci_set_drvdata()\") and\ncommit 3d86b93064c7 (\"rtlwifi: Fix PCI probe error path orphaned memory\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58063",
"url": "https://www.suse.com/security/cve/CVE-2024-58063"
},
{
"category": "external",
"summary": "SUSE Bug 1238984 for CVE-2024-58063",
"url": "https://bugzilla.suse.com/1238984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58063"
},
{
"cve": "CVE-2024-58069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58069"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read\n\nThe nvmem interface supports variable buffer sizes, while the regmap\ninterface operates with fixed-size storage. If an nvmem client uses a\nbuffer size less than 4 bytes, regmap_read will write out of bounds\nas it expects the buffer to point at an unsigned int.\n\nFix this by using an intermediary unsigned int to hold the value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58069",
"url": "https://www.suse.com/security/cve/CVE-2024-58069"
},
{
"category": "external",
"summary": "SUSE Bug 1238978 for CVE-2024-58069",
"url": "https://bugzilla.suse.com/1238978"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58069"
},
{
"cve": "CVE-2024-58071",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58071"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nteam: prevent adding a device which is already a team device lower\n\nPrevent adding a device which is already a team device lower,\ne.g. adding veth0 if vlan1 was already added and veth0 is a lower of\nvlan1.\n\nThis is not useful in practice and can lead to recursive locking:\n\n$ ip link add veth0 type veth peer name veth1\n$ ip link set veth0 up\n$ ip link set veth1 up\n$ ip link add link veth0 name veth0.1 type vlan protocol 802.1Q id 1\n$ ip link add team0 type team\n$ ip link set veth0.1 down\n$ ip link set veth0.1 master team0\nteam0: Port device veth0.1 added\n$ ip link set veth0 down\n$ ip link set veth0 master team0\n\n============================================\nWARNING: possible recursive locking detected\n6.13.0-rc2-virtme-00441-ga14a429069bb #46 Not tainted\n--------------------------------------------\nip/7684 is trying to acquire lock:\nffff888016848e00 (team-\u003eteam_lock_key){+.+.}-{4:4}, at: team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n\nbut task is already holding lock:\nffff888016848e00 (team-\u003eteam_lock_key){+.+.}-{4:4}, at: team_add_slave (drivers/net/team/team_core.c:1147 drivers/net/team/team_core.c:1977)\n\nother info that might help us debug this:\nPossible unsafe locking scenario:\n\nCPU0\n----\nlock(team-\u003eteam_lock_key);\nlock(team-\u003eteam_lock_key);\n\n*** DEADLOCK ***\n\nMay be due to missing lock nesting notation\n\n2 locks held by ip/7684:\n\nstack backtrace:\nCPU: 3 UID: 0 PID: 7684 Comm: ip Not tainted 6.13.0-rc2-virtme-00441-ga14a429069bb #46\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl (lib/dump_stack.c:122)\nprint_deadlock_bug.cold (kernel/locking/lockdep.c:3040)\n__lock_acquire (kernel/locking/lockdep.c:3893 kernel/locking/lockdep.c:5226)\n? netlink_broadcast_filtered (net/netlink/af_netlink.c:1548)\nlock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 2))\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n? lock_acquire (kernel/locking/lockdep.c:5822)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n__mutex_lock (kernel/locking/mutex.c:587 kernel/locking/mutex.c:735)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n? fib_sync_up (net/ipv4/fib_semantics.c:2167)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\nteam_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\nnotifier_call_chain (kernel/notifier.c:85)\ncall_netdevice_notifiers_info (net/core/dev.c:1996)\n__dev_notify_flags (net/core/dev.c:8993)\n? __dev_change_flags (net/core/dev.c:8975)\ndev_change_flags (net/core/dev.c:9027)\nvlan_device_event (net/8021q/vlan.c:85 net/8021q/vlan.c:470)\n? br_device_event (net/bridge/br.c:143)\nnotifier_call_chain (kernel/notifier.c:85)\ncall_netdevice_notifiers_info (net/core/dev.c:1996)\ndev_open (net/core/dev.c:1519 net/core/dev.c:1505)\nteam_add_slave (drivers/net/team/team_core.c:1219 drivers/net/team/team_core.c:1977)\n? __pfx_team_add_slave (drivers/net/team/team_core.c:1972)\ndo_set_master (net/core/rtnetlink.c:2917)\ndo_setlink.isra.0 (net/core/rtnetlink.c:3117)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58071",
"url": "https://www.suse.com/security/cve/CVE-2024-58071"
},
{
"category": "external",
"summary": "SUSE Bug 1238970 for CVE-2024-58071",
"url": "https://bugzilla.suse.com/1238970"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58071"
},
{
"cve": "CVE-2024-58072",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58072"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: remove unused check_buddy_priv\n\nCommit 2461c7d60f9f (\"rtlwifi: Update header file\") introduced a global\nlist of private data structures.\n\nLater on, commit 26634c4b1868 (\"rtlwifi Modify existing bits to match\nvendor version 2013.02.07\") started adding the private data to that list at\nprobe time and added a hook, check_buddy_priv to find the private data from\na similar device.\n\nHowever, that function was never used.\n\nBesides, though there is a lock for that list, it is never used. And when\nthe probe fails, the private data is never removed from the list. This\nwould cause a second probe to access freed memory.\n\nRemove the unused hook, structures and members, which will prevent the\npotential race condition on the list and its corruption during a second\nprobe when probe fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58072",
"url": "https://www.suse.com/security/cve/CVE-2024-58072"
},
{
"category": "external",
"summary": "SUSE Bug 1238964 for CVE-2024-58072",
"url": "https://bugzilla.suse.com/1238964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58072"
},
{
"cve": "CVE-2024-58076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: gcc-sm6350: Add missing parent_map for two clocks\n\nIf a clk_rcg2 has a parent, it should also have parent_map defined,\notherwise we\u0027ll get a NULL pointer dereference when calling clk_set_rate\nlike the following:\n\n [ 3.388105] Call trace:\n [ 3.390664] qcom_find_src_index+0x3c/0x70 (P)\n [ 3.395301] qcom_find_src_index+0x1c/0x70 (L)\n [ 3.399934] _freq_tbl_determine_rate+0x48/0x100\n [ 3.404753] clk_rcg2_determine_rate+0x1c/0x28\n [ 3.409387] clk_core_determine_round_nolock+0x58/0xe4\n [ 3.421414] clk_core_round_rate_nolock+0x48/0xfc\n [ 3.432974] clk_core_round_rate_nolock+0xd0/0xfc\n [ 3.444483] clk_core_set_rate_nolock+0x8c/0x300\n [ 3.455886] clk_set_rate+0x38/0x14c\n\nAdd the parent_map property for two clocks where it\u0027s missing and also\nun-inline the parent_data as well to keep the matching parent_map and\nparent_data together.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58076",
"url": "https://www.suse.com/security/cve/CVE-2024-58076"
},
{
"category": "external",
"summary": "SUSE Bug 1239037 for CVE-2024-58076",
"url": "https://bugzilla.suse.com/1239037"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58076"
},
{
"cve": "CVE-2024-58078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors\n\nmisc_minor_alloc was allocating id using ida for minor only in case of\nMISC_DYNAMIC_MINOR but misc_minor_free was always freeing ids\nusing ida_free causing a mismatch and following warn:\n\u003e \u003e WARNING: CPU: 0 PID: 159 at lib/idr.c:525 ida_free+0x3e0/0x41f\n\u003e \u003e ida_free called for id=127 which is not allocated.\n\u003e \u003e \u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\n...\n\u003e \u003e [\u003c60941eb4\u003e] ida_free+0x3e0/0x41f\n\u003e \u003e [\u003c605ac993\u003e] misc_minor_free+0x3e/0xbc\n\u003e \u003e [\u003c605acb82\u003e] misc_deregister+0x171/0x1b3\n\nmisc_minor_alloc is changed to allocate id from ida for all minors\nfalling in the range of dynamic/ misc dynamic minors",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58078",
"url": "https://www.suse.com/security/cve/CVE-2024-58078"
},
{
"category": "external",
"summary": "SUSE Bug 1239034 for CVE-2024-58078",
"url": "https://bugzilla.suse.com/1239034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58078"
},
{
"cve": "CVE-2024-58079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix crash during unbind if gpio unit is in use\n\nWe used the wrong device for the device managed functions. We used the\nusb device, when we should be using the interface device.\n\nIf we unbind the driver from the usb interface, the cleanup functions\nare never called. In our case, the IRQ is never disabled.\n\nIf an IRQ is triggered, it will try to access memory sections that are\nalready free, causing an OOPS.\n\nWe cannot use the function devm_request_threaded_irq here. The devm_*\nclean functions may be called after the main structure is released by\nuvc_delete.\n\nLuckily this bug has small impact, as it is only affected by devices\nwith gpio units and the user has to unbind the device, a disconnect will\nnot trigger this error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58079",
"url": "https://www.suse.com/security/cve/CVE-2024-58079"
},
{
"category": "external",
"summary": "SUSE Bug 1239029 for CVE-2024-58079",
"url": "https://bugzilla.suse.com/1239029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58079"
},
{
"cve": "CVE-2024-58080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: dispcc-sm6350: Add missing parent_map for a clock\n\nIf a clk_rcg2 has a parent, it should also have parent_map defined,\notherwise we\u0027ll get a NULL pointer dereference when calling clk_set_rate\nlike the following:\n\n [ 3.388105] Call trace:\n [ 3.390664] qcom_find_src_index+0x3c/0x70 (P)\n [ 3.395301] qcom_find_src_index+0x1c/0x70 (L)\n [ 3.399934] _freq_tbl_determine_rate+0x48/0x100\n [ 3.404753] clk_rcg2_determine_rate+0x1c/0x28\n [ 3.409387] clk_core_determine_round_nolock+0x58/0xe4\n [ 3.421414] clk_core_round_rate_nolock+0x48/0xfc\n [ 3.432974] clk_core_round_rate_nolock+0xd0/0xfc\n [ 3.444483] clk_core_set_rate_nolock+0x8c/0x300\n [ 3.455886] clk_set_rate+0x38/0x14c\n\nAdd the parent_map property for the clock where it\u0027s missing and also\nun-inline the parent_data as well to keep the matching parent_map and\nparent_data together.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58080",
"url": "https://www.suse.com/security/cve/CVE-2024-58080"
},
{
"category": "external",
"summary": "SUSE Bug 1239027 for CVE-2024-58080",
"url": "https://bugzilla.suse.com/1239027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58080"
},
{
"cve": "CVE-2024-58083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58083"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Explicitly verify target vCPU is online in kvm_get_vcpu()\n\nExplicitly verify the target vCPU is fully online _prior_ to clamping the\nindex in kvm_get_vcpu(). If the index is \"bad\", the nospec clamping will\ngenerate \u00270\u0027, i.e. KVM will return vCPU0 instead of NULL.\n\nIn practice, the bug is unlikely to cause problems, as it will only come\ninto play if userspace or the guest is buggy or misbehaving, e.g. KVM may\nsend interrupts to vCPU0 instead of dropping them on the floor.\n\nHowever, returning vCPU0 when it shouldn\u0027t exist per online_vcpus is\nproblematic now that KVM uses an xarray for the vCPUs array, as KVM needs\nto insert into the xarray before publishing the vCPU to userspace (see\ncommit c5b077549136 (\"KVM: Convert the kvm-\u003evcpus array to a xarray\")),\ni.e. before vCPU creation is guaranteed to succeed.\n\nAs a result, incorrectly providing access to vCPU0 will trigger a\nuse-after-free if vCPU0 is dereferenced and kvm_vm_ioctl_create_vcpu()\nbails out of vCPU creation due to an error and frees vCPU0. Commit\nafb2acb2e3a3 (\"KVM: Fix vcpu_array[0] races\") papered over that issue, but\nin doing so introduced an unsolvable teardown conundrum. Preventing\naccesses to vCPU0 before it\u0027s fully online will allow reverting commit\nafb2acb2e3a3, without re-introducing the vcpu_array[0] UAF race.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58083",
"url": "https://www.suse.com/security/cve/CVE-2024-58083"
},
{
"category": "external",
"summary": "SUSE Bug 1239036 for CVE-2024-58083",
"url": "https://bugzilla.suse.com/1239036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58083"
},
{
"cve": "CVE-2024-58085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntomoyo: don\u0027t emit warning in tomoyo_write_control()\n\nsyzbot is reporting too large allocation warning at tomoyo_write_control(),\nfor one can write a very very long line without new line character. To fix\nthis warning, I use __GFP_NOWARN rather than checking for KMALLOC_MAX_SIZE,\nfor practically a valid line should be always shorter than 32KB where the\n\"too small to fail\" memory-allocation rule applies.\n\nOne might try to write a valid line that is longer than 32KB, but such\nrequest will likely fail with -ENOMEM. Therefore, I feel that separately\nreturning -EINVAL when a line is longer than KMALLOC_MAX_SIZE is redundant.\nThere is no need to distinguish over-32KB and over-KMALLOC_MAX_SIZE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58085",
"url": "https://www.suse.com/security/cve/CVE-2024-58085"
},
{
"category": "external",
"summary": "SUSE Bug 1239085 for CVE-2024-58085",
"url": "https://bugzilla.suse.com/1239085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58085"
},
{
"cve": "CVE-2024-58086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58086"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Stop active perfmon if it is being destroyed\n\nIf the active performance monitor (`v3d-\u003eactive_perfmon`) is being\ndestroyed, stop it first. Currently, the active perfmon is not\nstopped during destruction, leaving the `v3d-\u003eactive_perfmon` pointer\nstale. This can lead to undefined behavior and instability.\n\nThis patch ensures that the active perfmon is stopped before being\ndestroyed, aligning with the behavior introduced in commit\n7d1fd3638ee3 (\"drm/v3d: Stop the active perfmon before being destroyed\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58086",
"url": "https://www.suse.com/security/cve/CVE-2024-58086"
},
{
"category": "external",
"summary": "SUSE Bug 1239038 for CVE-2024-58086",
"url": "https://bugzilla.suse.com/1239038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58086"
},
{
"cve": "CVE-2025-21631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21631"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: fix waker_bfqq UAF after bfq_split_bfqq()\n\nOur syzkaller report a following UAF for v6.6:\n\nBUG: KASAN: slab-use-after-free in bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958\nRead of size 8 at addr ffff8881b57147d8 by task fsstress/232726\n\nCPU: 2 PID: 232726 Comm: fsstress Not tainted 6.6.0-g3629d1885222 #39\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106\n print_address_description.constprop.0+0x66/0x300 mm/kasan/report.c:364\n print_report+0x3e/0x70 mm/kasan/report.c:475\n kasan_report+0xb8/0xf0 mm/kasan/report.c:588\n hlist_add_head include/linux/list.h:1023 [inline]\n bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958\n bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271\n bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323\n blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660\n blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143\n __submit_bio+0xa0/0x6b0 block/blk-core.c:639\n __submit_bio_noacct_mq block/blk-core.c:718 [inline]\n submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747\n submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847\n __ext4_read_bh fs/ext4/super.c:205 [inline]\n ext4_read_bh+0x15e/0x2e0 fs/ext4/super.c:230\n __read_extent_tree_block+0x304/0x6f0 fs/ext4/extents.c:567\n ext4_find_extent+0x479/0xd20 fs/ext4/extents.c:947\n ext4_ext_map_blocks+0x1a3/0x2680 fs/ext4/extents.c:4182\n ext4_map_blocks+0x929/0x15a0 fs/ext4/inode.c:660\n ext4_iomap_begin_report+0x298/0x480 fs/ext4/inode.c:3569\n iomap_iter+0x3dd/0x1010 fs/iomap/iter.c:91\n iomap_fiemap+0x1f4/0x360 fs/iomap/fiemap.c:80\n ext4_fiemap+0x181/0x210 fs/ext4/extents.c:5051\n ioctl_fiemap.isra.0+0x1b4/0x290 fs/ioctl.c:220\n do_vfs_ioctl+0x31c/0x11a0 fs/ioctl.c:811\n __do_sys_ioctl fs/ioctl.c:869 [inline]\n __se_sys_ioctl+0xae/0x190 fs/ioctl.c:857\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x70/0x120 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\nAllocated by task 232719:\n kasan_save_stack+0x22/0x50 mm/kasan/common.c:45\n kasan_set_track+0x25/0x30 mm/kasan/common.c:52\n __kasan_slab_alloc+0x87/0x90 mm/kasan/common.c:328\n kasan_slab_alloc include/linux/kasan.h:188 [inline]\n slab_post_alloc_hook mm/slab.h:768 [inline]\n slab_alloc_node mm/slub.c:3492 [inline]\n kmem_cache_alloc_node+0x1b8/0x6f0 mm/slub.c:3537\n bfq_get_queue+0x215/0x1f00 block/bfq-iosched.c:5869\n bfq_get_bfqq_handle_split+0x167/0x5f0 block/bfq-iosched.c:6776\n bfq_init_rq+0x13a4/0x17a0 block/bfq-iosched.c:6938\n bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271\n bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323\n blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660\n blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143\n __submit_bio+0xa0/0x6b0 block/blk-core.c:639\n __submit_bio_noacct_mq block/blk-core.c:718 [inline]\n submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747\n submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847\n __ext4_read_bh fs/ext4/super.c:205 [inline]\n ext4_read_bh_nowait+0x15a/0x240 fs/ext4/super.c:217\n ext4_read_bh_lock+0xac/0xd0 fs/ext4/super.c:242\n ext4_bread_batch+0x268/0x500 fs/ext4/inode.c:958\n __ext4_find_entry+0x448/0x10f0 fs/ext4/namei.c:1671\n ext4_lookup_entry fs/ext4/namei.c:1774 [inline]\n ext4_lookup.part.0+0x359/0x6f0 fs/ext4/namei.c:1842\n ext4_lookup+0x72/0x90 fs/ext4/namei.c:1839\n __lookup_slow+0x257/0x480 fs/namei.c:1696\n lookup_slow fs/namei.c:1713 [inline]\n walk_component+0x454/0x5c0 fs/namei.c:2004\n link_path_walk.part.0+0x773/0xda0 fs/namei.c:2331\n link_path_walk fs/namei.c:3826 [inline]\n path_openat+0x1b9/0x520 fs/namei.c:3826\n do_filp_open+0x1b7/0x400 fs/namei.c:3857\n do_sys_openat2+0x5dc/0x6e0 fs/open.c:1428\n do_sys_open fs/open.c:1443 [inline]\n __do_sys_openat fs/open.c:1459 [inline]\n __se_sys_openat fs/open.c:1454 [inline]\n __x64_sys_openat+0x148/0x200 fs/open.c:1454\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_6\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21631",
"url": "https://www.suse.com/security/cve/CVE-2025-21631"
},
{
"category": "external",
"summary": "SUSE Bug 1236099 for CVE-2025-21631",
"url": "https://bugzilla.suse.com/1236099"
},
{
"category": "external",
"summary": "SUSE Bug 1236100 for CVE-2025-21631",
"url": "https://bugzilla.suse.com/1236100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21631"
},
{
"cve": "CVE-2025-21635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21635"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe per-netns structure can be obtained from the table-\u003edata using\ncontainer_of(), then the \u0027net\u0027 one can be retrieved from the listen\nsocket (if available).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21635",
"url": "https://www.suse.com/security/cve/CVE-2025-21635"
},
{
"category": "external",
"summary": "SUSE Bug 1236111 for CVE-2025-21635",
"url": "https://bugzilla.suse.com/1236111"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21635"
},
{
"cve": "CVE-2025-21636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21636"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.probe_interval\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21636",
"url": "https://www.suse.com/security/cve/CVE-2025-21636"
},
{
"category": "external",
"summary": "SUSE Bug 1236113 for CVE-2025-21636",
"url": "https://bugzilla.suse.com/1236113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21636"
},
{
"cve": "CVE-2025-21637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21637"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: udp_port: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21637",
"url": "https://www.suse.com/security/cve/CVE-2025-21637"
},
{
"category": "external",
"summary": "SUSE Bug 1236114 for CVE-2025-21637",
"url": "https://bugzilla.suse.com/1236114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21637"
},
{
"cve": "CVE-2025-21638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: auth_enable: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21638",
"url": "https://www.suse.com/security/cve/CVE-2025-21638"
},
{
"category": "external",
"summary": "SUSE Bug 1236115 for CVE-2025-21638",
"url": "https://bugzilla.suse.com/1236115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21638"
},
{
"cve": "CVE-2025-21639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21639"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: rto_min/max: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.rto_min/max\u0027 is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21639",
"url": "https://www.suse.com/security/cve/CVE-2025-21639"
},
{
"category": "external",
"summary": "SUSE Bug 1236122 for CVE-2025-21639",
"url": "https://bugzilla.suse.com/1236122"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21639"
},
{
"cve": "CVE-2025-21640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.sctp_hmac_alg\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21640",
"url": "https://www.suse.com/security/cve/CVE-2025-21640"
},
{
"category": "external",
"summary": "SUSE Bug 1236123 for CVE-2025-21640",
"url": "https://bugzilla.suse.com/1236123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21640"
},
{
"cve": "CVE-2025-21647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: add bounds checks to host bulk flow fairness counts\n\nEven though we fixed a logic error in the commit cited below, syzbot\nstill managed to trigger an underflow of the per-host bulk flow\ncounters, leading to an out of bounds memory access.\n\nTo avoid any such logic errors causing out of bounds memory accesses,\nthis commit factors out all accesses to the per-host bulk flow counters\nto a series of helpers that perform bounds-checking before any\nincrements and decrements. This also has the benefit of improving\nreadability by moving the conditional checks for the flow mode into\nthese helpers, instead of having them spread out throughout the\ncode (which was the cause of the original logic error).\n\nAs part of this change, the flow quantum calculation is consolidated\ninto a helper function, which means that the dithering applied to the\nost load scaling is now applied both in the DRR rotation and when a\nsparse flow\u0027s quantum is first initiated. The only user-visible effect\nof this is that the maximum packet size that can be sent while a flow\nstays sparse will now vary with +/- one byte in some cases. This should\nnot make a noticeable difference in practice, and thus it\u0027s not worth\ncomplicating the code to preserve the old behaviour.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21647",
"url": "https://www.suse.com/security/cve/CVE-2025-21647"
},
{
"category": "external",
"summary": "SUSE Bug 1236133 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "external",
"summary": "SUSE Bug 1236134 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21647"
},
{
"cve": "CVE-2025-21659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21659"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdev: prevent accessing NAPI instances from another namespace\n\nThe NAPI IDs were not fully exposed to user space prior to the netlink\nAPI, so they were never namespaced. The netlink API must ensure that\nat the very least NAPI instance belongs to the same netns as the owner\nof the genl sock.\n\nnapi_by_id() can become static now, but it needs to move because of\ndev_get_by_napi_id().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21659",
"url": "https://www.suse.com/security/cve/CVE-2025-21659"
},
{
"category": "external",
"summary": "SUSE Bug 1236206 for CVE-2025-21659",
"url": "https://bugzilla.suse.com/1236206"
},
{
"category": "external",
"summary": "SUSE Bug 1236207 for CVE-2025-21659",
"url": "https://bugzilla.suse.com/1236207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21659"
},
{
"cve": "CVE-2025-21665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilemap: avoid truncating 64-bit offset to 32 bits\n\nOn 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a\n64-bit value to 32 bits, leading to a possible infinite loop when writing\nto an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21665",
"url": "https://www.suse.com/security/cve/CVE-2025-21665"
},
{
"category": "external",
"summary": "SUSE Bug 1236684 for CVE-2025-21665",
"url": "https://bugzilla.suse.com/1236684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21665"
},
{
"cve": "CVE-2025-21666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21666"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: prevent null-ptr-deref in vsock_*[has_data|has_space]\n\nRecent reports have shown how we sometimes call vsock_*_has_data()\nwhen a vsock socket has been de-assigned from a transport (see attached\nlinks), but we shouldn\u0027t.\n\nPrevious commits should have solved the real problems, but we may have\nmore in the future, so to avoid null-ptr-deref, we can return 0\n(no space, no data available) but with a warning.\n\nThis way the code should continue to run in a nearly consistent state\nand have a warning that allows us to debug future problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21666",
"url": "https://www.suse.com/security/cve/CVE-2025-21666"
},
{
"category": "external",
"summary": "SUSE Bug 1236680 for CVE-2025-21666",
"url": "https://bugzilla.suse.com/1236680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21666"
},
{
"cve": "CVE-2025-21667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21667"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: avoid avoid truncating 64-bit offset to 32 bits\n\non 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a\n32-bit position due to folio_next_index() returning an unsigned long.\nThis could lead to an infinite loop when writing to an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21667",
"url": "https://www.suse.com/security/cve/CVE-2025-21667"
},
{
"category": "external",
"summary": "SUSE Bug 1236681 for CVE-2025-21667",
"url": "https://bugzilla.suse.com/1236681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21667"
},
{
"cve": "CVE-2025-21668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8mp-blk-ctrl: add missing loop break condition\n\nCurrently imx8mp_blk_ctrl_remove() will continue the for loop\nuntil an out-of-bounds exception occurs.\n\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : dev_pm_domain_detach+0x8/0x48\nlr : imx8mp_blk_ctrl_shutdown+0x58/0x90\nsp : ffffffc084f8bbf0\nx29: ffffffc084f8bbf0 x28: ffffff80daf32ac0 x27: 0000000000000000\nx26: ffffffc081658d78 x25: 0000000000000001 x24: ffffffc08201b028\nx23: ffffff80d0db9490 x22: ffffffc082340a78 x21: 00000000000005b0\nx20: ffffff80d19bc180 x19: 000000000000000a x18: ffffffffffffffff\nx17: ffffffc080a39e08 x16: ffffffc080a39c98 x15: 4f435f464f006c72\nx14: 0000000000000004 x13: ffffff80d0172110 x12: 0000000000000000\nx11: ffffff80d0537740 x10: ffffff80d05376c0 x9 : ffffffc0808ed2d8\nx8 : ffffffc084f8bab0 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : ffffff80d19b9420 x4 : fffffffe03466e60 x3 : 0000000080800077\nx2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000000\nCall trace:\n dev_pm_domain_detach+0x8/0x48\n platform_shutdown+0x2c/0x48\n device_shutdown+0x158/0x268\n kernel_restart_prepare+0x40/0x58\n kernel_kexec+0x58/0xe8\n __do_sys_reboot+0x198/0x258\n __arm64_sys_reboot+0x2c/0x40\n invoke_syscall+0x5c/0x138\n el0_svc_common.constprop.0+0x48/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x38/0xc8\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x190/0x198\nCode: 8128c2d0 ffffffc0 aa1e03e9 d503201f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21668",
"url": "https://www.suse.com/security/cve/CVE-2025-21668"
},
{
"category": "external",
"summary": "SUSE Bug 1236682 for CVE-2025-21668",
"url": "https://bugzilla.suse.com/1236682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21668"
},
{
"cve": "CVE-2025-21669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21669"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: discard packets if the transport changes\n\nIf the socket has been de-assigned or assigned to another transport,\nwe must discard any packets received because they are not expected\nand would cause issues when we access vsk-\u003etransport.\n\nA possible scenario is described by Hyunwoo Kim in the attached link,\nwhere after a first connect() interrupted by a signal, and a second\nconnect() failed, we can find `vsk-\u003etransport` at NULL, leading to a\nNULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21669",
"url": "https://www.suse.com/security/cve/CVE-2025-21669"
},
{
"category": "external",
"summary": "SUSE Bug 1236683 for CVE-2025-21669",
"url": "https://bugzilla.suse.com/1236683"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21669"
},
{
"cve": "CVE-2025-21670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21670"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/bpf: return early if transport is not assigned\n\nSome of the core functions can only be called if the transport\nhas been assigned.\n\nAs Michal reported, a socket might have the transport at NULL,\nfor example after a failed connect(), causing the following trace:\n\n BUG: kernel NULL pointer dereference, address: 00000000000000a0\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+\n RIP: 0010:vsock_connectible_has_data+0x1f/0x40\n Call Trace:\n vsock_bpf_recvmsg+0xca/0x5e0\n sock_recvmsg+0xb9/0xc0\n __sys_recvfrom+0xb3/0x130\n __x64_sys_recvfrom+0x20/0x30\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nSo we need to check the `vsk-\u003etransport` in vsock_bpf_recvmsg(),\nespecially for connected sockets (stream/seqpacket) as we already\ndo in __vsock_connectible_recvmsg().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21670",
"url": "https://www.suse.com/security/cve/CVE-2025-21670"
},
{
"category": "external",
"summary": "SUSE Bug 1236685 for CVE-2025-21670",
"url": "https://bugzilla.suse.com/1236685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21670"
},
{
"cve": "CVE-2025-21671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21671"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nzram: fix potential UAF of zram table\n\nIf zram_meta_alloc failed early, it frees allocated zram-\u003etable without\nsetting it NULL. Which will potentially cause zram_meta_free to access\nthe table if user reset an failed and uninitialized device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21671",
"url": "https://www.suse.com/security/cve/CVE-2025-21671"
},
{
"category": "external",
"summary": "SUSE Bug 1236692 for CVE-2025-21671",
"url": "https://bugzilla.suse.com/1236692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21671"
},
{
"cve": "CVE-2025-21673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double free of TCP_Server_Info::hostname\n\nWhen shutting down the server in cifs_put_tcp_session(), cifsd thread\nmight be reconnecting to multiple DFS targets before it realizes it\nshould exit the loop, so @server-\u003ehostname can\u0027t be freed as long as\ncifsd thread isn\u0027t done. Otherwise the following can happen:\n\n RIP: 0010:__slab_free+0x223/0x3c0\n Code: 5e 41 5f c3 cc cc cc cc 4c 89 de 4c 89 cf 44 89 44 24 08 4c 89\n 1c 24 e8 fb cf 8e 00 44 8b 44 24 08 4c 8b 1c 24 e9 5f fe ff ff \u003c0f\u003e\n 0b 41 f7 45 08 00 0d 21 00 0f 85 2d ff ff ff e9 1f ff ff ff 80\n RSP: 0018:ffffb26180dbfd08 EFLAGS: 00010246\n RAX: ffff8ea34728e510 RBX: ffff8ea34728e500 RCX: 0000000000800068\n RDX: 0000000000800068 RSI: 0000000000000000 RDI: ffff8ea340042400\n RBP: ffffe112041ca380 R08: 0000000000000001 R09: 0000000000000000\n R10: 6170732e31303000 R11: 70726f632e786563 R12: ffff8ea34728e500\n R13: ffff8ea340042400 R14: ffff8ea34728e500 R15: 0000000000800068\n FS: 0000000000000000(0000) GS:ffff8ea66fd80000(0000)\n 000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ffc25376080 CR3: 000000012a2ba001 CR4:\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? show_trace_log_lvl+0x1c4/0x2df\n ? show_trace_log_lvl+0x1c4/0x2df\n ? __reconnect_target_unlocked+0x3e/0x160 [cifs]\n ? __die_body.cold+0x8/0xd\n ? die+0x2b/0x50\n ? do_trap+0xce/0x120\n ? __slab_free+0x223/0x3c0\n ? do_error_trap+0x65/0x80\n ? __slab_free+0x223/0x3c0\n ? exc_invalid_op+0x4e/0x70\n ? __slab_free+0x223/0x3c0\n ? asm_exc_invalid_op+0x16/0x20\n ? __slab_free+0x223/0x3c0\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? __kmalloc+0x4b/0x140\n __reconnect_target_unlocked+0x3e/0x160 [cifs]\n reconnect_dfs_server+0x145/0x430 [cifs]\n cifs_handle_standard+0x1ad/0x1d0 [cifs]\n cifs_demultiplex_thread+0x592/0x730 [cifs]\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n kthread+0xdd/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x50\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21673",
"url": "https://www.suse.com/security/cve/CVE-2025-21673"
},
{
"category": "external",
"summary": "SUSE Bug 1236689 for CVE-2025-21673",
"url": "https://bugzilla.suse.com/1236689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21673"
},
{
"cve": "CVE-2025-21675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21675"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Clear port select structure when fail to create\n\nClear the port select structure on error so no stale values left after\ndefiners are destroyed. That\u0027s because the mlx5_lag_destroy_definers()\nalways try to destroy all lag definers in the tt_map, so in the flow\nbelow lag definers get double-destroyed and cause kernel crash:\n\n mlx5_lag_port_sel_create()\n mlx5_lag_create_definers()\n mlx5_lag_create_definer() \u003c- Failed on tt 1\n mlx5_lag_destroy_definers() \u003c- definers[tt=0] gets destroyed\n mlx5_lag_port_sel_create()\n mlx5_lag_create_definers()\n mlx5_lag_create_definer() \u003c- Failed on tt 0\n mlx5_lag_destroy_definers() \u003c- definers[tt=0] gets double-destroyed\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008\n Mem abort info:\n ESR = 0x0000000096000005\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x05: level 1 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n user pgtable: 64k pages, 48-bit VAs, pgdp=0000000112ce2e00\n [0000000000000008] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n Modules linked in: iptable_raw bonding ip_gre ip6_gre gre ip6_tunnel tunnel6 geneve ip6_udp_tunnel udp_tunnel ipip tunnel4 ip_tunnel rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) mlx5_fwctl(OE) fwctl(OE) mlx5_core(OE) mlxdevm(OE) ib_core(OE) mlxfw(OE) memtrack(OE) mlx_compat(OE) openvswitch nsh nf_conncount psample xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo xt_addrtype iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter bridge stp llc netconsole overlay efi_pstore sch_fq_codel zram ip_tables crct10dif_ce qemu_fw_cfg fuse ipv6 crc_ccitt [last unloaded: mlx_compat(OE)]\n CPU: 3 UID: 0 PID: 217 Comm: kworker/u53:2 Tainted: G OE 6.11.0+ #2\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\n Workqueue: mlx5_lag mlx5_do_bond_work [mlx5_core]\n pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mlx5_del_flow_rules+0x24/0x2c0 [mlx5_core]\n lr : mlx5_lag_destroy_definer+0x54/0x100 [mlx5_core]\n sp : ffff800085fafb00\n x29: ffff800085fafb00 x28: ffff0000da0c8000 x27: 0000000000000000\n x26: ffff0000da0c8000 x25: ffff0000da0c8000 x24: ffff0000da0c8000\n x23: ffff0000c31f81a0 x22: 0400000000000000 x21: ffff0000da0c8000\n x20: 0000000000000000 x19: 0000000000000001 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff8b0c9350\n x14: 0000000000000000 x13: ffff800081390d18 x12: ffff800081dc3cc0\n x11: 0000000000000001 x10: 0000000000000b10 x9 : ffff80007ab7304c\n x8 : ffff0000d00711f0 x7 : 0000000000000004 x6 : 0000000000000190\n x5 : ffff00027edb3010 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : ffff0000d39b8000 x1 : ffff0000d39b8000 x0 : 0400000000000000\n Call trace:\n mlx5_del_flow_rules+0x24/0x2c0 [mlx5_core]\n mlx5_lag_destroy_definer+0x54/0x100 [mlx5_core]\n mlx5_lag_destroy_definers+0xa0/0x108 [mlx5_core]\n mlx5_lag_port_sel_create+0x2d4/0x6f8 [mlx5_core]\n mlx5_activate_lag+0x60c/0x6f8 [mlx5_core]\n mlx5_do_bond_work+0x284/0x5c8 [mlx5_core]\n process_one_work+0x170/0x3e0\n worker_thread+0x2d8/0x3e0\n kthread+0x11c/0x128\n ret_from_fork+0x10/0x20\n Code: a9025bf5 aa0003f6 a90363f7 f90023f9 (f9400400)\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21675",
"url": "https://www.suse.com/security/cve/CVE-2025-21675"
},
{
"category": "external",
"summary": "SUSE Bug 1236694 for CVE-2025-21675",
"url": "https://bugzilla.suse.com/1236694"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21675"
},
{
"cve": "CVE-2025-21678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: Destroy device along with udp socket\u0027s netns dismantle.\n\ngtp_newlink() links the device to a list in dev_net(dev) instead of\nsrc_net, where a udp tunnel socket is created.\n\nEven when src_net is removed, the device stays alive on dev_net(dev).\nThen, removing src_net triggers the splat below. [0]\n\nIn this example, gtp0 is created in ns2, and the udp socket is created\nin ns1.\n\n ip netns add ns1\n ip netns add ns2\n ip -n ns1 link add netns ns2 name gtp0 type gtp role sgsn\n ip netns del ns1\n\nLet\u0027s link the device to the socket\u0027s netns instead.\n\nNow, gtp_net_exit_batch_rtnl() needs another netdev iteration to remove\nall gtp devices in the netns.\n\n[0]:\nref_tracker: net notrefcnt@000000003d6e7d05 has 1/2 users at\n sk_alloc (./include/net/net_namespace.h:345 net/core/sock.c:2236)\n inet_create (net/ipv4/af_inet.c:326 net/ipv4/af_inet.c:252)\n __sock_create (net/socket.c:1558)\n udp_sock_create4 (net/ipv4/udp_tunnel_core.c:18)\n gtp_create_sock (./include/net/udp_tunnel.h:59 drivers/net/gtp.c:1423)\n gtp_create_sockets (drivers/net/gtp.c:1447)\n gtp_newlink (drivers/net/gtp.c:1507)\n rtnl_newlink (net/core/rtnetlink.c:3786 net/core/rtnetlink.c:3897 net/core/rtnetlink.c:4012)\n rtnetlink_rcv_msg (net/core/rtnetlink.c:6922)\n netlink_rcv_skb (net/netlink/af_netlink.c:2542)\n netlink_unicast (net/netlink/af_netlink.c:1321 net/netlink/af_netlink.c:1347)\n netlink_sendmsg (net/netlink/af_netlink.c:1891)\n ____sys_sendmsg (net/socket.c:711 net/socket.c:726 net/socket.c:2583)\n ___sys_sendmsg (net/socket.c:2639)\n __sys_sendmsg (net/socket.c:2669)\n do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\n\nWARNING: CPU: 1 PID: 60 at lib/ref_tracker.c:179 ref_tracker_dir_exit (lib/ref_tracker.c:179)\nModules linked in:\nCPU: 1 UID: 0 PID: 60 Comm: kworker/u16:2 Not tainted 6.13.0-rc5-00147-g4c1224501e9d #5\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nWorkqueue: netns cleanup_net\nRIP: 0010:ref_tracker_dir_exit (lib/ref_tracker.c:179)\nCode: 00 00 00 fc ff df 4d 8b 26 49 bd 00 01 00 00 00 00 ad de 4c 39 f5 0f 85 df 00 00 00 48 8b 74 24 08 48 89 df e8 a5 cc 12 02 90 \u003c0f\u003e 0b 90 48 8d 6b 44 be 04 00 00 00 48 89 ef e8 80 de 67 ff 48 89\nRSP: 0018:ff11000009a07b60 EFLAGS: 00010286\nRAX: 0000000000002bd3 RBX: ff1100000f4e1aa0 RCX: 1ffffffff0e40ac6\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8423ee3c\nRBP: ff1100000f4e1af0 R08: 0000000000000001 R09: fffffbfff0e395ae\nR10: 0000000000000001 R11: 0000000000036001 R12: ff1100000f4e1af0\nR13: dead000000000100 R14: ff1100000f4e1af0 R15: dffffc0000000000\nFS: 0000000000000000(0000) GS:ff1100006ce80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f9b2464bd98 CR3: 0000000005286005 CR4: 0000000000771ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __warn (kernel/panic.c:748)\n ? ref_tracker_dir_exit (lib/ref_tracker.c:179)\n ? report_bug (lib/bug.c:201 lib/bug.c:219)\n ? handle_bug (arch/x86/kernel/traps.c:285)\n ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1))\n ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621)\n ? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:97 ./arch/x86/include/asm/irqflags.h:155 ./include/linux/spinlock_api_smp.h:151 kernel/locking/spinlock.c:194)\n ? ref_tracker_dir_exit (lib/ref_tracker.c:179)\n ? __pfx_ref_tracker_dir_exit (lib/ref_tracker.c:158)\n ? kfree (mm/slub.c:4613 mm/slub.c:4761)\n net_free (net/core/net_namespace.c:476 net/core/net_namespace.c:467)\n cleanup_net (net/core/net_namespace.c:664 (discriminator 3))\n process_one_work (kernel/workqueue.c:3229)\n worker_thread (kernel/workqueue.c:3304 kernel/workqueue.c:3391\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21678",
"url": "https://www.suse.com/security/cve/CVE-2025-21678"
},
{
"category": "external",
"summary": "SUSE Bug 1236698 for CVE-2025-21678",
"url": "https://bugzilla.suse.com/1236698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21678"
},
{
"cve": "CVE-2025-21680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: Avoid out-of-bounds access in get_imix_entries\n\nPassing a sufficient amount of imix entries leads to invalid access to the\npkt_dev-\u003eimix_entries array because of the incorrect boundary check.\n\nUBSAN: array-index-out-of-bounds in net/core/pktgen.c:874:24\nindex 20 is out of range for type \u0027imix_pkt [20]\u0027\nCPU: 2 PID: 1210 Comm: bash Not tainted 6.10.0-rc1 #121\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl lib/dump_stack.c:117\n__ubsan_handle_out_of_bounds lib/ubsan.c:429\nget_imix_entries net/core/pktgen.c:874\npktgen_if_write net/core/pktgen.c:1063\npde_write fs/proc/inode.c:334\nproc_reg_write fs/proc/inode.c:346\nvfs_write fs/read_write.c:593\nksys_write fs/read_write.c:644\ndo_syscall_64 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe arch/x86/entry/entry_64.S:130\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[ fp: allow to fill the array completely; minor changelog cleanup ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21680",
"url": "https://www.suse.com/security/cve/CVE-2025-21680"
},
{
"category": "external",
"summary": "SUSE Bug 1236700 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "external",
"summary": "SUSE Bug 1236701 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21680"
},
{
"cve": "CVE-2025-21681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: fix lockup on tx to unregistering netdev with carrier\n\nCommit in a fixes tag attempted to fix the issue in the following\nsequence of calls:\n\n do_output\n -\u003e ovs_vport_send\n -\u003e dev_queue_xmit\n -\u003e __dev_queue_xmit\n -\u003e netdev_core_pick_tx\n -\u003e skb_tx_hash\n\nWhen device is unregistering, the \u0027dev-\u003ereal_num_tx_queues\u0027 goes to\nzero and the \u0027while (unlikely(hash \u003e= qcount))\u0027 loop inside the\n\u0027skb_tx_hash\u0027 becomes infinite, locking up the core forever.\n\nBut unfortunately, checking just the carrier status is not enough to\nfix the issue, because some devices may still be in unregistering\nstate while reporting carrier status OK.\n\nOne example of such device is a net/dummy. It sets carrier ON\non start, but it doesn\u0027t implement .ndo_stop to set the carrier off.\nAnd it makes sense, because dummy doesn\u0027t really have a carrier.\nTherefore, while this device is unregistering, it\u0027s still easy to hit\nthe infinite loop in the skb_tx_hash() from the OVS datapath. There\nmight be other drivers that do the same, but dummy by itself is\nimportant for the OVS ecosystem, because it is frequently used as a\npacket sink for tcpdump while debugging OVS deployments. And when the\nissue is hit, the only way to recover is to reboot.\n\nFix that by also checking if the device is running. The running\nstate is handled by the net core during unregistering, so it covers\nunregistering case better, and we don\u0027t really need to send packets\nto devices that are not running anyway.\n\nWhile only checking the running state might be enough, the carrier\ncheck is preserved. The running and the carrier states seem disjoined\nthroughout the code and different drivers. And other core functions\nlike __dev_direct_xmit() check both before attempting to transmit\na packet. So, it seems safer to check both flags in OVS as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21681",
"url": "https://www.suse.com/security/cve/CVE-2025-21681"
},
{
"category": "external",
"summary": "SUSE Bug 1236702 for CVE-2025-21681",
"url": "https://bugzilla.suse.com/1236702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21681"
},
{
"cve": "CVE-2025-21684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21684"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: xilinx: Convert gpio_lock to raw spinlock\n\nirq_chip functions may be called in raw spinlock context. Therefore, we\nmust also use a raw spinlock for our own internal locking.\n\nThis fixes the following lockdep splat:\n\n[ 5.349336] =============================\n[ 5.353349] [ BUG: Invalid wait context ]\n[ 5.357361] 6.13.0-rc5+ #69 Tainted: G W\n[ 5.363031] -----------------------------\n[ 5.367045] kworker/u17:1/44 is trying to lock:\n[ 5.371587] ffffff88018b02c0 (\u0026chip-\u003egpio_lock){....}-{3:3}, at: xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.380079] other info that might help us debug this:\n[ 5.385138] context-{5:5}\n[ 5.387762] 5 locks held by kworker/u17:1/44:\n[ 5.392123] #0: ffffff8800014958 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3204)\n[ 5.402260] #1: ffffffc082fcbdd8 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3205)\n[ 5.411528] #2: ffffff880172c900 (\u0026dev-\u003emutex){....}-{4:4}, at: __device_attach (drivers/base/dd.c:1006)\n[ 5.419929] #3: ffffff88039c8268 (request_class#2){+.+.}-{4:4}, at: __setup_irq (kernel/irq/internals.h:156 kernel/irq/manage.c:1596)\n[ 5.428331] #4: ffffff88039c80c8 (lock_class#2){....}-{2:2}, at: __setup_irq (kernel/irq/manage.c:1614)\n[ 5.436472] stack backtrace:\n[ 5.439359] CPU: 2 UID: 0 PID: 44 Comm: kworker/u17:1 Tainted: G W 6.13.0-rc5+ #69\n[ 5.448690] Tainted: [W]=WARN\n[ 5.451656] Hardware name: xlnx,zynqmp (DT)\n[ 5.455845] Workqueue: events_unbound deferred_probe_work_func\n[ 5.461699] Call trace:\n[ 5.464147] show_stack+0x18/0x24 C\n[ 5.467821] dump_stack_lvl (lib/dump_stack.c:123)\n[ 5.471501] dump_stack (lib/dump_stack.c:130)\n[ 5.474824] __lock_acquire (kernel/locking/lockdep.c:4828 kernel/locking/lockdep.c:4898 kernel/locking/lockdep.c:5176)\n[ 5.478758] lock_acquire (arch/arm64/include/asm/percpu.h:40 kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851 kernel/locking/lockdep.c:5814)\n[ 5.482429] _raw_spin_lock_irqsave (include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\n[ 5.486797] xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.490737] irq_enable (kernel/irq/internals.h:236 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345)\n[ 5.494060] __irq_startup (kernel/irq/internals.h:241 kernel/irq/chip.c:180 kernel/irq/chip.c:250)\n[ 5.497645] irq_startup (kernel/irq/chip.c:270)\n[ 5.501143] __setup_irq (kernel/irq/manage.c:1807)\n[ 5.504728] request_threaded_irq (kernel/irq/manage.c:2208)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21684",
"url": "https://www.suse.com/security/cve/CVE-2025-21684"
},
{
"category": "external",
"summary": "SUSE Bug 1236952 for CVE-2025-21684",
"url": "https://bugzilla.suse.com/1236952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21684"
},
{
"cve": "CVE-2025-21687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/platform: check the bounds of read/write syscalls\n\ncount and offset are passed from user space and not checked, only\noffset is capped to 40 bits, which can be used to read/write out of\nbounds of the device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21687",
"url": "https://www.suse.com/security/cve/CVE-2025-21687"
},
{
"category": "external",
"summary": "SUSE Bug 1237045 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "external",
"summary": "SUSE Bug 1237046 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21687"
},
{
"cve": "CVE-2025-21688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21688"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Assign job pointer to NULL before signaling the fence\n\nIn commit e4b5ccd392b9 (\"drm/v3d: Ensure job pointer is set to NULL\nafter job completion\"), we introduced a change to assign the job pointer\nto NULL after completing a job, indicating job completion.\n\nHowever, this approach created a race condition between the DRM\nscheduler workqueue and the IRQ execution thread. As soon as the fence is\nsignaled in the IRQ execution thread, a new job starts to be executed.\nThis results in a race condition where the IRQ execution thread sets the\njob pointer to NULL simultaneously as the `run_job()` function assigns\na new job to the pointer.\n\nThis race condition can lead to a NULL pointer dereference if the IRQ\nexecution thread sets the job pointer to NULL after `run_job()` assigns\nit to the new job. When the new job completes and the GPU emits an\ninterrupt, `v3d_irq()` is triggered, potentially causing a crash.\n\n[ 466.310099] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0\n[ 466.318928] Mem abort info:\n[ 466.321723] ESR = 0x0000000096000005\n[ 466.325479] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 466.330807] SET = 0, FnV = 0\n[ 466.333864] EA = 0, S1PTW = 0\n[ 466.337010] FSC = 0x05: level 1 translation fault\n[ 466.341900] Data abort info:\n[ 466.344783] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 466.350285] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 466.355350] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 466.360677] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000089772000\n[ 466.367140] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 466.375875] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[ 466.382163] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device algif_hash algif_skcipher af_alg bnep binfmt_misc vc4 snd_soc_hdmi_codec drm_display_helper cec brcmfmac_wcc spidev rpivid_hevc(C) drm_client_lib brcmfmac hci_uart drm_dma_helper pisp_be btbcm brcmutil snd_soc_core aes_ce_blk v4l2_mem2mem bluetooth aes_ce_cipher snd_compress videobuf2_dma_contig ghash_ce cfg80211 gf128mul snd_pcm_dmaengine videobuf2_memops ecdh_generic sha2_ce ecc videobuf2_v4l2 snd_pcm v3d sha256_arm64 rfkill videodev snd_timer sha1_ce libaes gpu_sched snd videobuf2_common sha1_generic drm_shmem_helper mc rp1_pio drm_kms_helper raspberrypi_hwmon spi_bcm2835 gpio_keys i2c_brcmstb rp1 raspberrypi_gpiomem rp1_mailbox rp1_adc nvmem_rmem uio_pdrv_genirq uio i2c_dev drm ledtrig_pattern drm_panel_orientation_quirks backlight fuse dm_mod ip_tables x_tables ipv6\n[ 466.458429] CPU: 0 UID: 1000 PID: 2008 Comm: chromium Tainted: G C 6.13.0-v8+ #18\n[ 466.467336] Tainted: [C]=CRAP\n[ 466.470306] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\n[ 466.476157] pstate: 404000c9 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 466.483143] pc : v3d_irq+0x118/0x2e0 [v3d]\n[ 466.487258] lr : __handle_irq_event_percpu+0x60/0x228\n[ 466.492327] sp : ffffffc080003ea0\n[ 466.495646] x29: ffffffc080003ea0 x28: ffffff80c0c94200 x27: 0000000000000000\n[ 466.502807] x26: ffffffd08dd81d7b x25: ffffff80c0c94200 x24: ffffff8003bdc200\n[ 466.509969] x23: 0000000000000001 x22: 00000000000000a7 x21: 0000000000000000\n[ 466.517130] x20: ffffff8041bb0000 x19: 0000000000000001 x18: 0000000000000000\n[ 466.524291] x17: ffffffafadfb0000 x16: ffffffc080000000 x15: 0000000000000000\n[ 466.531452] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 466.538613] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffffd08c527eb0\n[ 466.545777] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n[ 466.552941] x5 : ffffffd08c4100d0 x4 : ffffffafadfb0000 x3 : ffffffc080003f70\n[ 466.560102] x2 : ffffffc0829e8058 x1 : 0000000000000001 x0 : 0000000000000000\n[ 466.567263] Call trace:\n[ 466.569711] v3d_irq+0x118/0x2e0 [v3d] (P)\n[ 466.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21688",
"url": "https://www.suse.com/security/cve/CVE-2025-21688"
},
{
"category": "external",
"summary": "SUSE Bug 1237007 for CVE-2025-21688",
"url": "https://bugzilla.suse.com/1237007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21688"
},
{
"cve": "CVE-2025-21689",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21689"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()\n\nThis patch addresses a null-ptr-deref in qt2_process_read_urb() due to\nan incorrect bounds check in the following:\n\n if (newport \u003e serial-\u003enum_ports) {\n dev_err(\u0026port-\u003edev,\n \"%s - port change to invalid port: %i\\n\",\n __func__, newport);\n break;\n }\n\nThe condition doesn\u0027t account for the valid range of the serial-\u003eport\nbuffer, which is from 0 to serial-\u003enum_ports - 1. When newport is equal\nto serial-\u003enum_ports, the assignment of \"port\" in the\nfollowing code is out-of-bounds and NULL:\n\n serial_priv-\u003ecurrent_port = newport;\n port = serial-\u003eport[serial_priv-\u003ecurrent_port];\n\nThe fix checks if newport is greater than or equal to serial-\u003enum_ports\nindicating it is out-of-bounds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21689",
"url": "https://www.suse.com/security/cve/CVE-2025-21689"
},
{
"category": "external",
"summary": "SUSE Bug 1237017 for CVE-2025-21689",
"url": "https://bugzilla.suse.com/1237017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21689"
},
{
"cve": "CVE-2025-21690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21690"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Ratelimit warning logs to prevent VM denial of service\n\nIf there\u0027s a persistent error in the hypervisor, the SCSI warning for\nfailed I/O can flood the kernel log and max out CPU utilization,\npreventing troubleshooting from the VM side. Ratelimit the warning so\nit doesn\u0027t DoS the VM.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21690",
"url": "https://www.suse.com/security/cve/CVE-2025-21690"
},
{
"category": "external",
"summary": "SUSE Bug 1237025 for CVE-2025-21690",
"url": "https://bugzilla.suse.com/1237025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21690"
},
{
"cve": "CVE-2025-21692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan \u003cg1042620637@gmail.com\u003e found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [ 18.852298] ------------[ cut here ]------------\n [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [ 18.853743] index 18446744073709551615 is out of range for type \u0027ets_class [16]\u0027\n [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [ 18.856532] Call Trace:\n [ 18.857441] \u003cTASK\u003e\n [ 18.858227] dump_stack_lvl+0xc2/0xf0\n [ 18.859607] dump_stack+0x10/0x20\n [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0\n [ 18.864022] ets_class_change+0x3d6/0x3f0\n [ 18.864322] tc_ctl_tclass+0x251/0x910\n [ 18.864587] ? lock_acquire+0x5e/0x140\n [ 18.865113] ? __mutex_lock+0x9c/0xe70\n [ 18.866009] ? __mutex_lock+0xa34/0xe70\n [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0\n [ 18.866806] ? __lock_acquire+0x578/0xc10\n [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [ 18.867503] netlink_rcv_skb+0x59/0x110\n [ 18.867776] rtnetlink_rcv+0x15/0x30\n [ 18.868159] netlink_unicast+0x1c3/0x2b0\n [ 18.868440] netlink_sendmsg+0x239/0x4b0\n [ 18.868721] ____sys_sendmsg+0x3e2/0x410\n [ 18.869012] ___sys_sendmsg+0x88/0xe0\n [ 18.869276] ? rseq_ip_fixup+0x198/0x260\n [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190\n [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0\n [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220\n [ 18.870547] ? do_syscall_64+0x93/0x150\n [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290\n [ 18.871157] __sys_sendmsg+0x69/0xd0\n [ 18.871416] __x64_sys_sendmsg+0x1d/0x30\n [ 18.871699] x64_sys_call+0x9e2/0x2670\n [ 18.871979] do_syscall_64+0x87/0x150\n [ 18.873280] ? do_syscall_64+0x93/0x150\n [ 18.874742] ? lock_release+0x7b/0x160\n [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0\n [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210\n [ 18.879608] ? irqentry_exit+0x77/0xb0\n [ 18.879808] ? clear_bhb_loop+0x15/0x70\n [ 18.880023] ? clear_bhb_loop+0x15/0x70\n [ 18.880223] ? clear_bhb_loop+0x15/0x70\n [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [ 18.880683] RIP: 0033:0x44a957\n [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [ 18.888395] \u003c/TASK\u003e\n [ 18.888610] ---[ end trace ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21692",
"url": "https://www.suse.com/security/cve/CVE-2025-21692"
},
{
"category": "external",
"summary": "SUSE Bug 1237028 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "external",
"summary": "SUSE Bug 1237048 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: zswap: properly synchronize freeing resources during CPU hotunplug\n\nIn zswap_compress() and zswap_decompress(), the per-CPU acomp_ctx of the\ncurrent CPU at the beginning of the operation is retrieved and used\nthroughout. However, since neither preemption nor migration are disabled,\nit is possible that the operation continues on a different CPU.\n\nIf the original CPU is hotunplugged while the acomp_ctx is still in use,\nwe run into a UAF bug as some of the resources attached to the acomp_ctx\nare freed during hotunplug in zswap_cpu_comp_dead() (i.e. \nacomp_ctx.buffer, acomp_ctx.req, or acomp_ctx.acomp).\n\nThe problem was introduced in commit 1ec3b5fe6eec (\"mm/zswap: move to use\ncrypto_acomp API for hardware acceleration\") when the switch to the\ncrypto_acomp API was made. Prior to that, the per-CPU crypto_comp was\nretrieved using get_cpu_ptr() which disables preemption and makes sure the\nCPU cannot go away from under us. Preemption cannot be disabled with the\ncrypto_acomp API as a sleepable context is needed.\n\nUse the acomp_ctx.mutex to synchronize CPU hotplug callbacks allocating\nand freeing resources with compression/decompression paths. Make sure\nthat acomp_ctx.req is NULL when the resources are freed. In the\ncompression/decompression paths, check if acomp_ctx.req is NULL after\nacquiring the mutex (meaning the CPU was offlined) and retry on the new\nCPU.\n\nThe initialization of acomp_ctx.mutex is moved from the CPU hotplug\ncallback to the pool initialization where it belongs (where the mutex is\nallocated). In addition to adding clarity, this makes sure that CPU\nhotplug cannot reinitialize a mutex that is already locked by\ncompression/decompression.\n\nPreviously a fix was attempted by holding cpus_read_lock() [1]. This\nwould have caused a potential deadlock as it is possible for code already\nholding the lock to fall into reclaim and enter zswap (causing a\ndeadlock). A fix was also attempted using SRCU for synchronization, but\nJohannes pointed out that synchronize_srcu() cannot be used in CPU hotplug\nnotifiers [2].\n\nAlternative fixes that were considered/attempted and could have worked:\n- Refcounting the per-CPU acomp_ctx. This involves complexity in\n handling the race between the refcount dropping to zero in\n zswap_[de]compress() and the refcount being re-initialized when the\n CPU is onlined.\n- Disabling migration before getting the per-CPU acomp_ctx [3], but\n that\u0027s discouraged and is a much bigger hammer than needed, and could\n result in subtle performance issues.\n\n[1]https://lkml.kernel.org/20241219212437.2714151-1-yosryahmed@google.com/\n[2]https://lkml.kernel.org/20250107074724.1756696-2-yosryahmed@google.com/\n[3]https://lkml.kernel.org/20250107222236.2715883-2-yosryahmed@google.com/\n\n[yosryahmed@google.com: remove comment]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21693",
"url": "https://www.suse.com/security/cve/CVE-2025-21693"
},
{
"category": "external",
"summary": "SUSE Bug 1237029 for CVE-2025-21693",
"url": "https://bugzilla.suse.com/1237029"
},
{
"category": "external",
"summary": "SUSE Bug 1237047 for CVE-2025-21693",
"url": "https://bugzilla.suse.com/1237047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21693"
},
{
"cve": "CVE-2025-21697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Ensure job pointer is set to NULL after job completion\n\nAfter a job completes, the corresponding pointer in the device must\nbe set to NULL. Failing to do so triggers a warning when unloading\nthe driver, as it appears the job is still active. To prevent this,\nassign the job pointer to NULL after completing the job, indicating\nthe job has finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21697",
"url": "https://www.suse.com/security/cve/CVE-2025-21697"
},
{
"category": "external",
"summary": "SUSE Bug 1237132 for CVE-2025-21697",
"url": "https://bugzilla.suse.com/1237132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "low"
}
],
"title": "CVE-2025-21697"
},
{
"cve": "CVE-2025-21699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Truncate address space when flipping GFS2_DIF_JDATA flag\n\nTruncate an inode\u0027s address space when flipping the GFS2_DIF_JDATA flag:\ndepending on that flag, the pages in the address space will either use\nbuffer heads or iomap_folio_state structs, and we cannot mix the two.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21699",
"url": "https://www.suse.com/security/cve/CVE-2025-21699"
},
{
"category": "external",
"summary": "SUSE Bug 1237139 for CVE-2025-21699",
"url": "https://bugzilla.suse.com/1237139"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21699"
},
{
"cve": "CVE-2025-21700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: Disallow replacing of child qdisc from one parent to another\n\nLion Ackermann was able to create a UAF which can be abused for privilege\nescalation with the following script\n\nStep 1. create root qdisc\ntc qdisc add dev lo root handle 1:0 drr\n\nstep2. a class for packet aggregation do demonstrate uaf\ntc class add dev lo classid 1:1 drr\n\nstep3. a class for nesting\ntc class add dev lo classid 1:2 drr\n\nstep4. a class to graft qdisc to\ntc class add dev lo classid 1:3 drr\n\nstep5.\ntc qdisc add dev lo parent 1:1 handle 2:0 plug limit 1024\n\nstep6.\ntc qdisc add dev lo parent 1:2 handle 3:0 drr\n\nstep7.\ntc class add dev lo classid 3:1 drr\n\nstep 8.\ntc qdisc add dev lo parent 3:1 handle 4:0 pfifo\n\nstep 9. Display the class/qdisc layout\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nstep10. trigger the bug \u003c=== prevented by this patch\ntc qdisc replace dev lo parent 1:3 handle 4:0\n\nstep 11. Redisplay again the qdiscs/classes\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 1:3 root leaf 4: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 refcnt 2 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nObserve that a) parent for 4:0 does not change despite the replace request.\nThere can only be one parent. b) refcount has gone up by two for 4:0 and\nc) both class 1:3 and 3:1 are pointing to it.\n\nStep 12. send one packet to plug\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10001))\nstep13. send one packet to the grafted fifo\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10003))\n\nstep14. lets trigger the uaf\ntc class delete dev lo classid 1:3\ntc class delete dev lo classid 1:1\n\nThe semantics of \"replace\" is for a del/add _on the same node_ and not\na delete from one node(3:1) and add to another node (1:3) as in step10.\nWhile we could \"fix\" with a more complex approach there could be\nconsequences to expectations so the patch takes the preventive approach of\n\"disallow such config\".\n\nJoint work with Lion Ackermann \u003cnnamrec@gmail.com\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21700",
"url": "https://www.suse.com/security/cve/CVE-2025-21700"
},
{
"category": "external",
"summary": "SUSE Bug 1237159 for CVE-2025-21700",
"url": "https://bugzilla.suse.com/1237159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21700"
},
{
"cve": "CVE-2025-21701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: avoid race between device unregistration and ethnl ops\n\nThe following trace can be seen if a device is being unregistered while\nits number of channels are being modified.\n\n DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120\n CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771\n RIP: 0010:__mutex_lock+0xc8a/0x1120\n Call Trace:\n \u003cTASK\u003e\n ethtool_check_max_channel+0x1ea/0x880\n ethnl_set_channels+0x3c3/0xb10\n ethnl_default_set_doit+0x306/0x650\n genl_family_rcv_msg_doit+0x1e3/0x2c0\n genl_rcv_msg+0x432/0x6f0\n netlink_rcv_skb+0x13d/0x3b0\n genl_rcv+0x28/0x40\n netlink_unicast+0x42e/0x720\n netlink_sendmsg+0x765/0xc20\n __sys_sendto+0x3ac/0x420\n __x64_sys_sendto+0xe0/0x1c0\n do_syscall_64+0x95/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThis is because unregister_netdevice_many_notify might run before the\nrtnl lock section of ethnl operations, eg. set_channels in the above\nexample. In this example the rss lock would be destroyed by the device\nunregistration path before being used again, but in general running\nethnl operations while dismantle has started is not a good idea.\n\nFix this by denying any operation on devices being unregistered. A check\nwas already there in ethnl_ops_begin, but not wide enough.\n\nNote that the same issue cannot be seen on the ioctl version\n(__dev_ethtool) because the device reference is retrieved from within\nthe rtnl lock section there. Once dismantle started, the net device is\nunlisted and no reference will be found.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21701",
"url": "https://www.suse.com/security/cve/CVE-2025-21701"
},
{
"category": "external",
"summary": "SUSE Bug 1237164 for CVE-2025-21701",
"url": "https://bugzilla.suse.com/1237164"
},
{
"category": "external",
"summary": "SUSE Bug 1245805 for CVE-2025-21701",
"url": "https://bugzilla.suse.com/1245805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21701"
},
{
"cve": "CVE-2025-21703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: Update sch-\u003eq.qlen before qdisc_tree_reduce_backlog()\n\nqdisc_tree_reduce_backlog() notifies parent qdisc only if child\nqdisc becomes empty, therefore we need to reduce the backlog of the\nchild qdisc before calling it. Otherwise it would miss the opportunity\nto call cops-\u003eqlen_notify(), in the case of DRR, it resulted in UAF\nsince DRR uses -\u003eqlen_notify() to maintain its active list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21703",
"url": "https://www.suse.com/security/cve/CVE-2025-21703"
},
{
"category": "external",
"summary": "SUSE Bug 1237313 for CVE-2025-21703",
"url": "https://bugzilla.suse.com/1237313"
},
{
"category": "external",
"summary": "SUSE Bug 1245796 for CVE-2025-21703",
"url": "https://bugzilla.suse.com/1245796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21703"
},
{
"cve": "CVE-2025-21704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21704"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdc-acm: Check control transfer buffer size before access\n\nIf the first fragment is shorter than struct usb_cdc_notification, we can\u0027t\ncalculate an expected_size. Log an error and discard the notification\ninstead of reading lengths from memory outside the received data, which can\nlead to memory corruption when the expected_size decreases between\nfragments, causing `expected_size - acm-\u003enb_index` to wrap.\n\nThis issue has been present since the beginning of git history; however,\nit only leads to memory corruption since commit ea2583529cd1\n(\"cdc-acm: reassemble fragmented notifications\").\n\nA mitigating factor is that acm_ctrl_irq() can only execute after userspace\nhas opened /dev/ttyACM*; but if ModemManager is running, ModemManager will\ndo that automatically depending on the USB device\u0027s vendor/product IDs and\nits other interfaces.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21704",
"url": "https://www.suse.com/security/cve/CVE-2025-21704"
},
{
"category": "external",
"summary": "SUSE Bug 1237571 for CVE-2025-21704",
"url": "https://bugzilla.suse.com/1237571"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21704"
},
{
"cve": "CVE-2025-21705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21705"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle fastopen disconnect correctly\n\nSyzbot was able to trigger a data stream corruption:\n\n WARNING: CPU: 0 PID: 9846 at net/mptcp/protocol.c:1024 __mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Modules linked in:\n CPU: 0 UID: 0 PID: 9846 Comm: syz-executor351 Not tainted 6.13.0-rc2-syzkaller-00059-g00a5acdbf398 #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\n RIP: 0010:__mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Code: fa ff ff 48 8b 4c 24 18 80 e1 07 fe c1 38 c1 0f 8c 8e fa ff ff 48 8b 7c 24 18 e8 e0 db 54 f6 e9 7f fa ff ff e8 e6 80 ee f5 90 \u003c0f\u003e 0b 90 4c 8b 6c 24 40 4d 89 f4 e9 04 f5 ff ff 44 89 f1 80 e1 07\n RSP: 0018:ffffc9000c0cf400 EFLAGS: 00010293\n RAX: ffffffff8bb0dd5a RBX: ffff888033f5d230 RCX: ffff888059ce8000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000c0cf518 R08: ffffffff8bb0d1dd R09: 1ffff110170c8928\n R10: dffffc0000000000 R11: ffffed10170c8929 R12: 0000000000000000\n R13: ffff888033f5d220 R14: dffffc0000000000 R15: ffff8880592b8000\n FS: 00007f6e866496c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f6e86f491a0 CR3: 00000000310e6000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n __mptcp_clean_una_wakeup+0x7f/0x2d0 net/mptcp/protocol.c:1074\n mptcp_release_cb+0x7cb/0xb30 net/mptcp/protocol.c:3493\n release_sock+0x1aa/0x1f0 net/core/sock.c:3640\n inet_wait_for_connect net/ipv4/af_inet.c:609 [inline]\n __inet_stream_connect+0x8bd/0xf30 net/ipv4/af_inet.c:703\n mptcp_sendmsg_fastopen+0x2a2/0x530 net/mptcp/protocol.c:1755\n mptcp_sendmsg+0x1884/0x1b10 net/mptcp/protocol.c:1830\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f6e86ebfe69\n Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007f6e86649168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f6e86f491b8 RCX: 00007f6e86ebfe69\n RDX: 0000000030004001 RSI: 0000000020000080 RDI: 0000000000000003\n RBP: 00007f6e86f491b0 R08: 00007f6e866496c0 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6e86f491bc\n R13: 000000000000006e R14: 00007ffe445d9420 R15: 00007ffe445d9508\n \u003c/TASK\u003e\n\nThe root cause is the bad handling of disconnect() generated internally\nby the MPTCP protocol in case of connect FASTOPEN errors.\n\nAddress the issue increasing the socket disconnect counter even on such\na case, to allow other threads waiting on the same socket lock to\nproperly error out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21705",
"url": "https://www.suse.com/security/cve/CVE-2025-21705"
},
{
"category": "external",
"summary": "SUSE Bug 1238525 for CVE-2025-21705",
"url": "https://bugzilla.suse.com/1238525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21705"
},
{
"cve": "CVE-2025-21706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21706"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only set fullmesh for subflow endp\n\nWith the in-kernel path-manager, it is possible to change the \u0027fullmesh\u0027\nflag. The code in mptcp_pm_nl_fullmesh() expects to change it only on\n\u0027subflow\u0027 endpoints, to recreate more or less subflows using the linked\naddress.\n\nUnfortunately, the set_flags() hook was a bit more permissive, and\nallowed \u0027implicit\u0027 endpoints to get the \u0027fullmesh\u0027 flag while it is not\nallowed before.\n\nThat\u0027s what syzbot found, triggering the following warning:\n\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 __mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064\n Modules linked in:\n CPU: 0 UID: 0 PID: 6499 Comm: syz.1.413 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n RIP: 0010:__mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]\n RIP: 0010:mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]\n RIP: 0010:mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]\n RIP: 0010:mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064\n Code: 01 00 00 49 89 c5 e8 fb 45 e8 f5 e9 b8 fc ff ff e8 f1 45 e8 f5 4c 89 f7 be 03 00 00 00 e8 44 1d 0b f9 eb a0 e8 dd 45 e8 f5 90 \u003c0f\u003e 0b 90 e9 17 ff ff ff 89 d9 80 e1 07 38 c1 0f 8c c9 fc ff ff 48\n RSP: 0018:ffffc9000d307240 EFLAGS: 00010293\n RAX: ffffffff8bb72e03 RBX: 0000000000000000 RCX: ffff88807da88000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000d307430 R08: ffffffff8bb72cf0 R09: 1ffff1100b842a5e\n R10: dffffc0000000000 R11: ffffed100b842a5f R12: ffff88801e2e5ac0\n R13: ffff88805c214800 R14: ffff88805c2152e8 R15: 1ffff1100b842a5d\n FS: 00005555619f6500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000020002840 CR3: 00000000247e6000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2542\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f5fe8785d29\n Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007fff571f5558 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f5fe8975fa0 RCX: 00007f5fe8785d29\n RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000007\n RBP: 00007f5fe8801b08 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 00007f5fe8975fa0 R14: 00007f5fe8975fa0 R15: 000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21706",
"url": "https://www.suse.com/security/cve/CVE-2025-21706"
},
{
"category": "external",
"summary": "SUSE Bug 1238528 for CVE-2025-21706",
"url": "https://bugzilla.suse.com/1238528"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21706"
},
{
"cve": "CVE-2025-21708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: rtl8150: enable basic endpoint checking\n\nSyzkaller reports [1] encountering a common issue of utilizing a wrong\nusb endpoint type during URB submitting stage. This, in turn, triggers\na warning shown below.\n\nFor now, enable simple endpoint checking (specifically, bulk and\ninterrupt eps, testing control one is not essential) to mitigate\nthe issue with a view to do other related cosmetic changes later,\nif they are necessary.\n\n[1] Syzkaller report:\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 1 PID: 2586 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 driv\u003e\nModules linked in:\nCPU: 1 UID: 0 PID: 2586 Comm: dhcpcd Not tainted 6.11.0-rc4-syzkaller-00069-gfc88bb11617\u003e\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\nCode: 84 3c 02 00 00 e8 05 e4 fc fc 4c 89 ef e8 fd 25 d7 fe 45 89 e0 89 e9 4c 89 f2 48 8\u003e\nRSP: 0018:ffffc9000441f740 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff888112487a00 RCX: ffffffff811a99a9\nRDX: ffff88810df6ba80 RSI: ffffffff811a99b6 RDI: 0000000000000001\nRBP: 0000000000000003 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001\nR13: ffff8881023bf0a8 R14: ffff888112452a20 R15: ffff888112487a7c\nFS: 00007fc04eea5740(0000) GS:ffff8881f6300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f0a1de9f870 CR3: 000000010dbd0000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n rtl8150_open+0x300/0xe30 drivers/net/usb/rtl8150.c:733\n __dev_open+0x2d4/0x4e0 net/core/dev.c:1474\n __dev_change_flags+0x561/0x720 net/core/dev.c:8838\n dev_change_flags+0x8f/0x160 net/core/dev.c:8910\n devinet_ioctl+0x127a/0x1f10 net/ipv4/devinet.c:1177\n inet_ioctl+0x3aa/0x3f0 net/ipv4/af_inet.c:1003\n sock_do_ioctl+0x116/0x280 net/socket.c:1222\n sock_ioctl+0x22e/0x6c0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x193/0x220 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fc04ef73d49\n...\n\nThis change has not been tested on real hardware.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21708",
"url": "https://www.suse.com/security/cve/CVE-2025-21708"
},
{
"category": "external",
"summary": "SUSE Bug 1239087 for CVE-2025-21708",
"url": "https://bugzilla.suse.com/1239087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21708"
},
{
"cve": "CVE-2025-21711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21711"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rose: prevent integer overflows in rose_setsockopt()\n\nIn case of possible unpredictably large arguments passed to\nrose_setsockopt() and multiplied by extra values on top of that,\ninteger overflows may occur.\n\nDo the safest minimum and fix these issues by checking the\ncontents of \u0027opt\u0027 and returning -EINVAL if they are too large. Also,\nswitch to unsigned int and remove useless check for negative \u0027opt\u0027\nin ROSE_IDLE case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21711",
"url": "https://www.suse.com/security/cve/CVE-2025-21711"
},
{
"category": "external",
"summary": "SUSE Bug 1239114 for CVE-2025-21711",
"url": "https://bugzilla.suse.com/1239114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21711"
},
{
"cve": "CVE-2025-21714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21714"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix implicit ODP use after free\n\nPrevent double queueing of implicit ODP mr destroy work by using\n__xa_cmpxchg() to make sure this is the only time we are destroying this\nspecific mr.\n\nWithout this change, we could try to invalidate this mr twice, which in\nturn could result in queuing a MR work destroy twice, and eventually the\nsecond work could execute after the MR was freed due to the first work,\ncausing a user after free and trace below.\n\n refcount_t: underflow; use-after-free.\n WARNING: CPU: 2 PID: 12178 at lib/refcount.c:28 refcount_warn_saturate+0x12b/0x130\n Modules linked in: bonding ib_ipoib vfio_pci ip_gre geneve nf_tables ip6_gre gre ip6_tunnel tunnel6 ipip tunnel4 ib_umad rdma_ucm mlx5_vfio_pci vfio_pci_core vfio_iommu_type1 mlx5_ib vfio ib_uverbs mlx5_core iptable_raw openvswitch nsh rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm ib_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay zram zsmalloc fuse [last unloaded: ib_uverbs]\n CPU: 2 PID: 12178 Comm: kworker/u20:5 Not tainted 6.5.0-rc1_net_next_mlx5_58c644e #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: events_unbound free_implicit_child_mr_work [mlx5_ib]\n RIP: 0010:refcount_warn_saturate+0x12b/0x130\n Code: 48 c7 c7 38 95 2a 82 c6 05 bc c6 fe 00 01 e8 0c 66 aa ff 0f 0b 5b c3 48 c7 c7 e0 94 2a 82 c6 05 a7 c6 fe 00 01 e8 f5 65 aa ff \u003c0f\u003e 0b 5b c3 90 8b 07 3d 00 00 00 c0 74 12 83 f8 01 74 13 8d 50 ff\n RSP: 0018:ffff8881008e3e40 EFLAGS: 00010286\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000027\n RDX: ffff88852c91b5c8 RSI: 0000000000000001 RDI: ffff88852c91b5c0\n RBP: ffff8881dacd4e00 R08: 00000000ffffffff R09: 0000000000000019\n R10: 000000000000072e R11: 0000000063666572 R12: ffff88812bfd9e00\n R13: ffff8881c792d200 R14: ffff88810011c005 R15: ffff8881002099c0\n FS: 0000000000000000(0000) GS:ffff88852c900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f5694b5e000 CR3: 00000001153f6003 CR4: 0000000000370ea0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0x12b/0x130\n free_implicit_child_mr_work+0x180/0x1b0 [mlx5_ib]\n process_one_work+0x1cc/0x3c0\n worker_thread+0x218/0x3c0\n kthread+0xc6/0xf0\n ret_from_fork+0x1f/0x30\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21714",
"url": "https://www.suse.com/security/cve/CVE-2025-21714"
},
{
"category": "external",
"summary": "SUSE Bug 1237890 for CVE-2025-21714",
"url": "https://bugzilla.suse.com/1237890"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21714"
},
{
"cve": "CVE-2025-21715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21715"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: davicom: fix UAF in dm9000_drv_remove\n\ndm is netdev private data and it cannot be\nused after free_netdev() call. Using dm after free_netdev()\ncan cause UAF bug. Fix it by moving free_netdev() at the end of the\nfunction.\n\nThis is similar to the issue fixed in commit\nad297cd2db89 (\"net: qcom/emac: fix UAF in emac_remove\").\n\nThis bug is detected by our static analysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21715",
"url": "https://www.suse.com/security/cve/CVE-2025-21715"
},
{
"category": "external",
"summary": "SUSE Bug 1237889 for CVE-2025-21715",
"url": "https://bugzilla.suse.com/1237889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21715"
},
{
"cve": "CVE-2025-21716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21716"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix uninit-value in vxlan_vnifilter_dump()\n\nKMSAN reported an uninit-value access in vxlan_vnifilter_dump() [1].\n\nIf the length of the netlink message payload is less than\nsizeof(struct tunnel_msg), vxlan_vnifilter_dump() accesses bytes\nbeyond the message. This can lead to uninit-value access. Fix this by\nreturning an error in such situations.\n\n[1]\nBUG: KMSAN: uninit-value in vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6786\n netlink_dump+0x93e/0x15f0 net/netlink/af_netlink.c:2317\n __netlink_dump_start+0x716/0xd60 net/netlink/af_netlink.c:2432\n netlink_dump_start include/linux/netlink.h:340 [inline]\n rtnetlink_dump_start net/core/rtnetlink.c:6815 [inline]\n rtnetlink_rcv_msg+0x1256/0x14a0 net/core/rtnetlink.c:6882\n netlink_rcv_skb+0x467/0x660 net/netlink/af_netlink.c:2542\n rtnetlink_rcv+0x35/0x40 net/core/rtnetlink.c:6944\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0xed6/0x1290 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x1092/0x1230 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4110 [inline]\n slab_alloc_node mm/slub.c:4153 [inline]\n kmem_cache_alloc_node_noprof+0x800/0xe80 mm/slub.c:4205\n kmalloc_reserve+0x13b/0x4b0 net/core/skbuff.c:587\n __alloc_skb+0x347/0x7d0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1323 [inline]\n netlink_alloc_large_skb+0xa5/0x280 net/netlink/af_netlink.c:1196\n netlink_sendmsg+0xac9/0x1230 net/netlink/af_netlink.c:1866\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 30991 Comm: syz.4.10630 Not tainted 6.12.0-10694-gc44daa7e3c73 #29\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21716",
"url": "https://www.suse.com/security/cve/CVE-2025-21716"
},
{
"category": "external",
"summary": "SUSE Bug 1237891 for CVE-2025-21716",
"url": "https://bugzilla.suse.com/1237891"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21716"
},
{
"cve": "CVE-2025-21718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: fix timer races against user threads\n\nRose timers only acquire the socket spinlock, without\nchecking if the socket is owned by one user thread.\n\nAdd a check and rearm the timers if needed.\n\nBUG: KASAN: slab-use-after-free in rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174\nRead of size 2 at addr ffff88802f09b82a by task swapper/0/0\n\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174\n call_timer_fn+0x187/0x650 kernel/time/timer.c:1793\n expire_timers kernel/time/timer.c:1844 [inline]\n __run_timers kernel/time/timer.c:2418 [inline]\n __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2430\n run_timer_base kernel/time/timer.c:2439 [inline]\n run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2449\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21718",
"url": "https://www.suse.com/security/cve/CVE-2025-21718"
},
{
"category": "external",
"summary": "SUSE Bug 1239073 for CVE-2025-21718",
"url": "https://bugzilla.suse.com/1239073"
},
{
"category": "external",
"summary": "SUSE Bug 1239074 for CVE-2025-21718",
"url": "https://bugzilla.suse.com/1239074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21718"
},
{
"cve": "CVE-2025-21719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmr: do not call mr_mfc_uses_dev() for unres entries\n\nsyzbot found that calling mr_mfc_uses_dev() for unres entries\nwould crash [1], because c-\u003emfc_un.res.minvif / c-\u003emfc_un.res.maxvif\nalias to \"struct sk_buff_head unresolved\", which contain two pointers.\n\nThis code never worked, lets remove it.\n\n[1]\nUnable to handle kernel paging request at virtual address ffff5fff2d536613\nKASAN: maybe wild-memory-access in range [0xfffefff96a9b3098-0xfffefff96a9b309f]\nModules linked in:\nCPU: 1 UID: 0 PID: 7321 Comm: syz.0.16 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline]\n pc : mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334\n lr : mr_mfc_uses_dev net/ipv4/ipmr_base.c:289 [inline]\n lr : mr_table_dump+0x694/0x8b0 net/ipv4/ipmr_base.c:334\nCall trace:\n mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline] (P)\n mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334 (P)\n mr_rtm_dumproute+0x254/0x454 net/ipv4/ipmr_base.c:382\n ipmr_rtm_dumproute+0x248/0x4b4 net/ipv4/ipmr.c:2648\n rtnl_dump_all+0x2e4/0x4e8 net/core/rtnetlink.c:4327\n rtnl_dumpit+0x98/0x1d0 net/core/rtnetlink.c:6791\n netlink_dump+0x4f0/0xbc0 net/netlink/af_netlink.c:2317\n netlink_recvmsg+0x56c/0xe64 net/netlink/af_netlink.c:1973\n sock_recvmsg_nosec net/socket.c:1033 [inline]\n sock_recvmsg net/socket.c:1055 [inline]\n sock_read_iter+0x2d8/0x40c net/socket.c:1125\n new_sync_read fs/read_write.c:484 [inline]\n vfs_read+0x740/0x970 fs/read_write.c:565\n ksys_read+0x15c/0x26c fs/read_write.c:708",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21719",
"url": "https://www.suse.com/security/cve/CVE-2025-21719"
},
{
"category": "external",
"summary": "SUSE Bug 1238860 for CVE-2025-21719",
"url": "https://bugzilla.suse.com/1238860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21719"
},
{
"cve": "CVE-2025-21723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21723"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix possible crash when setting up bsg fails\n\nIf bsg_setup_queue() fails, the bsg_queue is assigned a non-NULL value.\nConsequently, in mpi3mr_bsg_exit(), the condition \"if(!mrioc-\u003ebsg_queue)\"\nwill not be satisfied, preventing execution from entering\nbsg_remove_queue(), which could lead to the following crash:\n\nBUG: kernel NULL pointer dereference, address: 000000000000041c\nCall Trace:\n \u003cTASK\u003e\n mpi3mr_bsg_exit+0x1f/0x50 [mpi3mr]\n mpi3mr_remove+0x6f/0x340 [mpi3mr]\n pci_device_remove+0x3f/0xb0\n device_release_driver_internal+0x19d/0x220\n unbind_store+0xa4/0xb0\n kernfs_fop_write_iter+0x11f/0x200\n vfs_write+0x1fc/0x3e0\n ksys_write+0x67/0xe0\n do_syscall_64+0x38/0x80\n entry_SYSCALL_64_after_hwframe+0x78/0xe2",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21723",
"url": "https://www.suse.com/security/cve/CVE-2025-21723"
},
{
"category": "external",
"summary": "SUSE Bug 1238864 for CVE-2025-21723",
"url": "https://bugzilla.suse.com/1238864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21723"
},
{
"cve": "CVE-2025-21724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()\n\nResolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index()\nwhere shifting the constant \"1\" (of type int) by bitmap-\u003emapped.pgshift\n(an unsigned long value) could result in undefined behavior.\n\nThe constant \"1\" defaults to a 32-bit \"int\", and when \"pgshift\" exceeds\n31 (e.g., pgshift = 63) the shift operation overflows, as the result\ncannot be represented in a 32-bit type.\n\nTo resolve this, the constant is updated to \"1UL\", promoting it to an\nunsigned long type to match the operand\u0027s type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21724",
"url": "https://www.suse.com/security/cve/CVE-2025-21724"
},
{
"category": "external",
"summary": "SUSE Bug 1238863 for CVE-2025-21724",
"url": "https://bugzilla.suse.com/1238863"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21724"
},
{
"cve": "CVE-2025-21725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix oops due to unset link speed\n\nIt isn\u0027t guaranteed that NETWORK_INTERFACE_INFO::LinkSpeed will always\nbe set by the server, so the client must handle any values and then\nprevent oopses like below from happening:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 1323 Comm: cat Not tainted 6.13.0-rc7 #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41\n04/01/2014\nRIP: 0010:cifs_debug_data_proc_show+0xa45/0x1460 [cifs] Code: 00 00 48\n89 df e8 3b cd 1b c1 41 f6 44 24 2c 04 0f 84 50 01 00 00 48 89 ef e8\ne7 d0 1b c1 49 8b 44 24 18 31 d2 49 8d 7c 24 28 \u003c48\u003e f7 74 24 18 48 89\nc3 e8 6e cf 1b c1 41 8b 6c 24 28 49 8d 7c 24\nRSP: 0018:ffffc90001817be0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88811230022c RCX: ffffffffc041bd99\nRDX: 0000000000000000 RSI: 0000000000000567 RDI: ffff888112300228\nRBP: ffff888112300218 R08: fffff52000302f5f R09: ffffed1022fa58ac\nR10: ffff888117d2c566 R11: 00000000fffffffe R12: ffff888112300200\nR13: 000000012a15343f R14: 0000000000000001 R15: ffff888113f2db58\nFS: 00007fe27119e740(0000) GS:ffff888148600000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fe2633c5000 CR3: 0000000124da0000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? die+0x2e/0x50\n ? do_trap+0x159/0x1b0\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? do_error_trap+0x90/0x130\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? exc_divide_error+0x39/0x50\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? asm_exc_divide_error+0x1a/0x20\n ? cifs_debug_data_proc_show+0xa39/0x1460 [cifs]\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? seq_read_iter+0x42e/0x790\n seq_read_iter+0x19a/0x790\n proc_reg_read_iter+0xbe/0x110\n ? __pfx_proc_reg_read_iter+0x10/0x10\n vfs_read+0x469/0x570\n ? do_user_addr_fault+0x398/0x760\n ? __pfx_vfs_read+0x10/0x10\n ? find_held_lock+0x8a/0xa0\n ? __pfx_lock_release+0x10/0x10\n ksys_read+0xd3/0x170\n ? __pfx_ksys_read+0x10/0x10\n ? __rcu_read_unlock+0x50/0x270\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe271288911\nCode: 00 48 8b 15 01 25 10 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8\n20 ad 01 00 f3 0f 1e fa 80 3d b5 a7 10 00 00 74 13 31 c0 0f 05 \u003c48\u003e 3d\n00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec\nRSP: 002b:00007ffe87c079d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\nRAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007fe271288911\nRDX: 0000000000040000 RSI: 00007fe2633c6000 RDI: 0000000000000003\nRBP: 00007ffe87c07a00 R08: 0000000000000000 R09: 00007fe2713e6380\nR10: 0000000000000022 R11: 0000000000000246 R12: 0000000000040000\nR13: 00007fe2633c6000 R14: 0000000000000003 R15: 0000000000000000\n \u003c/TASK\u003e\n\nFix this by setting cifs_server_iface::speed to a sane value (1Gbps)\nby default when link speed is unset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21725",
"url": "https://www.suse.com/security/cve/CVE-2025-21725"
},
{
"category": "external",
"summary": "SUSE Bug 1238877 for CVE-2025-21725",
"url": "https://bugzilla.suse.com/1238877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21725"
},
{
"cve": "CVE-2025-21726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21726"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: avoid UAF for reorder_work\n\nAlthough the previous patch can avoid ps and ps UAF for _do_serial, it\ncan not avoid potential UAF issue for reorder_work. This issue can\nhappen just as below:\n\ncrypto_request\t\t\tcrypto_request\t\tcrypto_del_alg\npadata_do_serial\n ...\n padata_reorder\n // processes all remaining\n // requests then breaks\n while (1) {\n if (!padata)\n break;\n ...\n }\n\n\t\t\t\tpadata_do_serial\n\t\t\t\t // new request added\n\t\t\t\t list_add\n // sees the new request\n queue_work(reorder_work)\n\t\t\t\t padata_reorder\n\t\t\t\t queue_work_on(squeue-\u003ework)\n...\n\n\t\t\t\t\u003ckworker context\u003e\n\t\t\t\tpadata_serial_worker\n\t\t\t\t// completes new request,\n\t\t\t\t// no more outstanding\n\t\t\t\t// requests\n\n\t\t\t\t\t\t\tcrypto_del_alg\n\t\t\t\t\t\t\t // free pd\n\n\u003ckworker context\u003e\ninvoke_padata_reorder\n // UAF of pd\n\nTo avoid UAF for \u0027reorder_work\u0027, get \u0027pd\u0027 ref before put \u0027reorder_work\u0027\ninto the \u0027serial_wq\u0027 and put \u0027pd\u0027 ref until the \u0027serial_wq\u0027 finish.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21726",
"url": "https://www.suse.com/security/cve/CVE-2025-21726"
},
{
"category": "external",
"summary": "SUSE Bug 1238865 for CVE-2025-21726",
"url": "https://bugzilla.suse.com/1238865"
},
{
"category": "external",
"summary": "SUSE Bug 1240837 for CVE-2025-21726",
"url": "https://bugzilla.suse.com/1240837"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21726"
},
{
"cve": "CVE-2025-21727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: fix UAF in padata_reorder\n\nA bug was found when run ltp test:\n\nBUG: KASAN: slab-use-after-free in padata_find_next+0x29/0x1a0\nRead of size 4 at addr ffff88bbfe003524 by task kworker/u113:2/3039206\n\nCPU: 0 PID: 3039206 Comm: kworker/u113:2 Kdump: loaded Not tainted 6.6.0+\nWorkqueue: pdecrypt_parallel padata_parallel_worker\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl+0x32/0x50\nprint_address_description.constprop.0+0x6b/0x3d0\nprint_report+0xdd/0x2c0\nkasan_report+0xa5/0xd0\npadata_find_next+0x29/0x1a0\npadata_reorder+0x131/0x220\npadata_parallel_worker+0x3d/0xc0\nprocess_one_work+0x2ec/0x5a0\n\nIf \u0027mdelay(10)\u0027 is added before calling \u0027padata_find_next\u0027 in the\n\u0027padata_reorder\u0027 function, this issue could be reproduced easily with\nltp test (pcrypt_aead01).\n\nThis can be explained as bellow:\n\npcrypt_aead_encrypt\n...\npadata_do_parallel\nrefcount_inc(\u0026pd-\u003erefcnt); // add refcnt\n...\npadata_do_serial\npadata_reorder // pd\nwhile (1) {\npadata_find_next(pd, true); // using pd\nqueue_work_on\n...\npadata_serial_worker\t\t\t\tcrypto_del_alg\npadata_put_pd_cnt // sub refcnt\n\t\t\t\t\t\tpadata_free_shell\n\t\t\t\t\t\tpadata_put_pd(ps-\u003epd);\n\t\t\t\t\t\t// pd is freed\n// loop again, but pd is freed\n// call padata_find_next, UAF\n}\n\nIn the padata_reorder function, when it loops in \u0027while\u0027, if the alg is\ndeleted, the refcnt may be decreased to 0 before entering\n\u0027padata_find_next\u0027, which leads to UAF.\n\nAs mentioned in [1], do_serial is supposed to be called with BHs disabled\nand always happen under RCU protection, to address this issue, add\nsynchronize_rcu() in \u0027padata_free_shell\u0027 wait for all _do_serial calls\nto finish.\n\n[1] https://lore.kernel.org/all/20221028160401.cccypv4euxikusiq@parnassus.localdomain/\n[2] https://lore.kernel.org/linux-kernel/jfjz5d7zwbytztackem7ibzalm5lnxldi2eofeiczqmqs2m7o6@fq426cwnjtkm/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21727",
"url": "https://www.suse.com/security/cve/CVE-2025-21727"
},
{
"category": "external",
"summary": "SUSE Bug 1237876 for CVE-2025-21727",
"url": "https://bugzilla.suse.com/1237876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21727"
},
{
"cve": "CVE-2025-21728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Send signals asynchronously if !preemptible\n\nBPF programs can execute in all kinds of contexts and when a program\nrunning in a non-preemptible context uses the bpf_send_signal() kfunc,\nit will cause issues because this kfunc can sleep.\nChange `irqs_disabled()` to `!preemptible()`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21728",
"url": "https://www.suse.com/security/cve/CVE-2025-21728"
},
{
"category": "external",
"summary": "SUSE Bug 1237879 for CVE-2025-21728",
"url": "https://bugzilla.suse.com/1237879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21728"
},
{
"cve": "CVE-2025-21729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21729"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix race between cancel_hw_scan and hw_scan completion\n\nThe rtwdev-\u003escanning flag isn\u0027t protected by mutex originally, so\ncancel_hw_scan can pass the condition, but suddenly hw_scan completion\nunset the flag and calls ieee80211_scan_completed() that will free\nlocal-\u003ehw_scan_req. Then, cancel_hw_scan raises null-ptr-deref and\nuse-after-free. Fix it by moving the check condition to where\nprotected by mutex.\n\n KASAN: null-ptr-deref in range [0x0000000000000088-0x000000000000008f]\n CPU: 2 PID: 6922 Comm: kworker/2:2 Tainted: G OE\n Hardware name: LENOVO 2356AD1/2356AD1, BIOS G7ETB6WW (2.76 ) 09/10/2019\n Workqueue: events cfg80211_conn_work [cfg80211]\n RIP: 0010:rtw89_fw_h2c_scan_offload_be+0xc33/0x13c3 [rtw89_core]\n Code: 00 45 89 6c 24 1c 0f 85 23 01 00 00 48 8b 85 20 ff ff ff 48 8d\n RSP: 0018:ffff88811fd9f068 EFLAGS: 00010206\n RAX: dffffc0000000000 RBX: ffff88811fd9f258 RCX: 0000000000000001\n RDX: 0000000000000011 RSI: 0000000000000001 RDI: 0000000000000089\n RBP: ffff88811fd9f170 R08: 0000000000000000 R09: 0000000000000000\n R10: ffff88811fd9f108 R11: 0000000000000000 R12: ffff88810e47f960\n R13: 0000000000000000 R14: 000000000000ffff R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff8881d6f00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007531dfca55b0 CR3: 00000001be296004 CR4: 00000000001706e0\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x61/0x73\n ? __die_body+0x20/0x73\n ? die_addr+0x4f/0x7b\n ? exc_general_protection+0x191/0x1db\n ? asm_exc_general_protection+0x27/0x30\n ? rtw89_fw_h2c_scan_offload_be+0xc33/0x13c3 [rtw89_core]\n ? rtw89_fw_h2c_scan_offload_be+0x458/0x13c3 [rtw89_core]\n ? __pfx_rtw89_fw_h2c_scan_offload_be+0x10/0x10 [rtw89_core]\n ? do_raw_spin_lock+0x75/0xdb\n ? __pfx_do_raw_spin_lock+0x10/0x10\n rtw89_hw_scan_offload+0xb5e/0xbf7 [rtw89_core]\n ? _raw_spin_unlock+0xe/0x24\n ? __mutex_lock.constprop.0+0x40c/0x471\n ? __pfx_rtw89_hw_scan_offload+0x10/0x10 [rtw89_core]\n ? __mutex_lock_slowpath+0x13/0x1f\n ? mutex_lock+0xa2/0xdc\n ? __pfx_mutex_lock+0x10/0x10\n rtw89_hw_scan_abort+0x58/0xb7 [rtw89_core]\n rtw89_ops_cancel_hw_scan+0x120/0x13b [rtw89_core]\n ieee80211_scan_cancel+0x468/0x4d0 [mac80211]\n ieee80211_prep_connection+0x858/0x899 [mac80211]\n ieee80211_mgd_auth+0xbea/0xdde [mac80211]\n ? __pfx_ieee80211_mgd_auth+0x10/0x10 [mac80211]\n ? cfg80211_find_elem+0x15/0x29 [cfg80211]\n ? is_bss+0x1b7/0x1d7 [cfg80211]\n ieee80211_auth+0x18/0x27 [mac80211]\n cfg80211_mlme_auth+0x3bb/0x3e7 [cfg80211]\n cfg80211_conn_do_work+0x410/0xb81 [cfg80211]\n ? __pfx_cfg80211_conn_do_work+0x10/0x10 [cfg80211]\n ? __kasan_check_read+0x11/0x1f\n ? psi_group_change+0x8bc/0x944\n ? __kasan_check_write+0x14/0x22\n ? mutex_lock+0x8e/0xdc\n ? __pfx_mutex_lock+0x10/0x10\n ? __pfx___radix_tree_lookup+0x10/0x10\n cfg80211_conn_work+0x245/0x34d [cfg80211]\n ? __pfx_cfg80211_conn_work+0x10/0x10 [cfg80211]\n ? update_cfs_rq_load_avg+0x3bc/0x3d7\n ? sched_clock_noinstr+0x9/0x1a\n ? sched_clock+0x10/0x24\n ? sched_clock_cpu+0x7e/0x42e\n ? newidle_balance+0x796/0x937\n ? __pfx_sched_clock_cpu+0x10/0x10\n ? __pfx_newidle_balance+0x10/0x10\n ? __kasan_check_read+0x11/0x1f\n ? psi_group_change+0x8bc/0x944\n ? _raw_spin_unlock+0xe/0x24\n ? raw_spin_rq_unlock+0x47/0x54\n ? raw_spin_rq_unlock_irq+0x9/0x1f\n ? finish_task_switch.isra.0+0x347/0x586\n ? __schedule+0x27bf/0x2892\n ? mutex_unlock+0x80/0xd0\n ? do_raw_spin_lock+0x75/0xdb\n ? __pfx___schedule+0x10/0x10\n process_scheduled_works+0x58c/0x821\n worker_thread+0x4c7/0x586\n ? __kasan_check_read+0x11/0x1f\n kthread+0x285/0x294\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x6f\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21729",
"url": "https://www.suse.com/security/cve/CVE-2025-21729"
},
{
"category": "external",
"summary": "SUSE Bug 1237874 for CVE-2025-21729",
"url": "https://bugzilla.suse.com/1237874"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21729"
},
{
"cve": "CVE-2025-21731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21731"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: don\u0027t allow reconnect after disconnect\n\nFollowing process can cause nbd_config UAF:\n\n1) grab nbd_config temporarily;\n\n2) nbd_genl_disconnect() flush all recv_work() and release the\ninitial reference:\n\n nbd_genl_disconnect\n nbd_disconnect_and_put\n nbd_disconnect\n flush_workqueue(nbd-\u003erecv_workq)\n if (test_and_clear_bit(NBD_RT_HAS_CONFIG_REF, ...))\n nbd_config_put\n -\u003e due to step 1), reference is still not zero\n\n3) nbd_genl_reconfigure() queue recv_work() again;\n\n nbd_genl_reconfigure\n config = nbd_get_config_unlocked(nbd)\n if (!config)\n -\u003e succeed\n if (!test_bit(NBD_RT_BOUND, ...))\n -\u003e succeed\n nbd_reconnect_socket\n queue_work(nbd-\u003erecv_workq, \u0026args-\u003ework)\n\n4) step 1) release the reference;\n\n5) Finially, recv_work() will trigger UAF:\n\n recv_work\n nbd_config_put(nbd)\n -\u003e nbd_config is freed\n atomic_dec(\u0026config-\u003erecv_threads)\n -\u003e UAF\n\nFix the problem by clearing NBD_RT_BOUND in nbd_genl_disconnect(), so\nthat nbd_genl_reconfigure() will fail.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21731",
"url": "https://www.suse.com/security/cve/CVE-2025-21731"
},
{
"category": "external",
"summary": "SUSE Bug 1237881 for CVE-2025-21731",
"url": "https://bugzilla.suse.com/1237881"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21731"
},
{
"cve": "CVE-2025-21732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21732"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error\n\nThis patch addresses a race condition for an ODP MR that can result in a\nCQE with an error on the UMR QP.\n\nDuring the __mlx5_ib_dereg_mr() flow, the following sequence of calls\noccurs:\n\nmlx5_revoke_mr()\n mlx5r_umr_revoke_mr()\n mlx5r_umr_post_send_wait()\n\nAt this point, the lkey is freed from the hardware\u0027s perspective.\n\nHowever, concurrently, mlx5_ib_invalidate_range() might be triggered by\nanother task attempting to invalidate a range for the same freed lkey.\n\nThis task will:\n - Acquire the umem_odp-\u003eumem_mutex lock.\n - Call mlx5r_umr_update_xlt() on the UMR QP.\n - Since the lkey has already been freed, this can lead to a CQE error,\n causing the UMR QP to enter an error state [1].\n\nTo resolve this race condition, the umem_odp-\u003eumem_mutex lock is now also\nacquired as part of the mlx5_revoke_mr() scope. Upon successful revoke,\nwe set umem_odp-\u003eprivate which points to that MR to NULL, preventing any\nfurther invalidation attempts on its lkey.\n\n[1] From dmesg:\n\n infiniband rocep8s0f0: dump_cqe:277:(pid 0): WC error: 6, Message: memory bind operation error\n cqe_dump: 00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000030: 00 00 00 00 08 00 78 06 25 00 11 b9 00 0e dd d2\n\n WARNING: CPU: 15 PID: 1506 at drivers/infiniband/hw/mlx5/umr.c:394 mlx5r_umr_post_send_wait+0x15a/0x2b0 [mlx5_ib]\n Modules linked in: ip6table_mangle ip6table_natip6table_filter ip6_tables iptable_mangle xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_umad ib_ipoib ib_cm mlx5_ib ib_uverbs ib_core fuse mlx5_core\n CPU: 15 UID: 0 PID: 1506 Comm: ibv_rc_pingpong Not tainted 6.12.0-rc7+ #1626\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:mlx5r_umr_post_send_wait+0x15a/0x2b0 [mlx5_ib]\n [..]\n Call Trace:\n \u003cTASK\u003e\n mlx5r_umr_update_xlt+0x23c/0x3e0 [mlx5_ib]\n mlx5_ib_invalidate_range+0x2e1/0x330 [mlx5_ib]\n __mmu_notifier_invalidate_range_start+0x1e1/0x240\n zap_page_range_single+0xf1/0x1a0\n madvise_vma_behavior+0x677/0x6e0\n do_madvise+0x1a2/0x4b0\n __x64_sys_madvise+0x25/0x30\n do_syscall_64+0x6b/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21732",
"url": "https://www.suse.com/security/cve/CVE-2025-21732"
},
{
"category": "external",
"summary": "SUSE Bug 1237877 for CVE-2025-21732",
"url": "https://bugzilla.suse.com/1237877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21732"
},
{
"cve": "CVE-2025-21733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Fix resetting of tracepoints\n\nIf a timerlat tracer is started with the osnoise option OSNOISE_WORKLOAD\ndisabled, but then that option is enabled and timerlat is removed, the\ntracepoints that were enabled on timerlat registration do not get\ndisabled. If the option is disabled again and timelat is started, then it\ntriggers a warning in the tracepoint code due to registering the\ntracepoint again without ever disabling it.\n\nDo not use the same user space defined options to know to disable the\ntracepoints when timerlat is removed. Instead, set a global flag when it\nis enabled and use that flag to know to disable the events.\n\n ~# echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo timerlat \u003e /sys/kernel/tracing/current_tracer\n ~# echo OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo nop \u003e /sys/kernel/tracing/current_tracer\n ~# echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo timerlat \u003e /sys/kernel/tracing/current_tracer\n\nTriggers:\n\n ------------[ cut here ]------------\n WARNING: CPU: 6 PID: 1337 at kernel/tracepoint.c:294 tracepoint_add_func+0x3b6/0x3f0\n Modules linked in:\n CPU: 6 UID: 0 PID: 1337 Comm: rtla Not tainted 6.13.0-rc4-test-00018-ga867c441128e-dirty #73\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:tracepoint_add_func+0x3b6/0x3f0\n Code: 48 8b 53 28 48 8b 73 20 4c 89 04 24 e8 23 59 11 00 4c 8b 04 24 e9 36 fe ff ff 0f 0b b8 ea ff ff ff 45 84 e4 0f 84 68 fe ff ff \u003c0f\u003e 0b e9 61 fe ff ff 48 8b 7b 18 48 85 ff 0f 84 4f ff ff ff 49 8b\n RSP: 0018:ffffb9b003a87ca0 EFLAGS: 00010202\n RAX: 00000000ffffffef RBX: ffffffff92f30860 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffff9bf59e91ccd0 RDI: ffffffff913b6410\n RBP: 000000000000000a R08: 00000000000005c7 R09: 0000000000000002\n R10: ffffb9b003a87ce0 R11: 0000000000000002 R12: 0000000000000001\n R13: ffffb9b003a87ce0 R14: ffffffffffffffef R15: 0000000000000008\n FS: 00007fce81209240(0000) GS:ffff9bf6fdd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055e99b728000 CR3: 00000001277c0002 CR4: 0000000000172ef0\n Call Trace:\n \u003cTASK\u003e\n ? __warn.cold+0xb7/0x14d\n ? tracepoint_add_func+0x3b6/0x3f0\n ? report_bug+0xea/0x170\n ? handle_bug+0x58/0x90\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n ? tracepoint_add_func+0x3b6/0x3f0\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n tracepoint_probe_register+0x78/0xb0\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n osnoise_workload_start+0x2b5/0x370\n timerlat_tracer_init+0x76/0x1b0\n tracing_set_tracer+0x244/0x400\n tracing_set_trace_write+0xa0/0xe0\n vfs_write+0xfc/0x570\n ? do_sys_openat2+0x9c/0xe0\n ksys_write+0x72/0xf0\n do_syscall_64+0x79/0x1c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21733",
"url": "https://www.suse.com/security/cve/CVE-2025-21733"
},
{
"category": "external",
"summary": "SUSE Bug 1238494 for CVE-2025-21733",
"url": "https://bugzilla.suse.com/1238494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21733"
},
{
"cve": "CVE-2025-21734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21734"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix copy buffer page size\n\nFor non-registered buffer, fastrpc driver copies the buffer and\npass it to the remote subsystem. There is a problem with current\nimplementation of page size calculation which is not considering\nthe offset in the calculation. This might lead to passing of\nimproper and out-of-bounds page size which could result in\nmemory issue. Calculate page start and page end using the offset\nadjusted address instead of absolute address.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21734",
"url": "https://www.suse.com/security/cve/CVE-2025-21734"
},
{
"category": "external",
"summary": "SUSE Bug 1238734 for CVE-2025-21734",
"url": "https://bugzilla.suse.com/1238734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21734"
},
{
"cve": "CVE-2025-21735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21735"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: Add bounds checking in nci_hci_create_pipe()\n\nThe \"pipe\" variable is a u8 which comes from the network. If it\u0027s more\nthan 127, then it results in memory corruption in the caller,\nnci_hci_connect_gate().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21735",
"url": "https://www.suse.com/security/cve/CVE-2025-21735"
},
{
"category": "external",
"summary": "SUSE Bug 1238497 for CVE-2025-21735",
"url": "https://bugzilla.suse.com/1238497"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21735"
},
{
"cve": "CVE-2025-21736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21736"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix possible int overflows in nilfs_fiemap()\n\nSince nilfs_bmap_lookup_contig() in nilfs_fiemap() calculates its result\nby being prepared to go through potentially maxblocks == INT_MAX blocks,\nthe value in n may experience an overflow caused by left shift of blkbits.\n\nWhile it is extremely unlikely to occur, play it safe and cast right hand\nexpression to wider type to mitigate the issue.\n\nFound by Linux Verification Center (linuxtesting.org) with static analysis\ntool SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21736",
"url": "https://www.suse.com/security/cve/CVE-2025-21736"
},
{
"category": "external",
"summary": "SUSE Bug 1238715 for CVE-2025-21736",
"url": "https://bugzilla.suse.com/1238715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21736"
},
{
"cve": "CVE-2025-21738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21738"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-sff: Ensure that we cannot write outside the allocated buffer\n\nreveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND ioctl with out_len\nset to 0xd42, SCSI command set to ATA_16 PASS-THROUGH, ATA command set to\nATA_NOP, and protocol set to ATA_PROT_PIO, can cause ata_pio_sector() to\nwrite outside the allocated buffer, overwriting random memory.\n\nWhile a ATA device is supposed to abort a ATA_NOP command, there does seem\nto be a bug either in libata-sff or QEMU, where either this status is not\nset, or the status is cleared before read by ata_sff_hsm_move().\nAnyway, that is most likely a separate bug.\n\nLooking at __atapi_pio_bytes(), it already has a safety check to ensure\nthat __atapi_pio_bytes() cannot write outside the allocated buffer.\n\nAdd a similar check to ata_pio_sector(), such that also ata_pio_sector()\ncannot write outside the allocated buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21738",
"url": "https://www.suse.com/security/cve/CVE-2025-21738"
},
{
"category": "external",
"summary": "SUSE Bug 1238917 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1238917"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21738"
},
{
"cve": "CVE-2025-21739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21739"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix use-after free in init error and remove paths\n\ndevm_blk_crypto_profile_init() registers a cleanup handler to run when\nthe associated (platform-) device is being released. For UFS, the\ncrypto private data and pointers are stored as part of the ufs_hba\u0027s\ndata structure \u0027struct ufs_hba::crypto_profile\u0027. This structure is\nallocated as part of the underlying ufshcd and therefore Scsi_host\nallocation.\n\nDuring driver release or during error handling in ufshcd_pltfrm_init(),\nthis structure is released as part of ufshcd_dealloc_host() before the\n(platform-) device associated with the crypto call above is released.\nOnce this device is released, the crypto cleanup code will run, using\nthe just-released \u0027struct ufs_hba::crypto_profile\u0027. This causes a\nuse-after-free situation:\n\n Call trace:\n kfree+0x60/0x2d8 (P)\n kvfree+0x44/0x60\n blk_crypto_profile_destroy_callback+0x28/0x70\n devm_action_release+0x1c/0x30\n release_nodes+0x6c/0x108\n devres_release_all+0x98/0x100\n device_unbind_cleanup+0x20/0x70\n really_probe+0x218/0x2d0\n\nIn other words, the initialisation code flow is:\n\n platform-device probe\n ufshcd_pltfrm_init()\n ufshcd_alloc_host()\n scsi_host_alloc()\n allocation of struct ufs_hba\n creation of scsi-host devices\n devm_blk_crypto_profile_init()\n devm registration of cleanup handler using platform-device\n\nand during error handling of ufshcd_pltfrm_init() or during driver\nremoval:\n\n ufshcd_dealloc_host()\n scsi_host_put()\n put_device(scsi-host)\n release of struct ufs_hba\n put_device(platform-device)\n crypto cleanup handler\n\nTo fix this use-after free, change ufshcd_alloc_host() to register a\ndevres action to automatically cleanup the underlying SCSI device on\nufshcd destruction, without requiring explicit calls to\nufshcd_dealloc_host(). This way:\n\n * the crypto profile and all other ufs_hba-owned resources are\n destroyed before SCSI (as they\u0027ve been registered after)\n * a memleak is plugged in tc-dwc-g210-pci.c remove() as a\n side-effect\n * EXPORT_SYMBOL_GPL(ufshcd_dealloc_host) can be removed fully as\n it\u0027s not needed anymore\n * no future drivers using ufshcd_alloc_host() could ever forget\n adding the cleanup",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21739",
"url": "https://www.suse.com/security/cve/CVE-2025-21739"
},
{
"category": "external",
"summary": "SUSE Bug 1238506 for CVE-2025-21739",
"url": "https://bugzilla.suse.com/1238506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21739"
},
{
"cve": "CVE-2025-21741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21741"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: fix DPE OoB read\n\nFix an out-of-bounds DPE read, limit the number of processed DPEs to\nthe amount that fits into the fixed-size NDP16 header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21741",
"url": "https://www.suse.com/security/cve/CVE-2025-21741"
},
{
"category": "external",
"summary": "SUSE Bug 1238767 for CVE-2025-21741",
"url": "https://bugzilla.suse.com/1238767"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21741"
},
{
"cve": "CVE-2025-21742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21742"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: use static NDP16 location in URB\n\nOriginal code allowed for the start of NDP16 to be anywhere within the\nURB based on the `wNdpIndex` value in NTH16. Only the start position of\nNDP16 was checked, so it was possible for even the fixed-length part\nof NDP16 to extend past the end of URB, leading to an out-of-bounds\nread.\n\nOn iOS devices, the NDP16 header always directly follows NTH16. Rely on\nand check for this specific format.\n\nThis, along with NCM-specific minimal URB length check that already\nexists, will ensure that the fixed-length part of NDP16 plus a set\namount of DPEs fit within the URB.\n\nNote that this commit alone does not fully address the OoB read.\nThe limit on the amount of DPEs needs to be enforced separately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21742",
"url": "https://www.suse.com/security/cve/CVE-2025-21742"
},
{
"category": "external",
"summary": "SUSE Bug 1238771 for CVE-2025-21742",
"url": "https://bugzilla.suse.com/1238771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21742"
},
{
"cve": "CVE-2025-21743",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21743"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: fix possible overflow in DPE length check\n\nOriginally, it was possible for the DPE length check to overflow if\nwDatagramIndex + wDatagramLength \u003e U16_MAX. This could lead to an OoB\nread.\n\nMove the wDatagramIndex term to the other side of the inequality.\n\nAn existing condition ensures that wDatagramIndex \u003c urb-\u003eactual_length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21743",
"url": "https://www.suse.com/security/cve/CVE-2025-21743"
},
{
"category": "external",
"summary": "SUSE Bug 1238781 for CVE-2025-21743",
"url": "https://bugzilla.suse.com/1238781"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21743"
},
{
"cve": "CVE-2025-21744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21744"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()\n\nOn removal of the device or unloading of the kernel module a potential NULL\npointer dereference occurs.\n\nThe following sequence deletes the interface:\n\n brcmf_detach()\n brcmf_remove_interface()\n brcmf_del_if()\n\nInside the brcmf_del_if() function the drvr-\u003eif2bss[ifidx] is updated to\nBRCMF_BSSIDX_INVALID (-1) if the bsscfgidx matches.\n\nAfter brcmf_remove_interface() call the brcmf_proto_detach() function is\ncalled providing the following sequence:\n\n brcmf_detach()\n brcmf_proto_detach()\n brcmf_proto_msgbuf_detach()\n brcmf_flowring_detach()\n brcmf_msgbuf_delete_flowring()\n brcmf_msgbuf_remove_flowring()\n brcmf_flowring_delete()\n brcmf_get_ifp()\n brcmf_txfinalize()\n\nSince brcmf_get_ip() can and actually will return NULL in this case the\ncall to brcmf_txfinalize() will result in a NULL pointer dereference inside\nbrcmf_txfinalize() when trying to update ifp-\u003endev-\u003estats.tx_errors.\n\nThis will only happen if a flowring still has an skb.\n\nAlthough the NULL pointer dereference has only been seen when trying to\nupdate the tx statistic, all other uses of the ifp pointer have been\nguarded as well with an early return if ifp is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21744",
"url": "https://www.suse.com/security/cve/CVE-2025-21744"
},
{
"category": "external",
"summary": "SUSE Bug 1238903 for CVE-2025-21744",
"url": "https://bugzilla.suse.com/1238903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21744"
},
{
"cve": "CVE-2025-21745",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21745"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage\n\nblkcg_fill_root_iostats() iterates over @block_class\u0027s devices by\nclass_dev_iter_(init|next)(), but does not end iterating with\nclass_dev_iter_exit(), so causes the class\u0027s subsystem refcount leakage.\n\nFix by ending the iterating with class_dev_iter_exit().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21745",
"url": "https://www.suse.com/security/cve/CVE-2025-21745"
},
{
"category": "external",
"summary": "SUSE Bug 1238785 for CVE-2025-21745",
"url": "https://bugzilla.suse.com/1238785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21745"
},
{
"cve": "CVE-2025-21749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21749"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: lock the socket in rose_bind()\n\nsyzbot reported a soft lockup in rose_loopback_timer(),\nwith a repro calling bind() from multiple threads.\n\nrose_bind() must lock the socket to avoid this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21749",
"url": "https://www.suse.com/security/cve/CVE-2025-21749"
},
{
"category": "external",
"summary": "SUSE Bug 1238904 for CVE-2025-21749",
"url": "https://bugzilla.suse.com/1238904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "low"
}
],
"title": "CVE-2025-21749"
},
{
"cve": "CVE-2025-21750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21750"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: Check the return value of of_property_read_string_index()\n\nSomewhen between 6.10 and 6.11 the driver started to crash on my\nMacBookPro14,3. The property doesn\u0027t exist and \u0027tmp\u0027 remains\nuninitialized, so we pass a random pointer to devm_kstrdup().\n\nThe crash I am getting looks like this:\n\nBUG: unable to handle page fault for address: 00007f033c669379\nPF: supervisor read access in kernel mode\nPF: error_code(0x0001) - permissions violation\nPGD 8000000101341067 P4D 8000000101341067 PUD 101340067 PMD 1013bb067 PTE 800000010aee9025\nOops: Oops: 0001 [#1] SMP PTI\nCPU: 4 UID: 0 PID: 827 Comm: (udev-worker) Not tainted 6.11.8-gentoo #1\nHardware name: Apple Inc. MacBookPro14,3/Mac-551B86E5744E2388, BIOS 529.140.2.0.0 06/23/2024\nRIP: 0010:strlen+0x4/0x30\nCode: f7 75 ec 31 c0 c3 cc cc cc cc 48 89 f8 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa \u003c80\u003e 3f 00 74 14 48 89 f8 48 83 c0 01 80 38 00 75 f7 48 29 f8 c3 cc\nRSP: 0018:ffffb4aac0683ad8 EFLAGS: 00010202\nRAX: 00000000ffffffea RBX: 00007f033c669379 RCX: 0000000000000001\nRDX: 0000000000000cc0 RSI: 00007f033c669379 RDI: 00007f033c669379\nRBP: 00000000ffffffea R08: 0000000000000000 R09: 00000000c0ba916a\nR10: ffffffffffffffff R11: ffffffffb61ea260 R12: ffff91f7815b50c8\nR13: 0000000000000cc0 R14: ffff91fafefffe30 R15: ffffb4aac0683b30\nFS: 00007f033ccbe8c0(0000) GS:ffff91faeed00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f033c669379 CR3: 0000000107b1e004 CR4: 00000000003706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x149/0x4c0\n ? raw_spin_rq_lock_nested+0xe/0x20\n ? sched_balance_newidle+0x22b/0x3c0\n ? update_load_avg+0x78/0x770\n ? exc_page_fault+0x6f/0x150\n ? asm_exc_page_fault+0x26/0x30\n ? __pfx_pci_conf1_write+0x10/0x10\n ? strlen+0x4/0x30\n devm_kstrdup+0x25/0x70\n brcmf_of_probe+0x273/0x350 [brcmfmac]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21750",
"url": "https://www.suse.com/security/cve/CVE-2025-21750"
},
{
"category": "external",
"summary": "SUSE Bug 1238905 for CVE-2025-21750",
"url": "https://bugzilla.suse.com/1238905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21750"
},
{
"cve": "CVE-2025-21753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21753"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free when attempting to join an aborted transaction\n\nWhen we are trying to join the current transaction and if it\u0027s aborted,\nwe read its \u0027aborted\u0027 field after unlocking fs_info-\u003etrans_lock and\nwithout holding any extra reference count on it. This means that a\nconcurrent task that is aborting the transaction may free the transaction\nbefore we read its \u0027aborted\u0027 field, leading to a use-after-free.\n\nFix this by reading the \u0027aborted\u0027 field while holding fs_info-\u003etrans_lock\nsince any freeing task must first acquire that lock and set\nfs_info-\u003erunning_transaction to NULL before freeing the transaction.\n\nThis was reported by syzbot and Dmitry with the following stack traces\nfrom KASAN:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n Read of size 4 at addr ffff888011839024 by task kworker/u4:9/1128\n\n CPU: 0 UID: 0 PID: 1128 Comm: kworker/u4:9 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Workqueue: events_unbound btrfs_async_reclaim_data_space\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n flush_space+0x448/0xcf0 fs/btrfs/space-info.c:803\n btrfs_async_reclaim_data_space+0x159/0x510 fs/btrfs/space-info.c:1321\n process_one_work kernel/workqueue.c:3236 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317\n worker_thread+0x870/0xd30 kernel/workqueue.c:3398\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\n Allocated by task 5315:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329\n kmalloc_noprof include/linux/slab.h:901 [inline]\n join_transaction+0x144/0xda0 fs/btrfs/transaction.c:308\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n btrfs_create_common+0x1b2/0x2e0 fs/btrfs/inode.c:6572\n lookup_open fs/namei.c:3649 [inline]\n open_last_lookups fs/namei.c:3748 [inline]\n path_openat+0x1c03/0x3590 fs/namei.c:3984\n do_filp_open+0x27f/0x4e0 fs/namei.c:4014\n do_sys_openat2+0x13e/0x1d0 fs/open.c:1402\n do_sys_open fs/open.c:1417 [inline]\n __do_sys_creat fs/open.c:1495 [inline]\n __se_sys_creat fs/open.c:1489 [inline]\n __x64_sys_creat+0x123/0x170 fs/open.c:1489\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 5336:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2353 [inline]\n slab_free mm/slub.c:4613 [inline]\n kfree+0x196/0x430 mm/slub.c:4761\n cleanup_transaction fs/btrfs/transaction.c:2063 [inline]\n btrfs_commit_transaction+0x2c97/0x3720 fs/btrfs/transaction.c:2598\n insert_balance_item+0x1284/0x20b0 fs/btrfs/volumes.c:3757\n btrfs_balance+0x992/\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21753",
"url": "https://www.suse.com/security/cve/CVE-2025-21753"
},
{
"category": "external",
"summary": "SUSE Bug 1237875 for CVE-2025-21753",
"url": "https://bugzilla.suse.com/1237875"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21753"
},
{
"cve": "CVE-2025-21754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21754"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix assertion failure when splitting ordered extent after transaction abort\n\nIf while we are doing a direct IO write a transaction abort happens, we\nmark all existing ordered extents with the BTRFS_ORDERED_IOERR flag (done\nat btrfs_destroy_ordered_extents()), and then after that if we enter\nbtrfs_split_ordered_extent() and the ordered extent has bytes left\n(meaning we have a bio that doesn\u0027t cover the whole ordered extent, see\ndetails at btrfs_extract_ordered_extent()), we will fail on the following\nassertion at btrfs_split_ordered_extent():\n\n ASSERT(!(flags \u0026 ~BTRFS_ORDERED_TYPE_FLAGS));\n\nbecause the BTRFS_ORDERED_IOERR flag is set and the definition of\nBTRFS_ORDERED_TYPE_FLAGS is just the union of all flags that identify the\ntype of write (regular, nocow, prealloc, compressed, direct IO, encoded).\n\nFix this by returning an error from btrfs_extract_ordered_extent() if we\nfind the BTRFS_ORDERED_IOERR flag in the ordered extent. The error will\nbe the error that resulted in the transaction abort or -EIO if no\ntransaction abort happened.\n\nThis was recently reported by syzbot with the following trace:\n\n FAULT_INJECTION: forcing a failure.\n name failslab, interval 1, probability 0, space 0, times 1\n CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.13.0-rc5-syzkaller #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n fail_dump lib/fault-inject.c:53 [inline]\n should_fail_ex+0x3b0/0x4e0 lib/fault-inject.c:154\n should_failslab+0xac/0x100 mm/failslab.c:46\n slab_pre_alloc_hook mm/slub.c:4072 [inline]\n slab_alloc_node mm/slub.c:4148 [inline]\n __do_kmalloc_node mm/slub.c:4297 [inline]\n __kmalloc_noprof+0xdd/0x4c0 mm/slub.c:4310\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n btrfs_chunk_alloc_add_chunk_item+0x244/0x1100 fs/btrfs/volumes.c:5742\n reserve_chunk_space+0x1ca/0x2c0 fs/btrfs/block-group.c:4292\n check_system_chunk fs/btrfs/block-group.c:4319 [inline]\n do_chunk_alloc fs/btrfs/block-group.c:3891 [inline]\n btrfs_chunk_alloc+0x77b/0xf80 fs/btrfs/block-group.c:4187\n find_free_extent_update_loop fs/btrfs/extent-tree.c:4166 [inline]\n find_free_extent+0x42d1/0x5810 fs/btrfs/extent-tree.c:4579\n btrfs_reserve_extent+0x422/0x810 fs/btrfs/extent-tree.c:4672\n btrfs_new_extent_direct fs/btrfs/direct-io.c:186 [inline]\n btrfs_get_blocks_direct_write+0x706/0xfa0 fs/btrfs/direct-io.c:321\n btrfs_dio_iomap_begin+0xbb7/0x1180 fs/btrfs/direct-io.c:525\n iomap_iter+0x697/0xf60 fs/iomap/iter.c:90\n __iomap_dio_rw+0xeb9/0x25b0 fs/iomap/direct-io.c:702\n btrfs_dio_write fs/btrfs/direct-io.c:775 [inline]\n btrfs_direct_write+0x610/0xa30 fs/btrfs/direct-io.c:880\n btrfs_do_write_iter+0x2a0/0x760 fs/btrfs/file.c:1397\n do_iter_readv_writev+0x600/0x880\n vfs_writev+0x376/0xba0 fs/read_write.c:1050\n do_pwritev fs/read_write.c:1146 [inline]\n __do_sys_pwritev2 fs/read_write.c:1204 [inline]\n __se_sys_pwritev2+0x196/0x2b0 fs/read_write.c:1195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f1281f85d29\n RSP: 002b:00007f12819fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148\n RAX: ffffffffffffffda RBX: 00007f1282176080 RCX: 00007f1281f85d29\n RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000005\n RBP: 00007f12819fe090 R08: 0000000000000000 R09: 0000000000000003\n R10: 0000000000007000 R11: 0000000000000246 R12: 0000000000000002\n R13: 0000000000000000 R14: 00007f1282176080 R15: 00007ffcb9e23328\n \u003c/TASK\u003e\n BTRFS error (device loop0 state A): Transaction aborted (error -12)\n BTRFS: error (device loop0 state A\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21754",
"url": "https://www.suse.com/security/cve/CVE-2025-21754"
},
{
"category": "external",
"summary": "SUSE Bug 1238496 for CVE-2025-21754",
"url": "https://bugzilla.suse.com/1238496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21754"
},
{
"cve": "CVE-2025-21755",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21755"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21755",
"url": "https://www.suse.com/security/cve/CVE-2025-21755"
},
{
"category": "external",
"summary": "SUSE Bug 1237882 for CVE-2025-21755",
"url": "https://bugzilla.suse.com/1237882"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21755"
},
{
"cve": "CVE-2025-21756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Keep the binding until socket destruction\n\nPreserve sockets bindings; this includes both resulting from an explicit\nbind() and those implicitly bound through autobind during connect().\n\nPrevents socket unbinding during a transport reassignment, which fixes a\nuse-after-free:\n\n 1. vsock_create() (refcnt=1) calls vsock_insert_unbound() (refcnt=2)\n 2. transport-\u003erelease() calls vsock_remove_bound() without checking if\n sk was bound and moved to bound list (refcnt=1)\n 3. vsock_bind() assumes sk is in unbound list and before\n __vsock_insert_bound(vsock_bound_sockets()) calls\n __vsock_remove_bound() which does:\n list_del_init(\u0026vsk-\u003ebound_table); // nop\n sock_put(\u0026vsk-\u003esk); // refcnt=0\n\nBUG: KASAN: slab-use-after-free in __vsock_bind+0x62e/0x730\nRead of size 4 at addr ffff88816b46a74c by task a.out/2057\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n __vsock_bind+0x62e/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAllocated by task 2057:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n __vsock_create.constprop.0+0x2e/0xb60\n vsock_create+0xe4/0x420\n __sock_create+0x241/0x650\n __sys_socket+0xf2/0x1a0\n __x64_sys_socket+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2057:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n __vsock_bind+0x5e1/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 7 PID: 2057 at lib/refcount.c:25 refcount_warn_saturate+0xce/0x150\nRIP: 0010:refcount_warn_saturate+0xce/0x150\n __vsock_bind+0x66d/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 7 PID: 2057 at lib/refcount.c:28 refcount_warn_saturate+0xee/0x150\nRIP: 0010:refcount_warn_saturate+0xee/0x150\n vsock_remove_bound+0x187/0x1e0\n __vsock_release+0x383/0x4a0\n vsock_release+0x90/0x120\n __sock_release+0xa3/0x250\n sock_close+0x14/0x20\n __fput+0x359/0xa80\n task_work_run+0x107/0x1d0\n do_exit+0x847/0x2560\n do_group_exit+0xb8/0x250\n __x64_sys_exit_group+0x3a/0x50\n x64_sys_call+0xfec/0x14f0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21756",
"url": "https://www.suse.com/security/cve/CVE-2025-21756"
},
{
"category": "external",
"summary": "SUSE Bug 1238876 for CVE-2025-21756",
"url": "https://bugzilla.suse.com/1238876"
},
{
"category": "external",
"summary": "SUSE Bug 1245795 for CVE-2025-21756",
"url": "https://bugzilla.suse.com/1245795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21756"
},
{
"cve": "CVE-2025-21759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21759"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: extend RCU protection in igmp6_send()\n\nigmp6_send() can be called without RTNL or RCU being held.\n\nExtend RCU protection so that we can safely fetch the net pointer\nand avoid a potential UAF.\n\nNote that we no longer can use sock_alloc_send_skb() because\nipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.\n\nInstead use alloc_skb() and charge the net-\u003eipv6.igmp_sk\nsocket under RCU protection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21759",
"url": "https://www.suse.com/security/cve/CVE-2025-21759"
},
{
"category": "external",
"summary": "SUSE Bug 1238738 for CVE-2025-21759",
"url": "https://bugzilla.suse.com/1238738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21759"
},
{
"cve": "CVE-2025-21760",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21760"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: extend RCU protection in ndisc_send_skb()\n\nndisc_send_skb() can be called without RTNL or RCU held.\n\nAcquire rcu_read_lock() earlier, so that we can use dev_net_rcu()\nand avoid a potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21760",
"url": "https://www.suse.com/security/cve/CVE-2025-21760"
},
{
"category": "external",
"summary": "SUSE Bug 1238763 for CVE-2025-21760",
"url": "https://bugzilla.suse.com/1238763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21760"
},
{
"cve": "CVE-2025-21761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21761"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: use RCU protection in ovs_vport_cmd_fill_info()\n\novs_vport_cmd_fill_info() can be called without RTNL or RCU.\n\nUse RCU protection and dev_net_rcu() to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21761",
"url": "https://www.suse.com/security/cve/CVE-2025-21761"
},
{
"category": "external",
"summary": "SUSE Bug 1238775 for CVE-2025-21761",
"url": "https://bugzilla.suse.com/1238775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21761"
},
{
"cve": "CVE-2025-21762",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21762"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narp: use RCU protection in arp_xmit()\n\narp_xmit() can be called without RTNL or RCU protection.\n\nUse RCU protection to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21762",
"url": "https://www.suse.com/security/cve/CVE-2025-21762"
},
{
"category": "external",
"summary": "SUSE Bug 1238780 for CVE-2025-21762",
"url": "https://bugzilla.suse.com/1238780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21762"
},
{
"cve": "CVE-2025-21763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21763"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nneighbour: use RCU protection in __neigh_notify()\n\n__neigh_notify() can be called without RTNL or RCU protection.\n\nUse RCU protection to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21763",
"url": "https://www.suse.com/security/cve/CVE-2025-21763"
},
{
"category": "external",
"summary": "SUSE Bug 1237897 for CVE-2025-21763",
"url": "https://bugzilla.suse.com/1237897"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21763"
},
{
"cve": "CVE-2025-21764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21764"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: use RCU protection in ndisc_alloc_skb()\n\nndisc_alloc_skb() can be called without RTNL or RCU being held.\n\nAdd RCU protection to avoid possible UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21764",
"url": "https://www.suse.com/security/cve/CVE-2025-21764"
},
{
"category": "external",
"summary": "SUSE Bug 1237885 for CVE-2025-21764",
"url": "https://bugzilla.suse.com/1237885"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21764"
},
{
"cve": "CVE-2025-21765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21765"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: use RCU protection in ip6_default_advmss()\n\nip6_default_advmss() needs rcu protection to make\nsure the net structure it reads does not disappear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21765",
"url": "https://www.suse.com/security/cve/CVE-2025-21765"
},
{
"category": "external",
"summary": "SUSE Bug 1237906 for CVE-2025-21765",
"url": "https://bugzilla.suse.com/1237906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21765"
},
{
"cve": "CVE-2025-21766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21766"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: use RCU protection in __ip_rt_update_pmtu()\n\n__ip_rt_update_pmtu() must use RCU protection to make\nsure the net structure it reads does not disappear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21766",
"url": "https://www.suse.com/security/cve/CVE-2025-21766"
},
{
"category": "external",
"summary": "SUSE Bug 1238754 for CVE-2025-21766",
"url": "https://bugzilla.suse.com/1238754"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21766"
},
{
"cve": "CVE-2025-21767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21767"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context\n\nThe following bug report happened with a PREEMPT_RT kernel:\n\n BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog\n preempt_count: 1, expected: 0\n RCU nest depth: 0, expected: 0\n get_random_u32+0x4f/0x110\n clocksource_verify_choose_cpus+0xab/0x1a0\n clocksource_verify_percpu.part.0+0x6b/0x330\n clocksource_watchdog_kthread+0x193/0x1a0\n\nIt is due to the fact that clocksource_verify_choose_cpus() is invoked with\npreemption disabled. This function invokes get_random_u32() to obtain\nrandom numbers for choosing CPUs. The batched_entropy_32 local lock and/or\nthe base_crng.lock spinlock in driver/char/random.c will be acquired during\nthe call. In PREEMPT_RT kernel, they are both sleeping locks and so cannot\nbe acquired in atomic context.\n\nFix this problem by using migrate_disable() to allow smp_processor_id() to\nbe reliably used without introducing atomic context. preempt_disable() is\nthen called after clocksource_verify_choose_cpus() but before the\nclocksource measurement is being run to avoid introducing unexpected\nlatency.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21767",
"url": "https://www.suse.com/security/cve/CVE-2025-21767"
},
{
"category": "external",
"summary": "SUSE Bug 1238509 for CVE-2025-21767",
"url": "https://bugzilla.suse.com/1238509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21767"
},
{
"cve": "CVE-2025-21772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21772"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npartitions: mac: fix handling of bogus partition table\n\nFix several issues in partition probing:\n\n - The bailout for a bad partoffset must use put_dev_sector(), since the\n preceding read_part_sector() succeeded.\n - If the partition table claims a silly sector size like 0xfff bytes\n (which results in partition table entries straddling sector boundaries),\n bail out instead of accessing out-of-bounds memory.\n - We must not assume that the partition table contains proper NUL\n termination - use strnlen() and strncmp() instead of strlen() and\n strcmp().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21772",
"url": "https://www.suse.com/security/cve/CVE-2025-21772"
},
{
"category": "external",
"summary": "SUSE Bug 1238911 for CVE-2025-21772",
"url": "https://bugzilla.suse.com/1238911"
},
{
"category": "external",
"summary": "SUSE Bug 1238912 for CVE-2025-21772",
"url": "https://bugzilla.suse.com/1238912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21772"
},
{
"cve": "CVE-2025-21773",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21773"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: etas_es58x: fix potential NULL pointer dereference on udev-\u003eserial\n\nThe driver assumed that es58x_dev-\u003eudev-\u003eserial could never be NULL.\nWhile this is true on commercially available devices, an attacker\ncould spoof the device identity providing a NULL USB serial number.\nThat would trigger a NULL pointer dereference.\n\nAdd a check on es58x_dev-\u003eudev-\u003eserial before accessing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21773",
"url": "https://www.suse.com/security/cve/CVE-2025-21773"
},
{
"category": "external",
"summary": "SUSE Bug 1238762 for CVE-2025-21773",
"url": "https://bugzilla.suse.com/1238762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21773"
},
{
"cve": "CVE-2025-21775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21775"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: ctucanfd: handle skb allocation failure\n\nIf skb allocation fails, the pointer to struct can_frame is NULL. This\nis actually handled everywhere inside ctucan_err_interrupt() except for\nthe only place.\n\nAdd the missed NULL check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21775",
"url": "https://www.suse.com/security/cve/CVE-2025-21775"
},
{
"category": "external",
"summary": "SUSE Bug 1238501 for CVE-2025-21775",
"url": "https://bugzilla.suse.com/1238501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21775"
},
{
"cve": "CVE-2025-21776",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21776"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: hub: Ignore non-compliant devices with too many configs or interfaces\n\nRobert Morris created a test program which can cause\nusb_hub_to_struct_hub() to dereference a NULL or inappropriate\npointer:\n\nOops: general protection fault, probably for non-canonical address\n0xcccccccccccccccc: 0000 [#1] SMP DEBUG_PAGEALLOC PTI\nCPU: 7 UID: 0 PID: 117 Comm: kworker/7:1 Not tainted 6.13.0-rc3-00017-gf44d154d6e3d #14\nHardware name: FreeBSD BHYVE/BHYVE, BIOS 14.0 10/17/2021\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_hub_adjust_deviceremovable+0x78/0x110\n...\nCall Trace:\n \u003cTASK\u003e\n ? die_addr+0x31/0x80\n ? exc_general_protection+0x1b4/0x3c0\n ? asm_exc_general_protection+0x26/0x30\n ? usb_hub_adjust_deviceremovable+0x78/0x110\n hub_probe+0x7c7/0xab0\n usb_probe_interface+0x14b/0x350\n really_probe+0xd0/0x2d0\n ? __pfx___device_attach_driver+0x10/0x10\n __driver_probe_device+0x6e/0x110\n driver_probe_device+0x1a/0x90\n __device_attach_driver+0x7e/0xc0\n bus_for_each_drv+0x7f/0xd0\n __device_attach+0xaa/0x1a0\n bus_probe_device+0x8b/0xa0\n device_add+0x62e/0x810\n usb_set_configuration+0x65d/0x990\n usb_generic_driver_probe+0x4b/0x70\n usb_probe_device+0x36/0xd0\n\nThe cause of this error is that the device has two interfaces, and the\nhub driver binds to interface 1 instead of interface 0, which is where\nusb_hub_to_struct_hub() looks.\n\nWe can prevent the problem from occurring by refusing to accept hub\ndevices that violate the USB spec by having more than one\nconfiguration or interface.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21776",
"url": "https://www.suse.com/security/cve/CVE-2025-21776"
},
{
"category": "external",
"summary": "SUSE Bug 1238909 for CVE-2025-21776",
"url": "https://bugzilla.suse.com/1238909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21776"
},
{
"cve": "CVE-2025-21779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21779"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Reject Hyper-V\u0027s SEND_IPI hypercalls if local APIC isn\u0027t in-kernel\n\nAdvertise support for Hyper-V\u0027s SEND_IPI and SEND_IPI_EX hypercalls if and\nonly if the local API is emulated/virtualized by KVM, and explicitly reject\nsaid hypercalls if the local APIC is emulated in userspace, i.e. don\u0027t rely\non userspace to opt-in to KVM_CAP_HYPERV_ENFORCE_CPUID.\n\nRejecting SEND_IPI and SEND_IPI_EX fixes a NULL-pointer dereference if\nHyper-V enlightenments are exposed to the guest without an in-kernel local\nAPIC:\n\n dump_stack+0xbe/0xfd\n __kasan_report.cold+0x34/0x84\n kasan_report+0x3a/0x50\n __apic_accept_irq+0x3a/0x5c0\n kvm_hv_send_ipi.isra.0+0x34e/0x820\n kvm_hv_hypercall+0x8d9/0x9d0\n kvm_emulate_hypercall+0x506/0x7e0\n __vmx_handle_exit+0x283/0xb60\n vmx_handle_exit+0x1d/0xd0\n vcpu_enter_guest+0x16b0/0x24c0\n vcpu_run+0xc0/0x550\n kvm_arch_vcpu_ioctl_run+0x170/0x6d0\n kvm_vcpu_ioctl+0x413/0xb20\n __se_sys_ioctl+0x111/0x160\n do_syscal1_64+0x30/0x40\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nNote, checking the sending vCPU is sufficient, as the per-VM irqchip_mode\ncan\u0027t be modified after vCPUs are created, i.e. if one vCPU has an\nin-kernel local APIC, then all vCPUs have an in-kernel local APIC.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21779",
"url": "https://www.suse.com/security/cve/CVE-2025-21779"
},
{
"category": "external",
"summary": "SUSE Bug 1238768 for CVE-2025-21779",
"url": "https://bugzilla.suse.com/1238768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21779"
},
{
"cve": "CVE-2025-21780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21780"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()\n\nIt malicious user provides a small pptable through sysfs and then\na bigger pptable, it may cause buffer overflow attack in function\nsmu_sys_set_pp_table().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21780",
"url": "https://www.suse.com/security/cve/CVE-2025-21780"
},
{
"category": "external",
"summary": "SUSE Bug 1239115 for CVE-2025-21780",
"url": "https://bugzilla.suse.com/1239115"
},
{
"category": "external",
"summary": "SUSE Bug 1239116 for CVE-2025-21780",
"url": "https://bugzilla.suse.com/1239116"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21780"
},
{
"cve": "CVE-2025-21781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21781"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: fix panic during interface removal\n\nReference counting is used to ensure that\nbatadv_hardif_neigh_node and batadv_hard_iface\nare not freed before/during\nbatadv_v_elp_throughput_metric_update work is\nfinished.\n\nBut there isn\u0027t a guarantee that the hard if will\nremain associated with a soft interface up until\nthe work is finished.\n\nThis fixes a crash triggered by reboot that looks\nlike this:\n\nCall trace:\n batadv_v_mesh_free+0xd0/0x4dc [batman_adv]\n batadv_v_elp_throughput_metric_update+0x1c/0xa4\n process_one_work+0x178/0x398\n worker_thread+0x2e8/0x4d0\n kthread+0xd8/0xdc\n ret_from_fork+0x10/0x20\n\n(the batadv_v_mesh_free call is misleading,\nand does not actually happen)\n\nI was able to make the issue happen more reliably\nby changing hardif_neigh-\u003ebat_v.metric_work work\nto be delayed work. This allowed me to track down\nand confirm the fix.\n\n[sven@narfation.org: prevent entering batadv_v_elp_get_throughput without\n soft_iface]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21781",
"url": "https://www.suse.com/security/cve/CVE-2025-21781"
},
{
"category": "external",
"summary": "SUSE Bug 1238735 for CVE-2025-21781",
"url": "https://bugzilla.suse.com/1238735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21781"
},
{
"cve": "CVE-2025-21782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\norangefs: fix a oob in orangefs_debug_write\n\nI got a syzbot report: slab-out-of-bounds Read in\norangefs_debug_write... several people suggested fixes,\nI tested Al Viro\u0027s suggestion and made this patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21782",
"url": "https://www.suse.com/security/cve/CVE-2025-21782"
},
{
"category": "external",
"summary": "SUSE Bug 1239117 for CVE-2025-21782",
"url": "https://bugzilla.suse.com/1239117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21782"
},
{
"cve": "CVE-2025-21784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21784"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode()\n\nIn function psp_init_cap_microcode(), it should bail out when failed to\nload firmware, otherwise it may cause invalid memory access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21784",
"url": "https://www.suse.com/security/cve/CVE-2025-21784"
},
{
"category": "external",
"summary": "SUSE Bug 1238510 for CVE-2025-21784",
"url": "https://bugzilla.suse.com/1238510"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21784"
},
{
"cve": "CVE-2025-21785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21785"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array\n\nThe loop that detects/populates cache information already has a bounds\ncheck on the array size but does not account for cache levels with\nseparate data/instructions cache. Fix this by incrementing the index\nfor any populated leaf (instead of any populated level).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21785",
"url": "https://www.suse.com/security/cve/CVE-2025-21785"
},
{
"category": "external",
"summary": "SUSE Bug 1238747 for CVE-2025-21785",
"url": "https://bugzilla.suse.com/1238747"
},
{
"category": "external",
"summary": "SUSE Bug 1240745 for CVE-2025-21785",
"url": "https://bugzilla.suse.com/1240745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21785"
},
{
"cve": "CVE-2025-21790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21790"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: check vxlan_vnigroup_init() return value\n\nvxlan_init() must check vxlan_vnigroup_init() success\notherwise a crash happens later, spotted by syzbot.\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000002c: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000160-0x0000000000000167]\nCPU: 0 UID: 0 PID: 7313 Comm: syz-executor147 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:vxlan_vnigroup_uninit+0x89/0x500 drivers/net/vxlan/vxlan_vnifilter.c:912\nCode: 00 48 8b 44 24 08 4c 8b b0 98 41 00 00 49 8d 86 60 01 00 00 48 89 c2 48 89 44 24 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 4d 04 00 00 49 8b 86 60 01 00 00 48 ba 00 00 00\nRSP: 0018:ffffc9000cc1eea8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8672effb\nRDX: 000000000000002c RSI: ffffffff8672ecb9 RDI: ffff8880461b4f18\nRBP: ffff8880461b4ef4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000020000\nR13: ffff8880461b0d80 R14: 0000000000000000 R15: dffffc0000000000\nFS: 00007fecfa95d6c0(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fecfa95cfb8 CR3: 000000004472c000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vxlan_uninit+0x1ab/0x200 drivers/net/vxlan/vxlan_core.c:2942\n unregister_netdevice_many_notify+0x12d6/0x1f30 net/core/dev.c:11824\n unregister_netdevice_many net/core/dev.c:11866 [inline]\n unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11736\n register_netdevice+0x1829/0x1eb0 net/core/dev.c:10901\n __vxlan_dev_create+0x7c6/0xa30 drivers/net/vxlan/vxlan_core.c:3981\n vxlan_newlink+0xd1/0x130 drivers/net/vxlan/vxlan_core.c:4407\n rtnl_newlink_create net/core/rtnetlink.c:3795 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21790",
"url": "https://www.suse.com/security/cve/CVE-2025-21790"
},
{
"category": "external",
"summary": "SUSE Bug 1238753 for CVE-2025-21790",
"url": "https://bugzilla.suse.com/1238753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21790"
},
{
"cve": "CVE-2025-21791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: use RCU protection in l3mdev_l3_out()\n\nl3mdev_l3_out() can be called without RCU being held:\n\nraw_sendmsg()\n ip_push_pending_frames()\n ip_send_skb()\n ip_local_out()\n __ip_local_out()\n l3mdev_ip_out()\n\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\na potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21791",
"url": "https://www.suse.com/security/cve/CVE-2025-21791"
},
{
"category": "external",
"summary": "SUSE Bug 1238512 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "external",
"summary": "SUSE Bug 1240744 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1240744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21791"
},
{
"cve": "CVE-2025-21793",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21793"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: sn-f-ospi: Fix division by zero\n\nWhen there is no dummy cycle in the spi-nor commands, both dummy bus cycle\nbytes and width are zero. Because of the cpu\u0027s warning when divided by\nzero, the warning should be avoided. Return just zero to avoid such\ncalculations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21793",
"url": "https://www.suse.com/security/cve/CVE-2025-21793"
},
{
"category": "external",
"summary": "SUSE Bug 1238500 for CVE-2025-21793",
"url": "https://bugzilla.suse.com/1238500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21793"
},
{
"cve": "CVE-2025-21794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()\n\nSyzbot[1] has detected a stack-out-of-bounds read of the ep_addr array from\nhid-thrustmaster driver. This array is passed to usb_check_int_endpoints\nfunction from usb.c core driver, which executes a for loop that iterates\nover the elements of the passed array. Not finding a null element at the end of\nthe array, it tries to read the next, non-existent element, crashing the kernel.\n\nTo fix this, a 0 element was added at the end of the array to break the for\nloop.\n\n[1] https://syzkaller.appspot.com/bug?extid=9c9179ac46169c56c1ad",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21794",
"url": "https://www.suse.com/security/cve/CVE-2025-21794"
},
{
"category": "external",
"summary": "SUSE Bug 1238502 for CVE-2025-21794",
"url": "https://bugzilla.suse.com/1238502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21794"
},
{
"cve": "CVE-2025-21795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21795"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: fix hang in nfsd4_shutdown_callback\n\nIf nfs4_client is in courtesy state then there is no point to send\nthe callback. This causes nfsd4_shutdown_callback to hang since\ncl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP\nnotifies NFSD that the connection was dropped.\n\nThis patch modifies nfsd4_run_cb_work to skip the RPC call if\nnfs4_client is in courtesy state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21795",
"url": "https://www.suse.com/security/cve/CVE-2025-21795"
},
{
"category": "external",
"summary": "SUSE Bug 1238759 for CVE-2025-21795",
"url": "https://bugzilla.suse.com/1238759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21795"
},
{
"cve": "CVE-2025-21796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21796"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: clear acl_access/acl_default after releasing them\n\nIf getting acl_default fails, acl_access and acl_default will be released\nsimultaneously. However, acl_access will still retain a pointer pointing\nto the released posix_acl, which will trigger a WARNING in\nnfs3svc_release_getacl like this:\n\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 26 PID: 3199 at lib/refcount.c:28\nrefcount_warn_saturate+0xb5/0x170\nModules linked in:\nCPU: 26 UID: 0 PID: 3199 Comm: nfsd Not tainted\n6.12.0-rc6-00079-g04ae226af01f-dirty #8\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xb5/0x170\nCode: cc cc 0f b6 1d b3 20 a5 03 80 fb 01 0f 87 65 48 d8 00 83 e3 01 75\ne4 48 c7 c7 c0 3b 9b 85 c6 05 97 20 a5 03 01 e8 fb 3e 30 ff \u003c0f\u003e 0b eb\ncd 0f b6 1d 8a3\nRSP: 0018:ffffc90008637cd8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff83904fde\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88871ed36380\nRBP: ffff888158beeb40 R08: 0000000000000001 R09: fffff520010c6f56\nR10: ffffc90008637ab7 R11: 0000000000000001 R12: 0000000000000001\nR13: ffff888140e77400 R14: ffff888140e77408 R15: ffffffff858b42c0\nFS: 0000000000000000(0000) GS:ffff88871ed00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000562384d32158 CR3: 000000055cc6a000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0xb5/0x170\n ? __warn+0xa5/0x140\n ? refcount_warn_saturate+0xb5/0x170\n ? report_bug+0x1b1/0x1e0\n ? handle_bug+0x53/0xa0\n ? exc_invalid_op+0x17/0x40\n ? asm_exc_invalid_op+0x1a/0x20\n ? tick_nohz_tick_stopped+0x1e/0x40\n ? refcount_warn_saturate+0xb5/0x170\n ? refcount_warn_saturate+0xb5/0x170\n nfs3svc_release_getacl+0xc9/0xe0\n svc_process_common+0x5db/0xb60\n ? __pfx_svc_process_common+0x10/0x10\n ? __rcu_read_unlock+0x69/0xa0\n ? __pfx_nfsd_dispatch+0x10/0x10\n ? svc_xprt_received+0xa1/0x120\n ? xdr_init_decode+0x11d/0x190\n svc_process+0x2a7/0x330\n svc_handle_xprt+0x69d/0x940\n svc_recv+0x180/0x2d0\n nfsd+0x168/0x200\n ? __pfx_nfsd+0x10/0x10\n kthread+0x1a2/0x1e0\n ? kthread+0xf4/0x1e0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\nKernel panic - not syncing: kernel: panic_on_warn set ...\n\nClear acl_access/acl_default after posix_acl_release is called to prevent\nUAF from being triggered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21796",
"url": "https://www.suse.com/security/cve/CVE-2025-21796"
},
{
"category": "external",
"summary": "SUSE Bug 1238716 for CVE-2025-21796",
"url": "https://bugzilla.suse.com/1238716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21796"
},
{
"cve": "CVE-2025-21799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21799"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()\n\nWhen getting the IRQ we use k3_udma_glue_tx_get_irq() which returns\nnegative error value on error. So not NULL check is not sufficient\nto deteremine if IRQ is valid. Check that IRQ is greater then zero\nto ensure it is valid.\n\nThere is no issue at probe time but at runtime user can invoke\n.set_channels which results in the following call chain.\nam65_cpsw_set_channels()\n am65_cpsw_nuss_update_tx_rx_chns()\n am65_cpsw_nuss_remove_tx_chns()\n am65_cpsw_nuss_init_tx_chns()\n\nAt this point if am65_cpsw_nuss_init_tx_chns() fails due to\nk3_udma_glue_tx_get_irq() then tx_chn-\u003eirq will be set to a\nnegative value.\n\nThen, at subsequent .set_channels with higher channel count we\nwill attempt to free an invalid IRQ in am65_cpsw_nuss_remove_tx_chns()\nleading to a kernel warning.\n\nThe issue is present in the original commit that introduced this driver,\nalthough there, am65_cpsw_nuss_update_tx_rx_chns() existed as\nam65_cpsw_nuss_update_tx_chns().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21799",
"url": "https://www.suse.com/security/cve/CVE-2025-21799"
},
{
"category": "external",
"summary": "SUSE Bug 1238739 for CVE-2025-21799",
"url": "https://bugzilla.suse.com/1238739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21799"
},
{
"cve": "CVE-2025-21802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21802"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix oops when unload drivers paralleling\n\nWhen unload hclge driver, it tries to disable sriov first for each\nae_dev node from hnae3_ae_dev_list. If user unloads hns3 driver at\nthe time, because it removes all the ae_dev nodes, and it may cause\noops.\n\nBut we can\u0027t simply use hnae3_common_lock for this. Because in the\nprocess flow of pci_disable_sriov(), it will trigger the remove flow\nof VF, which will also take hnae3_common_lock.\n\nTo fixes it, introduce a new mutex to protect the unload process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21802",
"url": "https://www.suse.com/security/cve/CVE-2025-21802"
},
{
"category": "external",
"summary": "SUSE Bug 1238751 for CVE-2025-21802",
"url": "https://bugzilla.suse.com/1238751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21802"
},
{
"cve": "CVE-2025-21804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21804"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()\n\nThe rcar_pcie_parse_outbound_ranges() uses the devm_request_mem_region()\nmacro to request a needed resource. A string variable that lives on the\nstack is then used to store a dynamically computed resource name, which\nis then passed on as one of the macro arguments. This can lead to\nundefined behavior.\n\nDepending on the current contents of the memory, the manifestations of\nerrors may vary. One possible output may be as follows:\n\n $ cat /proc/iomem\n 30000000-37ffffff :\n 38000000-3fffffff :\n\nSometimes, garbage may appear after the colon.\n\nIn very rare cases, if no NULL-terminator is found in memory, the system\nmight crash because the string iterator will overrun which can lead to\naccess of unmapped memory above the stack.\n\nThus, fix this by replacing outbound_name with the name of the previously\nrequested resource. With the changes applied, the output will be as\nfollows:\n\n $ cat /proc/iomem\n 30000000-37ffffff : memory2\n 38000000-3fffffff : memory3\n\n[kwilczynski: commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21804",
"url": "https://www.suse.com/security/cve/CVE-2025-21804"
},
{
"category": "external",
"summary": "SUSE Bug 1238736 for CVE-2025-21804",
"url": "https://bugzilla.suse.com/1238736"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21804"
},
{
"cve": "CVE-2025-21806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21806"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: let net.core.dev_weight always be non-zero\n\nThe following problem was encountered during stability test:\n\n(NULL net_device): NAPI poll function process_backlog+0x0/0x530 \\\n\treturned 1, exceeding its budget of 0.\n------------[ cut here ]------------\nlist_add double add: new=ffff88905f746f48, prev=ffff88905f746f48, \\\n\tnext=ffff88905f746e40.\nWARNING: CPU: 18 PID: 5462 at lib/list_debug.c:35 \\\n\t__list_add_valid_or_report+0xf3/0x130\nCPU: 18 UID: 0 PID: 5462 Comm: ping Kdump: loaded Not tainted 6.13.0-rc7+\nRIP: 0010:__list_add_valid_or_report+0xf3/0x130\nCall Trace:\n? __warn+0xcd/0x250\n? __list_add_valid_or_report+0xf3/0x130\nenqueue_to_backlog+0x923/0x1070\nnetif_rx_internal+0x92/0x2b0\n__netif_rx+0x15/0x170\nloopback_xmit+0x2ef/0x450\ndev_hard_start_xmit+0x103/0x490\n__dev_queue_xmit+0xeac/0x1950\nip_finish_output2+0x6cc/0x1620\nip_output+0x161/0x270\nip_push_pending_frames+0x155/0x1a0\nraw_sendmsg+0xe13/0x1550\n__sys_sendto+0x3bf/0x4e0\n__x64_sys_sendto+0xdc/0x1b0\ndo_syscall_64+0x5b/0x170\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe reproduction command is as follows:\n sysctl -w net.core.dev_weight=0\n ping 127.0.0.1\n\nThis is because when the napi\u0027s weight is set to 0, process_backlog() may\nreturn 0 and clear the NAPI_STATE_SCHED bit of napi-\u003estate, causing this\nnapi to be re-polled in net_rx_action() until __do_softirq() times out.\nSince the NAPI_STATE_SCHED bit has been cleared, napi_schedule_rps() can\nbe retriggered in enqueue_to_backlog(), causing this issue.\n\nMaking the napi\u0027s weight always non-zero solves this problem.\n\nTriggering this issue requires system-wide admin (setting is\nnot namespaced).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21806",
"url": "https://www.suse.com/security/cve/CVE-2025-21806"
},
{
"category": "external",
"summary": "SUSE Bug 1238746 for CVE-2025-21806",
"url": "https://bugzilla.suse.com/1238746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21806"
},
{
"cve": "CVE-2025-21810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: class: Fix wild pointer dereferences in API class_dev_iter_next()\n\nThere are a potential wild pointer dereferences issue regarding APIs\nclass_dev_iter_(init|next|exit)(), as explained by below typical usage:\n\n// All members of @iter are wild pointers.\nstruct class_dev_iter iter;\n\n// class_dev_iter_init(@iter, @class, ...) checks parameter @class for\n// potential class_to_subsys() error, and it returns void type and does\n// not initialize its output parameter @iter, so caller can not detect\n// the error and continues to invoke class_dev_iter_next(@iter) even if\n// @iter still contains wild pointers.\nclass_dev_iter_init(\u0026iter, ...);\n\n// Dereference these wild pointers in @iter here once suffer the error.\nwhile (dev = class_dev_iter_next(\u0026iter)) { ... };\n\n// Also dereference these wild pointers here.\nclass_dev_iter_exit(\u0026iter);\n\nActually, all callers of these APIs have such usage pattern in kernel tree.\nFix by:\n- Initialize output parameter @iter by memset() in class_dev_iter_init()\n and give callers prompt by pr_crit() for the error.\n- Check if @iter is valid in class_dev_iter_next().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21810",
"url": "https://www.suse.com/security/cve/CVE-2025-21810"
},
{
"category": "external",
"summary": "SUSE Bug 1238757 for CVE-2025-21810",
"url": "https://bugzilla.suse.com/1238757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21810"
},
{
"cve": "CVE-2025-21815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21815"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/compaction: fix UBSAN shift-out-of-bounds warning\n\nsyzkaller reported a UBSAN shift-out-of-bounds warning of (1UL \u003c\u003c order)\nin isolate_freepages_block(). The bogus compound_order can be any value\nbecause it is union with flags. Add back the MAX_PAGE_ORDER check to fix\nthe warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21815",
"url": "https://www.suse.com/security/cve/CVE-2025-21815"
},
{
"category": "external",
"summary": "SUSE Bug 1238474 for CVE-2025-21815",
"url": "https://bugzilla.suse.com/1238474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21815"
},
{
"cve": "CVE-2025-21819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21819"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/amd/display: Use HW lock mgr for PSR1\"\n\nThis reverts commit\na2b5a9956269 (\"drm/amd/display: Use HW lock mgr for PSR1\")\n\nBecause it may cause system hang while connect with two edp panel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21819",
"url": "https://www.suse.com/security/cve/CVE-2025-21819"
},
{
"category": "external",
"summary": "SUSE Bug 1238994 for CVE-2025-21819",
"url": "https://bugzilla.suse.com/1238994"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21819"
},
{
"cve": "CVE-2025-21820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21820"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: xilinx_uartps: split sysrq handling\n\nlockdep detects the following circular locking dependency:\n\nCPU 0 CPU 1\n========================== ============================\ncdns_uart_isr() printk()\n uart_port_lock(port) console_lock()\n\t\t\t cdns_uart_console_write()\n if (!port-\u003esysrq)\n uart_port_lock(port)\n uart_handle_break()\n port-\u003esysrq = ...\n uart_handle_sysrq_char()\n printk()\n console_lock()\n\nThe fixed commit attempts to avoid this situation by only taking the\nport lock in cdns_uart_console_write if port-\u003esysrq unset. However, if\n(as shown above) cdns_uart_console_write runs before port-\u003esysrq is set,\nthen it will try to take the port lock anyway. This may result in a\ndeadlock.\n\nFix this by splitting sysrq handling into two parts. We use the prepare\nhelper under the port lock and defer handling until we release the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21820",
"url": "https://www.suse.com/security/cve/CVE-2025-21820"
},
{
"category": "external",
"summary": "SUSE Bug 1238479 for CVE-2025-21820",
"url": "https://bugzilla.suse.com/1238479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21820"
},
{
"cve": "CVE-2025-21821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21821"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omap: use threaded IRQ for LCD DMA\n\nWhen using touchscreen and framebuffer, Nokia 770 crashes easily with:\n\n BUG: scheduling while atomic: irq/144-ads7846/82/0x00010000\n Modules linked in: usb_f_ecm g_ether usb_f_rndis u_ether libcomposite configfs omap_udc ohci_omap ohci_hcd\n CPU: 0 UID: 0 PID: 82 Comm: irq/144-ads7846 Not tainted 6.12.7-770 #2\n Hardware name: Nokia 770\n Call trace:\n unwind_backtrace from show_stack+0x10/0x14\n show_stack from dump_stack_lvl+0x54/0x5c\n dump_stack_lvl from __schedule_bug+0x50/0x70\n __schedule_bug from __schedule+0x4d4/0x5bc\n __schedule from schedule+0x34/0xa0\n schedule from schedule_preempt_disabled+0xc/0x10\n schedule_preempt_disabled from __mutex_lock.constprop.0+0x218/0x3b4\n __mutex_lock.constprop.0 from clk_prepare_lock+0x38/0xe4\n clk_prepare_lock from clk_set_rate+0x18/0x154\n clk_set_rate from sossi_read_data+0x4c/0x168\n sossi_read_data from hwa742_read_reg+0x5c/0x8c\n hwa742_read_reg from send_frame_handler+0xfc/0x300\n send_frame_handler from process_pending_requests+0x74/0xd0\n process_pending_requests from lcd_dma_irq_handler+0x50/0x74\n lcd_dma_irq_handler from __handle_irq_event_percpu+0x44/0x130\n __handle_irq_event_percpu from handle_irq_event+0x28/0x68\n handle_irq_event from handle_level_irq+0x9c/0x170\n handle_level_irq from generic_handle_domain_irq+0x2c/0x3c\n generic_handle_domain_irq from omap1_handle_irq+0x40/0x8c\n omap1_handle_irq from generic_handle_arch_irq+0x28/0x3c\n generic_handle_arch_irq from call_with_stack+0x1c/0x24\n call_with_stack from __irq_svc+0x94/0xa8\n Exception stack(0xc5255da0 to 0xc5255de8)\n 5da0: 00000001 c22fc620 00000000 00000000 c08384a8 c106fc00 00000000 c240c248\n 5dc0: c113a600 c3f6ec30 00000001 00000000 c22fc620 c5255df0 c22fc620 c0279a94\n 5de0: 60000013 ffffffff\n __irq_svc from clk_prepare_lock+0x4c/0xe4\n clk_prepare_lock from clk_get_rate+0x10/0x74\n clk_get_rate from uwire_setup_transfer+0x40/0x180\n uwire_setup_transfer from spi_bitbang_transfer_one+0x2c/0x9c\n spi_bitbang_transfer_one from spi_transfer_one_message+0x2d0/0x664\n spi_transfer_one_message from __spi_pump_transfer_message+0x29c/0x498\n __spi_pump_transfer_message from __spi_sync+0x1f8/0x2e8\n __spi_sync from spi_sync+0x24/0x40\n spi_sync from ads7846_halfd_read_state+0x5c/0x1c0\n ads7846_halfd_read_state from ads7846_irq+0x58/0x348\n ads7846_irq from irq_thread_fn+0x1c/0x78\n irq_thread_fn from irq_thread+0x120/0x228\n irq_thread from kthread+0xc8/0xe8\n kthread from ret_from_fork+0x14/0x28\n\nAs a quick fix, switch to a threaded IRQ which provides a stable system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21821",
"url": "https://www.suse.com/security/cve/CVE-2025-21821"
},
{
"category": "external",
"summary": "SUSE Bug 1239174 for CVE-2025-21821",
"url": "https://bugzilla.suse.com/1239174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21821"
},
{
"cve": "CVE-2025-21823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21823"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: Drop unmanaged ELP metric worker\n\nThe ELP worker needs to calculate new metric values for all neighbors\n\"reachable\" over an interface. Some of the used metric sources require\nlocks which might need to sleep. This sleep is incompatible with the RCU\nlist iterator used for the recorded neighbors. The initial approach to work\naround of this problem was to queue another work item per neighbor and then\nrun this in a new context.\n\nEven when this solved the RCU vs might_sleep() conflict, it has a major\nproblems: Nothing was stopping the work item in case it is not needed\nanymore - for example because one of the related interfaces was removed or\nthe batman-adv module was unloaded - resulting in potential invalid memory\naccesses.\n\nDirectly canceling the metric worker also has various problems:\n\n* cancel_work_sync for a to-be-deactivated interface is called with\n rtnl_lock held. But the code in the ELP metric worker also tries to use\n rtnl_lock() - which will never return in this case. This also means that\n cancel_work_sync would never return because it is waiting for the worker\n to finish.\n* iterating over the neighbor list for the to-be-deactivated interface is\n currently done using the RCU specific methods. Which means that it is\n possible to miss items when iterating over it without the associated\n spinlock - a behaviour which is acceptable for a periodic metric check\n but not for a cleanup routine (which must \"stop\" all still running\n workers)\n\nThe better approch is to get rid of the per interface neighbor metric\nworker and handle everything in the interface worker. The original problems\nare solved by:\n\n* creating a list of neighbors which require new metric information inside\n the RCU protected context, gathering the metric according to the new list\n outside the RCU protected context\n* only use rcu_trylock inside metric gathering code to avoid a deadlock\n when the cancel_delayed_work_sync is called in the interface removal code\n (which is called with the rtnl_lock held)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21823",
"url": "https://www.suse.com/security/cve/CVE-2025-21823"
},
{
"category": "external",
"summary": "SUSE Bug 1238475 for CVE-2025-21823",
"url": "https://bugzilla.suse.com/1238475"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21823"
},
{
"cve": "CVE-2025-21825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21825"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Cancel the running bpf_timer through kworker for PREEMPT_RT\n\nDuring the update procedure, when overwrite element in a pre-allocated\nhtab, the freeing of old_element is protected by the bucket lock. The\nreason why the bucket lock is necessary is that the old_element has\nalready been stashed in htab-\u003eextra_elems after alloc_htab_elem()\nreturns. If freeing the old_element after the bucket lock is unlocked,\nthe stashed element may be reused by concurrent update procedure and the\nfreeing of old_element will run concurrently with the reuse of the\nold_element. However, the invocation of check_and_free_fields() may\nacquire a spin-lock which violates the lockdep rule because its caller\nhas already held a raw-spin-lock (bucket lock). The following warning\nwill be reported when such race happens:\n\n BUG: scheduling while atomic: test_progs/676/0x00000003\n 3 locks held by test_progs/676:\n #0: ffffffff864b0240 (rcu_read_lock_trace){....}-{0:0}, at: bpf_prog_test_run_syscall+0x2c0/0x830\n #1: ffff88810e961188 (\u0026htab-\u003elockdep_key){....}-{2:2}, at: htab_map_update_elem+0x306/0x1500\n #2: ffff8881f4eac1b8 (\u0026base-\u003esoftirq_expiry_lock){....}-{2:2}, at: hrtimer_cancel_wait_running+0xe9/0x1b0\n Modules linked in: bpf_testmod(O)\n Preemption disabled at:\n [\u003cffffffff817837a3\u003e] htab_map_update_elem+0x293/0x1500\n CPU: 0 UID: 0 PID: 676 Comm: test_progs Tainted: G ... 6.12.0+ #11\n Tainted: [W]=WARN, [O]=OOT_MODULE\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)...\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x57/0x70\n dump_stack+0x10/0x20\n __schedule_bug+0x120/0x170\n __schedule+0x300c/0x4800\n schedule_rtlock+0x37/0x60\n rtlock_slowlock_locked+0x6d9/0x54c0\n rt_spin_lock+0x168/0x230\n hrtimer_cancel_wait_running+0xe9/0x1b0\n hrtimer_cancel+0x24/0x30\n bpf_timer_delete_work+0x1d/0x40\n bpf_timer_cancel_and_free+0x5e/0x80\n bpf_obj_free_fields+0x262/0x4a0\n check_and_free_fields+0x1d0/0x280\n htab_map_update_elem+0x7fc/0x1500\n bpf_prog_9f90bc20768e0cb9_overwrite_cb+0x3f/0x43\n bpf_prog_ea601c4649694dbd_overwrite_timer+0x5d/0x7e\n bpf_prog_test_run_syscall+0x322/0x830\n __sys_bpf+0x135d/0x3ca0\n __x64_sys_bpf+0x75/0xb0\n x64_sys_call+0x1b5/0xa10\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n ...\n \u003c/TASK\u003e\n\nIt seems feasible to break the reuse and refill of per-cpu extra_elems\ninto two independent parts: reuse the per-cpu extra_elems with bucket\nlock being held and refill the old_element as per-cpu extra_elems after\nthe bucket lock is unlocked. However, it will make the concurrent\noverwrite procedures on the same CPU return unexpected -E2BIG error when\nthe map is full.\n\nTherefore, the patch fixes the lock problem by breaking the cancelling\nof bpf_timer into two steps for PREEMPT_RT:\n1) use hrtimer_try_to_cancel() and check its return value\n2) if the timer is running, use hrtimer_cancel() through a kworker to\n cancel it again\nConsidering that the current implementation of hrtimer_cancel() will try\nto acquire a being held softirq_expiry_lock when the current timer is\nrunning, these steps above are reasonable. However, it also has\ndownside. When the timer is running, the cancelling of the timer is\ndelayed when releasing the last map uref. The delay is also fixable\n(e.g., break the cancelling of bpf timer into two parts: one part in\nlocked scope, another one in unlocked scope), it can be revised later if\nnecessary.\n\nIt is a bit hard to decide the right fix tag. One reason is that the\nproblem depends on PREEMPT_RT which is enabled in v6.12. Considering the\nsoftirq_expiry_lock lock exists since v5.4 and bpf_timer is introduced\nin v5.15, the bpf_timer commit is used in the fixes tag and an extra\ndepends-on tag is added to state the dependency on PREEMPT_RT.\n\nDepends-on: v6.12+ with PREEMPT_RT enabled",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21825",
"url": "https://www.suse.com/security/cve/CVE-2025-21825"
},
{
"category": "external",
"summary": "SUSE Bug 1238971 for CVE-2025-21825",
"url": "https://bugzilla.suse.com/1238971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21825"
},
{
"cve": "CVE-2025-21828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21828"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: don\u0027t flush non-uploaded STAs\n\nIf STA state is pre-moved to AUTHORIZED (such as in IBSS\nscenarios) and insertion fails, the station is freed.\nIn this case, the driver never knew about the station,\nso trying to flush it is unexpected and may crash.\n\nCheck if the sta was uploaded to the driver before and\nfix this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21828",
"url": "https://www.suse.com/security/cve/CVE-2025-21828"
},
{
"category": "external",
"summary": "SUSE Bug 1238958 for CVE-2025-21828",
"url": "https://bugzilla.suse.com/1238958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21828"
},
{
"cve": "CVE-2025-21829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21829"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix the warning \"__rxe_cleanup+0x12c/0x170 [rdma_rxe]\"\n\nThe Call Trace is as below:\n\"\n \u003cTASK\u003e\n ? show_regs.cold+0x1a/0x1f\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? __warn+0x84/0xd0\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? report_bug+0x105/0x180\n ? handle_bug+0x46/0x80\n ? exc_invalid_op+0x19/0x70\n ? asm_exc_invalid_op+0x1b/0x20\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? __rxe_cleanup+0x124/0x170 [rdma_rxe]\n rxe_destroy_qp.cold+0x24/0x29 [rdma_rxe]\n ib_destroy_qp_user+0x118/0x190 [ib_core]\n rdma_destroy_qp.cold+0x43/0x5e [rdma_cm]\n rtrs_cq_qp_destroy.cold+0x1d/0x2b [rtrs_core]\n rtrs_srv_close_work.cold+0x1b/0x31 [rtrs_server]\n process_one_work+0x21d/0x3f0\n worker_thread+0x4a/0x3c0\n ? process_one_work+0x3f0/0x3f0\n kthread+0xf0/0x120\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n \u003c/TASK\u003e\n\"\nWhen too many rdma resources are allocated, rxe needs more time to\nhandle these rdma resources. Sometimes with the current timeout, rxe\ncan not release the rdma resources correctly.\n\nCompared with other rdma drivers, a bigger timeout is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21829",
"url": "https://www.suse.com/security/cve/CVE-2025-21829"
},
{
"category": "external",
"summary": "SUSE Bug 1239030 for CVE-2025-21829",
"url": "https://bugzilla.suse.com/1239030"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21829"
},
{
"cve": "CVE-2025-21830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21830"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Handle weird files\n\nA corrupted filesystem (e.g. bcachefs) might return weird files.\nInstead of throwing a warning and allowing access to such file, treat\nthem as regular files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21830",
"url": "https://www.suse.com/security/cve/CVE-2025-21830"
},
{
"category": "external",
"summary": "SUSE Bug 1239033 for CVE-2025-21830",
"url": "https://bugzilla.suse.com/1239033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21830"
},
{
"cve": "CVE-2025-21831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1\n\ncommit 9d26d3a8f1b0 (\"PCI: Put PCIe ports into D3 during suspend\") sets the\npolicy that all PCIe ports are allowed to use D3. When the system is\nsuspended if the port is not power manageable by the platform and won\u0027t be\nused for wakeup via a PME this sets up the policy for these ports to go\ninto D3hot.\n\nThis policy generally makes sense from an OSPM perspective but it leads to\nproblems with wakeup from suspend on the TUXEDO Sirius 16 Gen 1 with a\nspecific old BIOS. This manifests as a system hang.\n\nOn the affected Device + BIOS combination, add a quirk for the root port of\nthe problematic controller to ensure that these root ports are not put into\nD3hot at suspend.\n\nThis patch is based on\n\n https://lore.kernel.org/linux-pci/20230708214457.1229-2-mario.limonciello@amd.com\n\nbut with the added condition both in the documentation and in the code to\napply only to the TUXEDO Sirius 16 Gen 1 with a specific old BIOS and only\nthe affected root ports.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21831",
"url": "https://www.suse.com/security/cve/CVE-2025-21831"
},
{
"category": "external",
"summary": "SUSE Bug 1239039 for CVE-2025-21831",
"url": "https://bugzilla.suse.com/1239039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21831"
},
{
"cve": "CVE-2025-21832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21832"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: don\u0027t revert iter for -EIOCBQUEUED\n\nblkdev_read_iter() has a few odd checks, like gating the position and\ncount adjustment on whether or not the result is bigger-than-or-equal to\nzero (where bigger than makes more sense), and not checking the return\nvalue of blkdev_direct_IO() before doing an iov_iter_revert(). The\nlatter can lead to attempting to revert with a negative value, which\nwhen passed to iov_iter_revert() as an unsigned value will lead to\nthrowing a WARN_ON() because unroll is bigger than MAX_RW_COUNT.\n\nBe sane and don\u0027t revert for -EIOCBQUEUED, like what is done in other\nspots.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21832",
"url": "https://www.suse.com/security/cve/CVE-2025-21832"
},
{
"category": "external",
"summary": "SUSE Bug 1239105 for CVE-2025-21832",
"url": "https://bugzilla.suse.com/1239105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21832"
},
{
"cve": "CVE-2025-21835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21835"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_midi: fix MIDI Streaming descriptor lengths\n\nWhile the MIDI jacks are configured correctly, and the MIDIStreaming\nendpoint descriptors are filled with the correct information,\nbNumEmbMIDIJack and bLength are set incorrectly in these descriptors.\n\nThis does not matter when the numbers of in and out ports are equal, but\nwhen they differ the host will receive broken descriptors with\nuninitialized stack memory leaking into the descriptor for whichever\nvalue is smaller.\n\nThe precise meaning of \"in\" and \"out\" in the port counts is not clearly\ndefined and can be confusing. But elsewhere the driver consistently\nuses this to match the USB meaning of IN and OUT viewed from the host,\nso that \"in\" ports send data to the host and \"out\" ports receive data\nfrom it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21835",
"url": "https://www.suse.com/security/cve/CVE-2025-21835"
},
{
"category": "external",
"summary": "SUSE Bug 1239068 for CVE-2025-21835",
"url": "https://bugzilla.suse.com/1239068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21835"
},
{
"cve": "CVE-2025-21836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21836"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/kbuf: reallocate buf lists on upgrade\n\nIORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it\nwas created for legacy selected buffer and has been emptied. It violates\nthe requirement that most of the field should stay stable after publish.\nAlways reallocate it instead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21836",
"url": "https://www.suse.com/security/cve/CVE-2025-21836"
},
{
"category": "external",
"summary": "SUSE Bug 1239066 for CVE-2025-21836",
"url": "https://bugzilla.suse.com/1239066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21836"
},
{
"cve": "CVE-2025-21838",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21838"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: flush gadget workqueue after device removal\n\ndevice_del() can lead to new work being scheduled in gadget-\u003ework\nworkqueue. This is observed, for example, with the dwc3 driver with the\nfollowing call stack:\n device_del()\n gadget_unbind_driver()\n usb_gadget_disconnect_locked()\n dwc3_gadget_pullup()\n\t dwc3_gadget_soft_disconnect()\n\t usb_gadget_set_state()\n\t schedule_work(\u0026gadget-\u003ework)\n\nMove flush_work() after device_del() to ensure the workqueue is cleaned\nup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21838",
"url": "https://www.suse.com/security/cve/CVE-2025-21838"
},
{
"category": "external",
"summary": "SUSE Bug 1239065 for CVE-2025-21838",
"url": "https://bugzilla.suse.com/1239065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21838"
},
{
"cve": "CVE-2025-21844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21844"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Add check for next_buffer in receive_encrypted_standard()\n\nAdd check for the return value of cifs_buf_get() and cifs_small_buf_get()\nin receive_encrypted_standard() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21844",
"url": "https://www.suse.com/security/cve/CVE-2025-21844"
},
{
"category": "external",
"summary": "SUSE Bug 1239512 for CVE-2025-21844",
"url": "https://bugzilla.suse.com/1239512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21844"
},
{
"cve": "CVE-2025-21846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21846"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nacct: perform last write from workqueue\n\nIn [1] it was reported that the acct(2) system call can be used to\ntrigger NULL deref in cases where it is set to write to a file that\ntriggers an internal lookup. This can e.g., happen when pointing acc(2)\nto /sys/power/resume. At the point the where the write to this file\nhappens the calling task has already exited and called exit_fs(). A\nlookup will thus trigger a NULL-deref when accessing current-\u003efs.\n\nReorganize the code so that the the final write happens from the\nworkqueue but with the caller\u0027s credentials. This preserves the\n(strange) permission model and has almost no regression risk.\n\nThis api should stop to exist though.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21846",
"url": "https://www.suse.com/security/cve/CVE-2025-21846"
},
{
"category": "external",
"summary": "SUSE Bug 1239508 for CVE-2025-21846",
"url": "https://bugzilla.suse.com/1239508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21846"
},
{
"cve": "CVE-2025-21847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21847"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()\n\nThe nullity of sps-\u003ecstream should be checked similarly as it is done in\nsof_set_stream_data_offset() function.\nAssuming that it is not NULL if sps-\u003estream is NULL is incorrect and can\nlead to NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21847",
"url": "https://www.suse.com/security/cve/CVE-2025-21847"
},
{
"category": "external",
"summary": "SUSE Bug 1239471 for CVE-2025-21847",
"url": "https://bugzilla.suse.com/1239471"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21847"
},
{
"cve": "CVE-2025-21848",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21848"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfp: bpf: Add check for nfp_app_ctrl_msg_alloc()\n\nAdd check for the return value of nfp_app_ctrl_msg_alloc() in\nnfp_bpf_cmsg_alloc() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21848",
"url": "https://www.suse.com/security/cve/CVE-2025-21848"
},
{
"category": "external",
"summary": "SUSE Bug 1239479 for CVE-2025-21848",
"url": "https://bugzilla.suse.com/1239479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21848"
},
{
"cve": "CVE-2025-21850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21850"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: Fix crash when a namespace is disabled\n\nThe namespace percpu counter protects pending I/O, and we can\nonly safely diable the namespace once the counter drop to zero.\nOtherwise we end up with a crash when running blktests/nvme/058\n(eg for loop transport):\n\n[ 2352.930426] [ T53909] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN PTI\n[ 2352.930431] [ T53909] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]\n[ 2352.930434] [ T53909] CPU: 3 UID: 0 PID: 53909 Comm: kworker/u16:5 Tainted: G W 6.13.0-rc6 #232\n[ 2352.930438] [ T53909] Tainted: [W]=WARN\n[ 2352.930440] [ T53909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n[ 2352.930443] [ T53909] Workqueue: nvmet-wq nvme_loop_execute_work [nvme_loop]\n[ 2352.930449] [ T53909] RIP: 0010:blkcg_set_ioprio+0x44/0x180\n\nas the queue is already torn down when calling submit_bio();\n\nSo we need to init the percpu counter in nvmet_ns_enable(), and\nwait for it to drop to zero in nvmet_ns_disable() to avoid having\nI/O pending after the namespace has been disabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21850",
"url": "https://www.suse.com/security/cve/CVE-2025-21850"
},
{
"category": "external",
"summary": "SUSE Bug 1239477 for CVE-2025-21850",
"url": "https://bugzilla.suse.com/1239477"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21850"
},
{
"cve": "CVE-2025-21855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21855"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Don\u0027t reference skb after sending to VIOS\n\nPreviously, after successfully flushing the xmit buffer to VIOS,\nthe tx_bytes stat was incremented by the length of the skb.\n\nIt is invalid to access the skb memory after sending the buffer to\nthe VIOS because, at any point after sending, the VIOS can trigger\nan interrupt to free this memory. A race between reading skb-\u003elen\nand freeing the skb is possible (especially during LPM) and will\nresult in use-after-free:\n ==================================================================\n BUG: KASAN: slab-use-after-free in ibmvnic_xmit+0x75c/0x1808 [ibmvnic]\n Read of size 4 at addr c00000024eb48a70 by task hxecom/14495\n \u003c...\u003e\n Call Trace:\n [c000000118f66cf0] [c0000000018cba6c] dump_stack_lvl+0x84/0xe8 (unreliable)\n [c000000118f66d20] [c0000000006f0080] print_report+0x1a8/0x7f0\n [c000000118f66df0] [c0000000006f08f0] kasan_report+0x128/0x1f8\n [c000000118f66f00] [c0000000006f2868] __asan_load4+0xac/0xe0\n [c000000118f66f20] [c0080000046eac84] ibmvnic_xmit+0x75c/0x1808 [ibmvnic]\n [c000000118f67340] [c0000000014be168] dev_hard_start_xmit+0x150/0x358\n \u003c...\u003e\n Freed by task 0:\n kasan_save_stack+0x34/0x68\n kasan_save_track+0x2c/0x50\n kasan_save_free_info+0x64/0x108\n __kasan_mempool_poison_object+0x148/0x2d4\n napi_skb_cache_put+0x5c/0x194\n net_tx_action+0x154/0x5b8\n handle_softirqs+0x20c/0x60c\n do_softirq_own_stack+0x6c/0x88\n \u003c...\u003e\n The buggy address belongs to the object at c00000024eb48a00 which\n belongs to the cache skbuff_head_cache of size 224\n==================================================================",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21855",
"url": "https://www.suse.com/security/cve/CVE-2025-21855"
},
{
"category": "external",
"summary": "SUSE Bug 1239484 for CVE-2025-21855",
"url": "https://bugzilla.suse.com/1239484"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21855"
},
{
"cve": "CVE-2025-21856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21856"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ism: add release function for struct device\n\nAccording to device_release() in /drivers/base/core.c,\na device without a release function is a broken device\nand must be fixed.\n\nThe current code directly frees the device after calling device_add()\nwithout waiting for other kernel parts to release their references.\nThus, a reference could still be held to a struct device,\ne.g., by sysfs, leading to potential use-after-free\nissues if a proper release function is not set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21856",
"url": "https://www.suse.com/security/cve/CVE-2025-21856"
},
{
"category": "external",
"summary": "SUSE Bug 1239486 for CVE-2025-21856",
"url": "https://bugzilla.suse.com/1239486"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21856"
},
{
"cve": "CVE-2025-21857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21857"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_api: fix error handling causing NULL dereference\n\ntcf_exts_miss_cookie_base_alloc() calls xa_alloc_cyclic() which can\nreturn 1 if the allocation succeeded after wrapping. This was treated as\nan error, with value 1 returned to caller tcf_exts_init_ex() which sets\nexts-\u003eactions to NULL and returns 1 to caller fl_change().\n\nfl_change() treats err == 1 as success, calling tcf_exts_validate_ex()\nwhich calls tcf_action_init() with exts-\u003eactions as argument, where it\nis dereferenced.\n\nExample trace:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nCPU: 114 PID: 16151 Comm: handler114 Kdump: loaded Not tainted 5.14.0-503.16.1.el9_5.x86_64 #1\nRIP: 0010:tcf_action_init+0x1f8/0x2c0\nCall Trace:\n tcf_action_init+0x1f8/0x2c0\n tcf_exts_validate_ex+0x175/0x190\n fl_change+0x537/0x1120 [cls_flower]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21857",
"url": "https://www.suse.com/security/cve/CVE-2025-21857"
},
{
"category": "external",
"summary": "SUSE Bug 1239478 for CVE-2025-21857",
"url": "https://bugzilla.suse.com/1239478"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21857"
},
{
"cve": "CVE-2025-21858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngeneve: Fix use-after-free in geneve_find_dev().\n\nsyzkaller reported a use-after-free in geneve_find_dev() [0]\nwithout repro.\n\ngeneve_configure() links struct geneve_dev.next to\nnet_generic(net, geneve_net_id)-\u003egeneve_list.\n\nThe net here could differ from dev_net(dev) if IFLA_NET_NS_PID,\nIFLA_NET_NS_FD, or IFLA_TARGET_NETNSID is set.\n\nWhen dev_net(dev) is dismantled, geneve_exit_batch_rtnl() finally\ncalls unregister_netdevice_queue() for each dev in the netns,\nand later the dev is freed.\n\nHowever, its geneve_dev.next is still linked to the backend UDP\nsocket netns.\n\nThen, use-after-free will occur when another geneve dev is created\nin the netns.\n\nLet\u0027s call geneve_dellink() instead in geneve_destroy_tunnels().\n\n[0]:\nBUG: KASAN: slab-use-after-free in geneve_find_dev drivers/net/geneve.c:1295 [inline]\nBUG: KASAN: slab-use-after-free in geneve_configure+0x234/0x858 drivers/net/geneve.c:1343\nRead of size 2 at addr ffff000054d6ee24 by task syz.1.4029/13441\n\nCPU: 1 UID: 0 PID: 13441 Comm: syz.1.4029 Not tainted 6.13.0-g0ad9617c78ac #24 dc35ca22c79fb82e8e7bc5c9c9adafea898b1e3d\nHardware name: linux,dummy-virt (DT)\nCall trace:\n show_stack+0x38/0x50 arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0xbc/0x108 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x16c/0x6f0 mm/kasan/report.c:489\n kasan_report+0xc0/0x120 mm/kasan/report.c:602\n __asan_report_load2_noabort+0x20/0x30 mm/kasan/report_generic.c:379\n geneve_find_dev drivers/net/geneve.c:1295 [inline]\n geneve_configure+0x234/0x858 drivers/net/geneve.c:1343\n geneve_newlink+0xb8/0x128 drivers/net/geneve.c:1634\n rtnl_newlink_create+0x23c/0x868 net/core/rtnetlink.c:3795\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]\n rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x618/0x838 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x5fc/0x8b0 net/netlink/af_netlink.c:1892\n sock_sendmsg_nosec net/socket.c:713 [inline]\n __sock_sendmsg net/socket.c:728 [inline]\n ____sys_sendmsg+0x410/0x6f8 net/socket.c:2568\n ___sys_sendmsg+0x178/0x1d8 net/socket.c:2622\n __sys_sendmsg net/socket.c:2654 [inline]\n __do_sys_sendmsg net/socket.c:2659 [inline]\n __se_sys_sendmsg net/socket.c:2657 [inline]\n __arm64_sys_sendmsg+0x12c/0x1c8 net/socket.c:2657\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x90/0x278 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x13c/0x250 arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x54/0x70 arch/arm64/kernel/syscall.c:151\n el0_svc+0x4c/0xa8 arch/arm64/kernel/entry-common.c:744\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:762\n el0t_64_sync+0x198/0x1a0 arch/arm64/kernel/entry.S:600\n\nAllocated by task 13247:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x30/0x68 mm/kasan/common.c:68\n kasan_save_alloc_info+0x44/0x58 mm/kasan/generic.c:568\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x84/0xa0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4298 [inline]\n __kmalloc_node_noprof+0x2a0/0x560 mm/slub.c:4304\n __kvmalloc_node_noprof+0x9c/0x230 mm/util.c:645\n alloc_netdev_mqs+0xb8/0x11a0 net/core/dev.c:11470\n rtnl_create_link+0x2b8/0xb50 net/core/rtnetlink.c:3604\n rtnl_newlink_create+0x19c/0x868 net/core/rtnetlink.c:3780\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]\n rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938\n netlink_unicast_kernel net/netlink/af_n\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21858",
"url": "https://www.suse.com/security/cve/CVE-2025-21858"
},
{
"category": "external",
"summary": "SUSE Bug 1239468 for CVE-2025-21858",
"url": "https://bugzilla.suse.com/1239468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21858"
},
{
"cve": "CVE-2025-21859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21859"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: f_midi: f_midi_complete to call queue_work\n\nWhen using USB MIDI, a lock is attempted to be acquired twice through a\nre-entrant call to f_midi_transmit, causing a deadlock.\n\nFix it by using queue_work() to schedule the inner f_midi_transmit() via\na high priority work queue from the completion handler.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21859",
"url": "https://www.suse.com/security/cve/CVE-2025-21859"
},
{
"category": "external",
"summary": "SUSE Bug 1239467 for CVE-2025-21859",
"url": "https://bugzilla.suse.com/1239467"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21859"
},
{
"cve": "CVE-2025-21861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/migrate_device: don\u0027t add folio to be freed to LRU in migrate_device_finalize()\n\nIf migration succeeded, we called\nfolio_migrate_flags()-\u003emem_cgroup_migrate() to migrate the memcg from the\nold to the new folio. This will set memcg_data of the old folio to 0.\n\nSimilarly, if migration failed, memcg_data of the dst folio is left unset.\n\nIf we call folio_putback_lru() on such folios (memcg_data == 0), we will\nadd the folio to be freed to the LRU, making memcg code unhappy. Running\nthe hmm selftests:\n\n # ./hmm-tests\n ...\n # RUN hmm.hmm_device_private.migrate ...\n [ 102.078007][T14893] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7ff27d200 pfn:0x13cc00\n [ 102.079974][T14893] anon flags: 0x17ff00000020018(uptodate|dirty|swapbacked|node=0|zone=2|lastcpupid=0x7ff)\n [ 102.082037][T14893] raw: 017ff00000020018 dead000000000100 dead000000000122 ffff8881353896c9\n [ 102.083687][T14893] raw: 00000007ff27d200 0000000000000000 00000001ffffffff 0000000000000000\n [ 102.085331][T14893] page dumped because: VM_WARN_ON_ONCE_FOLIO(!memcg \u0026\u0026 !mem_cgroup_disabled())\n [ 102.087230][T14893] ------------[ cut here ]------------\n [ 102.088279][T14893] WARNING: CPU: 0 PID: 14893 at ./include/linux/memcontrol.h:726 folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.090478][T14893] Modules linked in:\n [ 102.091244][T14893] CPU: 0 UID: 0 PID: 14893 Comm: hmm-tests Not tainted 6.13.0-09623-g6c216bc522fd #151\n [ 102.093089][T14893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n [ 102.094848][T14893] RIP: 0010:folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.096104][T14893] Code: ...\n [ 102.099908][T14893] RSP: 0018:ffffc900236c37b0 EFLAGS: 00010293\n [ 102.101152][T14893] RAX: 0000000000000000 RBX: ffffea0004f30000 RCX: ffffffff8183f426\n [ 102.102684][T14893] RDX: ffff8881063cb880 RSI: ffffffff81b8117f RDI: ffff8881063cb880\n [ 102.104227][T14893] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000\n [ 102.105757][T14893] R10: 0000000000000001 R11: 0000000000000002 R12: ffffc900236c37d8\n [ 102.107296][T14893] R13: ffff888277a2bcb0 R14: 000000000000001f R15: 0000000000000000\n [ 102.108830][T14893] FS: 00007ff27dbdd740(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000\n [ 102.110643][T14893] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 102.111924][T14893] CR2: 00007ff27d400000 CR3: 000000010866e000 CR4: 0000000000750ef0\n [ 102.113478][T14893] PKRU: 55555554\n [ 102.114172][T14893] Call Trace:\n [ 102.114805][T14893] \u003cTASK\u003e\n [ 102.115397][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.116547][T14893] ? __warn.cold+0x110/0x210\n [ 102.117461][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.118667][T14893] ? report_bug+0x1b9/0x320\n [ 102.119571][T14893] ? handle_bug+0x54/0x90\n [ 102.120494][T14893] ? exc_invalid_op+0x17/0x50\n [ 102.121433][T14893] ? asm_exc_invalid_op+0x1a/0x20\n [ 102.122435][T14893] ? __wake_up_klogd.part.0+0x76/0xd0\n [ 102.123506][T14893] ? dump_page+0x4f/0x60\n [ 102.124352][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.125500][T14893] folio_batch_move_lru+0xd4/0x200\n [ 102.126577][T14893] ? __pfx_lru_add+0x10/0x10\n [ 102.127505][T14893] __folio_batch_add_and_move+0x391/0x720\n [ 102.128633][T14893] ? __pfx_lru_add+0x10/0x10\n [ 102.129550][T14893] folio_putback_lru+0x16/0x80\n [ 102.130564][T14893] migrate_device_finalize+0x9b/0x530\n [ 102.131640][T14893] dmirror_migrate_to_device.constprop.0+0x7c5/0xad0\n [ 102.133047][T14893] dmirror_fops_unlocked_ioctl+0x89b/0xc80\n\nLikely, nothing else goes wrong: putting the last folio reference will\nremove the folio from the LRU again. So besides memcg complaining, adding\nthe folio to be freed to the LRU is just an unnecessary step.\n\nThe new flow resembles what we have in migrate_folio_move(): add the dst\nto the lru, rem\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21861",
"url": "https://www.suse.com/security/cve/CVE-2025-21861"
},
{
"category": "external",
"summary": "SUSE Bug 1239483 for CVE-2025-21861",
"url": "https://bugzilla.suse.com/1239483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21861"
},
{
"cve": "CVE-2025-21862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21862"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: fix incorrect initialization order\n\nSyzkaller reports the following bug:\n\nBUG: spinlock bad magic on CPU#1, syz-executor.0/7995\n lock: 0xffff88805303f3e0, .magic: 00000000, .owner: \u003cnone\u003e/-1, .owner_cpu: 0\nCPU: 1 PID: 7995 Comm: syz-executor.0 Tainted: G E 5.10.209+ #1\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x119/0x179 lib/dump_stack.c:118\n debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline]\n do_raw_spin_lock+0x1f6/0x270 kernel/locking/spinlock_debug.c:112\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline]\n _raw_spin_lock_irqsave+0x50/0x70 kernel/locking/spinlock.c:159\n reset_per_cpu_data+0xe6/0x240 [drop_monitor]\n net_dm_cmd_trace+0x43d/0x17a0 [drop_monitor]\n genl_family_rcv_msg_doit+0x22f/0x330 net/netlink/genetlink.c:739\n genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]\n genl_rcv_msg+0x341/0x5a0 net/netlink/genetlink.c:800\n netlink_rcv_skb+0x14d/0x440 net/netlink/af_netlink.c:2497\n genl_rcv+0x29/0x40 net/netlink/genetlink.c:811\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x54b/0x800 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x914/0xe00 net/netlink/af_netlink.c:1916\n sock_sendmsg_nosec net/socket.c:651 [inline]\n __sock_sendmsg+0x157/0x190 net/socket.c:663\n ____sys_sendmsg+0x712/0x870 net/socket.c:2378\n ___sys_sendmsg+0xf8/0x170 net/socket.c:2432\n __sys_sendmsg+0xea/0x1b0 net/socket.c:2461\n do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x62/0xc7\nRIP: 0033:0x7f3f9815aee9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f3f972bf0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f3f9826d050 RCX: 00007f3f9815aee9\nRDX: 0000000020000000 RSI: 0000000020001300 RDI: 0000000000000007\nRBP: 00007f3f981b63bd R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000006e R14: 00007f3f9826d050 R15: 00007ffe01ee6768\n\nIf drop_monitor is built as a kernel module, syzkaller may have time\nto send a netlink NET_DM_CMD_START message during the module loading.\nThis will call the net_dm_monitor_start() function that uses\na spinlock that has not yet been initialized.\n\nTo fix this, let\u0027s place resource initialization above the registration\nof a generic netlink family.\n\nFound by InfoTeCS on behalf of Linux Verification Center\n(linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21862",
"url": "https://www.suse.com/security/cve/CVE-2025-21862"
},
{
"category": "external",
"summary": "SUSE Bug 1239474 for CVE-2025-21862",
"url": "https://bugzilla.suse.com/1239474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21862"
},
{
"cve": "CVE-2025-21863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21863"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: prevent opcode speculation\n\nsqe-\u003eopcode is used for different tables, make sure we santitise it\nagainst speculations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21863",
"url": "https://www.suse.com/security/cve/CVE-2025-21863"
},
{
"category": "external",
"summary": "SUSE Bug 1239475 for CVE-2025-21863",
"url": "https://bugzilla.suse.com/1239475"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21863"
},
{
"cve": "CVE-2025-21864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: drop secpath at the same time as we currently drop dst\n\nXiumei reported hitting the WARN in xfrm6_tunnel_net_exit while\nrunning tests that boil down to:\n - create a pair of netns\n - run a basic TCP test over ipcomp6\n - delete the pair of netns\n\nThe xfrm_state found on spi_byaddr was not deleted at the time we\ndelete the netns, because we still have a reference on it. This\nlingering reference comes from a secpath (which holds a ref on the\nxfrm_state), which is still attached to an skb. This skb is not\nleaked, it ends up on sk_receive_queue and then gets defer-free\u0027d by\nskb_attempt_defer_free.\n\nThe problem happens when we defer freeing an skb (push it on one CPU\u0027s\ndefer_list), and don\u0027t flush that list before the netns is deleted. In\nthat case, we still have a reference on the xfrm_state that we don\u0027t\nexpect at this point.\n\nWe already drop the skb\u0027s dst in the TCP receive path when it\u0027s no\nlonger needed, so let\u0027s also drop the secpath. At this point,\ntcp_filter has already called into the LSM hooks that may require the\nsecpath, so it should not be needed anymore. However, in some of those\nplaces, the MPTCP extension has just been attached to the skb, so we\ncannot simply drop all extensions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21864",
"url": "https://www.suse.com/security/cve/CVE-2025-21864"
},
{
"category": "external",
"summary": "SUSE Bug 1239482 for CVE-2025-21864",
"url": "https://bugzilla.suse.com/1239482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21864"
},
{
"cve": "CVE-2025-21865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21865"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().\n\nBrad Spengler reported the list_del() corruption splat in\ngtp_net_exit_batch_rtnl(). [0]\n\nCommit eb28fd76c0a0 (\"gtp: Destroy device along with udp socket\u0027s netns\ndismantle.\") added the for_each_netdev() loop in gtp_net_exit_batch_rtnl()\nto destroy devices in each netns as done in geneve and ip tunnels.\n\nHowever, this could trigger -\u003edellink() twice for the same device during\n-\u003eexit_batch_rtnl().\n\nSay we have two netns A \u0026 B and gtp device B that resides in netns B but\nwhose UDP socket is in netns A.\n\n 1. cleanup_net() processes netns A and then B.\n\n 2. gtp_net_exit_batch_rtnl() finds the device B while iterating\n netns A\u0027s gn-\u003egtp_dev_list and calls -\u003edellink().\n\n [ device B is not yet unlinked from netns B\n as unregister_netdevice_many() has not been called. ]\n\n 3. gtp_net_exit_batch_rtnl() finds the device B while iterating\n netns B\u0027s for_each_netdev() and calls -\u003edellink().\n\ngtp_dellink() cleans up the device\u0027s hash table, unlinks the dev from\ngn-\u003egtp_dev_list, and calls unregister_netdevice_queue().\n\nBasically, calling gtp_dellink() multiple times is fine unless\nCONFIG_DEBUG_LIST is enabled.\n\nLet\u0027s remove for_each_netdev() in gtp_net_exit_batch_rtnl() and\ndelegate the destruction to default_device_exit_batch() as done\nin bareudp.\n\n[0]:\nlist_del corruption, ffff8880aaa62c00-\u003enext (autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc00/0x1000 [slab object]) is LIST_POISON1 (ffffffffffffff02) (prev is 0xffffffffffffff04)\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN\nCPU: 1 UID: 0 PID: 1804 Comm: kworker/u8:7 Tainted: G T 6.12.13-grsec-full-20250211091339 #1\nTainted: [T]=RANDSTRUCT\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: netns cleanup_net\nRIP: 0010:[\u003cffffffff84947381\u003e] __list_del_entry_valid_or_report+0x141/0x200 lib/list_debug.c:58\nCode: c2 76 91 31 c0 e8 9f b1 f7 fc 0f 0b 4d 89 f0 48 c7 c1 02 ff ff ff 48 89 ea 48 89 ee 48 c7 c7 e0 c2 76 91 31 c0 e8 7f b1 f7 fc \u003c0f\u003e 0b 4d 89 e8 48 c7 c1 04 ff ff ff 48 89 ea 48 89 ee 48 c7 c7 60\nRSP: 0018:fffffe8040b4fbd0 EFLAGS: 00010283\nRAX: 00000000000000cc RBX: dffffc0000000000 RCX: ffffffff818c4054\nRDX: ffffffff84947381 RSI: ffffffff818d1512 RDI: 0000000000000000\nRBP: ffff8880aaa62c00 R08: 0000000000000001 R09: fffffbd008169f32\nR10: fffffe8040b4f997 R11: 0000000000000001 R12: a1988d84f24943e4\nR13: ffffffffffffff02 R14: ffffffffffffff04 R15: ffff8880aaa62c08\nRBX: kasan shadow of 0x0\nRCX: __wake_up_klogd.part.0+0x74/0xe0 kernel/printk/printk.c:4554\nRDX: __list_del_entry_valid_or_report+0x141/0x200 lib/list_debug.c:58\nRSI: vprintk+0x72/0x100 kernel/printk/printk_safe.c:71\nRBP: autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc00/0x1000 [slab object]\nRSP: process kstack fffffe8040b4fbd0+0x7bd0/0x8000 [kworker/u8:7+netns 1804 ]\nR09: kasan shadow of process kstack fffffe8040b4f990+0x7990/0x8000 [kworker/u8:7+netns 1804 ]\nR10: process kstack fffffe8040b4f997+0x7997/0x8000 [kworker/u8:7+netns 1804 ]\nR15: autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc08/0x1000 [slab object]\nFS: 0000000000000000(0000) GS:ffff888116000000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000748f5372c000 CR3: 0000000015408000 CR4: 00000000003406f0 shadow CR4: 00000000003406f0\nStack:\n 0000000000000000 ffffffff8a0c35e7 ffffffff8a0c3603 ffff8880aaa62c00\n ffff8880aaa62c00 0000000000000004 ffff88811145311c 0000000000000005\n 0000000000000001 ffff8880aaa62000 fffffe8040b4fd40 ffffffff8a0c360d\nCall Trace:\n \u003cTASK\u003e\n [\u003cffffffff8a0c360d\u003e] __list_del_entry_valid include/linux/list.h:131 [inline] fffffe8040b4fc28\n [\u003cffffffff8a0c360d\u003e] __list_del_entry include/linux/list.h:248 [inline] fffffe8040b4fc28\n [\u003cffffffff8a0c360d\u003e] list_del include/linux/list.h:262 [inl\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21865",
"url": "https://www.suse.com/security/cve/CVE-2025-21865"
},
{
"category": "external",
"summary": "SUSE Bug 1239481 for CVE-2025-21865",
"url": "https://bugzilla.suse.com/1239481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21865"
},
{
"cve": "CVE-2025-21866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC\n\nErhard reported the following KASAN hit while booting his PowerMac G4\nwith a KASAN-enabled kernel 6.13-rc6:\n\n BUG: KASAN: vmalloc-out-of-bounds in copy_to_kernel_nofault+0xd8/0x1c8\n Write of size 8 at addr f1000000 by task chronyd/1293\n\n CPU: 0 UID: 123 PID: 1293 Comm: chronyd Tainted: G W 6.13.0-rc6-PMacG4 #2\n Tainted: [W]=WARN\n Hardware name: PowerMac3,6 7455 0x80010303 PowerMac\n Call Trace:\n [c2437590] [c1631a84] dump_stack_lvl+0x70/0x8c (unreliable)\n [c24375b0] [c0504998] print_report+0xdc/0x504\n [c2437610] [c050475c] kasan_report+0xf8/0x108\n [c2437690] [c0505a3c] kasan_check_range+0x24/0x18c\n [c24376a0] [c03fb5e4] copy_to_kernel_nofault+0xd8/0x1c8\n [c24376c0] [c004c014] patch_instructions+0x15c/0x16c\n [c2437710] [c00731a8] bpf_arch_text_copy+0x60/0x7c\n [c2437730] [c0281168] bpf_jit_binary_pack_finalize+0x50/0xac\n [c2437750] [c0073cf4] bpf_int_jit_compile+0xb30/0xdec\n [c2437880] [c0280394] bpf_prog_select_runtime+0x15c/0x478\n [c24378d0] [c1263428] bpf_prepare_filter+0xbf8/0xc14\n [c2437990] [c12677ec] bpf_prog_create_from_user+0x258/0x2b4\n [c24379d0] [c027111c] do_seccomp+0x3dc/0x1890\n [c2437ac0] [c001d8e0] system_call_exception+0x2dc/0x420\n [c2437f30] [c00281ac] ret_from_syscall+0x0/0x2c\n --- interrupt: c00 at 0x5a1274\n NIP: 005a1274 LR: 006a3b3c CTR: 005296c8\n REGS: c2437f40 TRAP: 0c00 Tainted: G W (6.13.0-rc6-PMacG4)\n MSR: 0200f932 \u003cVEC,EE,PR,FP,ME,IR,DR,RI\u003e CR: 24004422 XER: 00000000\n\n GPR00: 00000166 af8f3fa0 a7ee3540 00000001 00000000 013b6500 005a5858 0200f932\n GPR08: 00000000 00001fe9 013d5fc8 005296c8 2822244c 00b2fcd8 00000000 af8f4b57\n GPR16: 00000000 00000001 00000000 00000000 00000000 00000001 00000000 00000002\n GPR24: 00afdbb0 00000000 00000000 00000000 006e0004 013ce060 006e7c1c 00000001\n NIP [005a1274] 0x5a1274\n LR [006a3b3c] 0x6a3b3c\n --- interrupt: c00\n\n The buggy address belongs to the virtual mapping at\n [f1000000, f1002000) created by:\n text_area_cpu_up+0x20/0x190\n\n The buggy address belongs to the physical page:\n page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x76e30\n flags: 0x80000000(zone=2)\n raw: 80000000 00000000 00000122 00000000 00000000 00000000 ffffffff 00000001\n raw: 00000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n f0ffff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n f0ffff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n \u003ef1000000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n f1000080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n f1000100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ==================================================================\n\nf8 corresponds to KASAN_VMALLOC_INVALID which means the area is not\ninitialised hence not supposed to be used yet.\n\nPowerpc text patching infrastructure allocates a virtual memory area\nusing get_vm_area() and flags it as VM_ALLOC. But that flag is meant\nto be used for vmalloc() and vmalloc() allocated memory is not\nsupposed to be used before a call to __vmalloc_node_range() which is\nnever called for that area.\n\nThat went undetected until commit e4137f08816b (\"mm, kasan, kmsan:\ninstrument copy_from/to_kernel_nofault\")\n\nThe area allocated by text_area_cpu_up() is not vmalloc memory, it is\nmapped directly on demand when needed by map_kernel_page(). There is\nno VM flag corresponding to such usage, so just pass no flag. That way\nthe area will be unpoisonned and usable immediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21866",
"url": "https://www.suse.com/security/cve/CVE-2025-21866"
},
{
"category": "external",
"summary": "SUSE Bug 1239473 for CVE-2025-21866",
"url": "https://bugzilla.suse.com/1239473"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21866"
},
{
"cve": "CVE-2025-21869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21869"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/code-patching: Disable KASAN report during patching via temporary mm\n\nErhard reports the following KASAN hit on Talos II (power9) with kernel 6.13:\n\n[ 12.028126] ==================================================================\n[ 12.028198] BUG: KASAN: user-memory-access in copy_to_kernel_nofault+0x8c/0x1a0\n[ 12.028260] Write of size 8 at addr 0000187e458f2000 by task systemd/1\n\n[ 12.028346] CPU: 87 UID: 0 PID: 1 Comm: systemd Tainted: G T 6.13.0-P9-dirty #3\n[ 12.028408] Tainted: [T]=RANDSTRUCT\n[ 12.028446] Hardware name: T2P9D01 REV 1.01 POWER9 0x4e1202 opal:skiboot-bc106a0 PowerNV\n[ 12.028500] Call Trace:\n[ 12.028536] [c000000008dbf3b0] [c000000001656a48] dump_stack_lvl+0xbc/0x110 (unreliable)\n[ 12.028609] [c000000008dbf3f0] [c0000000006e2fc8] print_report+0x6b0/0x708\n[ 12.028666] [c000000008dbf4e0] [c0000000006e2454] kasan_report+0x164/0x300\n[ 12.028725] [c000000008dbf600] [c0000000006e54d4] kasan_check_range+0x314/0x370\n[ 12.028784] [c000000008dbf640] [c0000000006e6310] __kasan_check_write+0x20/0x40\n[ 12.028842] [c000000008dbf660] [c000000000578e8c] copy_to_kernel_nofault+0x8c/0x1a0\n[ 12.028902] [c000000008dbf6a0] [c0000000000acfe4] __patch_instructions+0x194/0x210\n[ 12.028965] [c000000008dbf6e0] [c0000000000ade80] patch_instructions+0x150/0x590\n[ 12.029026] [c000000008dbf7c0] [c0000000001159bc] bpf_arch_text_copy+0x6c/0xe0\n[ 12.029085] [c000000008dbf800] [c000000000424250] bpf_jit_binary_pack_finalize+0x40/0xc0\n[ 12.029147] [c000000008dbf830] [c000000000115dec] bpf_int_jit_compile+0x3bc/0x930\n[ 12.029206] [c000000008dbf990] [c000000000423720] bpf_prog_select_runtime+0x1f0/0x280\n[ 12.029266] [c000000008dbfa00] [c000000000434b18] bpf_prog_load+0xbb8/0x1370\n[ 12.029324] [c000000008dbfb70] [c000000000436ebc] __sys_bpf+0x5ac/0x2e00\n[ 12.029379] [c000000008dbfd00] [c00000000043a228] sys_bpf+0x28/0x40\n[ 12.029435] [c000000008dbfd20] [c000000000038eb4] system_call_exception+0x334/0x610\n[ 12.029497] [c000000008dbfe50] [c00000000000c270] system_call_vectored_common+0xf0/0x280\n[ 12.029561] --- interrupt: 3000 at 0x3fff82f5cfa8\n[ 12.029608] NIP: 00003fff82f5cfa8 LR: 00003fff82f5cfa8 CTR: 0000000000000000\n[ 12.029660] REGS: c000000008dbfe80 TRAP: 3000 Tainted: G T (6.13.0-P9-dirty)\n[ 12.029735] MSR: 900000000280f032 \u003cSF,HV,VEC,VSX,EE,PR,FP,ME,IR,DR,RI\u003e CR: 42004848 XER: 00000000\n[ 12.029855] IRQMASK: 0\n GPR00: 0000000000000169 00003fffdcf789a0 00003fff83067100 0000000000000005\n GPR04: 00003fffdcf78a98 0000000000000090 0000000000000000 0000000000000008\n GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000\n GPR12: 0000000000000000 00003fff836ff7e0 c000000000010678 0000000000000000\n GPR16: 0000000000000000 0000000000000000 00003fffdcf78f28 00003fffdcf78f90\n GPR20: 0000000000000000 0000000000000000 0000000000000000 00003fffdcf78f80\n GPR24: 00003fffdcf78f70 00003fffdcf78d10 00003fff835c7239 00003fffdcf78bd8\n GPR28: 00003fffdcf78a98 0000000000000000 0000000000000000 000000011f547580\n[ 12.030316] NIP [00003fff82f5cfa8] 0x3fff82f5cfa8\n[ 12.030361] LR [00003fff82f5cfa8] 0x3fff82f5cfa8\n[ 12.030405] --- interrupt: 3000\n[ 12.030444] ==================================================================\n\nCommit c28c15b6d28a (\"powerpc/code-patching: Use temporary mm for\nRadix MMU\") is inspired from x86 but unlike x86 is doesn\u0027t disable\nKASAN reports during patching. This wasn\u0027t a problem at the begining\nbecause __patch_mem() is not instrumented.\n\nCommit 465cabc97b42 (\"powerpc/code-patching: introduce\npatch_instructions()\") use copy_to_kernel_nofault() to copy several\ninstructions at once. But when using temporary mm the destination is\nnot regular kernel memory but a kind of kernel-like memory located\nin user address space. \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21869",
"url": "https://www.suse.com/security/cve/CVE-2025-21869"
},
{
"category": "external",
"summary": "SUSE Bug 1240182 for CVE-2025-21869",
"url": "https://bugzilla.suse.com/1240182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21869"
},
{
"cve": "CVE-2025-21870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21870"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers\n\nOther, non DAI copier widgets could have the same stream name (sname) as\nthe ALH copier and in that case the copier-\u003edata is NULL, no alh_data is\nattached, which could lead to NULL pointer dereference.\nWe could check for this NULL pointer in sof_ipc4_prepare_copier_module()\nand avoid the crash, but a similar loop in sof_ipc4_widget_setup_comp_dai()\nwill miscalculate the ALH device count, causing broken audio.\n\nThe correct fix is to harden the matching logic by making sure that the\n1. widget is a DAI widget - so dai = w-\u003eprivate is valid\n2. the dai (and thus the copier) is ALH copier",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21870",
"url": "https://www.suse.com/security/cve/CVE-2025-21870"
},
{
"category": "external",
"summary": "SUSE Bug 1240191 for CVE-2025-21870",
"url": "https://bugzilla.suse.com/1240191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21870"
},
{
"cve": "CVE-2025-21871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21871"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: optee: Fix supplicant wait loop\n\nOP-TEE supplicant is a user-space daemon and it\u0027s possible for it\nbe hung or crashed or killed in the middle of processing an OP-TEE\nRPC call. It becomes more complicated when there is incorrect shutdown\nordering of the supplicant process vs the OP-TEE client application which\ncan eventually lead to system hang-up waiting for the closure of the\nclient application.\n\nAllow the client process waiting in kernel for supplicant response to\nbe killed rather than indefinitely waiting in an unkillable state. Also,\na normal uninterruptible wait should not have resulted in the hung-task\nwatchdog getting triggered, but the endless loop would.\n\nThis fixes issues observed during system reboot/shutdown when supplicant\ngot hung for some reason or gets crashed/killed which lead to client\ngetting hung in an unkillable state. It in turn lead to system being in\nhung up state requiring hard power off/on to recover.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21871",
"url": "https://www.suse.com/security/cve/CVE-2025-21871"
},
{
"category": "external",
"summary": "SUSE Bug 1240183 for CVE-2025-21871",
"url": "https://bugzilla.suse.com/1240183"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21871"
},
{
"cve": "CVE-2025-21873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21873"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: bsg: Fix crash when arpmb command fails\n\nIf the device doesn\u0027t support arpmb we\u0027ll crash due to copying user data in\nbsg_transport_sg_io_fn().\n\nIn the case where ufs_bsg_exec_advanced_rpmb_req() returns an error, do not\nset the job\u0027s reply_len.\n\nMemory crash backtrace:\n3,1290,531166405,-;ufshcd 0000:00:12.5: ARPMB OP failed: error code -22\n\n4,1308,531166555,-;Call Trace:\n\n4,1309,531166559,-; \u003cTASK\u003e\n\n4,1310,531166565,-; ? show_regs+0x6d/0x80\n\n4,1311,531166575,-; ? die+0x37/0xa0\n\n4,1312,531166583,-; ? do_trap+0xd4/0xf0\n\n4,1313,531166593,-; ? do_error_trap+0x71/0xb0\n\n4,1314,531166601,-; ? usercopy_abort+0x6c/0x80\n\n4,1315,531166610,-; ? exc_invalid_op+0x52/0x80\n\n4,1316,531166622,-; ? usercopy_abort+0x6c/0x80\n\n4,1317,531166630,-; ? asm_exc_invalid_op+0x1b/0x20\n\n4,1318,531166643,-; ? usercopy_abort+0x6c/0x80\n\n4,1319,531166652,-; __check_heap_object+0xe3/0x120\n\n4,1320,531166661,-; check_heap_object+0x185/0x1d0\n\n4,1321,531166670,-; __check_object_size.part.0+0x72/0x150\n\n4,1322,531166679,-; __check_object_size+0x23/0x30\n\n4,1323,531166688,-; bsg_transport_sg_io_fn+0x314/0x3b0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21873",
"url": "https://www.suse.com/security/cve/CVE-2025-21873"
},
{
"category": "external",
"summary": "SUSE Bug 1240184 for CVE-2025-21873",
"url": "https://bugzilla.suse.com/1240184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21873"
},
{
"cve": "CVE-2025-21875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21875"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: always handle address removal under msk socket lock\n\nSyzkaller reported a lockdep splat in the PM control path:\n\n WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 sock_owned_by_me include/net/sock.h:1711 [inline]\n WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 msk_owned_by_me net/mptcp/protocol.h:363 [inline]\n WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 mptcp_pm_nl_addr_send_ack+0x57c/0x610 net/mptcp/pm_netlink.c:788\n Modules linked in:\n CPU: 0 UID: 0 PID: 6693 Comm: syz.0.205 Not tainted 6.14.0-rc2-syzkaller-00303-gad1b832bf1cf #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024\n RIP: 0010:sock_owned_by_me include/net/sock.h:1711 [inline]\n RIP: 0010:msk_owned_by_me net/mptcp/protocol.h:363 [inline]\n RIP: 0010:mptcp_pm_nl_addr_send_ack+0x57c/0x610 net/mptcp/pm_netlink.c:788\n Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 ca 7b d3 f5 eb b9 e8 c3 7b d3 f5 90 0f 0b 90 e9 dd fb ff ff e8 b5 7b d3 f5 90 \u003c0f\u003e 0b 90 e9 3e fb ff ff 44 89 f1 80 e1 07 38 c1 0f 8c eb fb ff ff\n RSP: 0000:ffffc900034f6f60 EFLAGS: 00010283\n RAX: ffffffff8bee3c2b RBX: 0000000000000001 RCX: 0000000000080000\n RDX: ffffc90004d42000 RSI: 000000000000a407 RDI: 000000000000a408\n RBP: ffffc900034f7030 R08: ffffffff8bee37f6 R09: 0100000000000000\n R10: dffffc0000000000 R11: ffffed100bcc62e4 R12: ffff88805e6316e0\n R13: ffff88805e630c00 R14: dffffc0000000000 R15: ffff88805e630c00\n FS: 00007f7e9a7e96c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000001b2fd18ff8 CR3: 0000000032c24000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n mptcp_pm_remove_addr+0x103/0x1d0 net/mptcp/pm.c:59\n mptcp_pm_remove_anno_addr+0x1f4/0x2f0 net/mptcp/pm_netlink.c:1486\n mptcp_nl_remove_subflow_and_signal_addr net/mptcp/pm_netlink.c:1518 [inline]\n mptcp_pm_nl_del_addr_doit+0x118d/0x1af0 net/mptcp/pm_netlink.c:1629\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb1f/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x206/0x480 net/netlink/af_netlink.c:2543\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x8de/0xcb0 net/netlink/af_netlink.c:1892\n sock_sendmsg_nosec net/socket.c:718 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:733\n ____sys_sendmsg+0x53a/0x860 net/socket.c:2573\n ___sys_sendmsg net/socket.c:2627 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2659\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f7e9998cde9\n Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007f7e9a7e9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f7e99ba5fa0 RCX: 00007f7e9998cde9\n RDX: 000000002000c094 RSI: 0000400000000000 RDI: 0000000000000007\n RBP: 00007f7e99a0e2a0 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 0000000000000000 R14: 00007f7e99ba5fa0 R15: 00007fff49231088\n\nIndeed the PM can try to send a RM_ADDR over a msk without acquiring\nfirst the msk socket lock.\n\nThe bugged code-path comes from an early optimization: when there\nare no subflows, the PM should (usually) not send RM_ADDR\nnotifications.\n\nThe above statement is incorrect, as without locks another process\ncould concur\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21875",
"url": "https://www.suse.com/security/cve/CVE-2025-21875"
},
{
"category": "external",
"summary": "SUSE Bug 1240168 for CVE-2025-21875",
"url": "https://bugzilla.suse.com/1240168"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21875"
},
{
"cve": "CVE-2025-21876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21876"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix suspicious RCU usage\n\nCommit \u003cd74169ceb0d2\u003e (\"iommu/vt-d: Allocate DMAR fault interrupts\nlocally\") moved the call to enable_drhd_fault_handling() to a code\npath that does not hold any lock while traversing the drhd list. Fix\nit by ensuring the dmar_global_lock lock is held when traversing the\ndrhd list.\n\nWithout this fix, the following warning is triggered:\n =============================\n WARNING: suspicious RCU usage\n 6.14.0-rc3 #55 Not tainted\n -----------------------------\n drivers/iommu/intel/dmar.c:2046 RCU-list traversed in non-reader section!!\n other info that might help us debug this:\n rcu_scheduler_active = 1, debug_locks = 1\n 2 locks held by cpuhp/1/23:\n #0: ffffffff84a67c50 (cpu_hotplug_lock){++++}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0\n #1: ffffffff84a6a380 (cpuhp_state-up){+.+.}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0\n stack backtrace:\n CPU: 1 UID: 0 PID: 23 Comm: cpuhp/1 Not tainted 6.14.0-rc3 #55\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xb7/0xd0\n lockdep_rcu_suspicious+0x159/0x1f0\n ? __pfx_enable_drhd_fault_handling+0x10/0x10\n enable_drhd_fault_handling+0x151/0x180\n cpuhp_invoke_callback+0x1df/0x990\n cpuhp_thread_fun+0x1ea/0x2c0\n smpboot_thread_fn+0x1f5/0x2e0\n ? __pfx_smpboot_thread_fn+0x10/0x10\n kthread+0x12a/0x2d0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x4a/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nHolding the lock in enable_drhd_fault_handling() triggers a lockdep splat\nabout a possible deadlock between dmar_global_lock and cpu_hotplug_lock.\nThis is avoided by not holding dmar_global_lock when calling\niommu_device_register(), which initiates the device probe process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21876",
"url": "https://www.suse.com/security/cve/CVE-2025-21876"
},
{
"category": "external",
"summary": "SUSE Bug 1240179 for CVE-2025-21876",
"url": "https://bugzilla.suse.com/1240179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21876"
},
{
"cve": "CVE-2025-21877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21877"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: gl620a: fix endpoint checking in genelink_bind()\n\nSyzbot reports [1] a warning in usb_submit_urb() triggered by\ninconsistencies between expected and actually present endpoints\nin gl620a driver. Since genelink_bind() does not properly\nverify whether specified eps are in fact provided by the device,\nin this case, an artificially manufactured one, one may get a\nmismatch.\n\nFix the issue by resorting to a usbnet utility function\nusbnet_get_endpoints(), usually reserved for this very problem.\nCheck for endpoints and return early before proceeding further if\nany are missing.\n\n[1] Syzbot report:\nusb 5-1: Manufacturer: syz\nusb 5-1: SerialNumber: syz\nusb 5-1: config 0 descriptor??\ngl620a 5-1:0.23 usb0: register \u0027gl620a\u0027 at usb-dummy_hcd.0-1, ...\n------------[ cut here ]------------\nusb 5-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 2 PID: 1841 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\nModules linked in:\nCPU: 2 UID: 0 PID: 1841 Comm: kworker/2:2 Not tainted 6.12.0-syzkaller-07834-g06afb0f36106 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: mld mld_ifc_work\nRIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\n...\nCall Trace:\n \u003cTASK\u003e\n usbnet_start_xmit+0x6be/0x2780 drivers/net/usb/usbnet.c:1467\n __netdev_start_xmit include/linux/netdevice.h:5002 [inline]\n netdev_start_xmit include/linux/netdevice.h:5011 [inline]\n xmit_one net/core/dev.c:3590 [inline]\n dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3606\n sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343\n __dev_xmit_skb net/core/dev.c:3827 [inline]\n __dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4400\n dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n neigh_resolve_output net/core/neighbour.c:1514 [inline]\n neigh_resolve_output+0x5bc/0x950 net/core/neighbour.c:1494\n neigh_output include/net/neighbour.h:539 [inline]\n ip6_finish_output2+0xb1b/0x2070 net/ipv6/ip6_output.c:141\n __ip6_finish_output net/ipv6/ip6_output.c:215 [inline]\n ip6_finish_output+0x3f9/0x1360 net/ipv6/ip6_output.c:226\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip6_output+0x1f8/0x540 net/ipv6/ip6_output.c:247\n dst_output include/net/dst.h:450 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netfilter.h:308 [inline]\n mld_sendpack+0x9f0/0x11d0 net/ipv6/mcast.c:1819\n mld_send_cr net/ipv6/mcast.c:2120 [inline]\n mld_ifc_work+0x740/0xca0 net/ipv6/mcast.c:2651\n process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21877",
"url": "https://www.suse.com/security/cve/CVE-2025-21877"
},
{
"category": "external",
"summary": "SUSE Bug 1240172 for CVE-2025-21877",
"url": "https://bugzilla.suse.com/1240172"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21877"
},
{
"cve": "CVE-2025-21878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21878"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: npcm: disable interrupt enable bit before devm_request_irq\n\nThe customer reports that there is a soft lockup issue related to\nthe i2c driver. After checking, the i2c module was doing a tx transfer\nand the bmc machine reboots in the middle of the i2c transaction, the i2c\nmodule keeps the status without being reset.\n\nDue to such an i2c module status, the i2c irq handler keeps getting\ntriggered since the i2c irq handler is registered in the kernel booting\nprocess after the bmc machine is doing a warm rebooting.\nThe continuous triggering is stopped by the soft lockup watchdog timer.\n\nDisable the interrupt enable bit in the i2c module before calling\ndevm_request_irq to fix this issue since the i2c relative status bit\nis read-only.\n\nHere is the soft lockup log.\n[ 28.176395] watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [swapper/0:1]\n[ 28.183351] Modules linked in:\n[ 28.186407] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.15.120-yocto-s-dirty-bbebc78 #1\n[ 28.201174] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 28.208128] pc : __do_softirq+0xb0/0x368\n[ 28.212055] lr : __do_softirq+0x70/0x368\n[ 28.215972] sp : ffffff8035ebca00\n[ 28.219278] x29: ffffff8035ebca00 x28: 0000000000000002 x27: ffffff80071a3780\n[ 28.226412] x26: ffffffc008bdc000 x25: ffffffc008bcc640 x24: ffffffc008be50c0\n[ 28.233546] x23: ffffffc00800200c x22: 0000000000000000 x21: 000000000000001b\n[ 28.240679] x20: 0000000000000000 x19: ffffff80001c3200 x18: ffffffffffffffff\n[ 28.247812] x17: ffffffc02d2e0000 x16: ffffff8035eb8b40 x15: 00001e8480000000\n[ 28.254945] x14: 02c3647e37dbfcb6 x13: 02c364f2ab14200c x12: 0000000002c364f2\n[ 28.262078] x11: 00000000fa83b2da x10: 000000000000b67e x9 : ffffffc008010250\n[ 28.269211] x8 : 000000009d983d00 x7 : 7fffffffffffffff x6 : 0000036d74732434\n[ 28.276344] x5 : 00ffffffffffffff x4 : 0000000000000015 x3 : 0000000000000198\n[ 28.283476] x2 : ffffffc02d2e0000 x1 : 00000000000000e0 x0 : ffffffc008bdcb40\n[ 28.290611] Call trace:\n[ 28.293052] __do_softirq+0xb0/0x368\n[ 28.296625] __irq_exit_rcu+0xe0/0x100\n[ 28.300374] irq_exit+0x14/0x20\n[ 28.303513] handle_domain_irq+0x68/0x90\n[ 28.307440] gic_handle_irq+0x78/0xb0\n[ 28.311098] call_on_irq_stack+0x20/0x38\n[ 28.315019] do_interrupt_handler+0x54/0x5c\n[ 28.319199] el1_interrupt+0x2c/0x4c\n[ 28.322777] el1h_64_irq_handler+0x14/0x20\n[ 28.326872] el1h_64_irq+0x74/0x78\n[ 28.330269] __setup_irq+0x454/0x780\n[ 28.333841] request_threaded_irq+0xd0/0x1b4\n[ 28.338107] devm_request_threaded_irq+0x84/0x100\n[ 28.342809] npcm_i2c_probe_bus+0x188/0x3d0\n[ 28.346990] platform_probe+0x6c/0xc4\n[ 28.350653] really_probe+0xcc/0x45c\n[ 28.354227] __driver_probe_device+0x8c/0x160\n[ 28.358578] driver_probe_device+0x44/0xe0\n[ 28.362670] __driver_attach+0x124/0x1d0\n[ 28.366589] bus_for_each_dev+0x7c/0xe0\n[ 28.370426] driver_attach+0x28/0x30\n[ 28.373997] bus_add_driver+0x124/0x240\n[ 28.377830] driver_register+0x7c/0x124\n[ 28.381662] __platform_driver_register+0x2c/0x34\n[ 28.386362] npcm_i2c_init+0x3c/0x5c\n[ 28.389937] do_one_initcall+0x74/0x230\n[ 28.393768] kernel_init_freeable+0x24c/0x2b4\n[ 28.398126] kernel_init+0x28/0x130\n[ 28.401614] ret_from_fork+0x10/0x20\n[ 28.405189] Kernel panic - not syncing: softlockup: hung tasks\n[ 28.411011] SMP: stopping secondary CPUs\n[ 28.414933] Kernel Offset: disabled\n[ 28.418412] CPU features: 0x00000000,00000802\n[ 28.427644] Rebooting in 20 seconds..",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21878",
"url": "https://www.suse.com/security/cve/CVE-2025-21878"
},
{
"category": "external",
"summary": "SUSE Bug 1240192 for CVE-2025-21878",
"url": "https://bugzilla.suse.com/1240192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21878"
},
{
"cve": "CVE-2025-21881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nuprobes: Reject the shared zeropage in uprobe_write_opcode()\n\nWe triggered the following crash in syzkaller tests:\n\n BUG: Bad page state in process syz.7.38 pfn:1eff3\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eff3\n flags: 0x3fffff00004004(referenced|reserved|node=0|zone=1|lastcpupid=0x1fffff)\n raw: 003fffff00004004 ffffe6c6c07bfcc8 ffffe6c6c07bfcc8 0000000000000000\n raw: 0000000000000000 0000000000000000 00000000fffffffe 0000000000000000\n page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x32/0x50\n bad_page+0x69/0xf0\n free_unref_page_prepare+0x401/0x500\n free_unref_page+0x6d/0x1b0\n uprobe_write_opcode+0x460/0x8e0\n install_breakpoint.part.0+0x51/0x80\n register_for_each_vma+0x1d9/0x2b0\n __uprobe_register+0x245/0x300\n bpf_uprobe_multi_link_attach+0x29b/0x4f0\n link_create+0x1e2/0x280\n __sys_bpf+0x75f/0xac0\n __x64_sys_bpf+0x1a/0x30\n do_syscall_64+0x56/0x100\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\n BUG: Bad rss-counter state mm:00000000452453e0 type:MM_FILEPAGES val:-1\n\nThe following syzkaller test case can be used to reproduce:\n\n r2 = creat(\u0026(0x7f0000000000)=\u0027./file0\\x00\u0027, 0x8)\n write$nbd(r2, \u0026(0x7f0000000580)=ANY=[], 0x10)\n r4 = openat(0xffffffffffffff9c, \u0026(0x7f0000000040)=\u0027./file0\\x00\u0027, 0x42, 0x0)\n mmap$IORING_OFF_SQ_RING(\u0026(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r4, 0x0)\n r5 = userfaultfd(0x80801)\n ioctl$UFFDIO_API(r5, 0xc018aa3f, \u0026(0x7f0000000040)={0xaa, 0x20})\n r6 = userfaultfd(0x80801)\n ioctl$UFFDIO_API(r6, 0xc018aa3f, \u0026(0x7f0000000140))\n ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, \u0026(0x7f0000000100)={{\u0026(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x2})\n ioctl$UFFDIO_ZEROPAGE(r5, 0xc020aa04, \u0026(0x7f0000000000)={{\u0026(0x7f0000ffd000/0x1000)=nil, 0x1000}})\n r7 = bpf$PROG_LOAD(0x5, \u0026(0x7f0000000140)={0x2, 0x3, \u0026(0x7f0000000200)=ANY=[@ANYBLOB=\"1800000000120000000000000000000095\"], \u0026(0x7f0000000000)=\u0027GPL\\x00\u0027, 0x7, 0x0, 0x0, 0x0, 0x0, \u0027\\x00\u0027, 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)\n bpf$BPF_LINK_CREATE_XDP(0x1c, \u0026(0x7f0000000040)={r7, 0x0, 0x30, 0x1e, @val=@uprobe_multi={\u0026(0x7f0000000080)=\u0027./file0\\x00\u0027, \u0026(0x7f0000000100)=[0x2], 0x0, 0x0, 0x1}}, 0x40)\n\nThe cause is that zero pfn is set to the PTE without increasing the RSS\ncount in mfill_atomic_pte_zeropage() and the refcount of zero folio does\nnot increase accordingly. Then, the operation on the same pfn is performed\nin uprobe_write_opcode()-\u003e__replace_page() to unconditional decrease the\nRSS count and old_folio\u0027s refcount.\n\nTherefore, two bugs are introduced:\n\n 1. The RSS count is incorrect, when process exit, the check_mm() report\n error \"Bad rss-count\".\n\n 2. The reserved folio (zero folio) is freed when folio-\u003erefcount is zero,\n then free_pages_prepare-\u003efree_page_is_bad() report error\n \"Bad page state\".\n\nThere is more, the following warning could also theoretically be triggered:\n\n __replace_page()\n -\u003e ...\n -\u003e folio_remove_rmap_pte()\n -\u003e VM_WARN_ON_FOLIO(is_zero_folio(folio), folio)\n\nConsidering that uprobe hit on the zero folio is a very rare case, just\nreject zero old folio immediately after get_user_page_vma_remote().\n\n[ mingo: Cleaned up the changelog ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21881",
"url": "https://www.suse.com/security/cve/CVE-2025-21881"
},
{
"category": "external",
"summary": "SUSE Bug 1240185 for CVE-2025-21881",
"url": "https://bugzilla.suse.com/1240185"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21881"
},
{
"cve": "CVE-2025-21883",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21883"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix deinitializing VF in error path\n\nIf ice_ena_vfs() fails after calling ice_create_vf_entries(), it frees\nall VFs without removing them from snapshot PF-VF mailbox list, leading\nto list corruption.\n\nReproducer:\n devlink dev eswitch set $PF1_PCI mode switchdev\n ip l s $PF1 up\n ip l s $PF1 promisc on\n sleep 1\n echo 1 \u003e /sys/class/net/$PF1/device/sriov_numvfs\n sleep 1\n echo 1 \u003e /sys/class/net/$PF1/device/sriov_numvfs\n\nTrace (minimized):\n list_add corruption. next-\u003eprev should be prev (ffff8882e241c6f0), but was 0000000000000000. (next=ffff888455da1330).\n kernel BUG at lib/list_debug.c:29!\n RIP: 0010:__list_add_valid_or_report+0xa6/0x100\n ice_mbx_init_vf_info+0xa7/0x180 [ice]\n ice_initialize_vf_entry+0x1fa/0x250 [ice]\n ice_sriov_configure+0x8d7/0x1520 [ice]\n ? __percpu_ref_switch_mode+0x1b1/0x5d0\n ? __pfx_ice_sriov_configure+0x10/0x10 [ice]\n\nSometimes a KASAN report can be seen instead with a similar stack trace:\n BUG: KASAN: use-after-free in __list_add_valid_or_report+0xf1/0x100\n\nVFs are added to this list in ice_mbx_init_vf_info(), but only removed\nin ice_free_vfs(). Move the removing to ice_free_vf_entries(), which is\nalso being called in other places where VFs are being removed (including\nice_free_vfs() itself).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21883",
"url": "https://www.suse.com/security/cve/CVE-2025-21883"
},
{
"category": "external",
"summary": "SUSE Bug 1240189 for CVE-2025-21883",
"url": "https://bugzilla.suse.com/1240189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21883"
},
{
"cve": "CVE-2025-21884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: better track kernel sockets lifetime\n\nWhile kernel sockets are dismantled during pernet_operations-\u003eexit(),\ntheir freeing can be delayed by any tx packets still held in qdisc\nor device queues, due to skb_set_owner_w() prior calls.\n\nThis then trigger the following warning from ref_tracker_dir_exit() [1]\n\nTo fix this, make sure that kernel sockets own a reference on net-\u003epassive.\n\nAdd sk_net_refcnt_upgrade() helper, used whenever a kernel socket\nis converted to a refcounted one.\n\n[1]\n\n[ 136.263918][ T35] ref_tracker: net notrefcnt@ffff8880638f01e0 has 1/2 users at\n[ 136.263918][ T35] sk_alloc+0x2b3/0x370\n[ 136.263918][ T35] inet6_create+0x6ce/0x10f0\n[ 136.263918][ T35] __sock_create+0x4c0/0xa30\n[ 136.263918][ T35] inet_ctl_sock_create+0xc2/0x250\n[ 136.263918][ T35] igmp6_net_init+0x39/0x390\n[ 136.263918][ T35] ops_init+0x31e/0x590\n[ 136.263918][ T35] setup_net+0x287/0x9e0\n[ 136.263918][ T35] copy_net_ns+0x33f/0x570\n[ 136.263918][ T35] create_new_namespaces+0x425/0x7b0\n[ 136.263918][ T35] unshare_nsproxy_namespaces+0x124/0x180\n[ 136.263918][ T35] ksys_unshare+0x57d/0xa70\n[ 136.263918][ T35] __x64_sys_unshare+0x38/0x40\n[ 136.263918][ T35] do_syscall_64+0xf3/0x230\n[ 136.263918][ T35] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 136.263918][ T35]\n[ 136.343488][ T35] ref_tracker: net notrefcnt@ffff8880638f01e0 has 1/2 users at\n[ 136.343488][ T35] sk_alloc+0x2b3/0x370\n[ 136.343488][ T35] inet6_create+0x6ce/0x10f0\n[ 136.343488][ T35] __sock_create+0x4c0/0xa30\n[ 136.343488][ T35] inet_ctl_sock_create+0xc2/0x250\n[ 136.343488][ T35] ndisc_net_init+0xa7/0x2b0\n[ 136.343488][ T35] ops_init+0x31e/0x590\n[ 136.343488][ T35] setup_net+0x287/0x9e0\n[ 136.343488][ T35] copy_net_ns+0x33f/0x570\n[ 136.343488][ T35] create_new_namespaces+0x425/0x7b0\n[ 136.343488][ T35] unshare_nsproxy_namespaces+0x124/0x180\n[ 136.343488][ T35] ksys_unshare+0x57d/0xa70\n[ 136.343488][ T35] __x64_sys_unshare+0x38/0x40\n[ 136.343488][ T35] do_syscall_64+0xf3/0x230\n[ 136.343488][ T35] entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21884",
"url": "https://www.suse.com/security/cve/CVE-2025-21884"
},
{
"category": "external",
"summary": "SUSE Bug 1240171 for CVE-2025-21884",
"url": "https://bugzilla.suse.com/1240171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21884"
},
{
"cve": "CVE-2025-21885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21885"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix the page details for the srq created by kernel consumers\n\nWhile using nvme target with use_srq on, below kernel panic is noticed.\n\n[ 549.698111] bnxt_en 0000:41:00.0 enp65s0np0: FEC autoneg off encoding: Clause 91 RS(544,514)\n[ 566.393619] Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI\n..\n[ 566.393799] \u003cTASK\u003e\n[ 566.393807] ? __die_body+0x1a/0x60\n[ 566.393823] ? die+0x38/0x60\n[ 566.393835] ? do_trap+0xe4/0x110\n[ 566.393847] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393867] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393881] ? do_error_trap+0x7c/0x120\n[ 566.393890] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393911] ? exc_divide_error+0x34/0x50\n[ 566.393923] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393939] ? asm_exc_divide_error+0x16/0x20\n[ 566.393966] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393997] bnxt_qplib_create_srq+0xc9/0x340 [bnxt_re]\n[ 566.394040] bnxt_re_create_srq+0x335/0x3b0 [bnxt_re]\n[ 566.394057] ? srso_return_thunk+0x5/0x5f\n[ 566.394068] ? __init_swait_queue_head+0x4a/0x60\n[ 566.394090] ib_create_srq_user+0xa7/0x150 [ib_core]\n[ 566.394147] nvmet_rdma_queue_connect+0x7d0/0xbe0 [nvmet_rdma]\n[ 566.394174] ? lock_release+0x22c/0x3f0\n[ 566.394187] ? srso_return_thunk+0x5/0x5f\n\nPage size and shift info is set only for the user space SRQs.\nSet page size and page shift for kernel space SRQs also.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21885",
"url": "https://www.suse.com/security/cve/CVE-2025-21885"
},
{
"category": "external",
"summary": "SUSE Bug 1240169 for CVE-2025-21885",
"url": "https://bugzilla.suse.com/1240169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21885"
},
{
"cve": "CVE-2025-21886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21886"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix implicit ODP hang on parent deregistration\n\nFix the destroy_unused_implicit_child_mr() to prevent hanging during\nparent deregistration as of below [1].\n\nUpon entering destroy_unused_implicit_child_mr(), the reference count\nfor the implicit MR parent is incremented using:\nrefcount_inc_not_zero().\n\nA corresponding decrement must be performed if\nfree_implicit_child_mr_work() is not called.\n\nThe code has been updated to properly manage the reference count that\nwas incremented.\n\n[1]\nINFO: task python3:2157 blocked for more than 120 seconds.\nNot tainted 6.12.0-rc7+ #1633\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:python3 state:D stack:0 pid:2157 tgid:2157 ppid:1685 flags:0x00000000\nCall Trace:\n\u003cTASK\u003e\n__schedule+0x420/0xd30\nschedule+0x47/0x130\n__mlx5_ib_dereg_mr+0x379/0x5d0 [mlx5_ib]\n? __pfx_autoremove_wake_function+0x10/0x10\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0x116/0x170 [ib_uverbs]\n? lock_release+0xc6/0x280\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n __x64_sys_ioctl+0x1b0/0xa70\n? kmem_cache_free+0x221/0x400\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f20f21f017b\nRSP: 002b:00007ffcfc4a77c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffcfc4a78d8 RCX: 00007f20f21f017b\nRDX: 00007ffcfc4a78c0 RSI: 00000000c0181b01 RDI: 0000000000000003\nRBP: 00007ffcfc4a78a0 R08: 000056147d125190 R09: 00007f20f1f14c60\nR10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcfc4a7890\nR13: 000000000000001c R14: 000056147d100fc0 R15: 00007f20e365c9d0\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21886",
"url": "https://www.suse.com/security/cve/CVE-2025-21886"
},
{
"category": "external",
"summary": "SUSE Bug 1240188 for CVE-2025-21886",
"url": "https://bugzilla.suse.com/1240188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21886"
},
{
"cve": "CVE-2025-21887",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21887"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\novl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up\n\nThe issue was caused by dput(upper) being called before\novl_dentry_update_reval(), while upper-\u003ed_flags was still\naccessed in ovl_dentry_remote().\n\nMove dput(upper) after its last use to prevent use-after-free.\n\nBUG: KASAN: slab-use-after-free in ovl_dentry_remote fs/overlayfs/util.c:162 [inline]\nBUG: KASAN: slab-use-after-free in ovl_dentry_update_reval+0xd2/0xf0 fs/overlayfs/util.c:167\n\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n ovl_dentry_remote fs/overlayfs/util.c:162 [inline]\n ovl_dentry_update_reval+0xd2/0xf0 fs/overlayfs/util.c:167\n ovl_link_up fs/overlayfs/copy_up.c:610 [inline]\n ovl_copy_up_one+0x2105/0x3490 fs/overlayfs/copy_up.c:1170\n ovl_copy_up_flags+0x18d/0x200 fs/overlayfs/copy_up.c:1223\n ovl_rename+0x39e/0x18c0 fs/overlayfs/dir.c:1136\n vfs_rename+0xf84/0x20a0 fs/namei.c:4893\n...\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21887",
"url": "https://www.suse.com/security/cve/CVE-2025-21887"
},
{
"category": "external",
"summary": "SUSE Bug 1240176 for CVE-2025-21887",
"url": "https://bugzilla.suse.com/1240176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21887"
},
{
"cve": "CVE-2025-21888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21888"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix a WARN during dereg_mr for DM type\n\nMemory regions (MR) of type DM (device memory) do not have an associated\numem.\n\nIn the __mlx5_ib_dereg_mr() -\u003e mlx5_free_priv_descs() flow, the code\nincorrectly takes the wrong branch, attempting to call\ndma_unmap_single() on a DMA address that is not mapped.\n\nThis results in a WARN [1], as shown below.\n\nThe issue is resolved by properly accounting for the DM type and\nensuring the correct branch is selected in mlx5_free_priv_descs().\n\n[1]\nWARNING: CPU: 12 PID: 1346 at drivers/iommu/dma-iommu.c:1230 iommu_dma_unmap_page+0x79/0x90\nModules linked in: ip6table_mangle ip6table_nat ip6table_filter ip6_tables iptable_mangle xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry ovelay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core fuse mlx5_core\nCPU: 12 UID: 0 PID: 1346 Comm: ibv_rc_pingpong Not tainted 6.12.0-rc7+ #1631\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:iommu_dma_unmap_page+0x79/0x90\nCode: 2b 49 3b 29 72 26 49 3b 69 08 73 20 4d 89 f0 44 89 e9 4c 89 e2 48 89 ee 48 89 df 5b 5d 41 5c 41 5d 41 5e 41 5f e9 07 b8 88 ff \u003c0f\u003e 0b 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 66 0f 1f 44 00\nRSP: 0018:ffffc90001913a10 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88810194b0a8 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001\nRBP: ffff88810194b0a8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f537abdd740(0000) GS:ffff88885fb00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f537aeb8000 CR3: 000000010c248001 CR4: 0000000000372eb0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x84/0x190\n? iommu_dma_unmap_page+0x79/0x90\n? report_bug+0xf8/0x1c0\n? handle_bug+0x55/0x90\n? exc_invalid_op+0x13/0x60\n? asm_exc_invalid_op+0x16/0x20\n? iommu_dma_unmap_page+0x79/0x90\ndma_unmap_page_attrs+0xe6/0x290\nmlx5_free_priv_descs+0xb0/0xe0 [mlx5_ib]\n__mlx5_ib_dereg_mr+0x37e/0x520 [mlx5_ib]\n? _raw_spin_unlock_irq+0x24/0x40\n? wait_for_completion+0xfe/0x130\n? rdma_restrack_put+0x63/0xe0 [ib_core]\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0x116/0x170 [ib_uverbs]\n? lock_release+0xc6/0x280\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n__x64_sys_ioctl+0x1b0/0xa70\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f537adaf17b\nCode: 0f 1e fa 48 8b 05 1d ad 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d ed ac 0c 00 f7 d8 64 89 01 48\nRSP: 002b:00007ffff218f0b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffff218f1d8 RCX: 00007f537adaf17b\nRDX: 00007ffff218f1c0 RSI: 00000000c0181b01 RDI: 0000000000000003\nRBP: 00007ffff218f1a0 R08: 00007f537aa8d010 R09: 0000561ee2e4f270\nR10: 00007f537aace3a8 R11: 0000000000000246 R12: 00007ffff218f190\nR13: 000000000000001c R14: 0000561ee2e4d7c0 R15: 00007ffff218f450\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21888",
"url": "https://www.suse.com/security/cve/CVE-2025-21888"
},
{
"category": "external",
"summary": "SUSE Bug 1240177 for CVE-2025-21888",
"url": "https://bugzilla.suse.com/1240177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21888"
},
{
"cve": "CVE-2025-21889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Add RCU read lock protection to perf_iterate_ctx()\n\nThe perf_iterate_ctx() function performs RCU list traversal but\ncurrently lacks RCU read lock protection. This causes lockdep warnings\nwhen running perf probe with unshare(1) under CONFIG_PROVE_RCU_LIST=y:\n\n\tWARNING: suspicious RCU usage\n\tkernel/events/core.c:8168 RCU-list traversed in non-reader section!!\n\n\t Call Trace:\n\t lockdep_rcu_suspicious\n\t ? perf_event_addr_filters_apply\n\t perf_iterate_ctx\n\t perf_event_exec\n\t begin_new_exec\n\t ? load_elf_phdrs\n\t load_elf_binary\n\t ? lock_acquire\n\t ? find_held_lock\n\t ? bprm_execve\n\t bprm_execve\n\t do_execveat_common.isra.0\n\t __x64_sys_execve\n\t do_syscall_64\n\t entry_SYSCALL_64_after_hwframe\n\nThis protection was previously present but was removed in commit\nbd2756811766 (\"perf: Rewrite core context handling\"). Add back the\nnecessary rcu_read_lock()/rcu_read_unlock() pair around\nperf_iterate_ctx() call in perf_event_exec().\n\n[ mingo: Use scoped_guard() as suggested by Peter ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21889",
"url": "https://www.suse.com/security/cve/CVE-2025-21889"
},
{
"category": "external",
"summary": "SUSE Bug 1240167 for CVE-2025-21889",
"url": "https://bugzilla.suse.com/1240167"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21889"
},
{
"cve": "CVE-2025-21890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21890"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix checksums set in idpf_rx_rsc()\n\nidpf_rx_rsc() uses skb_transport_offset(skb) while the transport header\nis not set yet.\n\nThis triggers the following warning for CONFIG_DEBUG_NET=y builds.\n\nDEBUG_NET_WARN_ON_ONCE(!skb_transport_header_was_set(skb))\n\n[ 69.261620] WARNING: CPU: 7 PID: 0 at ./include/linux/skbuff.h:3020 idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261629] Modules linked in: vfat fat dummy bridge intel_uncore_frequency_tpmi intel_uncore_frequency_common intel_vsec_tpmi idpf intel_vsec cdc_ncm cdc_eem cdc_ether usbnet mii xhci_pci xhci_hcd ehci_pci ehci_hcd libeth\n[ 69.261644] CPU: 7 UID: 0 PID: 0 Comm: swapper/7 Tainted: G S W 6.14.0-smp-DEV #1697\n[ 69.261648] Tainted: [S]=CPU_OUT_OF_SPEC, [W]=WARN\n[ 69.261650] RIP: 0010:idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261677] ? __warn (kernel/panic.c:242 kernel/panic.c:748)\n[ 69.261682] ? idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261687] ? report_bug (lib/bug.c:?)\n[ 69.261690] ? handle_bug (arch/x86/kernel/traps.c:285)\n[ 69.261694] ? exc_invalid_op (arch/x86/kernel/traps.c:309)\n[ 69.261697] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)\n[ 69.261700] ? __pfx_idpf_vport_splitq_napi_poll (drivers/net/ethernet/intel/idpf/idpf_txrx.c:4011) idpf\n[ 69.261704] ? idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261708] ? idpf_vport_splitq_napi_poll (drivers/net/ethernet/intel/idpf/idpf_txrx.c:3072) idpf\n[ 69.261712] __napi_poll (net/core/dev.c:7194)\n[ 69.261716] net_rx_action (net/core/dev.c:7265)\n[ 69.261718] ? __qdisc_run (net/sched/sch_generic.c:293)\n[ 69.261721] ? sched_clock (arch/x86/include/asm/preempt.h:84 arch/x86/kernel/tsc.c:288)\n[ 69.261726] handle_softirqs (kernel/softirq.c:561)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21890",
"url": "https://www.suse.com/security/cve/CVE-2025-21890"
},
{
"category": "external",
"summary": "SUSE Bug 1240173 for CVE-2025-21890",
"url": "https://bugzilla.suse.com/1240173"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21890"
},
{
"cve": "CVE-2025-21891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21891"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: ensure network headers are in skb linear part\n\nsyzbot found that ipvlan_process_v6_outbound() was assuming\nthe IPv6 network header isis present in skb-\u003ehead [1]\n\nAdd the needed pskb_network_may_pull() calls for both\nIPv4 and IPv6 handlers.\n\n[1]\nBUG: KMSAN: uninit-value in __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n ipv6_addr_type include/net/ipv6.h:555 [inline]\n ip6_route_output_flags_noref net/ipv6/route.c:2616 [inline]\n ip6_route_output_flags+0x51/0x720 net/ipv6/route.c:2651\n ip6_route_output include/net/ip6_route.h:93 [inline]\n ipvlan_route_v6_outbound+0x24e/0x520 drivers/net/ipvlan/ipvlan_core.c:476\n ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:491 [inline]\n ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:541 [inline]\n ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:605 [inline]\n ipvlan_queue_xmit+0xd72/0x1780 drivers/net/ipvlan/ipvlan_core.c:671\n ipvlan_start_xmit+0x5b/0x210 drivers/net/ipvlan/ipvlan_main.c:223\n __netdev_start_xmit include/linux/netdevice.h:5150 [inline]\n netdev_start_xmit include/linux/netdevice.h:5159 [inline]\n xmit_one net/core/dev.c:3735 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3751\n sch_direct_xmit+0x399/0xd40 net/sched/sch_generic.c:343\n qdisc_restart net/sched/sch_generic.c:408 [inline]\n __qdisc_run+0x14da/0x35d0 net/sched/sch_generic.c:416\n qdisc_run+0x141/0x4d0 include/net/pkt_sched.h:127\n net_tx_action+0x78b/0x940 net/core/dev.c:5484\n handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561\n __do_softirq+0x14/0x1a kernel/softirq.c:595\n do_softirq+0x9a/0x100 kernel/softirq.c:462\n __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:389\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]\n __dev_queue_xmit+0x2758/0x57d0 net/core/dev.c:4611\n dev_queue_xmit include/linux/netdevice.h:3311 [inline]\n packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3132 [inline]\n packet_sendmsg+0x93e0/0xa7e0 net/packet/af_packet.c:3164\n sock_sendmsg_nosec net/socket.c:718 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21891",
"url": "https://www.suse.com/security/cve/CVE-2025-21891"
},
{
"category": "external",
"summary": "SUSE Bug 1240186 for CVE-2025-21891",
"url": "https://bugzilla.suse.com/1240186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21891"
},
{
"cve": "CVE-2025-21892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21892"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix the recovery flow of the UMR QP\n\nThis patch addresses an issue in the recovery flow of the UMR QP,\nensuring tasks do not get stuck, as highlighted by the call trace [1].\n\nDuring recovery, before transitioning the QP to the RESET state, the\nsoftware must wait for all outstanding WRs to complete.\n\nFailing to do so can cause the firmware to skip sending some flushed\nCQEs with errors and simply discard them upon the RESET, as per the IB\nspecification.\n\nThis race condition can result in lost CQEs and tasks becoming stuck.\n\nTo resolve this, the patch sends a final WR which serves only as a\nbarrier before moving the QP state to RESET.\n\nOnce a CQE is received for that final WR, it guarantees that no\noutstanding WRs remain, making it safe to transition the QP to RESET and\nsubsequently back to RTS, restoring proper functionality.\n\nNote:\nFor the barrier WR, we simply reuse the failed and ready WR.\nSince the QP is in an error state, it will only receive\nIB_WC_WR_FLUSH_ERR. However, as it serves only as a barrier we don\u0027t\ncare about its status.\n\n[1]\nINFO: task rdma_resource_l:1922 blocked for more than 120 seconds.\nTainted: G W 6.12.0-rc7+ #1626\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:rdma_resource_l state:D stack:0 pid:1922 tgid:1922 ppid:1369\n flags:0x00004004\nCall Trace:\n\u003cTASK\u003e\n__schedule+0x420/0xd30\nschedule+0x47/0x130\nschedule_timeout+0x280/0x300\n? mark_held_locks+0x48/0x80\n? lockdep_hardirqs_on_prepare+0xe5/0x1a0\nwait_for_completion+0x75/0x130\nmlx5r_umr_post_send_wait+0x3c2/0x5b0 [mlx5_ib]\n? __pfx_mlx5r_umr_done+0x10/0x10 [mlx5_ib]\nmlx5r_umr_revoke_mr+0x93/0xc0 [mlx5_ib]\n__mlx5_ib_dereg_mr+0x299/0x520 [mlx5_ib]\n? _raw_spin_unlock_irq+0x24/0x40\n? wait_for_completion+0xfe/0x130\n? rdma_restrack_put+0x63/0xe0 [ib_core]\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? __lock_acquire+0x64e/0x2080\n? mark_held_locks+0x48/0x80\n? find_held_lock+0x2d/0xa0\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? __fget_files+0xc3/0x1b0\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n__x64_sys_ioctl+0x1b0/0xa70\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f99c918b17b\nRSP: 002b:00007ffc766d0468 EFLAGS: 00000246 ORIG_RAX:\n 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffc766d0578 RCX:\n 00007f99c918b17b\nRDX: 00007ffc766d0560 RSI: 00000000c0181b01 RDI:\n 0000000000000003\nRBP: 00007ffc766d0540 R08: 00007f99c8f99010 R09:\n 000000000000bd7e\nR10: 00007f99c94c1c70 R11: 0000000000000246 R12:\n 00007ffc766d0530\nR13: 000000000000001c R14: 0000000040246a80 R15:\n 0000000000000000\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21892",
"url": "https://www.suse.com/security/cve/CVE-2025-21892"
},
{
"category": "external",
"summary": "SUSE Bug 1240175 for CVE-2025-21892",
"url": "https://bugzilla.suse.com/1240175"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21892"
},
{
"cve": "CVE-2025-21894",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21894"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC\n\nActually ENETC VFs do not support HWTSTAMP_TX_ONESTEP_SYNC because only\nENETC PF can access PMa_SINGLE_STEP registers. And there will be a crash\nif VFs are used to test one-step timestamp, the crash log as follows.\n\n[ 129.110909] Unable to handle kernel paging request at virtual address 00000000000080c0\n[ 129.287769] Call trace:\n[ 129.290219] enetc_port_mac_wr+0x30/0xec (P)\n[ 129.294504] enetc_start_xmit+0xda4/0xe74\n[ 129.298525] enetc_xmit+0x70/0xec\n[ 129.301848] dev_hard_start_xmit+0x98/0x118",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21894",
"url": "https://www.suse.com/security/cve/CVE-2025-21894"
},
{
"category": "external",
"summary": "SUSE Bug 1240581 for CVE-2025-21894",
"url": "https://bugzilla.suse.com/1240581"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21894"
},
{
"cve": "CVE-2025-21895",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21895"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Order the PMU list to fix warning about unordered pmu_ctx_list\n\nSyskaller triggers a warning due to prev_epc-\u003epmu != next_epc-\u003epmu in\nperf_event_swap_task_ctx_data(). vmcore shows that two lists have the same\nperf_event_pmu_context, but not in the same order.\n\nThe problem is that the order of pmu_ctx_list for the parent is impacted by\nthe time when an event/PMU is added. While the order for a child is\nimpacted by the event order in the pinned_groups and flexible_groups. So\nthe order of pmu_ctx_list in the parent and child may be different.\n\nTo fix this problem, insert the perf_event_pmu_context to its proper place\nafter iteration of the pmu_ctx_list.\n\nThe follow testcase can trigger above warning:\n\n # perf record -e cycles --call-graph lbr -- taskset -c 3 ./a.out \u0026\n # perf stat -e cpu-clock,cs -p xxx // xxx is the pid of a.out\n\n test.c\n\n void main() {\n int count = 0;\n pid_t pid;\n\n printf(\"%d running\\n\", getpid());\n sleep(30);\n printf(\"running\\n\");\n\n pid = fork();\n if (pid == -1) {\n printf(\"fork error\\n\");\n return;\n }\n if (pid == 0) {\n while (1) {\n count++;\n }\n } else {\n while (1) {\n count++;\n }\n }\n }\n\nThe testcase first opens an LBR event, so it will allocate task_ctx_data,\nand then open tracepoint and software events, so the parent context will\nhave 3 different perf_event_pmu_contexts. On inheritance, child ctx will\ninsert the perf_event_pmu_context in another order and the warning will\ntrigger.\n\n[ mingo: Tidied up the changelog. ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21895",
"url": "https://www.suse.com/security/cve/CVE-2025-21895"
},
{
"category": "external",
"summary": "SUSE Bug 1240585 for CVE-2025-21895",
"url": "https://bugzilla.suse.com/1240585"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21895"
},
{
"cve": "CVE-2025-21905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21905"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: limit printed string from FW file\n\nThere\u0027s no guarantee here that the file is always with a\nNUL-termination, so reading the string may read beyond the\nend of the TLV. If that\u0027s the last TLV in the file, it can\nperhaps even read beyond the end of the file buffer.\n\nFix that by limiting the print format to the size of the\nbuffer we have.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21905",
"url": "https://www.suse.com/security/cve/CVE-2025-21905"
},
{
"category": "external",
"summary": "SUSE Bug 1240575 for CVE-2025-21905",
"url": "https://bugzilla.suse.com/1240575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21905"
},
{
"cve": "CVE-2025-21906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21906"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: clean up ROC on failure\n\nIf the firmware fails to start the session protection, then we\ndo call iwl_mvm_roc_finished() here, but that won\u0027t do anything\nat all because IWL_MVM_STATUS_ROC_P2P_RUNNING was never set.\nSet IWL_MVM_STATUS_ROC_P2P_RUNNING in the failure/stop path.\nIf it started successfully before, it\u0027s already set, so that\ndoesn\u0027t matter, and if it didn\u0027t start it needs to be set to\nclean up.\n\nNot doing so will lead to a WARN_ON() later on a fresh remain-\non-channel, since the link is already active when activated as\nit was never deactivated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21906",
"url": "https://www.suse.com/security/cve/CVE-2025-21906"
},
{
"category": "external",
"summary": "SUSE Bug 1240587 for CVE-2025-21906",
"url": "https://bugzilla.suse.com/1240587"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21906"
},
{
"cve": "CVE-2025-21908",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21908"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: fix nfs_release_folio() to not deadlock via kcompactd writeback\n\nAdd PF_KCOMPACTD flag and current_is_kcompactd() helper to check for it so\nnfs_release_folio() can skip calling nfs_wb_folio() from kcompactd.\n\nOtherwise NFS can deadlock waiting for kcompactd enduced writeback which\nrecurses back to NFS (which triggers writeback to NFSD via NFS loopback\nmount on the same host, NFSD blocks waiting for XFS\u0027s call to\n__filemap_get_folio):\n\n6070.550357] INFO: task kcompactd0:58 blocked for more than 4435 seconds.\n\n{---\n[58] \"kcompactd0\"\n[\u003c0\u003e] folio_wait_bit+0xe8/0x200\n[\u003c0\u003e] folio_wait_writeback+0x2b/0x80\n[\u003c0\u003e] nfs_wb_folio+0x80/0x1b0 [nfs]\n[\u003c0\u003e] nfs_release_folio+0x68/0x130 [nfs]\n[\u003c0\u003e] split_huge_page_to_list_to_order+0x362/0x840\n[\u003c0\u003e] migrate_pages_batch+0x43d/0xb90\n[\u003c0\u003e] migrate_pages_sync+0x9a/0x240\n[\u003c0\u003e] migrate_pages+0x93c/0x9f0\n[\u003c0\u003e] compact_zone+0x8e2/0x1030\n[\u003c0\u003e] compact_node+0xdb/0x120\n[\u003c0\u003e] kcompactd+0x121/0x2e0\n[\u003c0\u003e] kthread+0xcf/0x100\n[\u003c0\u003e] ret_from_fork+0x31/0x40\n[\u003c0\u003e] ret_from_fork_asm+0x1a/0x30\n---}\n\n[akpm@linux-foundation.org: fix build]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21908",
"url": "https://www.suse.com/security/cve/CVE-2025-21908"
},
{
"category": "external",
"summary": "SUSE Bug 1240600 for CVE-2025-21908",
"url": "https://bugzilla.suse.com/1240600"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21908"
},
{
"cve": "CVE-2025-21909",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21909"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: reject cooked mode if it is set along with other flags\n\nIt is possible to set both MONITOR_FLAG_COOK_FRAMES and MONITOR_FLAG_ACTIVE\nflags simultaneously on the same monitor interface from the userspace. This\ncauses a sub-interface to be created with no IEEE80211_SDATA_IN_DRIVER bit\nset because the monitor interface is in the cooked state and it takes\nprecedence over all other states. When the interface is then being deleted\nthe kernel calls WARN_ONCE() from check_sdata_in_driver() because of missing\nthat bit.\n\nFix this by rejecting MONITOR_FLAG_COOK_FRAMES if it is set along with\nother flags.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21909",
"url": "https://www.suse.com/security/cve/CVE-2025-21909"
},
{
"category": "external",
"summary": "SUSE Bug 1240590 for CVE-2025-21909",
"url": "https://bugzilla.suse.com/1240590"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21909"
},
{
"cve": "CVE-2025-21910",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21910"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: regulatory: improve invalid hints checking\n\nSyzbot keeps reporting an issue [1] that occurs when erroneous symbols\nsent from userspace get through into user_alpha2[] via\nregulatory_hint_user() call. Such invalid regulatory hints should be\nrejected.\n\nWhile a sanity check from commit 47caf685a685 (\"cfg80211: regulatory:\nreject invalid hints\") looks to be enough to deter these very cases,\nthere is a way to get around it due to 2 reasons.\n\n1) The way isalpha() works, symbols other than latin lower and\nupper letters may be used to determine a country/domain.\nFor instance, greek letters will also be considered upper/lower\nletters and for such characters isalpha() will return true as well.\nHowever, ISO-3166-1 alpha2 codes should only hold latin\ncharacters.\n\n2) While processing a user regulatory request, between\nreg_process_hint_user() and regulatory_hint_user() there happens to\nbe a call to queue_regulatory_request() which modifies letters in\nrequest-\u003ealpha2[] with toupper(). This works fine for latin symbols,\nless so for weird letter characters from the second part of _ctype[].\n\nSyzbot triggers a warning in is_user_regdom_saved() by first sending\nover an unexpected non-latin letter that gets malformed by toupper()\ninto a character that ends up failing isalpha() check.\n\nPrevent this by enhancing is_an_alpha2() to ensure that incoming\nsymbols are latin letters and nothing else.\n\n[1] Syzbot report:\n------------[ cut here ]------------\nUnexpected user alpha2: A\ufffd\nWARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 is_user_regdom_saved net/wireless/reg.c:440 [inline]\nWARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 restore_alpha2 net/wireless/reg.c:3424 [inline]\nWARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 restore_regulatory_settings+0x3c0/0x1e50 net/wireless/reg.c:3516\nModules linked in:\nCPU: 1 UID: 0 PID: 964 Comm: kworker/1:2 Not tainted 6.12.0-rc5-syzkaller-00044-gc1e939a21eb1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: events_power_efficient crda_timeout_work\nRIP: 0010:is_user_regdom_saved net/wireless/reg.c:440 [inline]\nRIP: 0010:restore_alpha2 net/wireless/reg.c:3424 [inline]\nRIP: 0010:restore_regulatory_settings+0x3c0/0x1e50 net/wireless/reg.c:3516\n...\nCall Trace:\n \u003cTASK\u003e\n crda_timeout_work+0x27/0x50 net/wireless/reg.c:542\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa65/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f2/0x390 kernel/kthread.c:389\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21910",
"url": "https://www.suse.com/security/cve/CVE-2025-21910"
},
{
"category": "external",
"summary": "SUSE Bug 1240583 for CVE-2025-21910",
"url": "https://bugzilla.suse.com/1240583"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21910"
},
{
"cve": "CVE-2025-21912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21912"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: rcar: Use raw_spinlock to protect register access\n\nUse raw_spinlock in order to fix spurious messages about invalid context\nwhen spinlock debugging is enabled. The lock is only used to serialize\nregister access.\n\n [ 4.239592] =============================\n [ 4.239595] [ BUG: Invalid wait context ]\n [ 4.239599] 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35 Not tainted\n [ 4.239603] -----------------------------\n [ 4.239606] kworker/u8:5/76 is trying to lock:\n [ 4.239609] ffff0000091898a0 (\u0026p-\u003elock){....}-{3:3}, at: gpio_rcar_config_interrupt_input_mode+0x34/0x164\n [ 4.239641] other info that might help us debug this:\n [ 4.239643] context-{5:5}\n [ 4.239646] 5 locks held by kworker/u8:5/76:\n [ 4.239651] #0: ffff0000080fb148 ((wq_completion)async){+.+.}-{0:0}, at: process_one_work+0x190/0x62c\n [ 4.250180] OF: /soc/sound@ec500000/ports/port@0/endpoint: Read of boolean property \u0027frame-master\u0027 with a value.\n [ 4.254094] #1: ffff80008299bd80 ((work_completion)(\u0026entry-\u003ework)){+.+.}-{0:0}, at: process_one_work+0x1b8/0x62c\n [ 4.254109] #2: ffff00000920c8f8\n [ 4.258345] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property \u0027bitclock-master\u0027 with a value.\n [ 4.264803] (\u0026dev-\u003emutex){....}-{4:4}, at: __device_attach_async_helper+0x3c/0xdc\n [ 4.264820] #3: ffff00000a50ca40 (request_class#2){+.+.}-{4:4}, at: __setup_irq+0xa0/0x690\n [ 4.264840] #4:\n [ 4.268872] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property \u0027frame-master\u0027 with a value.\n [ 4.273275] ffff00000a50c8c8 (lock_class){....}-{2:2}, at: __setup_irq+0xc4/0x690\n [ 4.296130] renesas_sdhi_internal_dmac ee100000.mmc: mmc1 base at 0x00000000ee100000, max clock rate 200 MHz\n [ 4.304082] stack backtrace:\n [ 4.304086] CPU: 1 UID: 0 PID: 76 Comm: kworker/u8:5 Not tainted 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35\n [ 4.304092] Hardware name: Renesas Salvator-X 2nd version board based on r8a77965 (DT)\n [ 4.304097] Workqueue: async async_run_entry_fn\n [ 4.304106] Call trace:\n [ 4.304110] show_stack+0x14/0x20 (C)\n [ 4.304122] dump_stack_lvl+0x6c/0x90\n [ 4.304131] dump_stack+0x14/0x1c\n [ 4.304138] __lock_acquire+0xdfc/0x1584\n [ 4.426274] lock_acquire+0x1c4/0x33c\n [ 4.429942] _raw_spin_lock_irqsave+0x5c/0x80\n [ 4.434307] gpio_rcar_config_interrupt_input_mode+0x34/0x164\n [ 4.440061] gpio_rcar_irq_set_type+0xd4/0xd8\n [ 4.444422] __irq_set_trigger+0x5c/0x178\n [ 4.448435] __setup_irq+0x2e4/0x690\n [ 4.452012] request_threaded_irq+0xc4/0x190\n [ 4.456285] devm_request_threaded_irq+0x7c/0xf4\n [ 4.459398] ata1: link resume succeeded after 1 retries\n [ 4.460902] mmc_gpiod_request_cd_irq+0x68/0xe0\n [ 4.470660] mmc_start_host+0x50/0xac\n [ 4.474327] mmc_add_host+0x80/0xe4\n [ 4.477817] tmio_mmc_host_probe+0x2b0/0x440\n [ 4.482094] renesas_sdhi_probe+0x488/0x6f4\n [ 4.486281] renesas_sdhi_internal_dmac_probe+0x60/0x78\n [ 4.491509] platform_probe+0x64/0xd8\n [ 4.495178] really_probe+0xb8/0x2a8\n [ 4.498756] __driver_probe_device+0x74/0x118\n [ 4.503116] driver_probe_device+0x3c/0x154\n [ 4.507303] __device_attach_driver+0xd4/0x160\n [ 4.511750] bus_for_each_drv+0x84/0xe0\n [ 4.515588] __device_attach_async_helper+0xb0/0xdc\n [ 4.520470] async_run_entry_fn+0x30/0xd8\n [ 4.524481] process_one_work+0x210/0x62c\n [ 4.528494] worker_thread+0x1ac/0x340\n [ 4.532245] kthread+0x10c/0x110\n [ 4.535476] ret_from_fork+0x10/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21912",
"url": "https://www.suse.com/security/cve/CVE-2025-21912"
},
{
"category": "external",
"summary": "SUSE Bug 1240584 for CVE-2025-21912",
"url": "https://bugzilla.suse.com/1240584"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21912"
},
{
"cve": "CVE-2025-21913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21913"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range()\n\nXen doesn\u0027t offer MSR_FAM10H_MMIO_CONF_BASE to all guests. This results\nin the following warning:\n\n unchecked MSR access error: RDMSR from 0xc0010058 at rIP: 0xffffffff8101d19f (xen_do_read_msr+0x7f/0xa0)\n Call Trace:\n xen_read_msr+0x1e/0x30\n amd_get_mmconfig_range+0x2b/0x80\n quirk_amd_mmconfig_area+0x28/0x100\n pnp_fixup_device+0x39/0x50\n __pnp_add_device+0xf/0x150\n pnp_add_device+0x3d/0x100\n pnpacpi_add_device_handler+0x1f9/0x280\n acpi_ns_get_device_callback+0x104/0x1c0\n acpi_ns_walk_namespace+0x1d0/0x260\n acpi_get_devices+0x8a/0xb0\n pnpacpi_init+0x50/0x80\n do_one_initcall+0x46/0x2e0\n kernel_init_freeable+0x1da/0x2f0\n kernel_init+0x16/0x1b0\n ret_from_fork+0x30/0x50\n ret_from_fork_asm+0x1b/0x30\n\nbased on quirks for a \"PNP0c01\" device. Treating MMCFG as disabled is the\nright course of action, so no change is needed there.\n\nThis was most likely exposed by fixing the Xen MSR accessors to not be\nsilently-safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21913",
"url": "https://www.suse.com/security/cve/CVE-2025-21913"
},
{
"category": "external",
"summary": "SUSE Bug 1240591 for CVE-2025-21913",
"url": "https://bugzilla.suse.com/1240591"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21913"
},
{
"cve": "CVE-2025-21914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21914"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nslimbus: messaging: Free transaction ID in delayed interrupt scenario\n\nIn case of interrupt delay for any reason, slim_do_transfer()\nreturns timeout error but the transaction ID (TID) is not freed.\nThis results into invalid memory access inside\nqcom_slim_ngd_rx_msgq_cb() due to invalid TID.\n\nFix the issue by freeing the TID in slim_do_transfer() before\nreturning timeout error to avoid invalid memory access.\n\nCall trace:\n__memcpy_fromio+0x20/0x190\nqcom_slim_ngd_rx_msgq_cb+0x130/0x290 [slim_qcom_ngd_ctrl]\nvchan_complete+0x2a0/0x4a0\ntasklet_action_common+0x274/0x700\ntasklet_action+0x28/0x3c\n_stext+0x188/0x620\nrun_ksoftirqd+0x34/0x74\nsmpboot_thread_fn+0x1d8/0x464\nkthread+0x178/0x238\nret_from_fork+0x10/0x20\nCode: aa0003e8 91000429 f100044a 3940002b (3800150b)\n---[ end trace 0fe00bec2b975c99 ]---\nKernel panic - not syncing: Oops: Fatal exception in interrupt.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21914",
"url": "https://www.suse.com/security/cve/CVE-2025-21914"
},
{
"category": "external",
"summary": "SUSE Bug 1240595 for CVE-2025-21914",
"url": "https://bugzilla.suse.com/1240595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21914"
},
{
"cve": "CVE-2025-21915",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21915"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncdx: Fix possible UAF error in driver_override_show()\n\nFixed a possible UAF problem in driver_override_show() in drivers/cdx/cdx.c\n\nThis function driver_override_show() is part of DEVICE_ATTR_RW, which\nincludes both driver_override_show() and driver_override_store().\nThese functions can be executed concurrently in sysfs.\n\nThe driver_override_store() function uses driver_set_override() to\nupdate the driver_override value, and driver_set_override() internally\nlocks the device (device_lock(dev)). If driver_override_show() reads\ncdx_dev-\u003edriver_override without locking, it could potentially access\na freed pointer if driver_override_store() frees the string\nconcurrently. This could lead to printing a kernel address, which is a\nsecurity risk since DEVICE_ATTR can be read by all users.\n\nAdditionally, a similar pattern is used in drivers/amba/bus.c, as well\nas many other bus drivers, where device_lock() is taken in the show\nfunction, and it has been working without issues.\n\nThis potential bug was detected by our experimental static analysis\ntool, which analyzes locking APIs and paired functions to identify\ndata races and atomicity violations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21915",
"url": "https://www.suse.com/security/cve/CVE-2025-21915"
},
{
"category": "external",
"summary": "SUSE Bug 1240594 for CVE-2025-21915",
"url": "https://bugzilla.suse.com/1240594"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21915"
},
{
"cve": "CVE-2025-21916",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21916"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: atm: cxacru: fix a flaw in existing endpoint checks\n\nSyzbot once again identified a flaw in usb endpoint checking, see [1].\nThis time the issue stems from a commit authored by me (2eabb655a968\n(\"usb: atm: cxacru: fix endpoint checking in cxacru_bind()\")).\n\nWhile using usb_find_common_endpoints() may usually be enough to\ndiscard devices with wrong endpoints, in this case one needs more\nthan just finding and identifying the sufficient number of endpoints\nof correct types - one needs to check the endpoint\u0027s address as well.\n\nSince cxacru_bind() fills URBs with CXACRU_EP_CMD address in mind,\nswitch the endpoint verification approach to usb_check_XXX_endpoints()\ninstead to fix incomplete ep testing.\n\n[1] Syzbot report:\nusb 5-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 0 PID: 1378 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503\n...\nRIP: 0010:usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503\n...\nCall Trace:\n \u003cTASK\u003e\n cxacru_cm+0x3c8/0xe50 drivers/usb/atm/cxacru.c:649\n cxacru_card_status drivers/usb/atm/cxacru.c:760 [inline]\n cxacru_bind+0xcf9/0x1150 drivers/usb/atm/cxacru.c:1223\n usbatm_usb_probe+0x314/0x1d30 drivers/usb/atm/usbatm.c:1058\n cxacru_usb_probe+0x184/0x220 drivers/usb/atm/cxacru.c:1377\n usb_probe_interface+0x641/0xbb0 drivers/usb/core/driver.c:396\n really_probe+0x2b9/0xad0 drivers/base/dd.c:658\n __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:800\n driver_probe_device+0x50/0x430 drivers/base/dd.c:830\n...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21916",
"url": "https://www.suse.com/security/cve/CVE-2025-21916"
},
{
"category": "external",
"summary": "SUSE Bug 1240582 for CVE-2025-21916",
"url": "https://bugzilla.suse.com/1240582"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21916"
},
{
"cve": "CVE-2025-21917",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21917"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: renesas_usbhs: Flush the notify_hotplug_work\n\nWhen performing continuous unbind/bind operations on the USB drivers\navailable on the Renesas RZ/G2L SoC, a kernel crash with the message\n\"Unable to handle kernel NULL pointer dereference at virtual address\"\nmay occur. This issue points to the usbhsc_notify_hotplug() function.\n\nFlush the delayed work to avoid its execution when driver resources are\nunavailable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21917",
"url": "https://www.suse.com/security/cve/CVE-2025-21917"
},
{
"category": "external",
"summary": "SUSE Bug 1240596 for CVE-2025-21917",
"url": "https://bugzilla.suse.com/1240596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21917"
},
{
"cve": "CVE-2025-21918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21918"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Fix NULL pointer access\n\nResources should be released only after all threads that utilize them\nhave been destroyed.\nThis commit ensures that resources are not released prematurely by waiting\nfor the associated workqueue to complete before deallocating them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21918",
"url": "https://www.suse.com/security/cve/CVE-2025-21918"
},
{
"category": "external",
"summary": "SUSE Bug 1240592 for CVE-2025-21918",
"url": "https://bugzilla.suse.com/1240592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21918"
},
{
"cve": "CVE-2025-21922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21922"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: Fix KMSAN uninit-value warning with bpf\n\nSyzbot caught an \"KMSAN: uninit-value\" warning [1], which is caused by the\nppp driver not initializing a 2-byte header when using socket filter.\n\nThe following code can generate a PPP filter BPF program:\n\u0027\u0027\u0027\nstruct bpf_program fp;\npcap_t *handle;\nhandle = pcap_open_dead(DLT_PPP_PPPD, 65535);\npcap_compile(handle, \u0026fp, \"ip and outbound\", 0, 0);\nbpf_dump(\u0026fp, 1);\n\u0027\u0027\u0027\nIts output is:\n\u0027\u0027\u0027\n(000) ldh [2]\n(001) jeq #0x21 jt 2 jf 5\n(002) ldb [0]\n(003) jeq #0x1 jt 4 jf 5\n(004) ret #65535\n(005) ret #0\n\u0027\u0027\u0027\nWen can find similar code at the following link:\nhttps://github.com/ppp-project/ppp/blob/master/pppd/options.c#L1680\nThe maintainer of this code repository is also the original maintainer\nof the ppp driver.\n\nAs you can see the BPF program skips 2 bytes of data and then reads the\n\u0027Protocol\u0027 field to determine if it\u0027s an IP packet. Then it read the first\nbyte of the first 2 bytes to determine the direction.\n\nThe issue is that only the first byte indicating direction is initialized\nin current ppp driver code while the second byte is not initialized.\n\nFor normal BPF programs generated by libpcap, uninitialized data won\u0027t be\nused, so it\u0027s not a problem. However, for carefully crafted BPF programs,\nsuch as those generated by syzkaller [2], which start reading from offset\n0, the uninitialized data will be used and caught by KMSAN.\n\n[1] https://syzkaller.appspot.com/bug?extid=853242d9c9917165d791\n[2] https://syzkaller.appspot.com/text?tag=ReproC\u0026x=11994913980000",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21922",
"url": "https://www.suse.com/security/cve/CVE-2025-21922"
},
{
"category": "external",
"summary": "SUSE Bug 1240639 for CVE-2025-21922",
"url": "https://bugzilla.suse.com/1240639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21922"
},
{
"cve": "CVE-2025-21923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21923"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-steam: Fix use-after-free when detaching device\n\nWhen a hid-steam device is removed it must clean up the client_hdev used for\nintercepting hidraw access. This can lead to scheduling deferred work to\nreattach the input device. Though the cleanup cancels the deferred work, this\nwas done before the client_hdev itself is cleaned up, so it gets rescheduled.\nThis patch fixes the ordering to make sure the deferred work is properly\ncanceled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21923",
"url": "https://www.suse.com/security/cve/CVE-2025-21923"
},
{
"category": "external",
"summary": "SUSE Bug 1240691 for CVE-2025-21923",
"url": "https://bugzilla.suse.com/1240691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21923"
},
{
"cve": "CVE-2025-21924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error\n\nDuring the initialization of ptp, hclge_ptp_get_cycle might return an error\nand returned directly without unregister clock and free it. To avoid that,\ncall hclge_ptp_destroy_clock to unregist and free clock if\nhclge_ptp_get_cycle failed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21924",
"url": "https://www.suse.com/security/cve/CVE-2025-21924"
},
{
"category": "external",
"summary": "SUSE Bug 1240720 for CVE-2025-21924",
"url": "https://bugzilla.suse.com/1240720"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21924"
},
{
"cve": "CVE-2025-21927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()\n\nnvme_tcp_recv_pdu() doesn\u0027t check the validity of the header length.\nWhen header digests are enabled, a target might send a packet with an\ninvalid header length (e.g. 255), causing nvme_tcp_verify_hdgst()\nto access memory outside the allocated area and cause memory corruptions\nby overwriting it with the calculated digest.\n\nFix this by rejecting packets with an unexpected header length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21927",
"url": "https://www.suse.com/security/cve/CVE-2025-21927"
},
{
"category": "external",
"summary": "SUSE Bug 1240714 for CVE-2025-21927",
"url": "https://bugzilla.suse.com/1240714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21927"
},
{
"cve": "CVE-2025-21928",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21928"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()\n\nThe system can experience a random crash a few minutes after the driver is\nremoved. This issue occurs due to improper handling of memory freeing in\nthe ishtp_hid_remove() function.\n\nThe function currently frees the `driver_data` directly within the loop\nthat destroys the HID devices, which can lead to accessing freed memory.\nSpecifically, `hid_destroy_device()` uses `driver_data` when it calls\n`hid_ishtp_set_feature()` to power off the sensor, so freeing\n`driver_data` beforehand can result in accessing invalid memory.\n\nThis patch resolves the issue by storing the `driver_data` in a temporary\nvariable before calling `hid_destroy_device()`, and then freeing the\n`driver_data` after the device is destroyed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21928",
"url": "https://www.suse.com/security/cve/CVE-2025-21928"
},
{
"category": "external",
"summary": "SUSE Bug 1240722 for CVE-2025-21928",
"url": "https://bugzilla.suse.com/1240722"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21928"
},
{
"cve": "CVE-2025-21930",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21930"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don\u0027t try to talk to a dead firmware\n\nThis fixes:\n\n bad state = 0\n WARNING: CPU: 10 PID: 702 at drivers/net/wireless/inel/iwlwifi/iwl-trans.c:178 iwl_trans_send_cmd+0xba/0xe0 [iwlwifi]\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0xca/0x1c0\n ? iwl_trans_send_cmd+0xba/0xe0 [iwlwifi 64fa9ad799a0e0d2ba53d4af93a53ad9a531f8d4]\n iwl_fw_dbg_clear_monitor_buf+0xd7/0x110 [iwlwifi 64fa9ad799a0e0d2ba53d4af93a53ad9a531f8d4]\n _iwl_dbgfs_fw_dbg_clear_write+0xe2/0x120 [iwlmvm 0e8adb18cea92d2c341766bcc10b18699290068a]\n\nAsk whether the firmware is alive before sending a command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21930",
"url": "https://www.suse.com/security/cve/CVE-2025-21930"
},
{
"category": "external",
"summary": "SUSE Bug 1240715 for CVE-2025-21930",
"url": "https://bugzilla.suse.com/1240715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21930"
},
{
"cve": "CVE-2025-21934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21934"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrapidio: fix an API misues when rio_add_net() fails\n\nrio_add_net() calls device_register() and fails when device_register()\nfails. Thus, put_device() should be used rather than kfree(). Add\n\"mport-\u003enet = NULL;\" to avoid a use after free issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21934",
"url": "https://www.suse.com/security/cve/CVE-2025-21934"
},
{
"category": "external",
"summary": "SUSE Bug 1240708 for CVE-2025-21934",
"url": "https://bugzilla.suse.com/1240708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21934"
},
{
"cve": "CVE-2025-21935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21935"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrapidio: add check for rio_add_net() in rio_scan_alloc_net()\n\nThe return value of rio_add_net() should be checked. If it fails,\nput_device() should be called to free the memory and give up the reference\ninitialized in rio_add_net().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21935",
"url": "https://www.suse.com/security/cve/CVE-2025-21935"
},
{
"category": "external",
"summary": "SUSE Bug 1240700 for CVE-2025-21935",
"url": "https://bugzilla.suse.com/1240700"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21935"
},
{
"cve": "CVE-2025-21936",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21936"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected()\n\nAdd check for the return value of mgmt_alloc_skb() in\nmgmt_device_connected() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21936",
"url": "https://www.suse.com/security/cve/CVE-2025-21936"
},
{
"category": "external",
"summary": "SUSE Bug 1240716 for CVE-2025-21936",
"url": "https://bugzilla.suse.com/1240716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21936"
},
{
"cve": "CVE-2025-21937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21937"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name()\n\nAdd check for the return value of mgmt_alloc_skb() in\nmgmt_remote_name() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21937",
"url": "https://www.suse.com/security/cve/CVE-2025-21937"
},
{
"category": "external",
"summary": "SUSE Bug 1240643 for CVE-2025-21937",
"url": "https://bugzilla.suse.com/1240643"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21937"
},
{
"cve": "CVE-2025-21941",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21941"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in resource_build_scaling_params\n\nNull pointer dereference issue could occur when pipe_ctx-\u003eplane_state\nis null. The fix adds a check to ensure \u0027pipe_ctx-\u003eplane_state\u0027 is not\nnull before accessing. This prevents a null pointer dereference.\n\nFound by code review.\n\n(cherry picked from commit 63e6a77ccf239337baa9b1e7787cde9fa0462092)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21941",
"url": "https://www.suse.com/security/cve/CVE-2025-21941"
},
{
"category": "external",
"summary": "SUSE Bug 1240701 for CVE-2025-21941",
"url": "https://bugzilla.suse.com/1240701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21941"
},
{
"cve": "CVE-2025-21943",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21943"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: aggregator: protect driver attr handlers against module unload\n\nBoth new_device_store and delete_device_store touch module global\nresources (e.g. gpio_aggregator_lock). To prevent race conditions with\nmodule unload, a reference needs to be held.\n\nAdd try_module_get() in these handlers.\n\nFor new_device_store, this eliminates what appears to be the most dangerous\nscenario: if an id is allocated from gpio_aggregator_idr but\nplatform_device_register has not yet been called or completed, a concurrent\nmodule unload could fail to unregister/delete the device, leaving behind a\ndangling platform device/GPIO forwarder. This can result in various issues.\nThe following simple reproducer demonstrates these problems:\n\n #!/bin/bash\n while :; do\n # note: whether \u0027gpiochip0 0\u0027 exists or not does not matter.\n echo \u0027gpiochip0 0\u0027 \u003e /sys/bus/platform/drivers/gpio-aggregator/new_device\n done \u0026\n while :; do\n modprobe gpio-aggregator\n modprobe -r gpio-aggregator\n done \u0026\n wait\n\n Starting with the following warning, several kinds of warnings will appear\n and the system may become unstable:\n\n ------------[ cut here ]------------\n list_del corruption, ffff888103e2e980-\u003enext is LIST_POISON1 (dead000000000100)\n WARNING: CPU: 1 PID: 1327 at lib/list_debug.c:56 __list_del_entry_valid_or_report+0xa3/0x120\n [...]\n RIP: 0010:__list_del_entry_valid_or_report+0xa3/0x120\n [...]\n Call Trace:\n \u003cTASK\u003e\n ? __list_del_entry_valid_or_report+0xa3/0x120\n ? __warn.cold+0x93/0xf2\n ? __list_del_entry_valid_or_report+0xa3/0x120\n ? report_bug+0xe6/0x170\n ? __irq_work_queue_local+0x39/0xe0\n ? handle_bug+0x58/0x90\n ? exc_invalid_op+0x13/0x60\n ? asm_exc_invalid_op+0x16/0x20\n ? __list_del_entry_valid_or_report+0xa3/0x120\n gpiod_remove_lookup_table+0x22/0x60\n new_device_store+0x315/0x350 [gpio_aggregator]\n kernfs_fop_write_iter+0x137/0x1f0\n vfs_write+0x262/0x430\n ksys_write+0x60/0xd0\n do_syscall_64+0x6c/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21943",
"url": "https://www.suse.com/security/cve/CVE-2025-21943"
},
{
"category": "external",
"summary": "SUSE Bug 1240647 for CVE-2025-21943",
"url": "https://bugzilla.suse.com/1240647"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21943"
},
{
"cve": "CVE-2025-21948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: appleir: Fix potential NULL dereference at raw event handle\n\nSyzkaller reports a NULL pointer dereference issue in input_event().\n\nBUG: KASAN: null-ptr-deref in instrument_atomic_read include/linux/instrumented.h:68 [inline]\nBUG: KASAN: null-ptr-deref in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\nBUG: KASAN: null-ptr-deref in is_event_supported drivers/input/input.c:67 [inline]\nBUG: KASAN: null-ptr-deref in input_event+0x42/0xa0 drivers/input/input.c:395\nRead of size 8 at addr 0000000000000028 by task syz-executor199/2949\n\nCPU: 0 UID: 0 PID: 2949 Comm: syz-executor199 Not tainted 6.13.0-rc4-syzkaller-00076-gf097a36ef88d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n kasan_report+0xd9/0x110 mm/kasan/report.c:602\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189\n instrument_atomic_read include/linux/instrumented.h:68 [inline]\n _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\n is_event_supported drivers/input/input.c:67 [inline]\n input_event+0x42/0xa0 drivers/input/input.c:395\n input_report_key include/linux/input.h:439 [inline]\n key_down drivers/hid/hid-appleir.c:159 [inline]\n appleir_raw_event+0x3e5/0x5e0 drivers/hid/hid-appleir.c:232\n __hid_input_report.constprop.0+0x312/0x440 drivers/hid/hid-core.c:2111\n hid_ctrl+0x49f/0x550 drivers/hid/usbhid/hid-core.c:484\n __usb_hcd_giveback_urb+0x389/0x6e0 drivers/usb/core/hcd.c:1650\n usb_hcd_giveback_urb+0x396/0x450 drivers/usb/core/hcd.c:1734\n dummy_timer+0x17f7/0x3960 drivers/usb/gadget/udc/dummy_hcd.c:1993\n __run_hrtimer kernel/time/hrtimer.c:1739 [inline]\n __hrtimer_run_queues+0x20a/0xae0 kernel/time/hrtimer.c:1803\n hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1820\n handle_softirqs+0x206/0x8d0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xfa/0x160 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1049\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702\n __mod_timer+0x8f6/0xdc0 kernel/time/timer.c:1185\n add_timer+0x62/0x90 kernel/time/timer.c:1295\n schedule_timeout+0x11f/0x280 kernel/time/sleep_timeout.c:98\n usbhid_wait_io+0x1c7/0x380 drivers/hid/usbhid/hid-core.c:645\n usbhid_init_reports+0x19f/0x390 drivers/hid/usbhid/hid-core.c:784\n hiddev_ioctl+0x1133/0x15b0 drivers/hid/usbhid/hiddev.c:794\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl fs/ioctl.c:892 [inline]\n __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nThis happens due to the malformed report items sent by the emulated device\nwhich results in a report, that has no fields, being added to the report list.\nDue to this appleir_input_configured() is never called, hidinput_connect()\nfails which results in the HID_CLAIMED_INPUT flag is not being set. However,\nit does not make appleir_probe() fail and lets the event callback to be\ncalled without the associated input device.\n\nThus, add a check for the HID_CLAIMED_INPUT flag and leave the event hook\nearly if the driver didn\u0027t claim any input_dev for some reason. Moreover,\nsome other hid drivers accessing input_dev in their event callbacks do have\nsimilar checks, too.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21948",
"url": "https://www.suse.com/security/cve/CVE-2025-21948"
},
{
"category": "external",
"summary": "SUSE Bug 1240703 for CVE-2025-21948",
"url": "https://bugzilla.suse.com/1240703"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21948"
},
{
"cve": "CVE-2025-21950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21950"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl\n\nIn the \"pmcmd_ioctl\" function, three memory objects allocated by\nkmalloc are initialized by \"hcall_get_cpu_state\", which are then\ncopied to user space. The initializer is indeed implemented in\n\"acrn_hypercall2\" (arch/x86/include/asm/acrn.h). There is a risk of\ninformation leakage due to uninitialized bytes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21950",
"url": "https://www.suse.com/security/cve/CVE-2025-21950"
},
{
"category": "external",
"summary": "SUSE Bug 1240719 for CVE-2025-21950",
"url": "https://bugzilla.suse.com/1240719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21950"
},
{
"cve": "CVE-2025-21951",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21951"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock\n\nThere are multiple places from where the recovery work gets scheduled\nasynchronously. Also, there are multiple places where the caller waits\nsynchronously for the recovery to be completed. One such place is during\nthe PM shutdown() callback.\n\nIf the device is not alive during recovery_work, it will try to reset the\ndevice using pci_reset_function(). This function internally will take the\ndevice_lock() first before resetting the device. By this time, if the lock\nhas already been acquired, then recovery_work will get stalled while\nwaiting for the lock. And if the lock was already acquired by the caller\nwhich waits for the recovery_work to be completed, it will lead to\ndeadlock.\n\nThis is what happened on the X1E80100 CRD device when the device died\nbefore shutdown() callback. Driver core calls the driver\u0027s shutdown()\ncallback while holding the device_lock() leading to deadlock.\n\nAnd this deadlock scenario can occur on other paths as well, like during\nthe PM suspend() callback, where the driver core would hold the\ndevice_lock() before calling driver\u0027s suspend() callback. And if the\nrecovery_work was already started, it could lead to deadlock. This is also\nobserved on the X1E80100 CRD.\n\nSo to fix both issues, use pci_try_reset_function() in recovery_work. This\nfunction first checks for the availability of the device_lock() before\ntrying to reset the device. If the lock is available, it will acquire it\nand reset the device. Otherwise, it will return -EAGAIN. If that happens,\nrecovery_work will fail with the error message \"Recovery failed\" as not\nmuch could be done.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21951",
"url": "https://www.suse.com/security/cve/CVE-2025-21951"
},
{
"category": "external",
"summary": "SUSE Bug 1240718 for CVE-2025-21951",
"url": "https://bugzilla.suse.com/1240718"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21951"
},
{
"cve": "CVE-2025-21953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21953"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: cleanup mana struct after debugfs_remove()\n\nWhen on a MANA VM hibernation is triggered, as part of hibernate_snapshot(),\nmana_gd_suspend() and mana_gd_resume() are called. If during this\nmana_gd_resume(), a failure occurs with HWC creation, mana_port_debugfs\npointer does not get reinitialized and ends up pointing to older,\ncleaned-up dentry.\nFurther in the hibernation path, as part of power_down(), mana_gd_shutdown()\nis triggered. This call, unaware of the failures in resume, tries to cleanup\nthe already cleaned up mana_port_debugfs value and hits the following bug:\n\n[ 191.359296] mana 7870:00:00.0: Shutdown was called\n[ 191.359918] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[ 191.360584] #PF: supervisor write access in kernel mode\n[ 191.361125] #PF: error_code(0x0002) - not-present page\n[ 191.361727] PGD 1080ea067 P4D 0\n[ 191.362172] Oops: Oops: 0002 [#1] SMP NOPTI\n[ 191.362606] CPU: 11 UID: 0 PID: 1674 Comm: bash Not tainted 6.14.0-rc5+ #2\n[ 191.363292] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024\n[ 191.364124] RIP: 0010:down_write+0x19/0x50\n[ 191.364537] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 53 48 89 fb e8 de cd ff ff 31 c0 ba 01 00 00 00 \u003cf0\u003e 48 0f b1 13 75 16 65 48 8b 05 88 24 4c 6a 48 89 43 08 48 8b 5d\n[ 191.365867] RSP: 0000:ff45fbe0c1c037b8 EFLAGS: 00010246\n[ 191.366350] RAX: 0000000000000000 RBX: 0000000000000098 RCX: ffffff8100000000\n[ 191.366951] RDX: 0000000000000001 RSI: 0000000000000064 RDI: 0000000000000098\n[ 191.367600] RBP: ff45fbe0c1c037c0 R08: 0000000000000000 R09: 0000000000000001\n[ 191.368225] R10: ff45fbe0d2b01000 R11: 0000000000000008 R12: 0000000000000000\n[ 191.368874] R13: 000000000000000b R14: ff43dc27509d67c0 R15: 0000000000000020\n[ 191.369549] FS: 00007dbc5001e740(0000) GS:ff43dc663f380000(0000) knlGS:0000000000000000\n[ 191.370213] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 191.370830] CR2: 0000000000000098 CR3: 0000000168e8e002 CR4: 0000000000b73ef0\n[ 191.371557] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 191.372192] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n[ 191.372906] Call Trace:\n[ 191.373262] \u003cTASK\u003e\n[ 191.373621] ? show_regs+0x64/0x70\n[ 191.374040] ? __die+0x24/0x70\n[ 191.374468] ? page_fault_oops+0x290/0x5b0\n[ 191.374875] ? do_user_addr_fault+0x448/0x800\n[ 191.375357] ? exc_page_fault+0x7a/0x160\n[ 191.375971] ? asm_exc_page_fault+0x27/0x30\n[ 191.376416] ? down_write+0x19/0x50\n[ 191.376832] ? down_write+0x12/0x50\n[ 191.377232] simple_recursive_removal+0x4a/0x2a0\n[ 191.377679] ? __pfx_remove_one+0x10/0x10\n[ 191.378088] debugfs_remove+0x44/0x70\n[ 191.378530] mana_detach+0x17c/0x4f0\n[ 191.378950] ? __flush_work+0x1e2/0x3b0\n[ 191.379362] ? __cond_resched+0x1a/0x50\n[ 191.379787] mana_remove+0xf2/0x1a0\n[ 191.380193] mana_gd_shutdown+0x3b/0x70\n[ 191.380642] pci_device_shutdown+0x3a/0x80\n[ 191.381063] device_shutdown+0x13e/0x230\n[ 191.381480] kernel_power_off+0x35/0x80\n[ 191.381890] hibernate+0x3c6/0x470\n[ 191.382312] state_store+0xcb/0xd0\n[ 191.382734] kobj_attr_store+0x12/0x30\n[ 191.383211] sysfs_kf_write+0x3e/0x50\n[ 191.383640] kernfs_fop_write_iter+0x140/0x1d0\n[ 191.384106] vfs_write+0x271/0x440\n[ 191.384521] ksys_write+0x72/0xf0\n[ 191.384924] __x64_sys_write+0x19/0x20\n[ 191.385313] x64_sys_call+0x2b0/0x20b0\n[ 191.385736] do_syscall_64+0x79/0x150\n[ 191.386146] ? __mod_memcg_lruvec_state+0xe7/0x240\n[ 191.386676] ? __lruvec_stat_mod_folio+0x79/0xb0\n[ 191.387124] ? __pfx_lru_add+0x10/0x10\n[ 191.387515] ? queued_spin_unlock+0x9/0x10\n[ 191.387937] ? do_anonymous_page+0x33c/0xa00\n[ 191.388374] ? __handle_mm_fault+0xcf3/0x1210\n[ 191.388805] ? __count_memcg_events+0xbe/0x180\n[ 191.389235] ? handle_mm_fault+0xae/0x300\n[ 19\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21953",
"url": "https://www.suse.com/security/cve/CVE-2025-21953"
},
{
"category": "external",
"summary": "SUSE Bug 1240727 for CVE-2025-21953",
"url": "https://bugzilla.suse.com/1240727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21953"
},
{
"cve": "CVE-2025-21956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21956"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Assign normalized_pix_clk when color depth = 14\n\n[WHY \u0026 HOW]\nA warning message \"WARNING: CPU: 4 PID: 459 at ... /dc_resource.c:3397\ncalculate_phy_pix_clks+0xef/0x100 [amdgpu]\" occurs because the\ndisplay_color_depth == COLOR_DEPTH_141414 is not handled. This is\nobserved in Radeon RX 6600 XT.\n\nIt is fixed by assigning pix_clk * (14 * 3) / 24 - same as the rests.\n\nAlso fixes the indentation in get_norm_pix_clk.\n\n(cherry picked from commit 274a87eb389f58eddcbc5659ab0b180b37e92775)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21956",
"url": "https://www.suse.com/security/cve/CVE-2025-21956"
},
{
"category": "external",
"summary": "SUSE Bug 1240739 for CVE-2025-21956",
"url": "https://bugzilla.suse.com/1240739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21956"
},
{
"cve": "CVE-2025-21957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21957"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla1280: Fix kernel oops when debug level \u003e 2\n\nA null dereference or oops exception will eventually occur when qla1280.c\ndriver is compiled with DEBUG_QLA1280 enabled and ql_debug_level \u003e 2. I\nthink its clear from the code that the intention here is sg_dma_len(s) not\nlength of sg_next(s) when printing the debug info.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21957",
"url": "https://www.suse.com/security/cve/CVE-2025-21957"
},
{
"category": "external",
"summary": "SUSE Bug 1240742 for CVE-2025-21957",
"url": "https://bugzilla.suse.com/1240742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21957"
},
{
"cve": "CVE-2025-21960",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21960"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neth: bnxt: do not update checksum in bnxt_xdp_build_skb()\n\nThe bnxt_rx_pkt() updates ip_summed value at the end if checksum offload\nis enabled.\nWhen the XDP-MB program is attached and it returns XDP_PASS, the\nbnxt_xdp_build_skb() is called to update skb_shared_info.\nThe main purpose of bnxt_xdp_build_skb() is to update skb_shared_info,\nbut it updates ip_summed value too if checksum offload is enabled.\nThis is actually duplicate work.\n\nWhen the bnxt_rx_pkt() updates ip_summed value, it checks if ip_summed\nis CHECKSUM_NONE or not.\nIt means that ip_summed should be CHECKSUM_NONE at this moment.\nBut ip_summed may already be updated to CHECKSUM_UNNECESSARY in the\nXDP-MB-PASS path.\nSo the by skb_checksum_none_assert() WARNS about it.\n\nThis is duplicate work and updating ip_summed in the\nbnxt_xdp_build_skb() is not needed.\n\nSplat looks like:\nWARNING: CPU: 3 PID: 5782 at ./include/linux/skbuff.h:5155 bnxt_rx_pkt+0x479b/0x7610 [bnxt_en]\nModules linked in: bnxt_re bnxt_en rdma_ucm rdma_cm iw_cm ib_cm ib_uverbs veth xt_nat xt_tcpudp xt_conntrack nft_chain_nat xt_MASQUERADE nf_]\nCPU: 3 UID: 0 PID: 5782 Comm: socat Tainted: G W 6.14.0-rc4+ #27\nTainted: [W]=WARN\nHardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021\nRIP: 0010:bnxt_rx_pkt+0x479b/0x7610 [bnxt_en]\nCode: 54 24 0c 4c 89 f1 4c 89 ff c1 ea 1f ff d3 0f 1f 00 49 89 c6 48 85 c0 0f 84 4c e5 ff ff 48 89 c7 e8 ca 3d a0 c8 e9 8f f4 ff ff \u003c0f\u003e 0b f\nRSP: 0018:ffff88881ba09928 EFLAGS: 00010202\nRAX: 0000000000000000 RBX: 00000000c7590303 RCX: 0000000000000000\nRDX: 1ffff1104e7d1610 RSI: 0000000000000001 RDI: ffff8881c91300b8\nRBP: ffff88881ba09b28 R08: ffff888273e8b0d0 R09: ffff888273e8b070\nR10: ffff888273e8b010 R11: ffff888278b0f000 R12: ffff888273e8b080\nR13: ffff8881c9130e00 R14: ffff8881505d3800 R15: ffff888273e8b000\nFS: 00007f5a2e7be080(0000) GS:ffff88881ba00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fff2e708ff8 CR3: 000000013e3b0000 CR4: 00000000007506f0\nPKRU: 55555554\nCall Trace:\n \u003cIRQ\u003e\n ? __warn+0xcd/0x2f0\n ? bnxt_rx_pkt+0x479b/0x7610\n ? report_bug+0x326/0x3c0\n ? handle_bug+0x53/0xa0\n ? exc_invalid_op+0x14/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? bnxt_rx_pkt+0x479b/0x7610\n ? bnxt_rx_pkt+0x3e41/0x7610\n ? __pfx_bnxt_rx_pkt+0x10/0x10\n ? napi_complete_done+0x2cf/0x7d0\n __bnxt_poll_work+0x4e8/0x1220\n ? __pfx___bnxt_poll_work+0x10/0x10\n ? __pfx_mark_lock.part.0+0x10/0x10\n bnxt_poll_p5+0x36a/0xfa0\n ? __pfx_bnxt_poll_p5+0x10/0x10\n __napi_poll.constprop.0+0xa0/0x440\n net_rx_action+0x899/0xd00\n...\n\nFollowing ping.py patch adds xdp-mb-pass case. so ping.py is going\nto be able to reproduce this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21960",
"url": "https://www.suse.com/security/cve/CVE-2025-21960"
},
{
"category": "external",
"summary": "SUSE Bug 1240815 for CVE-2025-21960",
"url": "https://bugzilla.suse.com/1240815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21960"
},
{
"cve": "CVE-2025-21961",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21961"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neth: bnxt: fix truesize for mb-xdp-pass case\n\nWhen mb-xdp is set and return is XDP_PASS, packet is converted from\nxdp_buff to sk_buff with xdp_update_skb_shared_info() in\nbnxt_xdp_build_skb().\nbnxt_xdp_build_skb() passes incorrect truesize argument to\nxdp_update_skb_shared_info().\nThe truesize is calculated as BNXT_RX_PAGE_SIZE * sinfo-\u003enr_frags but\nthe skb_shared_info was wiped by napi_build_skb() before.\nSo it stores sinfo-\u003enr_frags before bnxt_xdp_build_skb() and use it\ninstead of getting skb_shared_info from xdp_get_shared_info_from_buff().\n\nSplat looks like:\n ------------[ cut here ]------------\n WARNING: CPU: 2 PID: 0 at net/core/skbuff.c:6072 skb_try_coalesce+0x504/0x590\n Modules linked in: xt_nat xt_tcpudp veth af_packet xt_conntrack nft_chain_nat xt_MASQUERADE nf_conntrack_netlink xfrm_user xt_addrtype nft_coms\n CPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.14.0-rc2+ #3\n RIP: 0010:skb_try_coalesce+0x504/0x590\n Code: 4b fd ff ff 49 8b 34 24 40 80 e6 40 0f 84 3d fd ff ff 49 8b 74 24 48 40 f6 c6 01 0f 84 2e fd ff ff 48 8d 4e ff e9 25 fd ff ff \u003c0f\u003e 0b e99\n RSP: 0018:ffffb62c4120caa8 EFLAGS: 00010287\n RAX: 0000000000000003 RBX: ffffb62c4120cb14 RCX: 0000000000000ec0\n RDX: 0000000000001000 RSI: ffffa06e5d7dc000 RDI: 0000000000000003\n RBP: ffffa06e5d7ddec0 R08: ffffa06e6120a800 R09: ffffa06e7a119900\n R10: 0000000000002310 R11: ffffa06e5d7dcec0 R12: ffffe4360575f740\n R13: ffffe43600000000 R14: 0000000000000002 R15: 0000000000000002\n FS: 0000000000000000(0000) GS:ffffa0755f700000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f147b76b0f8 CR3: 00000001615d4000 CR4: 00000000007506f0\n PKRU: 55555554\n Call Trace:\n \u003cIRQ\u003e\n ? __warn+0x84/0x130\n ? skb_try_coalesce+0x504/0x590\n ? report_bug+0x18a/0x1a0\n ? handle_bug+0x53/0x90\n ? exc_invalid_op+0x14/0x70\n ? asm_exc_invalid_op+0x16/0x20\n ? skb_try_coalesce+0x504/0x590\n inet_frag_reasm_finish+0x11f/0x2e0\n ip_defrag+0x37a/0x900\n ip_local_deliver+0x51/0x120\n ip_sublist_rcv_finish+0x64/0x70\n ip_sublist_rcv+0x179/0x210\n ip_list_rcv+0xf9/0x130\n\nHow to reproduce:\n\u003cNode A\u003e\nip link set $interface1 xdp obj xdp_pass.o\nip link set $interface1 mtu 9000 up\nip a a 10.0.0.1/24 dev $interface1\n\u003cNode B\u003e\nip link set $interfac2 mtu 9000 up\nip a a 10.0.0.2/24 dev $interface2\nping 10.0.0.1 -s 65000\n\nFollowing ping.py patch adds xdp-mb-pass case. so ping.py is going to be\nable to reproduce this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21961",
"url": "https://www.suse.com/security/cve/CVE-2025-21961"
},
{
"category": "external",
"summary": "SUSE Bug 1240816 for CVE-2025-21961",
"url": "https://bugzilla.suse.com/1240816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21961"
},
{
"cve": "CVE-2025-21966",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21966"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-flakey: Fix memory corruption in optional corrupt_bio_byte feature\n\nFix memory corruption due to incorrect parameter being passed to bio_init",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21966",
"url": "https://www.suse.com/security/cve/CVE-2025-21966"
},
{
"category": "external",
"summary": "SUSE Bug 1240779 for CVE-2025-21966",
"url": "https://bugzilla.suse.com/1240779"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21966"
},
{
"cve": "CVE-2025-21968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21968"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix slab-use-after-free on hdcp_work\n\n[Why]\nA slab-use-after-free is reported when HDCP is destroyed but the\nproperty_validate_dwork queue is still running.\n\n[How]\nCancel the delayed work when destroying workqueue.\n\n(cherry picked from commit 725a04ba5a95e89c89633d4322430cfbca7ce128)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21968",
"url": "https://www.suse.com/security/cve/CVE-2025-21968"
},
{
"category": "external",
"summary": "SUSE Bug 1240783 for CVE-2025-21968",
"url": "https://bugzilla.suse.com/1240783"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21968"
},
{
"cve": "CVE-2025-21969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21969"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd\n\nAfter the hci sync command releases l2cap_conn, the hci receive data work\nqueue references the released l2cap_conn when sending to the upper layer.\nAdd hci dev lock to the hci receive data work queue to synchronize the two.\n\n[1]\nBUG: KASAN: slab-use-after-free in l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954\nRead of size 8 at addr ffff8880271a4000 by task kworker/u9:2/5837\n\nCPU: 0 UID: 0 PID: 5837 Comm: kworker/u9:2 Not tainted 6.13.0-rc5-syzkaller-00163-gab75170520d4 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: hci1 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n l2cap_build_cmd net/bluetooth/l2cap_core.c:2964 [inline]\n l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954\n l2cap_sig_send_rej net/bluetooth/l2cap_core.c:5502 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5538 [inline]\n l2cap_recv_frame+0x221f/0x10db0 net/bluetooth/l2cap_core.c:6817\n hci_acldata_packet net/bluetooth/hci_core.c:3797 [inline]\n hci_rx_work+0x508/0xdb0 net/bluetooth/hci_core.c:4040\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nAllocated by task 5837:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n l2cap_conn_add+0xa9/0x8e0 net/bluetooth/l2cap_core.c:6860\n l2cap_connect_cfm+0x115/0x1090 net/bluetooth/l2cap_core.c:7239\n hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline]\n hci_remote_features_evt+0x68e/0xac0 net/bluetooth/hci_event.c:3726\n hci_event_func net/bluetooth/hci_event.c:7473 [inline]\n hci_event_packet+0xac2/0x1540 net/bluetooth/hci_event.c:7525\n hci_rx_work+0x3f3/0xdb0 net/bluetooth/hci_core.c:4035\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nFreed by task 54:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2353 [inline]\n slab_free mm/slub.c:4613 [inline]\n kfree+0x196/0x430 mm/slub.c:4761\n l2cap_connect_cfm+0xcc/0x1090 net/bluetooth/l2cap_core.c:7235\n hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline]\n hci_conn_failed+0x287/0x400 net/bluetooth/hci_conn.c:1266\n hci_abort_conn_sync+0x56c/0x11f0 net/bluetooth/hci_sync.c:5603\n hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entr\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21969",
"url": "https://www.suse.com/security/cve/CVE-2025-21969"
},
{
"category": "external",
"summary": "SUSE Bug 1240784 for CVE-2025-21969",
"url": "https://bugzilla.suse.com/1240784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21969"
},
{
"cve": "CVE-2025-21970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21970"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Bridge, fix the crash caused by LAG state check\n\nWhen removing LAG device from bridge, NETDEV_CHANGEUPPER event is\ntriggered. Driver finds the lower devices (PFs) to flush all the\noffloaded entries. And mlx5_lag_is_shared_fdb is checked, it returns\nfalse if one of PF is unloaded. In such case,\nmlx5_esw_bridge_lag_rep_get() and its caller return NULL, instead of\nthe alive PF, and the flush is skipped.\n\nBesides, the bridge fdb entry\u0027s lastuse is updated in mlx5 bridge\nevent handler. But this SWITCHDEV_FDB_ADD_TO_BRIDGE event can be\nignored in this case because the upper interface for bond is deleted,\nand the entry will never be aged because lastuse is never updated.\n\nTo make things worse, as the entry is alive, mlx5 bridge workqueue\nkeeps sending that event, which is then handled by kernel bridge\nnotifier. It causes the following crash when accessing the passed bond\nnetdev which is already destroyed.\n\nTo fix this issue, remove such checks. LAG state is already checked in\ncommit 15f8f168952f (\"net/mlx5: Bridge, verify LAG state when adding\nbond to bridge\"), driver still need to skip offload if LAG becomes\ninvalid state after initialization.\n\n Oops: stack segment: 0000 [#1] SMP\n CPU: 3 UID: 0 PID: 23695 Comm: kworker/u40:3 Tainted: G OE 6.11.0_mlnx #1\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: mlx5_bridge_wq mlx5_esw_bridge_update_work [mlx5_core]\n RIP: 0010:br_switchdev_event+0x2c/0x110 [bridge]\n Code: 44 00 00 48 8b 02 48 f7 00 00 02 00 00 74 69 41 54 55 53 48 83 ec 08 48 8b a8 08 01 00 00 48 85 ed 74 4a 48 83 fe 02 48 89 d3 \u003c4c\u003e 8b 65 00 74 23 76 49 48 83 fe 05 74 7e 48 83 fe 06 75 2f 0f b7\n RSP: 0018:ffffc900092cfda0 EFLAGS: 00010297\n RAX: ffff888123bfe000 RBX: ffffc900092cfe08 RCX: 00000000ffffffff\n RDX: ffffc900092cfe08 RSI: 0000000000000001 RDI: ffffffffa0c585f0\n RBP: 6669746f6e690a30 R08: 0000000000000000 R09: ffff888123ae92c8\n R10: 0000000000000000 R11: fefefefefefefeff R12: ffff888123ae9c60\n R13: 0000000000000001 R14: ffffc900092cfe08 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff88852c980000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f15914c8734 CR3: 0000000002830005 CR4: 0000000000770ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die_body+0x1a/0x60\n ? die+0x38/0x60\n ? do_trap+0x10b/0x120\n ? do_error_trap+0x64/0xa0\n ? exc_stack_segment+0x33/0x50\n ? asm_exc_stack_segment+0x22/0x30\n ? br_switchdev_event+0x2c/0x110 [bridge]\n ? sched_balance_newidle.isra.149+0x248/0x390\n notifier_call_chain+0x4b/0xa0\n atomic_notifier_call_chain+0x16/0x20\n mlx5_esw_bridge_update+0xec/0x170 [mlx5_core]\n mlx5_esw_bridge_update_work+0x19/0x40 [mlx5_core]\n process_scheduled_works+0x81/0x390\n worker_thread+0x106/0x250\n ? bh_worker+0x110/0x110\n kthread+0xb7/0xe0\n ? kthread_park+0x80/0x80\n ret_from_fork+0x2d/0x50\n ? kthread_park+0x80/0x80\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21970",
"url": "https://www.suse.com/security/cve/CVE-2025-21970"
},
{
"category": "external",
"summary": "SUSE Bug 1240819 for CVE-2025-21970",
"url": "https://bugzilla.suse.com/1240819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21970"
},
{
"cve": "CVE-2025-21971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21971"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: Prevent creation of classes with TC_H_ROOT\n\nThe function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination\ncondition when traversing up the qdisc tree to update parent backlog\ncounters. However, if a class is created with classid TC_H_ROOT, the\ntraversal terminates prematurely at this class instead of reaching the\nactual root qdisc, causing parent statistics to be incorrectly maintained.\nIn case of DRR, this could lead to a crash as reported by Mingi Cho.\n\nPrevent the creation of any Qdisc class with classid TC_H_ROOT\n(0xFFFFFFFF) across all qdisc types, as suggested by Jamal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21971",
"url": "https://www.suse.com/security/cve/CVE-2025-21971"
},
{
"category": "external",
"summary": "SUSE Bug 1240799 for CVE-2025-21971",
"url": "https://bugzilla.suse.com/1240799"
},
{
"category": "external",
"summary": "SUSE Bug 1245794 for CVE-2025-21971",
"url": "https://bugzilla.suse.com/1245794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21971"
},
{
"cve": "CVE-2025-21972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21972"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: unshare packets when reassembling\n\nEnsure that the frag_list used for reassembly isn\u0027t shared with other\npackets. This avoids incorrect reassembly when packets are cloned, and\nprevents a memory leak due to circular references between fragments and\ntheir skb_shared_info.\n\nThe upcoming MCTP-over-USB driver uses skb_clone which can trigger the\nproblem - other MCTP drivers don\u0027t share SKBs.\n\nA kunit test is added to reproduce the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21972",
"url": "https://www.suse.com/security/cve/CVE-2025-21972"
},
{
"category": "external",
"summary": "SUSE Bug 1240813 for CVE-2025-21972",
"url": "https://bugzilla.suse.com/1240813"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21972"
},
{
"cve": "CVE-2025-21975",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21975"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: handle errors in mlx5_chains_create_table()\n\nIn mlx5_chains_create_table(), the return value of mlx5_get_fdb_sub_ns()\nand mlx5_get_flow_namespace() must be checked to prevent NULL pointer\ndereferences. If either function fails, the function should log error\nmessage with mlx5_core_warn() and return error pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21975",
"url": "https://www.suse.com/security/cve/CVE-2025-21975"
},
{
"category": "external",
"summary": "SUSE Bug 1240812 for CVE-2025-21975",
"url": "https://bugzilla.suse.com/1240812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21975"
},
{
"cve": "CVE-2025-21978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/hyperv: Fix address space leak when Hyper-V DRM device is removed\n\nWhen a Hyper-V DRM device is probed, the driver allocates MMIO space for\nthe vram, and maps it cacheable. If the device removed, or in the error\npath for device probing, the MMIO space is released but no unmap is done.\nConsequently the kernel address space for the mapping is leaked.\n\nFix this by adding iounmap() calls in the device removal path, and in the\nerror path during device probing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21978",
"url": "https://www.suse.com/security/cve/CVE-2025-21978"
},
{
"category": "external",
"summary": "SUSE Bug 1240806 for CVE-2025-21978",
"url": "https://bugzilla.suse.com/1240806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21978"
},
{
"cve": "CVE-2025-21979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21979"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: cancel wiphy_work before freeing wiphy\n\nA wiphy_work can be queued from the moment the wiphy is allocated and\ninitialized (i.e. wiphy_new_nm). When a wiphy_work is queued, the\nrdev::wiphy_work is getting queued.\n\nIf wiphy_free is called before the rdev::wiphy_work had a chance to run,\nthe wiphy memory will be freed, and then when it eventally gets to run\nit\u0027ll use invalid memory.\n\nFix this by canceling the work before freeing the wiphy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21979",
"url": "https://www.suse.com/security/cve/CVE-2025-21979"
},
{
"category": "external",
"summary": "SUSE Bug 1240808 for CVE-2025-21979",
"url": "https://bugzilla.suse.com/1240808"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21979"
},
{
"cve": "CVE-2025-21981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix memory leak in aRFS after reset\n\nFix aRFS (accelerated Receive Flow Steering) structures memory leak by\nadding a checker to verify if aRFS memory is already allocated while\nconfiguring VSI. aRFS objects are allocated in two cases:\n- as part of VSI initialization (at probe), and\n- as part of reset handling\n\nHowever, VSI reconfiguration executed during reset involves memory\nallocation one more time, without prior releasing already allocated\nresources. This led to the memory leak with the following signature:\n\n[root@os-delivery ~]# cat /sys/kernel/debug/kmemleak\nunreferenced object 0xff3c1ca7252e6000 (size 8192):\n comm \"kworker/0:0\", pid 8, jiffies 4296833052\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 0):\n [\u003cffffffff991ec485\u003e] __kmalloc_cache_noprof+0x275/0x340\n [\u003cffffffffc0a6e06a\u003e] ice_init_arfs+0x3a/0xe0 [ice]\n [\u003cffffffffc09f1027\u003e] ice_vsi_cfg_def+0x607/0x850 [ice]\n [\u003cffffffffc09f244b\u003e] ice_vsi_setup+0x5b/0x130 [ice]\n [\u003cffffffffc09c2131\u003e] ice_init+0x1c1/0x460 [ice]\n [\u003cffffffffc09c64af\u003e] ice_probe+0x2af/0x520 [ice]\n [\u003cffffffff994fbcd3\u003e] local_pci_probe+0x43/0xa0\n [\u003cffffffff98f07103\u003e] work_for_cpu_fn+0x13/0x20\n [\u003cffffffff98f0b6d9\u003e] process_one_work+0x179/0x390\n [\u003cffffffff98f0c1e9\u003e] worker_thread+0x239/0x340\n [\u003cffffffff98f14abc\u003e] kthread+0xcc/0x100\n [\u003cffffffff98e45a6d\u003e] ret_from_fork+0x2d/0x50\n [\u003cffffffff98e083ba\u003e] ret_from_fork_asm+0x1a/0x30\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21981",
"url": "https://www.suse.com/security/cve/CVE-2025-21981"
},
{
"category": "external",
"summary": "SUSE Bug 1240612 for CVE-2025-21981",
"url": "https://bugzilla.suse.com/1240612"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21981"
},
{
"cve": "CVE-2025-21991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21991"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes\n\nCurrently, load_microcode_amd() iterates over all NUMA nodes, retrieves their\nCPU masks and unconditionally accesses per-CPU data for the first CPU of each\nmask.\n\nAccording to Documentation/admin-guide/mm/numaperf.rst:\n\n \"Some memory may share the same node as a CPU, and others are provided as\n memory only nodes.\"\n\nTherefore, some node CPU masks may be empty and wouldn\u0027t have a \"first CPU\".\n\nOn a machine with far memory (and therefore CPU-less NUMA nodes):\n- cpumask_of_node(nid) is 0\n- cpumask_first(0) is CONFIG_NR_CPUS\n- cpu_data(CONFIG_NR_CPUS) accesses the cpu_info per-CPU array at an\n index that is 1 out of bounds\n\nThis does not have any security implications since flashing microcode is\na privileged operation but I believe this has reliability implications by\npotentially corrupting memory while flashing a microcode update.\n\nWhen booting with CONFIG_UBSAN_BOUNDS=y on an AMD machine that flashes\na microcode update. I get the following splat:\n\n UBSAN: array-index-out-of-bounds in arch/x86/kernel/cpu/microcode/amd.c:X:Y\n index 512 is out of range for type \u0027unsigned long[512]\u0027\n [...]\n Call Trace:\n dump_stack\n __ubsan_handle_out_of_bounds\n load_microcode_amd\n request_microcode_amd\n reload_store\n kernfs_fop_write_iter\n vfs_write\n ksys_write\n do_syscall_64\n entry_SYSCALL_64_after_hwframe\n\nChange the loop to go over only NUMA nodes which have CPUs before determining\nwhether the first CPU on the respective node needs microcode update.\n\n [ bp: Massage commit message, fix typo. ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21991",
"url": "https://www.suse.com/security/cve/CVE-2025-21991"
},
{
"category": "external",
"summary": "SUSE Bug 1240795 for CVE-2025-21991",
"url": "https://bugzilla.suse.com/1240795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21991"
},
{
"cve": "CVE-2025-21992",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21992"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: ignore non-functional sensor in HP 5MP Camera\n\nThe HP 5MP Camera (USB ID 0408:5473) reports a HID sensor interface that\nis not actually implemented. Attempting to access this non-functional\nsensor via iio_info causes system hangs as runtime PM tries to wake up\nan unresponsive sensor.\n\n [453] hid-sensor-hub 0003:0408:5473.0003: Report latency attributes: ffffffff:ffffffff\n [453] hid-sensor-hub 0003:0408:5473.0003: common attributes: 5:1, 2:1, 3:1 ffffffff:ffffffff\n\nAdd this device to the HID ignore list since the sensor interface is\nnon-functional by design and should not be exposed to userspace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21992",
"url": "https://www.suse.com/security/cve/CVE-2025-21992"
},
{
"category": "external",
"summary": "SUSE Bug 1240796 for CVE-2025-21992",
"url": "https://bugzilla.suse.com/1240796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21992"
},
{
"cve": "CVE-2025-21993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()\n\nWhen performing an iSCSI boot using IPv6, iscsistart still reads the\n/sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 prefix\nlength is 64, this causes the shift exponent to become negative,\ntriggering a UBSAN warning. As the concept of a subnet mask does not\napply to IPv6, the value is set to ~0 to suppress the warning message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21993",
"url": "https://www.suse.com/security/cve/CVE-2025-21993"
},
{
"category": "external",
"summary": "SUSE Bug 1240797 for CVE-2025-21993",
"url": "https://bugzilla.suse.com/1240797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21993"
},
{
"cve": "CVE-2025-21995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21995"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sched: Fix fence reference count leak\n\nThe last_scheduled fence leaks when an entity is being killed and adding\nthe cleanup callback fails.\n\nDecrement the reference count of prev when dma_fence_add_callback()\nfails, ensuring proper balance.\n\n[phasta: add git tag info for stable kernel]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21995",
"url": "https://www.suse.com/security/cve/CVE-2025-21995"
},
{
"category": "external",
"summary": "SUSE Bug 1240821 for CVE-2025-21995",
"url": "https://bugzilla.suse.com/1240821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21995"
},
{
"cve": "CVE-2025-21996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()\n\nOn the off chance that command stream passed from userspace via\nioctl() call to radeon_vce_cs_parse() is weirdly crafted and\nfirst command to execute is to encode (case 0x03000001), the function\nin question will attempt to call radeon_vce_cs_reloc() with size\nargument that has not been properly initialized. Specifically, \u0027size\u0027\nwill point to \u0027tmp\u0027 variable before the latter had a chance to be\nassigned any value.\n\nPlay it safe and init \u0027tmp\u0027 with 0, thus ensuring that\nradeon_vce_cs_reloc() will catch an early error in cases like these.\n\nFound by Linux Verification Center (linuxtesting.org) with static\nanalysis tool SVACE.\n\n(cherry picked from commit 2d52de55f9ee7aaee0e09ac443f77855989c6b68)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21996",
"url": "https://www.suse.com/security/cve/CVE-2025-21996"
},
{
"category": "external",
"summary": "SUSE Bug 1240801 for CVE-2025-21996",
"url": "https://bugzilla.suse.com/1240801"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21996"
},
{
"cve": "CVE-2025-22001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22001"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/qaic: Fix integer overflow in qaic_validate_req()\n\nThese are u64 variables that come from the user via\nqaic_attach_slice_bo_ioctl(). Use check_add_overflow() to ensure that\nthe math doesn\u0027t have an integer wrapping bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22001",
"url": "https://www.suse.com/security/cve/CVE-2025-22001"
},
{
"category": "external",
"summary": "SUSE Bug 1240873 for CVE-2025-22001",
"url": "https://bugzilla.suse.com/1240873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22001"
},
{
"cve": "CVE-2025-22003",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22003"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: ucan: fix out of bound read in strscpy() source\n\nCommit 7fdaf8966aae (\"can: ucan: use strscpy() to instead of strncpy()\")\nunintentionally introduced a one byte out of bound read on strscpy()\u0027s\nsource argument (which is kind of ironic knowing that strscpy() is meant\nto be a more secure alternative :)).\n\nLet\u0027s consider below buffers:\n\n dest[len + 1]; /* will be NUL terminated */\n src[len]; /* may not be NUL terminated */\n\nWhen doing:\n\n strncpy(dest, src, len);\n dest[len] = \u0027\\0\u0027;\n\nstrncpy() will read up to len bytes from src.\n\nOn the other hand:\n\n strscpy(dest, src, len + 1);\n\nwill read up to len + 1 bytes from src, that is to say, an out of bound\nread of one byte will occur on src if it is not NUL terminated. Note\nthat the src[len] byte is never copied, but strscpy() still needs to\nread it to check whether a truncation occurred or not.\n\nThis exact pattern happened in ucan.\n\nThe root cause is that the source is not NUL terminated. Instead of\ndoing a copy in a local buffer, directly NUL terminate it as soon as\nusb_control_msg() returns. With this, the local firmware_str[] variable\ncan be removed.\n\nOn top of this do a couple refactors:\n\n - ucan_ctl_payload-\u003eraw is only used for the firmware string, so\n rename it to ucan_ctl_payload-\u003efw_str and change its type from u8 to\n char.\n\n - ucan_device_request_in() is only used to retrieve the firmware\n string, so rename it to ucan_get_fw_str() and refactor it to make it\n directly handle all the string termination logic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22003",
"url": "https://www.suse.com/security/cve/CVE-2025-22003"
},
{
"category": "external",
"summary": "SUSE Bug 1240825 for CVE-2025-22003",
"url": "https://bugzilla.suse.com/1240825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22003"
},
{
"cve": "CVE-2025-22007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22007"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix error code in chan_alloc_skb_cb()\n\nThe chan_alloc_skb_cb() function is supposed to return error pointers on\nerror. Returning NULL will lead to a NULL dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22007",
"url": "https://www.suse.com/security/cve/CVE-2025-22007"
},
{
"category": "external",
"summary": "SUSE Bug 1240829 for CVE-2025-22007",
"url": "https://bugzilla.suse.com/1240829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22007"
},
{
"cve": "CVE-2025-22008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22008"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: check that dummy regulator has been probed before using it\n\nDue to asynchronous driver probing there is a chance that the dummy\nregulator hasn\u0027t already been probed when first accessing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22008",
"url": "https://www.suse.com/security/cve/CVE-2025-22008"
},
{
"category": "external",
"summary": "SUSE Bug 1240942 for CVE-2025-22008",
"url": "https://bugzilla.suse.com/1240942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22008"
},
{
"cve": "CVE-2025-22009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: dummy: force synchronous probing\n\nSometimes I get a NULL pointer dereference at boot time in kobject_get()\nwith the following call stack:\n\nanatop_regulator_probe()\n devm_regulator_register()\n regulator_register()\n regulator_resolve_supply()\n kobject_get()\n\nBy placing some extra BUG_ON() statements I could verify that this is\nraised because probing of the \u0027dummy\u0027 regulator driver is not completed\n(\u0027dummy_regulator_rdev\u0027 is still NULL).\n\nIn the JTAG debugger I can see that dummy_regulator_probe() and\nanatop_regulator_probe() can be run by different kernel threads\n(kworker/u4:*). I haven\u0027t further investigated whether this can be\nchanged or if there are other possibilities to force synchronization\nbetween these two probe routines. On the other hand I don\u0027t expect much\nboot time penalty by probing the \u0027dummy\u0027 regulator synchronously.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22009",
"url": "https://www.suse.com/security/cve/CVE-2025-22009"
},
{
"category": "external",
"summary": "SUSE Bug 1240940 for CVE-2025-22009",
"url": "https://bugzilla.suse.com/1240940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22009"
},
{
"cve": "CVE-2025-22010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix soft lockup during bt pages loop\n\nDriver runs a for-loop when allocating bt pages and mapping them with\nbuffer pages. When a large buffer (e.g. MR over 100GB) is being allocated,\nit may require a considerable loop count. This will lead to soft lockup:\n\n watchdog: BUG: soft lockup - CPU#27 stuck for 22s!\n ...\n Call trace:\n hem_list_alloc_mid_bt+0x124/0x394 [hns_roce_hw_v2]\n hns_roce_hem_list_request+0xf8/0x160 [hns_roce_hw_v2]\n hns_roce_mtr_create+0x2e4/0x360 [hns_roce_hw_v2]\n alloc_mr_pbl+0xd4/0x17c [hns_roce_hw_v2]\n hns_roce_reg_user_mr+0xf8/0x190 [hns_roce_hw_v2]\n ib_uverbs_reg_mr+0x118/0x290\n\n watchdog: BUG: soft lockup - CPU#35 stuck for 23s!\n ...\n Call trace:\n hns_roce_hem_list_find_mtt+0x7c/0xb0 [hns_roce_hw_v2]\n mtr_map_bufs+0xc4/0x204 [hns_roce_hw_v2]\n hns_roce_mtr_create+0x31c/0x3c4 [hns_roce_hw_v2]\n alloc_mr_pbl+0xb0/0x160 [hns_roce_hw_v2]\n hns_roce_reg_user_mr+0x108/0x1c0 [hns_roce_hw_v2]\n ib_uverbs_reg_mr+0x120/0x2bc\n\nAdd a cond_resched() to fix soft lockup during these loops. In order not\nto affect the allocation performance of normal-size buffer, set the loop\ncount of a 100GB MR as the threshold to call cond_resched().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22010",
"url": "https://www.suse.com/security/cve/CVE-2025-22010"
},
{
"category": "external",
"summary": "SUSE Bug 1240943 for CVE-2025-22010",
"url": "https://bugzilla.suse.com/1240943"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22010"
},
{
"cve": "CVE-2025-22013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state\n\nThere are several problems with the way hyp code lazily saves the host\u0027s\nFPSIMD/SVE state, including:\n\n* Host SVE being discarded unexpectedly due to inconsistent\n configuration of TIF_SVE and CPACR_ELx.ZEN. This has been seen to\n result in QEMU crashes where SVE is used by memmove(), as reported by\n Eric Auger:\n\n https://issues.redhat.com/browse/RHEL-68997\n\n* Host SVE state is discarded *after* modification by ptrace, which was an\n unintentional ptrace ABI change introduced with lazy discarding of SVE state.\n\n* The host FPMR value can be discarded when running a non-protected VM,\n where FPMR support is not exposed to a VM, and that VM uses\n FPSIMD/SVE. In these cases the hyp code does not save the host\u0027s FPMR\n before unbinding the host\u0027s FPSIMD/SVE/SME state, leaving a stale\n value in memory.\n\nAvoid these by eagerly saving and \"flushing\" the host\u0027s FPSIMD/SVE/SME\nstate when loading a vCPU such that KVM does not need to save any of the\nhost\u0027s FPSIMD/SVE/SME state. For clarity, fpsimd_kvm_prepare() is\nremoved and the necessary call to fpsimd_save_and_flush_cpu_state() is\nplaced in kvm_arch_vcpu_load_fp(). As \u0027fpsimd_state\u0027 and \u0027fpmr_ptr\u0027\nshould not be used, they are set to NULL; all uses of these will be\nremoved in subsequent patches.\n\nHistorical problems go back at least as far as v5.17, e.g. erroneous\nassumptions about TIF_SVE being clear in commit:\n\n 8383741ab2e773a9 (\"KVM: arm64: Get rid of host SVE tracking/saving\")\n\n... and so this eager save+flush probably needs to be backported to ALL\nstable trees.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22013",
"url": "https://www.suse.com/security/cve/CVE-2025-22013"
},
{
"category": "external",
"summary": "SUSE Bug 1240938 for CVE-2025-22013",
"url": "https://bugzilla.suse.com/1240938"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22013"
},
{
"cve": "CVE-2025-22014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22014"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pdr: Fix the potential deadlock\n\nWhen some client process A call pdr_add_lookup() to add the look up for\nthe service and does schedule locator work, later a process B got a new\nserver packet indicating locator is up and call pdr_locator_new_server()\nwhich eventually sets pdr-\u003elocator_init_complete to true which process A\nsees and takes list lock and queries domain list but it will timeout due\nto deadlock as the response will queued to the same qmi-\u003ewq and it is\nordered workqueue and process B is not able to complete new server\nrequest work due to deadlock on list lock.\n\nFix it by removing the unnecessary list iteration as the list iteration\nis already being done inside locator work, so avoid it here and just\ncall schedule_work() here.\n\n Process A Process B\n\n process_scheduled_works()\npdr_add_lookup() qmi_data_ready_work()\n process_scheduled_works() pdr_locator_new_server()\n pdr-\u003elocator_init_complete=true;\n pdr_locator_work()\n mutex_lock(\u0026pdr-\u003elist_lock);\n\n pdr_locate_service() mutex_lock(\u0026pdr-\u003elist_lock);\n\n pdr_get_domain_list()\n pr_err(\"PDR: %s get domain list\n txn wait failed: %d\\n\",\n req-\u003eservice_name,\n ret);\n\nTimeout error log due to deadlock:\n\n\"\n PDR: tms/servreg get domain list txn wait failed: -110\n PDR: service lookup for msm/adsp/sensor_pd:tms/servreg failed: -110\n\"\n\nThanks to Bjorn and Johan for letting me know that this commit also fixes\nan audio regression when using the in-kernel pd-mapper as that makes it\neasier to hit this race. [1]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22014",
"url": "https://www.suse.com/security/cve/CVE-2025-22014"
},
{
"category": "external",
"summary": "SUSE Bug 1240937 for CVE-2025-22014",
"url": "https://bugzilla.suse.com/1240937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22014"
},
{
"cve": "CVE-2025-2312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-2312"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host\u0027s Kerberos credentials cache.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-2312",
"url": "https://www.suse.com/security/cve/CVE-2025-2312"
},
{
"category": "external",
"summary": "SUSE Bug 1239680 for CVE-2025-2312",
"url": "https://bugzilla.suse.com/1239680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-2312"
}
]
}
suse-su-2025:20192-1
Vulnerability from csaf_suse
Published
2025-04-17 14:37
Modified
2025-04-17 14:37
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- CVE-2024-27415: netfilter: br_netfilter: skip conntrack input hook for promisc packets (bsc#1224757).
- CVE-2024-35910: kABI fix for tcp: properly terminate timers for kernel sockets (bsc#1224489).
- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).
- CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858).
- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).
- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).
- CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439).
- CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769).
- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).
- CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711).
- CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712).
- CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733).
- CVE-2024-49940: l2tp: prevent possible tunnel refcount underflow (bsc#1232812).
- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).
- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).
- CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910).
- CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389).
- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).
- CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060).
- CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028).
- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).
- CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248).
- CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221).
- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).
- CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).
- CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074).
- CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157).
- CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222).
- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).
- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).
- CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715).
- CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729).
- CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244).
- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).
- CVE-2024-56638: kABI fix for "netfilter: nft_inner: incorrect percpu area handling under softirq" (bsc#1235524).
- CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436).
- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501).
- CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455).
- CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589).
- CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591).
- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).
- CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936).
- CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621).
- CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637).
- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).
- CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973).
- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).
- CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532).
- CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).
- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).
- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
- CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104).
- CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990).
- CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997).
- CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970).
- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).
- CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111).
- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113).
- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114).
- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115).
- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122).
- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123).
- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).
- CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206).
- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).
- CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680).
- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).
- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).
- CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).
- CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).
- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).
- CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).
- CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698).
- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).
- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).
- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).
- CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).
- CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528).
- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).
- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).
- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).
- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).
- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).
- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).
- CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874).
- CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494).
- CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506).
- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).
- CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496).
- CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882).
- CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738).
- CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763).
- CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775).
- CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780).
- CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897).
- CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906).
- CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754).
- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).
- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).
- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).
- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).
- CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746).
- CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971).
- CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066).
- CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512).
- CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479).
- CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486).
- CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478).
- CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483).
- CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474).
- CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475).
- CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482).
- CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481).
- CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191).
- CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183).
- CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184).
- CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168).
- CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185).
- CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189).
- CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171).
- CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176).
- CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167).
- CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173).
- CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186).
- CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581).
- CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585).
- CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587).
- CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600).
- CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591).
- CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639).
- CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed
if hclge_ptp_get_cycle returns an error (bsc#1240720).
- CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level > 2 (bsc#1240742).
- CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815).
- CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816).
- CVE-2025-21969: Bluetooth: L2CAP: Fix build errors in some archs (bsc#1240784).
- CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819).
- CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813).
- CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812).
- CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612).
- CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795).
- CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797).
- CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684).
The following non-security bugs were fixed:
- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).
- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).
- ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes).
- ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes).
- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).
- ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes).
- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).
- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).
- ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes).
- ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes).
- ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes).
- ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes).
- ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes).
- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).
- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).
- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).
- ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes).
- ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes).
- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes).
- ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes).
- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).
- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes).
- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes).
- ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes).
- ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes).
- ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes).
- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).
- ALSA: seq: Make dependency on UMP clearer (git-fixes).
- ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes).
- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes).
- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).
- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).
- ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes).
- ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes).
- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).
- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).
- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).
- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).
- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes).
- ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes).
- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).
- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).
- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).
- ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes).
- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes).
- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes).
- ASoC: cs35l41: check the return value from spi_setup() (git-fixes).
- ASoC: es8328: fix route from DAC to output (git-fixes).
- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).
- ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes).
- ASoC: ops: Consistently treat platform_max as control value (git-fixes).
- ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes).
- ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes).
- ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes).
- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).
- ASoC: rt722-sdca: add missing readable registers (git-fixes).
- ASoC: tas2764: Fix power control mask (stable-fixes).
- ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes).
- ASoC: tas2770: Fix volume scale (stable-fixes).
- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).
- Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes).
- Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes).
- Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes).
- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).
- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).
- Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes).
- Bluetooth: hci_event: Fix enabling passive scanning (git-fixes).
- Documentation: qat: fix auto_reset attribute details (git-fixes).
- Documentation: qat: fix auto_reset section (git-fixes).
- Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes).
- Fix memory-hotplug regression (bsc#1237504)
- Grab mm lock before grabbing pt lock (git-fixes).
- HID: Enable playstation driver independently of sony driver (git-fixes).
- HID: Wacom: Add PCI Wacom device support (stable-fixes).
- HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes).
- HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes).
- HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes).
- HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes).
- HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes).
- HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes).
- HID: hid-steam: Add Deck IMU support (stable-fixes).
- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).
- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).
- HID: hid-steam: Clean up locking (stable-fixes).
- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).
- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).
- HID: hid-steam: Fix cleanup in probe() (git-fixes).
- HID: hid-steam: Fix use-after-free when detaching device (git-fixes).
- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).
- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).
- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).
- HID: hid-steam: remove pointless error message (stable-fixes).
- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).
- HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes).
- HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes).
- HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes).
- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes).
- HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes).
- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes).
- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).
- HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes).
- HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes).
- IB/mad: Check available slots before posting receive WRs (git-fixes)
- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)
- Input: ads7846 - fix gpiod allocation (git-fixes).
- Input: allocate keycode for phone linking (stable-fixes).
- Input: i8042 - add required quirks for missing old boardnames (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes).
- Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes).
- Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes).
- Input: iqs7222 - preserve system status register (git-fixes).
- Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes).
- Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes).
- Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes).
- Input: xpad - add multiple supported devices (stable-fixes).
- Input: xpad - add support for TECNO Pocket Go (stable-fixes).
- Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes).
- Input: xpad - rename QH controller to Legion Go S (stable-fixes).
- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).
- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).
- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).
- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).
- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).
- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).
- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).
- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)
- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).
- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).
- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).
- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).
- KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf SPTE (git-fixes).
- KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes).
- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).
- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).
- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).
- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).
- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).
- KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes).
- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).
- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).
- Move upstreamed ACPI patch into sorted section
- Move upstreamed PCI and initramfs patches into sorted section
- Move upstreamed nfsd and sunrpc patches into sorted section
- Move upstreamed powerpc and SCSI patches into sorted section
- PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes).
- PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes).
- PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853)
- PCI/DOE: Support discovery version 2 (bsc#1237853)
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).
- PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes).
- PCI: Avoid reset when disabled via sysfs (git-fixes).
- PCI: Fix BAR resizing when VF BARs are assigned (git-fixes).
- PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes).
- PCI: Fix reference leak in pci_register_host_bridge() (git-fixes).
- PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes).
- PCI: Use downstream bridges for distributing resources (bsc#1237325).
- PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes).
- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes).
- PCI: brcmstb: Fix potential premature regulator disabling (git-fixes).
- PCI: brcmstb: Set generation limit before PCIe link up (git-fixes).
- PCI: brcmstb: Use internal register to change link capability (git-fixes).
- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes).
- PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes).
- PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes).
- PCI: hookup irq_get_affinity callback (bsc#1236896).
- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).
- PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes).
- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).
- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes).
- PM: sleep: Adjust check before setting power.must_resume (git-fixes).
- PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes).
- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).
- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes)
- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes)
- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)
- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)
- RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes)
- RDMA/efa: Reset device on probe failure (git-fixes)
- RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes)
- RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes)
- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)
- RDMA/hns: Fix missing xa_destroy() (git-fixes)
- RDMA/hns: Fix soft lockup during bt pages loop (git-fixes)
- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes)
- RDMA/hns: Fix wrong value of max_sge_rd (git-fixes)
- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).
- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).
- RDMA/mlx5: Fix AH static rate parsing (git-fixes)
- RDMA/mlx5: Fix MR cache initialization error flow (git-fixes)
- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)
- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)
- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)
- RDMA/mlx5: Fix cache entry update on dereg error (git-fixes)
- RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes)
- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)
- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes)
- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)
- RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes)
- RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes)
- RDMA/rxe: Improve newline in printing messages (git-fixes)
- Reapply "wifi: ath11k: restore country code during resume" (bsc#1207948).
- Revert "blk-throttle: Fix IO hang for a corner case" (git-fixes).
- Revert "dm: requeue IO if mapping table not yet available" (git-fixes).
- Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" (git-fixes).
- Revert "drm/amd/display: Use HW lock mgr for PSR1" (stable-fixes).
- Revert "leds-pca955x: Remove the unused function pca95xx_num_led_regs()" (stable-fixes).
- Revert "wifi: ath11k: restore country code during resume" (bsc#1207948).
- Revert "wifi: ath11k: support hibernation" (bsc#1207948).
- SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes).
- SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes).
- SUNRPC: convert RPC_TASK_* constants to enum (git-fixes).
- UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes).
- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).
- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).
- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).
- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).
- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).
- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).
- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).
- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes).
- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).
- USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes).
- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).
- USB: serial: option: drop MeiG Smart defines (stable-fixes).
- USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes).
- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).
- USB: serial: option: match on interface class for Telit FN990B (stable-fixes).
- Update "drm/mgag200: Added support for the new device G200eH5" (jsc#PED-12094)
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes).
- accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes).
- acct: block access to kernel internal filesystems (git-fixes).
- acct: perform last write from workqueue (git-fixes).
- acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes).
- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).
- af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435).
- af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435).
- af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334).
- affs: do not write overlarge OFS data block size fields (git-fixes).
- affs: generate OFS sequence numbers starting at 1 (git-fixes).
- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).
- arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052)
- arch_topology: init capacity_freq_ref to 0 (bsc#1238052)
- arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052)
- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)
- arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes)
- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)
- arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052)
- arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052)
- arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052)
- arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052)
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)
- arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes)
- arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes)
- arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes)
- arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes)
- arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes)
- arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes)
- arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes)
- arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes)
- arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes)
- arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes)
- arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes)
- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes)
- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes)
- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes)
- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes)
- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)
- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)
- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)
- arm64: mm: Correct the update of max_pfn (git-fixes)
- arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes)
- arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes)
- ata: ahci: Add mask_port_map module parameter (git-fixes).
- ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes).
- ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes).
- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).
- ata: libata: Fix NCQ Non-Data log not supported print (git-fixes).
- ata: pata_parport: add custom version of wait_after_reset (git-fixes).
- ata: pata_parport: fit3: implement IDE command set registers (git-fixes).
- ata: pata_serverworks: Do not use the term blacklist (git-fixes).
- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes).
- ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes).
- auxdisplay: panel: Fix an API misuse in panel.c (git-fixes).
- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes).
- batman-adv: Drop unmanaged ELP metric worker (git-fixes).
- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).
- batman-adv: Ignore own maximum aggregation size during RX (git-fixes).
- batman-adv: fix panic during interface removal (git-fixes).
- bio-integrity: do not restrict the size of integrity metadata (git-fixes).
- bitmap: introduce generic optimized bitmap_size() (git-fixes).
- blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558).
- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).
- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).
- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).
- blk-mq: add number of queue calc helper (bsc#1236897).
- blk-mq: create correct map for fallback case (bsc#1236896).
- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).
- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).
- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).
- blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes).
- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).
- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).
- blk_iocost: remove some duplicate irq disable/enables (git-fixes).
- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).
- block: Clear zone limits for a non-zoned stacked queue (git-fixes).
- block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes).
- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).
- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).
- block: Provide bdev_open_* functions (git-fixes).
- block: Remove special-casing of compound pages (git-fixes).
- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).
- block: add a disk_has_partscan helper (git-fixes).
- block: add a partscan sysfs attribute for disks (git-fixes).
- block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes).
- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).
- block: change rq_integrity_vec to respect the iterator (git-fixes).
- block: cleanup and fix batch completion adding conditions (git-fixes).
- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).
- block: do not revert iter for -EIOCBQUEUED (git-fixes).
- block: ensure we hold a queue reference when using queue limits (git-fixes).
- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).
- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).
- block: fix integer overflow in BLKSECDISCARD (git-fixes).
- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).
- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).
- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).
- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).
- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).
- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).
- block: retry call probe after request_module in blk_request_module (git-fixes).
- block: return unsigned int from bdev_io_min (git-fixes).
- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).
- block: support to account io_ticks precisely (git-fixes).
- block: use the right type for stub rq_integrity_vec() (git-fixes).
- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).
- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).
- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).
- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).
- bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes).
- bpf: Check size for BTF-based ctx access of pointer members (git-fixes).
- bpf: Fix a verifier verbose message (git-fixes).
- bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes).
- bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes).
- bpf: Use -Wno-error in certain tests when building with GCC (git-fixes).
- bpf: avoid holding freeze_mutex during mmap operation (git-fixes).
- bpf: fix potential error return (git-fixes).
- bpf: prevent r10 register from being marked as precise (git-fixes).
- bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes).
- broadcom: fix supported flag check in periodic output function (git-fixes).
- btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605).
- btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045).
- btrfs: drop the backref cache during relocation if we commit (bsc#1239605).
- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).
- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).
- btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045).
- btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045).
- btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045).
- bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes).
- bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes).
- bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes).
- bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes).
- bus: simple-pm-bus: fix forced runtime PM use (git-fixes).
- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).
- can: ctucanfd: handle skb allocation failure (git-fixes).
- can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes).
- can: flexcan: disable transceiver during system PM (git-fixes).
- can: flexcan: only change CAN state when link up in system PM (git-fixes).
- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).
- can: rcar_canfd: Fix page entries in the AFL list (git-fixes).
- can: ucan: fix out of bound read in strscpy() source (git-fixes).
- cdx: Fix possible UAF error in driver_override_show() (git-fixes).
- char: misc: deallocate static minor in error path (git-fixes).
- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).
- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).
- cifs: Remove intermediate object of failed create reparse call (git-fixes).
- cifs: commands that are retried should have replay flag set (bsc#1231432).
- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).
- cifs: helper function to check replayable error codes (bsc#1231432).
- cifs: new mount option called retrans (bsc#1231432).
- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).
- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).
- cifs: update desired access while requesting for directory lease (git-fixes).
- cifs: update the same create_guid on replay (git-fixes).
- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).
- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).
- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).
- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).
- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).
- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).
- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).
- clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes).
- config: Set gcc version (jsc#PED-12251).
- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).
- counter: fix privdata alignment (git-fixes).
- counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes).
- counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes).
- cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856)
- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).
- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).
- cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707).
- cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856)
- cpufreq/cppc: Move and rename (bsc#1237856)
- cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052)
- cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052)
- cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052)
Keep the feature disabled by default on x86_64
- cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856)
- cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856)
- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).
- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).
- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).
- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).
- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).
- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).
- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).
- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).
- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).
- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).
- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).
- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).
- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).
- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).
- cpumask: add cpumask_weight_andnot() (bsc#1239015).
- cpumask: define cleanup function for cpumasks (bsc#1239015).
- crypto: ccp - Fix check for the primary ASP device (git-fixes).
- crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes).
- crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes).
- crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes).
- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).
- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).
- crypto: hisilicon/sec2 - fix for sec spec check (git-fixes).
- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).
- crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416).
- crypto: iaa - Change desc->priv to 0 (jsc#PED-12416).
- crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416).
- crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416).
- crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416).
- crypto: iaa - Remove header table code (jsc#PED-12416).
- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416).
- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init()
- crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416).
- crypto: iaa - Test the correct request flag (git-fixes).
- crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416).
- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416).
- crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416).
- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416).
- crypto: iaa - remove unneeded semicolon (jsc#PED-12416).
- crypto: nx - Fix uninitialised hv_nxc on error (git-fixes).
- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416).
- crypto: qat - Constify struct pm_status_row (jsc#PED-12416).
- crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416).
- crypto: qat - Fix spelling mistake "Invalide" -> "Invalid" (jsc#PED-12416).
- crypto: qat - Fix typo "accelaration" (jsc#PED-12416).
- crypto: qat - Fix typo (jsc#PED-12416).
- crypto: qat - Remove trailing space after \n newline (jsc#PED-12416).
- crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416).
- crypto: qat - add admin msgs for telemetry (jsc#PED-12416).
- crypto: qat - add auto reset on error (jsc#PED-12416).
- crypto: qat - add bank save and restore flows (jsc#PED-12416).
- crypto: qat - add fatal error notification (jsc#PED-12416).
- crypto: qat - add fatal error notify method (jsc#PED-12416).
- crypto: qat - add heartbeat error simulator (jsc#PED-12416).
- crypto: qat - add interface for live migration (jsc#PED-12416).
- crypto: qat - add support for 420xx devices (jsc#PED-12416).
- crypto: qat - add support for device telemetry (jsc#PED-12416).
- crypto: qat - add support for ring pair level telemetry (jsc#PED-12416).
- crypto: qat - adf_get_etr_base() helper (jsc#PED-12416).
- crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416).
- crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416).
- crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416).
- crypto: qat - disable arbitration before reset (jsc#PED-12416).
- crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416).
- crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416).
- crypto: qat - fix "Full Going True" macro definition (jsc#PED-12416).
- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416).
- crypto: qat - fix comment structure (jsc#PED-12416).
- crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416).
- crypto: qat - fix recovery flow for VFs (jsc#PED-12416).
- crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416).
- crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416).
- crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416).
- crypto: qat - implement interface for live migration (jsc#PED-12416).
- crypto: qat - improve aer error reset handling (jsc#PED-12416).
- crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416).
- crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416).
- crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416).
- crypto: qat - limit heartbeat notifications (jsc#PED-12416).
- crypto: qat - make adf_ctl_class constant (jsc#PED-12416).
- crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416).
- crypto: qat - move PFVF compat checker to a function (jsc#PED-12416).
- crypto: qat - move fw config related structures (jsc#PED-12416).
- crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416).
- crypto: qat - re-enable sriov after pf reset (jsc#PED-12416).
- crypto: qat - relocate CSR access code (jsc#PED-12416).
- crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416).
- crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416).
- crypto: qat - remove access to parity register for QAT GEN4 (git-fixes).
- crypto: qat - remove unnecessary description from comment (jsc#PED-12416).
- crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416).
- crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416).
- crypto: qat - set parity error mask for qat_420xx (git-fixes).
- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416).
- crypto: qat - update PFVF protocol for recovery (jsc#PED-12416).
- crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416).
- crypto: qat - validate slices count returned by FW (jsc#PED-12416).
- crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416).
- cxgb4: Avoid removal of uninserted tid (git-fixes).
- cxgb4: use port number to set mac addr (git-fixes).
- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).
- dlm: fix srcu_read_lock() return type to int (git-fixes).
- dlm: prevent NPD when writing a positive value to event_done (git-fixes).
- dm array: fix cursor index when skipping across block boundaries (git-fixes).
- dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes).
- dm init: Handle minors larger than 255 (git-fixes).
- dm integrity: fix out-of-range warning (git-fixes).
- dm persistent data: fix memory allocation failure (git-fixes).
- dm resume: do not return EINVAL when signalled (git-fixes).
- dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes).
- dm thin: Add missing destroy_work_on_stack() (git-fixes).
- dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes).
- dm-crypt: track tag_offset in convert_context (git-fixes).
- dm-delay: fix hung task introduced by kthread mode (git-fixes).
- dm-delay: fix max_delay calculations (git-fixes).
- dm-delay: fix workqueue delay_timer race (git-fixes).
- dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes).
- dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes).
- dm-integrity: align the outgoing bio in integrity_recheck (git-fixes).
- dm-integrity: fix a race condition when accessing recalc_sector (git-fixes).
- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes).
- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes).
- dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes).
- dm: Fix typo in error message (git-fixes).
- dma: kmsan: export kmsan_handle_dma() for modules (git-fixes).
- doc/README.SUSE: Point to the updated version of LKMPG
- doc: update managed_irq documentation (bsc#1236897).
- driver core: Remove needless return in void API device_remove_group() (git-fixes).
- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).
- drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes).
- drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes).
- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes).
- drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes).
- drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes).
- drm/amd/display: Fix HPD after gpu reset (stable-fixes).
- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes).
- drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes).
- drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes).
- drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes).
- drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes).
- drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes).
- drm/amd/pm/smu11: Prevent division by zero (git-fixes).
- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).
- drm/amd/pm: Prevent division by zero (git-fixes).
- drm/amd: Keep display off while going into S4 (stable-fixes).
- drm/amdgpu/dma_buf: fix page_link check (git-fixes).
- drm/amdgpu/gfx11: fix num_mec (git-fixes).
- drm/amdgpu/umsch: declare umsch firmware (git-fixes).
- drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes).
- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes).
- drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes).
- drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to
avoid Priority Inversion in SRIOV (git-fixes).
- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).
- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).
- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).
- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).
- drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes).
- drm/amdkfd: only flush the validate MES contex (stable-fixes).
- drm/atomic: Filter out redundant DPMS calls (stable-fixes).
- drm/bridge: Fix spelling mistake "gettin" -> "getting" (git-fixes).
- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).
- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).
- drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes).
- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).
- drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes).
- drm/dp_mst: Add a helper to queue a topology probe (stable-fixes).
- drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes).
- drm/dp_mst: Fix drm RAD print (git-fixes).
- drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes).
- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes).
- drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes).
- drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes).
- drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes).
- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).
- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).
- drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes).
- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).
- drm/i915/huc: Fix fence not released on early probe errors (git-fixes).
- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).
- drm/i915/selftests: avoid using uninitialized context (git-fixes).
- drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes).
- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).
- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).
- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).
- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).
- drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes).
- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes).
- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes).
- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes).
- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)
- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).
- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes).
- drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes).
- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).
- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).
- drm/msm/dpu: do not use active in atomic_check() (git-fixes).
- drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes).
- drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes).
- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).
- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).
- drm/msm: Avoid rounding up to one jiffy (git-fixes).
- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).
- drm/nouveau: Do not override forced connector status (stable-fixes).
- drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes).
- drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes).
- drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes).
- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes).
- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes).
- drm/repaper: fix integer overflows in repeat functions (git-fixes).
- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).
- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).
- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).
- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).
- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).
- drm/sched: Fix fence reference count leak (git-fixes).
- drm/sched: Fix preprocessor guard (git-fixes).
- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes).
- drm/ssd130x: ensure ssd132x pitch is correct (git-fixes).
- drm/ssd130x: fix ssd132x encoding (git-fixes).
- drm/sti: remove duplicate object names (git-fixes).
- drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes).
- drm/virtio: New fence for every plane update (stable-fixes).
- drm/vkms: Fix use after free and double free on init error (git-fixes).
- drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes).
- drm: xlnx: zynqmp: Fix max dma segment size (git-fixes).
- dummycon: fix default rows/cols (git-fixes).
- eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes).
- efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349).
- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).
- efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes).
- eth: gve: use appropriate helper to set xdp_features (git-fixes).
- exfat: convert to ctime accessor functions (git-fixes).
- exfat: do not zero the extended part (bsc#1237356).
- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).
- exfat: fix file being changed by unaligned direct write (git-fixes).
- exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes).
- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).
- exfat: fix zero the unwritten part for dio read (git-fixes).
- fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes).
- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).
- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).
- fbdev: sm501fb: Add some geometry checks (git-fixes).
- firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes).
- firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes).
- firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes).
- firmware: cs_dsp: Remove async regmap writes (git-fixes).
- firmware: imx-scu: fix OF node leak in .probe() (git-fixes).
- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).
- flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994).
- futex: Do not include process MM in futex key on no-MMU (git-fixes).
- gpio: aggregator: protect driver attr handlers against module unload (git-fixes).
- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).
- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).
- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).
- gpio: pca953x: Improve interrupt support (git-fixes).
- gpio: rcar: Fix missing of_node_put() call (git-fixes).
- gpio: rcar: Use raw_spinlock to protect register access (stable-fixes).
- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).
- gpio: tegra186: fix resource handling in ACPI probe path (git-fixes).
- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).
- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).
- gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes).
- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes).
- gup: make the stack expansion warning a bit more targeted (bsc#1238214).
- hfs: Sanity check the root record (git-fixes).
- hwmon: (ad7314) Validate leading zero bits and return error (git-fixes).
- hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes).
- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes).
- hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes).
- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes).
- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).
- i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes).
- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes).
- i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes).
- i2c: ls2x: Fix frequency division register access (git-fixes).
- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).
- i2c: omap: fix IRQ storms (git-fixes).
- i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes).
- i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes).
- i3c: master: svc: Fix missing the IBI rules (git-fixes).
- i3c: master: svc: Use readsb helper for reading MDB (git-fixes).
- iavf: allow changing VLAN state without calling PF (git-fixes).
- ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518).
- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).
- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).
- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).
- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).
- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).
- ice: fix max values for dpll pin phase adjust (git-fixes).
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).
- ice: gather page_count()'s of each frag right before XDP prog call (git-fixes).
- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).
- ice: put Rx buffers after being done with current frame (git-fixes).
- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).
- ice: use internal pf id instead of function number (git-fixes).
- idpf: add read memory barrier when checking descriptor done bit (git-fixes).
- idpf: call set_real_num_queues in idpf_open (bsc#1236661).
- idpf: convert workqueues to unbound (git-fixes).
- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).
- idpf: fix handling rsc packet with a single segment (git-fixes).
- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).
- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).
- igc: return early when failing to read EECD register (git-fixes).
- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes).
- iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes).
- iio: adc: ad4130: Fix comparison of channel setups (git-fixes).
- iio: adc: ad7124: Fix comparison of channel configs (git-fixes).
- iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes).
- iio: dac: ad3552r: clear reset status flag (git-fixes).
- iio: filter: admv8818: Force initialization of SDO (git-fixes).
- include/linux/mmzone.h: clean up watermark accessors (bsc#1239600).
- include: net: add static inline dst_dev_overhead() to dst.h (git-fixes).
- init: add initramfs_internal.h (bsc#1232848).
- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).
- initramfs: allocate heap buffers together (bsc#1232848).
- initramfs: fix hardlink hash leak without TRAILER (bsc#1232848).
- intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes).
- intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes).
- intel_th: pci: Add Arrow Lake support (stable-fixes).
- intel_th: pci: Add Panther Lake-H support (stable-fixes).
- intel_th: pci: Add Panther Lake-P/U support (stable-fixes).
- ioam6: improve checks on user data (git-fixes).
- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).
- iommu/vt-d: Fix suspicious RCU usage (git-fixes).
- ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994).
- ipv4: use RCU protection in inet_select_addr() (bsc#1239994).
- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994).
- ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994).
- ipv4: use RCU protection in rt_is_expired() (bsc#1239994).
- ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes).
- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes).
- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes).
- ipv6: Use RCU in ip6_input() (bsc#1239994).
- ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes).
- ipv6: avoid atomic fragment on GSO packets (git-fixes).
- ipv6: fib6_rules: flush route cache when rule is changed (git-fixes).
- ipv6: fib: hide unused 'pn' variable (git-fixes).
- ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes).
- ipv6: fix potential NULL deref in fib6_add() (git-fixes).
- ipv6: icmp: convert to dev_net_rcu() (bsc#1239994).
- ipv6: introduce dst_rt6_info() helper (git-fixes).
- ipv6: ioam: block BH from ioam6_output() (git-fixes).
- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes).
- ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).
- ipv6: sr: add missing seg6_local_exit (git-fixes).
- ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes).
- ipv6: take care of scope when choosing the src addr (git-fixes).
- jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes).
- jfs: add check read-only before txBeginAnon() call (git-fixes).
- jfs: add index corruption check to DT_GETPAGE() (git-fixes).
- jfs: fix slab-out-of-bounds read in ea_get() (git-fixes).
- jfs: reject on-disk inodes of an unsupported type (git-fixes).
- kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes)
- kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).
- kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).
- kABI fix for netlink: terminate outstanding dump on socket close (git-fixes).
- kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes).
- kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes).
- kABI workaround for intel-ish-hid (git-fixes).
- kABI workaround for soc_mixer_control changes (git-fixes).
- kabi: fix bus type (bsc#1236896).
- kabi: fix group_cpus_evenly (bsc#1236897).
- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).
- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).
- kbuild: hdrcheck: fix cross build with clang (git-fixes).
- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).
- kernel-binary: Support livepatch_rt with merged RT branch
- kernel-source: Also replace bin/env
- kunit: qemu_configs: sparc: use Zilog console (git-fixes).
- l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes).
- l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes).
- l2tp: fix lockdep splat (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes).
- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).
- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).
- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).
- lib: 842: Improve error handling in sw842_compress() (git-fixes).
- lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes).
- lib: stackinit: hide never-taken branch from compiler (stable-fixes).
- libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Rename perf_cpu_map__default_new() to
perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698
jsc#PED-12309).
- libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309).
- lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes).
- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).
- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).
- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).
- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).
- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).
- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).
- md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes).
- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).
- md/md-cluster: fix spares warnings for __le64 (git-fixes).
- md/raid0: do not free conf on raid0_run failure (git-fixes).
- md/raid1: do not free conf on raid0_run failure (git-fixes).
- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).
- md: Do not flush sync_work in md_write_start() (git-fixes).
- md: convert comma to semicolon (git-fixes).
- mdacon: rework dependency list (git-fixes).
- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).
- media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes).
- media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes).
- media: i2c: adv748x: Fix test pattern selection mask (git-fixes).
- media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes).
- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes).
- media: i2c: ov7251: Set enable GPIO low in probe (git-fixes).
- media: ov08x40: Fix hblank out of range issue (git-fixes).
- media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes).
- media: platform: stm32: Add check for clk_enable() (git-fixes).
- media: siano: Fix error handling in smsdvb_module_init() (git-fixes).
- media: streamzap: fix race between device disconnection and urb callback (git-fixes).
- media: streamzap: prevent processing IR data on URB failure (git-fixes).
- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).
- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).
- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).
- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes).
- media: venus: hfi: add a check to handle OOB in sfr region (git-fixes).
- media: venus: hfi: add check to handle incorrect queue size (git-fixes).
- media: venus: hfi_parser: add check to avoid out of bound access (git-fixes).
- media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes).
- media: verisilicon: HEVC: Initialize start_bit field (git-fixes).
- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).
- media: vim2m: print device name after registering device (git-fixes).
- media: visl: Fix ERANGE error when setting enum controls (git-fixes).
- mei: me: add panther lake P DID (stable-fixes).
- memblock tests: fix warning: "__ALIGN_KERNEL" redefined (git-fixes).
- memory: mtk-smi: Add ostd setting for mt8192 (git-fixes).
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes).
- mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes).
- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).
- mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes).
- mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes).
- mfd: syscon: Fix race in device_node_get_regmap() (git-fixes).
- mfd: syscon: Remove extern from function prototypes (stable-fixes).
- mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes).
- mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)).
- mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600).
- mm: accept to promo watermark (bsc#1239600).
- mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600).
- mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600).
- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)
- mm: zswap: move allocations during CPU init outside the lock (git-fixes).
- mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes).
- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).
- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).
- mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes).
- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes).
- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).
- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes).
- mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes).
- mptcp: export local_address (git-fixes)
- mptcp: fix NL PM announced address accounting (git-fixes)
- mptcp: fix data races on local_id (git-fixes)
- mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)
- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)
- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)
- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)
- mptcp: pm: deny endp with signal + subflow + port (git-fixes)
- mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes)
- mptcp: pm: do not try to create sf if alloc failed (git-fixes)
- mptcp: pm: fullmesh: select the right ID later (git-fixes)
- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)
- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)
- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)
- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)
- mptcp: pm: re-using ID of unused removed subflows (git-fixes)
- mptcp: pm: reduce indentation blocks (git-fixes)
- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)
- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)
- mptcp: unify pm get_local_id interfaces (git-fixes)
- mptcp: unify pm set_flags interfaces (git-fixes)
- mtd: Add check for devm_kcalloc() (git-fixes).
- mtd: Replace kcalloc() with devm_kcalloc() (git-fixes).
- mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes).
- mtd: nand: Fix a kdoc comment (git-fixes).
- mtd: rawnand: Add status chack in r852_ready() (git-fixes).
- mtd: rawnand: brcmnand: fix PM resume warning (git-fixes).
- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).
- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).
- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).
- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).
- nbd: Fix signal handling (git-fixes).
- nbd: Improve the documentation of the locking assumptions (git-fixes).
- nbd: do not allow reconnect after disconnect (git-fixes).
- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994).
- ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994).
- net l2tp: drop flow hash on forward (git-fixes).
- net/mlx5: Correct TASR typo into TSAR (git-fixes).
- net/mlx5: Fix RDMA TX steering prio (git-fixes).
- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).
- net/mlx5: SF, Fix add port error handling (git-fixes).
- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).
- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).
- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).
- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).
- net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes).
- net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes).
- net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes).
- net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes).
- net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes).
- net/sched: flower: Add lock protection when remove filter handle (git-fixes).
- net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes).
- net/sched: tbf: correct backlog statistic for GSO packets (git-fixes).
- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).
- net: Fix undefined behavior in netdev name allocation (bsc#1233749).
- net: add dev_net_rcu() helper (bsc#1239994).
- net: avoid UAF on deleted altname (bsc#1233749).
- net: check for altname conflicts when changing netdev's netns (bsc#1233749).
- net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes).
- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).
- net: do not send a MOVE event when netdev changes netns (bsc#1233749).
- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).
- net: fix ifname in netlink ntf during netns move (bsc#1233749).
- net: fix removing a namespace with conflicting altnames (bsc#1233749).
- net: free altname using an RCU callback (bsc#1233749).
- net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes).
- net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes).
- net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes).
- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes).
- net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes).
- net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes).
- net: ipv6: ioam6: code alignment (git-fixes).
- net: ipv6: ioam6: new feature tunsrc (git-fixes).
- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes).
- net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes).
- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes).
- net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).
- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).
- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: mana: Allow variable size indirection table (bsc#1239016).
- net: mana: Assigning IRQ affinity on HT cores (bsc#1239015).
- net: mana: Avoid open coded arithmetic (bsc#1239016).
- net: mana: Cleanup "mana" debugfs dir after cleanup of all children (bsc#1236760).
- net: mana: Enable debugfs files for MANA device (bsc#1236758).
- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015).
- net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015).
- net: mana: Support holes in device list reply msg (git-fixes).
- net: mana: add a function to spread IRQs per CPUs (bsc#1239015).
- net: mana: cleanup mana struct after debugfs_remove() (git-fixes).
- net: move altnames together with the netdevice (bsc#1233749).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- net: reduce indentation of __dev_alloc_name() (bsc#1233749).
- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).
- net: remove else after return in dev_prep_valid_name() (bsc#1233749).
- net: rose: lock the socket in rose_bind() (git-fixes).
- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).
- net: smc: fix spurious error message from __sock_release() (bsc#1237126).
- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).
- net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes).
- net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes).
- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480).
- net: use unrcu_pointer() helper (git-fixes).
- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).
- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes).
- net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes).
- net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes).
- net_sched: sch_sfq: handle bigger packets (git-fixes).
- nfs: clear SB_RDONLY before getting superblock (bsc#1238565).
- nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565).
- nfsd: clear acl_access/acl_default after releasing them (git-fixes).
- nfsd: put dl_stid if fail to queue dl_recall (git-fixes).
- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).
- ntb: Force physically contiguous allocation of rx ring buffers (git-fixes).
- ntb: intel: Fix using link status DB's (git-fixes).
- ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes).
- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes).
- ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes).
- ntb_perf: Fix printk format (git-fixes).
- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).
- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).
- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).
- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).
- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).
- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).
- null_blk: fix validation of block size (git-fixes).
- nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649).
- nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649).
- nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649).
- nvme-fc: use ctrl state getter (git-fixes).
- nvme-ioctl: fix leaked requests on mapping error (git-fixes).
- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).
- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).
- nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes).
- nvme-pci: remove stale comment (git-fixes).
- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).
- nvme-tcp: Fix a C2HTermReq error message (git-fixes).
- nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes).
- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).
- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes).
- nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes).
- nvme/ioctl: add missing space in err message (git-fixes).
- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).
- nvme: introduce nvme_disk_is_ns_head helper (git-fixes).
- nvme: make nvme_tls_attrs_group static (git-fixes).
- nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes).
- nvme: move passthrough logging attribute to head (git-fixes).
- nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649).
- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- nvme: tcp: Fix compilation warning with W=1 (git-fixes).
- nvmet-fc: Remove unused functions (git-fixes).
- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes).
- nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes).
- nvmet: Fix crash when a namespace is disabled (git-fixes).
- nvmet: remove old function prototype (git-fixes).
- objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes).
- objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes).
- objtool: Fix segfault in ignore_unreachable_insn() (git-fixes).
- ocfs2: check dir i_size in ocfs2_find_entry (git-fixes).
- ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes).
- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).
- ocfs2: handle a symlink read error correctly (git-fixes).
- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes).
- ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes).
- orangefs: fix a oob in orangefs_debug_write (git-fixes).
- padata: Clean up in padata_do_multithreaded() (bsc#1237563).
- padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563).
- padata: fix sysfs store callback check (git-fixes).
- partitions: ldm: remove the initial kernel-doc notation (git-fixes).
- partitions: mac: fix handling of bogus partition table (git-fixes).
- perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).
- perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).
- perf tools: annotate asm_pure_loop.S (bsc#1239906).
- perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309).
- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).
- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).
- phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes).
- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes).
- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).
- pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes).
- pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes).
- pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes).
- pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes).
- pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes).
- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).
- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).
- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).
- platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes).
- platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes).
- platform/x86: ISST: Correct command storage data length (git-fixes).
- platform/x86: ISST: Ignore minor version change (bsc#1237452).
- platform/x86: acer-wmi: Ignore AC events (stable-fixes).
- platform/x86: dell-ddv: Fix temperature calculation (git-fixes).
- platform/x86: int3472: Check for adev == NULL (stable-fixes).
- platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes).
- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes).
- platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes).
- platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes).
- pnfs/flexfiles: retry getting layout segment for reads (git-fixes).
- power: supply: da9150-fg: fix potential overflow (git-fixes).
- power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes).
- powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes).
- powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes).
- powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes).
- powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes).
- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).
- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).
- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).
- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).
- powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573).
- powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573).
- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid
mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932).
- powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055).
- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).
- powerpc: Stop using no_llseek (bsc#1239573).
- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).
- r8169: enable SG/TSO on selected chip versions per default (bsc#1235874).
- rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes).
- rapidio: fix an API misues when rio_add_net() fails (git-fixes).
- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).
- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).
- rbd: do not move requests to the running list on errors (git-fixes).
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).
- regmap-irq: Add missing kfree() (git-fixes).
- regulator: check that dummy regulator has been probed before using it (stable-fixes).
- regulator: core: Fix deadlock in create_regulator() (git-fixes).
- regulator: dummy: force synchronous probing (git-fixes).
- rndis_host: Flag RNDIS modems as WWAN devices (git-fixes).
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- rpm/release-projects: Update the ALP projects again (bsc#1231293).
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013).
- s390/cio: Fix CHPID "configure" attribute caching (git-fixes bsc#1240979).
- s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205).
- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).
- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).
- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).
- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).
- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).
- s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978).
- s390/pci: Ignore RID for isolated VFs (bsc#1236752).
- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).
- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).
- s390/pci: Use topology ID for multi-function devices (bsc#1236752).
- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).
- s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594).
- s390/topology: Improve topology detection (bsc#1236591).
- s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595).
- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).
- sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743).
- sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052)
- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).
- scsi: core: Clear driver private data when retrying request (git-fixes).
- scsi: core: Do not retry I/Os during depopulation (git-fixes).
- scsi: core: Handle depopulation and restoration in progress (git-fixes).
- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).
- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).
- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).
- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).
- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).
- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).
- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).
- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).
- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).
- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).
- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).
- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).
- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).
- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).
- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).
- scsi: myrb: Remove dead code (git-fixes).
- scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).
- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).
- scsi: sg: Enable runtime power management (git-fixes).
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).
- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375).
- selftest: hugetlb_dio: fix test naming (git-fixes).
- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).
- selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes).
- selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes).
- selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes).
- selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes).
- selftests/bpf: add fp-leaking precise subprog result tests (git-fixes).
- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).
- selftests/mm/cow: fix the incorrect error handling (git-fixes).
- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).
- selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes).
- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).
- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).
- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).
- selftests: mptcp: close fd_in before returning in main_loop (git-fixes).
- selftests: mptcp: connect: -f: no reconnect (git-fixes).
- selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes).
- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).
- selinux: Implement mptcp_add_subflow hook (bsc#1240375).
- seq_file: add helper macro to define attribute for rw file (jsc#PED-12416).
- serial: 8250: Fix fifo underflow on flush (git-fixes).
- serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes).
- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).
- slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes).
- smb3: fix creating FIFOs when mounting with "sfu" mount option (git-fixes).
- smb3: request handle caching when caching directories (bsc#1231432).
- smb3: retrying on failed server close (bsc#1231432).
- smb: cached directories can be more than root file handle (bsc#1231432).
- smb: cilent: set reparse mount points as automounts (git-fixes).
- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).
- smb: client: Fix minor whitespace errors and warnings (git-fixes).
- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).
- smb: client: add support for WSL reparse points (git-fixes).
- smb: client: allow creating special files via reparse points (git-fixes).
- smb: client: allow creating symlinks via reparse points (git-fixes).
- smb: client: cleanup smb2_query_reparse_point() (git-fixes).
- smb: client: destroy cfid_put_wq on module exit (git-fixes).
- smb: client: do not query reparse points twice on symlinks (git-fixes).
- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).
- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).
- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).
- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).
- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).
- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).
- smb: client: fix hardlinking of reparse points (git-fixes).
- smb: client: fix missing mode bits for SMB symlinks (git-fixes).
- smb: client: fix open_cached_dir retries with 'hard' mount option (bsc#1240616).
- smb: client: fix possible double free in smb2_set_ea() (git-fixes).
- smb: client: fix potential broken compound request (git-fixes).
- smb: client: fix renaming of reparse points (git-fixes).
- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).
- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).
- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).
- smb: client: handle path separator of created SMB symlinks (git-fixes).
- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).
- smb: client: ignore unhandled reparse tags (git-fixes).
- smb: client: implement ->query_reparse_point() for SMB1 (git-fixes).
- smb: client: instantiate when creating SFU files (git-fixes).
- smb: client: introduce ->parse_reparse_point() (git-fixes).
- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).
- smb: client: introduce cifs_sfu_make_node() (git-fixes).
- smb: client: introduce reparse mount option (git-fixes).
- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).
- smb: client: move most of reparse point handling code to common file (git-fixes).
- smb: client: move some params to cifs_open_info_data (bsc#1231432).
- smb: client: optimise reparse point querying (git-fixes).
- smb: client: parse owner/group when creating reparse points (git-fixes).
- smb: client: parse reparse point flag in create response (bsc#1231432).
- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).
- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).
- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).
- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).
- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).
- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).
- smb: client: retry compound request without reusing lease (git-fixes).
- smb: client: return reparse type in /proc/mounts (git-fixes).
- smb: client: reuse file lease key in compound operations (git-fixes).
- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).
- smb: client: set correct file type from NFS reparse points (git-fixes).
- smb: client: stop revalidating reparse points unnecessarily (git-fixes).
- smb: use kernel_connect() and kernel_bind() (git-fixes).
- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).
- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).
- soc: imx8m: Remove global soc_uid (stable-fixes).
- soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes).
- soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes).
- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).
- soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes).
- soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes).
- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).
- soc: qcom: pdr: Fix the potential deadlock (git-fixes).
- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).
- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).
- soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes).
- soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes).
- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).
- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).
- spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes).
- spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes).
- spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes).
- spi: sn-f-ospi: Fix division by zero (git-fixes).
- splice: do not checksum AF_UNIX sockets (bsc#1240333).
- staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes).
- sunrpc: suppress warnings for unused procfs functions (git-fixes).
- supported.conf: add now-included qat_420xx (external, intel)
- tcp: Add memory barrier to tcp_push() (git-fixes).
- tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes).
- tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes).
- tcp: Defer ts_recent changes until req is owned (git-fixes).
- tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes).
- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes).
- tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes).
- tcp: Update window clamping condition (git-fixes).
- tcp: add tcp_done_with_error() helper (git-fixes).
- tcp: adjust rcvq_space after updating scaling ratio (git-fixes).
- tcp: annotate data-races around tp->window_clamp (git-fixes).
- tcp: avoid premature drops in tcp_add_backlog() (git-fixes).
- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes).
- tcp: check mptcp-level constraints for backlog coalescing (git-fixes).
- tcp: check space before adding MPTCP SYN options (git-fixes).
- tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes).
- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes).
- tcp: define initial scaling factor value as a macro (git-fixes).
- tcp: derive delack_max from rto_min (git-fixes).
- tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes).
- tcp: fix cookie_init_timestamp() overflows (git-fixes).
- tcp: fix forever orphan socket caused by tcp_abort (git-fixes).
- tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes).
- tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes).
- tcp: fix mid stream window clamp (git-fixes).
- tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes).
- tcp: fix race in tcp_write_err() (git-fixes).
- tcp: fix races in tcp_abort() (git-fixes).
- tcp: fix races in tcp_v_err() (git-fixes).
- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes).
- tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes).
- tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes).
- tcp: increase the default TCP scaling ratio (git-fixes).
- tcp: introduce tcp_clock_ms() (git-fixes).
- tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes).
- tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes).
- tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes).
- tcp: replace tcp_time_stamp_raw() (git-fixes).
- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).
- thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes).
- thermal: int340x: Add NULL check for adev (git-fixes).
- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).
- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes).
- tools: fix annoying "mkdir -p ..." logs when building tools in parallel (git-fixes).
- tools: move alignment-related macros to new <linux/align.h> (git-fixes).
- topology: Set capacity_freq_ref in all cases (bsc#1238052)
- tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes).
- tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870).
- tpm: do not start chip while suspended (git-fixes).
- tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870).
- tpm: tis: Double the timeout B to 4s (bsc#1235870).
- tpm_tis: Move CRC check to generic send routine (bsc#1235870).
- tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870).
- tty: serial: 8250: Add Brainboxes XC devices (stable-fixes).
- tty: serial: 8250: Add some more device IDs (stable-fixes).
- tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes).
- tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes).
- tty: xilinx_uartps: split sysrq handling (git-fixes).
- ubi: Add a check for ubi_num (git-fixes).
- ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes).
- ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes).
- ubi: correct the calculation of fastmap size (stable-fixes).
- ubi: eba: properly rollback inside self_check_eba (git-fixes).
- ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes).
- ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes).
- ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes).
- ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes).
- ublk: fix error code for unsupported command (git-fixes).
- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).
- ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes).
- ublk: move zone report data out of request pdu (git-fixes).
- ucsi_ccg: Do not show failed to get FW build information error (git-fixes).
- usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes).
- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).
- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes).
- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).
- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).
- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).
- usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes).
- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).
- usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes).
- usb: gadget: Check bmAttributes only if configuration is valid (git-fixes).
- usb: gadget: Fix setting self-powered state on suspend (git-fixes).
- usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes).
- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).
- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).
- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).
- usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).
- usb: hub: lack of clearing xHC resources (git-fixes).
- usb: phy: generic: Use proper helper for property detection (stable-fixes).
- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes).
- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).
- usb: renesas_usbhs: Call clk_put() (git-fixes).
- usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes).
- usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes).
- usb: roles: set switch registered flag early on (git-fixes).
- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes).
- usb: typec: ucsi: Fix NULL pointer access (git-fixes).
- usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes).
- usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes).
- usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes).
- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).
- usb: xhci: correct debug message page size calculation (git-fixes).
- usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes).
- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).
- usbnet: ipheth: document scope of NCM implementation (stable-fixes).
- usbnet:fix NPE during rx_complete (git-fixes).
- util_macros.h: fix/rework find_closest() macros (git-fixes).
- vboxsf: fix building with GCC 15 (stable-fixes).
- vfio/pci: Lock external INTx masking ops (bsc#1222803).
- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).
- virtio-mem: check if the config changed before fake offlining memory (git-fixes).
- virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes).
- virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes).
- virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes).
- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- virtio: hookup irq_get_affinity callback (bsc#1236896).
- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).
- vsock/virtio: cancel close work in the destructor (git-fixes)
- vsock: Keep the binding until socket destruction (git-fixes)
- vsock: reset socket state when de-assigning the transport (git-fixes)
- wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes).
- wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes).
- wifi: ath11k: choose default PM policy for hibernation (bsc#1207948).
- wifi: ath11k: determine PM policy based on machine model (bsc#1207948).
- wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes).
- wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes).
- wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes).
- wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948).
- wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948).
- wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948).
- wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes).
- wifi: ath12k: encode max Tx power in scan channel list command (git-fixes).
- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).
- wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes).
- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).
- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).
- wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes).
- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).
- wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes).
- wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes).
- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).
- wifi: iwlwifi: avoid memory leak (stable-fixes).
- wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes).
- wifi: iwlwifi: limit printed string from FW file (git-fixes).
- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).
- wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes).
- wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes).
- wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes).
- wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes).
- wifi: mt76: Add check for devm_kstrdup() (git-fixes).
- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).
- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).
- wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes).
- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).
- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).
- wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes).
- wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes).
- wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes).
- wifi: mwifiex: Fix premature release of RF calibration data (git-fixes).
- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).
- wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes).
- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).
- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).
- wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes).
- wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes).
- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).
- x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes).
- x86/asm: Make serialize() always_inline (git-fixes).
- x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Temporarily map initrd for microcode loading (git-fixes).
- x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes).
- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).
- x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes).
- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes).
- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).
- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).
- x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes).
- x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes).
- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).
- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes).
- x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes).
- x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes).
- x86/microcode/32: Move early loading after paging enable (git-fixes).
- x86/microcode/amd: Cache builtin microcode too (git-fixes).
- x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes).
- x86/microcode/amd: Use cached microcode for AP load (git-fixes).
- x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes).
- x86/microcode/intel: Add a minimum required revision for late loading (git-fixes).
- x86/microcode/intel: Cleanup code further (git-fixes).
- x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes).
- x86/microcode/intel: Remove debug code (git-fixes).
- x86/microcode/intel: Remove pointless mutex (git-fixes).
- x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes).
- x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes).
- x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes).
- x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes).
- x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes).
- x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes).
- x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes).
- x86/microcode/intel: Simplify early loading (git-fixes).
- x86/microcode/intel: Simplify scan_microcode() (git-fixes).
- x86/microcode/intel: Switch to kvmalloc() (git-fixes).
- x86/microcode/intel: Unify microcode apply() functions (git-fixes).
- x86/microcode: Add per CPU control field (git-fixes).
- x86/microcode: Add per CPU result state (git-fixes).
- x86/microcode: Clarify the late load logic (git-fixes).
- x86/microcode: Clean up mc_cpu_down_prep() (git-fixes).
- x86/microcode: Get rid of the schedule work indirection (git-fixes).
- x86/microcode: Handle "nosmt" correctly (git-fixes).
- x86/microcode: Handle "offline" CPUs correctly (git-fixes).
- x86/microcode: Hide the config knob (git-fixes).
- x86/microcode: Include vendor headers into microcode.h (git-fixes).
- x86/microcode: Make reload_early_microcode() static (git-fixes).
- x86/microcode: Mop up early loading leftovers (git-fixes).
- x86/microcode: Move core specific defines to local header (git-fixes).
- x86/microcode: Prepare for minimal revision check (git-fixes).
- x86/microcode: Protect against instrumentation (git-fixes).
- x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes).
- x86/microcode: Provide new control functions (git-fixes).
- x86/microcode: Remove microcode_mutex (git-fixes).
- x86/microcode: Remove pointless apply() invocation (git-fixes).
- x86/microcode: Rendezvous and load in NMI (git-fixes).
- x86/microcode: Replace the all-in-one rendevous handler (git-fixes).
- x86/microcode: Sanitize __wait_for_cpus() (git-fixes).
- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).
- x86/mm: Remove unused microcode.h include (git-fixes).
- x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes).
- x86/speculation: Add __update_spec_ctrl() helper (git-fixes).
- x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
- xen/swiotlb: relax alignment requirements (git-fixes).
- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes).
- xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes).
- xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701).
- xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701).
- xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes).
- xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550).
- xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550).
- xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes).
- xhci: dbc: Convert to use sysfs_streq() (git-fixes).
- xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes).
- xhci: dbc: Fix STALL transfer event handling (git-fixes).
- xhci: dbc: Replace custom return value with proper Linux error code (git-fixes).
- xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes).
- xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes).
- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).
- xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550).
- xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes).
- xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes).
- xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes).
- xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes).
- xhci: pci: Use standard pattern for device IDs (git-fixes).
- zram: clear IDLE flag after recompression (git-fixes).
- zram: clear IDLE flag in mark_idle() (git-fixes).
- zram: do not mark idle slots that cannot be idle (git-fixes).
- zram: fix potential UAF of zram table (git-fixes).
- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).
- zram: refuse to use zero sized block device as backing device (git-fixes).
- zram: split memory-tracking and ac-time tracking (git-fixes).
Patchnames
SUSE-SLE-Micro-6.0-kernel-14
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).\n- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- CVE-2024-27415: netfilter: br_netfilter: skip conntrack input hook for promisc packets (bsc#1224757).\n- CVE-2024-35910: kABI fix for tcp: properly terminate timers for kernel sockets (bsc#1224489).\n- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).\n- CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858).\n- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).\n- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).\n- CVE-2024-45010: mptcp: pm: only mark \u0027subflow\u0027 endp as available (bsc#1230439).\n- CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769).\n- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).\n- CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711).\n- CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712).\n- CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733).\n- CVE-2024-49940: l2tp: prevent possible tunnel refcount underflow (bsc#1232812).\n- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).\n- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).\n- CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910).\n- CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389).\n- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).\n- CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060).\n- CVE-2024-50142: xfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset (bsc#1233028).\n- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).\n- CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248).\n- CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221).\n- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).\n- CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522).\n- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).\n- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).\n- CVE-2024-53124: net: fix data-races around sk-\u003esk_forward_alloc (bsc#1234074).\n- CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157).\n- CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222).\n- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).\n- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).\n- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).\n- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).\n- CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715).\n- CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729).\n- CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244).\n- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).\n- CVE-2024-56638: kABI fix for \"netfilter: nft_inner: incorrect percpu area handling under softirq\" (bsc#1235524).\n- CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436).\n- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).\n- CVE-2024-56658: net: defer final \u0027struct net\u0027 free in netns dismantle (bsc#1235441).\n- CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501).\n- CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455).\n- CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589).\n- CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591).\n- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).\n- CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936).\n- CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621).\n- CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637).\n- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).\n- CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973).\n- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).\n- CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532).\n- CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).\n- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).\n- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).\n- CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104).\n- CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990).\n- CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997).\n- CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970).\n- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).\n- CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current-\u003ensproxy (bsc#1236111).\n- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy (bsc#1236113).\n- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current-\u003ensproxy (bsc#1236114).\n- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current-\u003ensproxy (bsc#1236115).\n- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current-\u003ensproxy (bsc#1236122).\n- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy (bsc#1236123).\n- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).\n- CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206).\n- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).\n- CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680).\n- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).\n- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).\n- CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).\n- CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).\n- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).\n- CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).\n- CVE-2025-21678: gtp: Destroy device along with udp socket\u0027s netns dismantle (bsc#1236698).\n- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).\n- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).\n- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).\n- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).\n- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).\n- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).\n- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).\n- CVE-2025-21703: netem: Update sch-\u003eq.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).\n- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).\n- CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528).\n- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).\n- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).\n- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).\n- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).\n- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).\n- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).\n- CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874).\n- CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494).\n- CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506).\n- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).\n- CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496).\n- CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882).\n- CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738).\n- CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763).\n- CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775).\n- CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780).\n- CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897).\n- CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906).\n- CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754).\n- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).\n- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).\n- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).\n- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).\n- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).\n- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).\n- CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746).\n- CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971).\n- CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066).\n- CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512).\n- CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479).\n- CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486).\n- CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478).\n- CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483).\n- CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474).\n- CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475).\n- CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482).\n- CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481).\n- CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191).\n- CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183).\n- CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184).\n- CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168).\n- CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185).\n- CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189).\n- CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171).\n- CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176).\n- CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167).\n- CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173).\n- CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186).\n- CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581).\n- CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585).\n- CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587).\n- CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600).\n- CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591).\n- CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639).\n- CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed\n if hclge_ptp_get_cycle returns an error (bsc#1240720).\n- CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level \u003e 2 (bsc#1240742).\n- CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815).\n- CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816).\n- CVE-2025-21969: Bluetooth: L2CAP: Fix build errors in some archs (bsc#1240784).\n- CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819).\n- CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813).\n- CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812).\n- CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612).\n- CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795).\n- CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797).\n- CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684).\n\nThe following non-security bugs were fixed:\n\n- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).\n- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).\n- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).\n- ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes).\n- ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes).\n- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).\n- ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes).\n- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).\n- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).\n- ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes).\n- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes).\n- ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes).\n- ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes).\n- ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes).\n- ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes).\n- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).\n- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).\n- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).\n- ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes).\n- ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes).\n- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes).\n- ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes).\n- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).\n- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes).\n- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes).\n- ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes).\n- ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes).\n- ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes).\n- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).\n- ALSA: seq: Make dependency on UMP clearer (git-fixes).\n- ALSA: seq: remove redundant \u0027tristate\u0027 for SND_SEQ_UMP_CLIENT (stable-fixes).\n- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes).\n- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).\n- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).\n- ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes).\n- ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes).\n- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).\n- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).\n- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).\n- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).\n- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).\n- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes).\n- ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes).\n- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).\n- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).\n- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).\n- ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes).\n- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes).\n- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes).\n- ASoC: cs35l41: check the return value from spi_setup() (git-fixes).\n- ASoC: es8328: fix route from DAC to output (git-fixes).\n- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).\n- ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes).\n- ASoC: ops: Consistently treat platform_max as control value (git-fixes).\n- ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes).\n- ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes).\n- ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes).\n- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).\n- ASoC: rt722-sdca: add missing readable registers (git-fixes).\n- ASoC: tas2764: Fix power control mask (stable-fixes).\n- ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes).\n- ASoC: tas2770: Fix volume scale (stable-fixes).\n- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).\n- Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes).\n- Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes).\n- Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes).\n- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).\n- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).\n- Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes).\n- Bluetooth: hci_event: Fix enabling passive scanning (git-fixes).\n- Documentation: qat: fix auto_reset attribute details (git-fixes).\n- Documentation: qat: fix auto_reset section (git-fixes).\n- Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes).\n- Fix memory-hotplug regression (bsc#1237504)\n- Grab mm lock before grabbing pt lock (git-fixes).\n- HID: Enable playstation driver independently of sony driver (git-fixes).\n- HID: Wacom: Add PCI Wacom device support (stable-fixes).\n- HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes).\n- HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes).\n- HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes).\n- HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes).\n- HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes).\n- HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes).\n- HID: hid-steam: Add Deck IMU support (stable-fixes).\n- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).\n- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).\n- HID: hid-steam: Clean up locking (stable-fixes).\n- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).\n- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).\n- HID: hid-steam: Fix cleanup in probe() (git-fixes).\n- HID: hid-steam: Fix use-after-free when detaching device (git-fixes).\n- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).\n- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).\n- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).\n- HID: hid-steam: remove pointless error message (stable-fixes).\n- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).\n- HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes).\n- HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes).\n- HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes).\n- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes).\n- HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes).\n- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes).\n- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).\n- HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes).\n- HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes).\n- IB/mad: Check available slots before posting receive WRs (git-fixes)\n- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)\n- Input: ads7846 - fix gpiod allocation (git-fixes).\n- Input: allocate keycode for phone linking (stable-fixes).\n- Input: i8042 - add required quirks for missing old boardnames (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes).\n- Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes).\n- Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes).\n- Input: iqs7222 - preserve system status register (git-fixes).\n- Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes).\n- Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes).\n- Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes).\n- Input: xpad - add multiple supported devices (stable-fixes).\n- Input: xpad - add support for TECNO Pocket Go (stable-fixes).\n- Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes).\n- Input: xpad - rename QH controller to Legion Go S (stable-fixes).\n- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).\n- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).\n- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).\n- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).\n- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).\n- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).\n- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).\n- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)\n- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).\n- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).\n- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).\n- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).\n- KVM: x86/mmu: Skip the \"try unsync\" path iff the old SPTE was a leaf SPTE (git-fixes).\n- KVM: x86: AMD\u0027s IBPB is not equivalent to Intel\u0027s IBPB (git-fixes).\n- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).\n- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).\n- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).\n- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).\n- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).\n- KVM: x86: Reject Hyper-V\u0027s SEND_IPI hypercalls if local APIC isn\u0027t in-kernel (git-fixes).\n- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).\n- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).\n- Move upstreamed ACPI patch into sorted section\n- Move upstreamed PCI and initramfs patches into sorted section\n- Move upstreamed nfsd and sunrpc patches into sorted section\n- Move upstreamed powerpc and SCSI patches into sorted section\n- PCI/ACS: Fix \u0027pci=config_acs=\u0027 parameter (git-fixes).\n- PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes).\n- PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853)\n- PCI/DOE: Support discovery version 2 (bsc#1237853)\n- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).\n- PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes).\n- PCI: Avoid reset when disabled via sysfs (git-fixes).\n- PCI: Fix BAR resizing when VF BARs are assigned (git-fixes).\n- PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes).\n- PCI: Fix reference leak in pci_register_host_bridge() (git-fixes).\n- PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes).\n- PCI: Use downstream bridges for distributing resources (bsc#1237325).\n- PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes).\n- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes).\n- PCI: brcmstb: Fix potential premature regulator disabling (git-fixes).\n- PCI: brcmstb: Set generation limit before PCIe link up (git-fixes).\n- PCI: brcmstb: Use internal register to change link capability (git-fixes).\n- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes).\n- PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes).\n- PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes).\n- PCI: hookup irq_get_affinity callback (bsc#1236896).\n- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).\n- PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes).\n- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).\n- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes).\n- PM: sleep: Adjust check before setting power.must_resume (git-fixes).\n- PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes).\n- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).\n- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes)\n- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes)\n- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)\n- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)\n- RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes)\n- RDMA/efa: Reset device on probe failure (git-fixes)\n- RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes)\n- RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes)\n- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)\n- RDMA/hns: Fix missing xa_destroy() (git-fixes)\n- RDMA/hns: Fix soft lockup during bt pages loop (git-fixes)\n- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes)\n- RDMA/hns: Fix wrong value of max_sge_rd (git-fixes)\n- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).\n- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).\n- RDMA/mlx5: Fix AH static rate parsing (git-fixes)\n- RDMA/mlx5: Fix MR cache initialization error flow (git-fixes)\n- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)\n- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)\n- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)\n- RDMA/mlx5: Fix cache entry update on dereg error (git-fixes)\n- RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes)\n- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)\n- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes)\n- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)\n- RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes)\n- RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes)\n- RDMA/rxe: Improve newline in printing messages (git-fixes)\n- Reapply \"wifi: ath11k: restore country code during resume\" (bsc#1207948).\n- Revert \"blk-throttle: Fix IO hang for a corner case\" (git-fixes).\n- Revert \"dm: requeue IO if mapping table not yet available\" (git-fixes).\n- Revert \"drivers/card_reader/rtsx_usb: Restore interrupt based detection\" (git-fixes).\n- Revert \"drm/amd/display: Use HW lock mgr for PSR1\" (stable-fixes).\n- Revert \"leds-pca955x: Remove the unused function pca95xx_num_led_regs()\" (stable-fixes).\n- Revert \"wifi: ath11k: restore country code during resume\" (bsc#1207948).\n- Revert \"wifi: ath11k: support hibernation\" (bsc#1207948).\n- SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes).\n- SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes).\n- SUNRPC: convert RPC_TASK_* constants to enum (git-fixes).\n- UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes).\n- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).\n- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).\n- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).\n- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).\n- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).\n- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).\n- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).\n- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes).\n- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).\n- USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes).\n- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).\n- USB: serial: option: drop MeiG Smart defines (stable-fixes).\n- USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes).\n- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).\n- USB: serial: option: match on interface class for Telit FN990B (stable-fixes).\n- Update \"drm/mgag200: Added support for the new device G200eH5\" (jsc#PED-12094)\n- Use gcc-13 for build on SLE16 (jsc#PED-10028).\n- accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes).\n- accel/qaic: Fix possible data corruption in BOs \u003e 2G (git-fixes).\n- acct: block access to kernel internal filesystems (git-fixes).\n- acct: perform last write from workqueue (git-fixes).\n- acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes).\n- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).\n- af_unix: Annotate data-race of sk-\u003esk_state in unix_stream_read_skb() (bsc#1239435).\n- af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435).\n- af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334).\n- affs: do not write overlarge OFS data block size fields (git-fixes).\n- affs: generate OFS sequence numbers starting at 1 (git-fixes).\n- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).\n- arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052)\n- arch_topology: init capacity_freq_ref to 0 (bsc#1238052)\n- arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052)\n- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)\n- arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes)\n- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)\n- arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052)\n- arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052)\n- arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052)\n- arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052)\n- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)\n- arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes)\n- arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes)\n- arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes)\n- arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes)\n- arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes)\n- arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes)\n- arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes)\n- arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes)\n- arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes)\n- arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes)\n- arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes)\n- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes)\n- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes)\n- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes)\n- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes)\n- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)\n- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)\n- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)\n- arm64: mm: Correct the update of max_pfn (git-fixes)\n- arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes)\n- arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes)\n- ata: ahci: Add mask_port_map module parameter (git-fixes).\n- ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes).\n- ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes).\n- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).\n- ata: libata: Fix NCQ Non-Data log not supported print (git-fixes).\n- ata: pata_parport: add custom version of wait_after_reset (git-fixes).\n- ata: pata_parport: fit3: implement IDE command set registers (git-fixes).\n- ata: pata_serverworks: Do not use the term blacklist (git-fixes).\n- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes).\n- ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes).\n- auxdisplay: panel: Fix an API misuse in panel.c (git-fixes).\n- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes).\n- batman-adv: Drop unmanaged ELP metric worker (git-fixes).\n- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).\n- batman-adv: Ignore own maximum aggregation size during RX (git-fixes).\n- batman-adv: fix panic during interface removal (git-fixes).\n- bio-integrity: do not restrict the size of integrity metadata (git-fixes).\n- bitmap: introduce generic optimized bitmap_size() (git-fixes).\n- blk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage (bsc#1237558).\n- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).\n- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).\n- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).\n- blk-mq: add number of queue calc helper (bsc#1236897).\n- blk-mq: create correct map for fallback case (bsc#1236896).\n- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).\n- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).\n- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).\n- blk-mq: move cpuhp callback registering out of q-\u003esysfs_lock (git-fixes).\n- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).\n- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).\n- blk_iocost: remove some duplicate irq disable/enables (git-fixes).\n- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).\n- block: Clear zone limits for a non-zoned stacked queue (git-fixes).\n- block: Fix elevator_get_default() checking for NULL q-\u003etag_set (git-fixes).\n- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).\n- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).\n- block: Provide bdev_open_* functions (git-fixes).\n- block: Remove special-casing of compound pages (git-fixes).\n- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).\n- block: add a disk_has_partscan helper (git-fixes).\n- block: add a partscan sysfs attribute for disks (git-fixes).\n- block: add check of \u0027minors\u0027 and \u0027first_minor\u0027 in device_add_disk() (git-fixes).\n- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).\n- block: change rq_integrity_vec to respect the iterator (git-fixes).\n- block: cleanup and fix batch completion adding conditions (git-fixes).\n- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).\n- block: do not revert iter for -EIOCBQUEUED (git-fixes).\n- block: ensure we hold a queue reference when using queue limits (git-fixes).\n- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).\n- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).\n- block: fix integer overflow in BLKSECDISCARD (git-fixes).\n- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).\n- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).\n- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).\n- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).\n- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).\n- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).\n- block: retry call probe after request_module in blk_request_module (git-fixes).\n- block: return unsigned int from bdev_io_min (git-fixes).\n- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).\n- block: support to account io_ticks precisely (git-fixes).\n- block: use the right type for stub rq_integrity_vec() (git-fixes).\n- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).\n- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).\n- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).\n- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).\n- bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes).\n- bpf: Check size for BTF-based ctx access of pointer members (git-fixes).\n- bpf: Fix a verifier verbose message (git-fixes).\n- bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes).\n- bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes).\n- bpf: Use -Wno-error in certain tests when building with GCC (git-fixes).\n- bpf: avoid holding freeze_mutex during mmap operation (git-fixes).\n- bpf: fix potential error return (git-fixes).\n- bpf: prevent r10 register from being marked as precise (git-fixes).\n- bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes).\n- broadcom: fix supported flag check in periodic output function (git-fixes).\n- btrfs: check delayed refs when we\u0027re checking if a ref exists (bsc#1239605).\n- btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045).\n- btrfs: drop the backref cache during relocation if we commit (bsc#1239605).\n- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).\n- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).\n- btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045).\n- btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045).\n- btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045).\n- bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes).\n- bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes).\n- bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes).\n- bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes).\n- bus: simple-pm-bus: fix forced runtime PM use (git-fixes).\n- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).\n- can: ctucanfd: handle skb allocation failure (git-fixes).\n- can: etas_es58x: fix potential NULL pointer dereference on udev-\u003eserial (git-fixes).\n- can: flexcan: disable transceiver during system PM (git-fixes).\n- can: flexcan: only change CAN state when link up in system PM (git-fixes).\n- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).\n- can: rcar_canfd: Fix page entries in the AFL list (git-fixes).\n- can: ucan: fix out of bound read in strscpy() source (git-fixes).\n- cdx: Fix possible UAF error in driver_override_show() (git-fixes).\n- char: misc: deallocate static minor in error path (git-fixes).\n- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).\n- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).\n- cifs: Remove intermediate object of failed create reparse call (git-fixes).\n- cifs: commands that are retried should have replay flag set (bsc#1231432).\n- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).\n- cifs: helper function to check replayable error codes (bsc#1231432).\n- cifs: new mount option called retrans (bsc#1231432).\n- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).\n- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).\n- cifs: update desired access while requesting for directory lease (git-fixes).\n- cifs: update the same create_guid on replay (git-fixes).\n- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).\n- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).\n- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).\n- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).\n- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).\n- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).\n- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).\n- clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes).\n- config: Set gcc version (jsc#PED-12251).\n- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).\n- counter: fix privdata alignment (git-fixes).\n- counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes).\n- counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes).\n- cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856)\n- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).\n- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).\n- cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707).\n- cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856)\n- cpufreq/cppc: Move and rename (bsc#1237856)\n- cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052)\n- cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052)\n- cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052)\n Keep the feature disabled by default on x86_64\n- cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856)\n- cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856)\n- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).\n- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).\n- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).\n- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).\n- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).\n- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).\n- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).\n- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).\n- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).\n- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).\n- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).\n- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).\n- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).\n- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).\n- cpumask: add cpumask_weight_andnot() (bsc#1239015).\n- cpumask: define cleanup function for cpumasks (bsc#1239015).\n- crypto: ccp - Fix check for the primary ASP device (git-fixes).\n- crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).\n- crypto: hisilicon/sec2 - fix for sec spec check (git-fixes).\n- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).\n- crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416).\n- crypto: iaa - Change desc-\u003epriv to 0 (jsc#PED-12416).\n- crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416).\n- crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416).\n- crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416).\n- crypto: iaa - Remove header table code (jsc#PED-12416).\n- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416).\n- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init()\n- crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416).\n- crypto: iaa - Test the correct request flag (git-fixes).\n- crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416).\n- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416).\n- crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416).\n- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416).\n- crypto: iaa - remove unneeded semicolon (jsc#PED-12416).\n- crypto: nx - Fix uninitialised hv_nxc on error (git-fixes).\n- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416).\n- crypto: qat - Constify struct pm_status_row (jsc#PED-12416).\n- crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416).\n- crypto: qat - Fix spelling mistake \"Invalide\" -\u003e \"Invalid\" (jsc#PED-12416).\n- crypto: qat - Fix typo \"accelaration\" (jsc#PED-12416).\n- crypto: qat - Fix typo (jsc#PED-12416).\n- crypto: qat - Remove trailing space after \\n newline (jsc#PED-12416).\n- crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416).\n- crypto: qat - add admin msgs for telemetry (jsc#PED-12416).\n- crypto: qat - add auto reset on error (jsc#PED-12416).\n- crypto: qat - add bank save and restore flows (jsc#PED-12416).\n- crypto: qat - add fatal error notification (jsc#PED-12416).\n- crypto: qat - add fatal error notify method (jsc#PED-12416).\n- crypto: qat - add heartbeat error simulator (jsc#PED-12416).\n- crypto: qat - add interface for live migration (jsc#PED-12416).\n- crypto: qat - add support for 420xx devices (jsc#PED-12416).\n- crypto: qat - add support for device telemetry (jsc#PED-12416).\n- crypto: qat - add support for ring pair level telemetry (jsc#PED-12416).\n- crypto: qat - adf_get_etr_base() helper (jsc#PED-12416).\n- crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416).\n- crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416).\n- crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416).\n- crypto: qat - disable arbitration before reset (jsc#PED-12416).\n- crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416).\n- crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416).\n- crypto: qat - fix \"Full Going True\" macro definition (jsc#PED-12416).\n- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416).\n- crypto: qat - fix comment structure (jsc#PED-12416).\n- crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416).\n- crypto: qat - fix recovery flow for VFs (jsc#PED-12416).\n- crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416).\n- crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416).\n- crypto: qat - implement dh fallback for primes \u003e 4K (jsc#PED-12416).\n- crypto: qat - implement interface for live migration (jsc#PED-12416).\n- crypto: qat - improve aer error reset handling (jsc#PED-12416).\n- crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416).\n- crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416).\n- crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416).\n- crypto: qat - limit heartbeat notifications (jsc#PED-12416).\n- crypto: qat - make adf_ctl_class constant (jsc#PED-12416).\n- crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416).\n- crypto: qat - move PFVF compat checker to a function (jsc#PED-12416).\n- crypto: qat - move fw config related structures (jsc#PED-12416).\n- crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416).\n- crypto: qat - re-enable sriov after pf reset (jsc#PED-12416).\n- crypto: qat - relocate CSR access code (jsc#PED-12416).\n- crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416).\n- crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416).\n- crypto: qat - remove access to parity register for QAT GEN4 (git-fixes).\n- crypto: qat - remove unnecessary description from comment (jsc#PED-12416).\n- crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416).\n- crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416).\n- crypto: qat - set parity error mask for qat_420xx (git-fixes).\n- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416).\n- crypto: qat - update PFVF protocol for recovery (jsc#PED-12416).\n- crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416).\n- crypto: qat - validate slices count returned by FW (jsc#PED-12416).\n- crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416).\n- cxgb4: Avoid removal of uninserted tid (git-fixes).\n- cxgb4: use port number to set mac addr (git-fixes).\n- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).\n- dlm: fix srcu_read_lock() return type to int (git-fixes).\n- dlm: prevent NPD when writing a positive value to event_done (git-fixes).\n- dm array: fix cursor index when skipping across block boundaries (git-fixes).\n- dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes).\n- dm init: Handle minors larger than 255 (git-fixes).\n- dm integrity: fix out-of-range warning (git-fixes).\n- dm persistent data: fix memory allocation failure (git-fixes).\n- dm resume: do not return EINVAL when signalled (git-fixes).\n- dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes).\n- dm thin: Add missing destroy_work_on_stack() (git-fixes).\n- dm-crypt: do not update io-\u003esector after kcryptd_crypt_write_io_submit() (git-fixes).\n- dm-crypt: track tag_offset in convert_context (git-fixes).\n- dm-delay: fix hung task introduced by kthread mode (git-fixes).\n- dm-delay: fix max_delay calculations (git-fixes).\n- dm-delay: fix workqueue delay_timer race (git-fixes).\n- dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes).\n- dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes).\n- dm-integrity: align the outgoing bio in integrity_recheck (git-fixes).\n- dm-integrity: fix a race condition when accessing recalc_sector (git-fixes).\n- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes).\n- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes).\n- dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes).\n- dm: Fix typo in error message (git-fixes).\n- dma: kmsan: export kmsan_handle_dma() for modules (git-fixes).\n- doc/README.SUSE: Point to the updated version of LKMPG\n- doc: update managed_irq documentation (bsc#1236897).\n- driver core: Remove needless return in void API device_remove_group() (git-fixes).\n- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).\n- drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes).\n- drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes).\n- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes).\n- drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes).\n- drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes).\n- drm/amd/display: Fix HPD after gpu reset (stable-fixes).\n- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).\n- drm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in resource_build_scaling_params (git-fixes).\n- drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes).\n- drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes).\n- drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes).\n- drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes).\n- drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes).\n- drm/amd/pm/smu11: Prevent division by zero (git-fixes).\n- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).\n- drm/amd/pm: Prevent division by zero (git-fixes).\n- drm/amd: Keep display off while going into S4 (stable-fixes).\n- drm/amdgpu/dma_buf: fix page_link check (git-fixes).\n- drm/amdgpu/gfx11: fix num_mec (git-fixes).\n- drm/amdgpu/umsch: declare umsch firmware (git-fixes).\n- drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes).\n- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes).\n- drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes).\n- drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to\n avoid Priority Inversion in SRIOV (git-fixes).\n- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).\n- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).\n- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).\n- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).\n- drm/amdkfd: Fix Circular Locking Dependency in \u0027svm_range_cpu_invalidate_pagetables\u0027 (git-fixes).\n- drm/amdkfd: only flush the validate MES contex (stable-fixes).\n- drm/atomic: Filter out redundant DPMS calls (stable-fixes).\n- drm/bridge: Fix spelling mistake \"gettin\" -\u003e \"getting\" (git-fixes).\n- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).\n- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).\n- drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes).\n- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).\n- drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes).\n- drm/dp_mst: Add a helper to queue a topology probe (stable-fixes).\n- drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes).\n- drm/dp_mst: Fix drm RAD print (git-fixes).\n- drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes).\n- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes).\n- drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes).\n- drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes).\n- drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes).\n- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).\n- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).\n- drm/i915/dsi: Use TRANS_DDI_FUNC_CTL\u0027s own port width macro (git-fixes).\n- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).\n- drm/i915/huc: Fix fence not released on early probe errors (git-fixes).\n- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).\n- drm/i915/selftests: avoid using uninitialized context (git-fixes).\n- drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes).\n- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).\n- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).\n- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).\n- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).\n- drm/mediatek: dp: drm_err =\u003e dev_err in HPD path to avoid NULL ptr (git-fixes).\n- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes).\n- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes).\n- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes).\n- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)\n- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).\n- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes).\n- drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes).\n- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).\n- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).\n- drm/msm/dpu: do not use active in atomic_check() (git-fixes).\n- drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes).\n- drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes).\n- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).\n- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).\n- drm/msm: Avoid rounding up to one jiffy (git-fixes).\n- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).\n- drm/nouveau: Do not override forced connector status (stable-fixes).\n- drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes).\n- drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes).\n- drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes).\n- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes).\n- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes).\n- drm/repaper: fix integer overflows in repeat functions (git-fixes).\n- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).\n- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).\n- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).\n- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).\n- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).\n- drm/sched: Fix fence reference count leak (git-fixes).\n- drm/sched: Fix preprocessor guard (git-fixes).\n- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes).\n- drm/ssd130x: ensure ssd132x pitch is correct (git-fixes).\n- drm/ssd130x: fix ssd132x encoding (git-fixes).\n- drm/sti: remove duplicate object names (git-fixes).\n- drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes).\n- drm/virtio: New fence for every plane update (stable-fixes).\n- drm/vkms: Fix use after free and double free on init error (git-fixes).\n- drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes).\n- drm: xlnx: zynqmp: Fix max dma segment size (git-fixes).\n- dummycon: fix default rows/cols (git-fixes).\n- eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes).\n- efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349).\n- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).\n- efi: libstub: Use \u0027-std=gnu11\u0027 to fix build with GCC 15 (stable-fixes).\n- eth: gve: use appropriate helper to set xdp_features (git-fixes).\n- exfat: convert to ctime accessor functions (git-fixes).\n- exfat: do not zero the extended part (bsc#1237356).\n- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).\n- exfat: fix file being changed by unaligned direct write (git-fixes).\n- exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes).\n- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).\n- exfat: fix zero the unwritten part for dio read (git-fixes).\n- fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes).\n- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).\n- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).\n- fbdev: sm501fb: Add some geometry checks (git-fixes).\n- firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes).\n- firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes).\n- firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes).\n- firmware: cs_dsp: Remove async regmap writes (git-fixes).\n- firmware: imx-scu: fix OF node leak in .probe() (git-fixes).\n- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).\n- flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994).\n- futex: Do not include process MM in futex key on no-MMU (git-fixes).\n- gpio: aggregator: protect driver attr handlers against module unload (git-fixes).\n- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).\n- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).\n- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).\n- gpio: pca953x: Improve interrupt support (git-fixes).\n- gpio: rcar: Fix missing of_node_put() call (git-fixes).\n- gpio: rcar: Use raw_spinlock to protect register access (stable-fixes).\n- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).\n- gpio: tegra186: fix resource handling in ACPI probe path (git-fixes).\n- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).\n- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).\n- gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes).\n- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes).\n- gup: make the stack expansion warning a bit more targeted (bsc#1238214).\n- hfs: Sanity check the root record (git-fixes).\n- hwmon: (ad7314) Validate leading zero bits and return error (git-fixes).\n- hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes).\n- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes).\n- hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes).\n- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes).\n- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).\n- i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes).\n- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes).\n- i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes).\n- i2c: ls2x: Fix frequency division register access (git-fixes).\n- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).\n- i2c: omap: fix IRQ storms (git-fixes).\n- i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes).\n- i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes).\n- i3c: master: svc: Fix missing the IBI rules (git-fixes).\n- i3c: master: svc: Use readsb helper for reading MDB (git-fixes).\n- iavf: allow changing VLAN state without calling PF (git-fixes).\n- ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518).\n- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).\n- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).\n- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).\n- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).\n- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).\n- ice: fix max values for dpll pin phase adjust (git-fixes).\n- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).\n- ice: gather page_count()\u0027s of each frag right before XDP prog call (git-fixes).\n- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).\n- ice: put Rx buffers after being done with current frame (git-fixes).\n- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).\n- ice: use internal pf id instead of function number (git-fixes).\n- idpf: add read memory barrier when checking descriptor done bit (git-fixes).\n- idpf: call set_real_num_queues in idpf_open (bsc#1236661).\n- idpf: convert workqueues to unbound (git-fixes).\n- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).\n- idpf: fix handling rsc packet with a single segment (git-fixes).\n- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).\n- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).\n- igc: return early when failing to read EECD register (git-fixes).\n- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes).\n- iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes).\n- iio: adc: ad4130: Fix comparison of channel setups (git-fixes).\n- iio: adc: ad7124: Fix comparison of channel configs (git-fixes).\n- iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes).\n- iio: dac: ad3552r: clear reset status flag (git-fixes).\n- iio: filter: admv8818: Force initialization of SDO (git-fixes).\n- include/linux/mmzone.h: clean up watermark accessors (bsc#1239600).\n- include: net: add static inline dst_dev_overhead() to dst.h (git-fixes).\n- init: add initramfs_internal.h (bsc#1232848).\n- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).\n- initramfs: allocate heap buffers together (bsc#1232848).\n- initramfs: fix hardlink hash leak without TRAILER (bsc#1232848).\n- intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes).\n- intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes).\n- intel_th: pci: Add Arrow Lake support (stable-fixes).\n- intel_th: pci: Add Panther Lake-H support (stable-fixes).\n- intel_th: pci: Add Panther Lake-P/U support (stable-fixes).\n- ioam6: improve checks on user data (git-fixes).\n- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).\n- iommu/vt-d: Fix suspicious RCU usage (git-fixes).\n- ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994).\n- ipv4: use RCU protection in inet_select_addr() (bsc#1239994).\n- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994).\n- ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994).\n- ipv4: use RCU protection in rt_is_expired() (bsc#1239994).\n- ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes).\n- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes).\n- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes).\n- ipv6: Use RCU in ip6_input() (bsc#1239994).\n- ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes).\n- ipv6: avoid atomic fragment on GSO packets (git-fixes).\n- ipv6: fib6_rules: flush route cache when rule is changed (git-fixes).\n- ipv6: fib: hide unused \u0027pn\u0027 variable (git-fixes).\n- ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes).\n- ipv6: fix potential NULL deref in fib6_add() (git-fixes).\n- ipv6: icmp: convert to dev_net_rcu() (bsc#1239994).\n- ipv6: introduce dst_rt6_info() helper (git-fixes).\n- ipv6: ioam: block BH from ioam6_output() (git-fixes).\n- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes).\n- ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).\n- ipv6: sr: add missing seg6_local_exit (git-fixes).\n- ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes).\n- ipv6: take care of scope when choosing the src addr (git-fixes).\n- jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes).\n- jfs: add check read-only before txBeginAnon() call (git-fixes).\n- jfs: add index corruption check to DT_GETPAGE() (git-fixes).\n- jfs: fix slab-out-of-bounds read in ea_get() (git-fixes).\n- jfs: reject on-disk inodes of an unsupported type (git-fixes).\n- kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes)\n- kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).\n- kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).\n- kABI fix for netlink: terminate outstanding dump on socket close (git-fixes).\n- kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes).\n- kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes).\n- kABI workaround for intel-ish-hid (git-fixes).\n- kABI workaround for soc_mixer_control changes (git-fixes).\n- kabi: fix bus type (bsc#1236896).\n- kabi: fix group_cpus_evenly (bsc#1236897).\n- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).\n- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).\n- kbuild: hdrcheck: fix cross build with clang (git-fixes).\n- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).\n- kernel-binary: Support livepatch_rt with merged RT branch\n- kernel-source: Also replace bin/env\n- kunit: qemu_configs: sparc: use Zilog console (git-fixes).\n- l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes).\n- l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes).\n- l2tp: fix lockdep splat (git-fixes).\n- leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes).\n- leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes).\n- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).\n- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).\n- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).\n- lib: 842: Improve error handling in sw842_compress() (git-fixes).\n- lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes).\n- lib: stackinit: hide never-taken branch from compiler (stable-fixes).\n- libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Rename perf_cpu_map__default_new() to\n perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698\n jsc#PED-12309).\n- libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309).\n- lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes).\n- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).\n- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).\n- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).\n- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).\n- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).\n- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).\n- md/md-bitmap: add \u0027sync_size\u0027 into struct md_bitmap_stats (git-fixes).\n- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).\n- md/md-cluster: fix spares warnings for __le64 (git-fixes).\n- md/raid0: do not free conf on raid0_run failure (git-fixes).\n- md/raid1: do not free conf on raid0_run failure (git-fixes).\n- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).\n- md: Do not flush sync_work in md_write_start() (git-fixes).\n- md: convert comma to semicolon (git-fixes).\n- mdacon: rework dependency list (git-fixes).\n- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).\n- media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes).\n- media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes).\n- media: i2c: adv748x: Fix test pattern selection mask (git-fixes).\n- media: i2c: ccs: Set the device\u0027s runtime PM status correctly in remove (git-fixes).\n- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes).\n- media: i2c: ov7251: Set enable GPIO low in probe (git-fixes).\n- media: ov08x40: Fix hblank out of range issue (git-fixes).\n- media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes).\n- media: platform: stm32: Add check for clk_enable() (git-fixes).\n- media: siano: Fix error handling in smsdvb_module_init() (git-fixes).\n- media: streamzap: fix race between device disconnection and urb callback (git-fixes).\n- media: streamzap: prevent processing IR data on URB failure (git-fixes).\n- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).\n- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).\n- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).\n- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes).\n- media: venus: hfi: add a check to handle OOB in sfr region (git-fixes).\n- media: venus: hfi: add check to handle incorrect queue size (git-fixes).\n- media: venus: hfi_parser: add check to avoid out of bound access (git-fixes).\n- media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes).\n- media: verisilicon: HEVC: Initialize start_bit field (git-fixes).\n- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).\n- media: vim2m: print device name after registering device (git-fixes).\n- media: visl: Fix ERANGE error when setting enum controls (git-fixes).\n- mei: me: add panther lake P DID (stable-fixes).\n- memblock tests: fix warning: \"__ALIGN_KERNEL\" redefined (git-fixes).\n- memory: mtk-smi: Add ostd setting for mt8192 (git-fixes).\n- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes).\n- mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes).\n- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).\n- mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes).\n- mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes).\n- mfd: syscon: Fix race in device_node_get_regmap() (git-fixes).\n- mfd: syscon: Remove extern from function prototypes (stable-fixes).\n- mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes).\n- mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)).\n- mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600).\n- mm: accept to promo watermark (bsc#1239600).\n- mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600).\n- mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600).\n- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)\n- mm: zswap: move allocations during CPU init outside the lock (git-fixes).\n- mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes).\n- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).\n- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).\n- mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes).\n- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes).\n- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).\n- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes).\n- mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes).\n- mptcp: export local_address (git-fixes)\n- mptcp: fix NL PM announced address accounting (git-fixes)\n- mptcp: fix data races on local_id (git-fixes)\n- mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)\n- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)\n- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)\n- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)\n- mptcp: pm: deny endp with signal + subflow + port (git-fixes)\n- mptcp: pm: do not ignore \u0027subflow\u0027 if \u0027signal\u0027 flag is also set (git-fixes)\n- mptcp: pm: do not try to create sf if alloc failed (git-fixes)\n- mptcp: pm: fullmesh: select the right ID later (git-fixes)\n- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)\n- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)\n- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)\n- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)\n- mptcp: pm: re-using ID of unused removed subflows (git-fixes)\n- mptcp: pm: reduce indentation blocks (git-fixes)\n- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)\n- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)\n- mptcp: unify pm get_local_id interfaces (git-fixes)\n- mptcp: unify pm set_flags interfaces (git-fixes)\n- mtd: Add check for devm_kcalloc() (git-fixes).\n- mtd: Replace kcalloc() with devm_kcalloc() (git-fixes).\n- mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes).\n- mtd: nand: Fix a kdoc comment (git-fixes).\n- mtd: rawnand: Add status chack in r852_ready() (git-fixes).\n- mtd: rawnand: brcmnand: fix PM resume warning (git-fixes).\n- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).\n- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).\n- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).\n- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).\n- nbd: Fix signal handling (git-fixes).\n- nbd: Improve the documentation of the locking assumptions (git-fixes).\n- nbd: do not allow reconnect after disconnect (git-fixes).\n- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994).\n- ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994).\n- net l2tp: drop flow hash on forward (git-fixes).\n- net/mlx5: Correct TASR typo into TSAR (git-fixes).\n- net/mlx5: Fix RDMA TX steering prio (git-fixes).\n- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).\n- net/mlx5: SF, Fix add port error handling (git-fixes).\n- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).\n- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).\n- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).\n- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).\n- net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes).\n- net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes).\n- net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes).\n- net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes).\n- net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes).\n- net/sched: flower: Add lock protection when remove filter handle (git-fixes).\n- net/sched: taprio: make q-\u003epicos_per_byte available to fill_sched_entry() (git-fixes).\n- net/sched: tbf: correct backlog statistic for GSO packets (git-fixes).\n- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).\n- net: Fix undefined behavior in netdev name allocation (bsc#1233749).\n- net: add dev_net_rcu() helper (bsc#1239994).\n- net: avoid UAF on deleted altname (bsc#1233749).\n- net: check for altname conflicts when changing netdev\u0027s netns (bsc#1233749).\n- net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes).\n- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).\n- net: do not send a MOVE event when netdev changes netns (bsc#1233749).\n- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).\n- net: fix ifname in netlink ntf during netns move (bsc#1233749).\n- net: fix removing a namespace with conflicting altnames (bsc#1233749).\n- net: free altname using an RCU callback (bsc#1233749).\n- net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes).\n- net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes).\n- net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes).\n- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes).\n- net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes).\n- net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes).\n- net: ipv6: ioam6: code alignment (git-fixes).\n- net: ipv6: ioam6: new feature tunsrc (git-fixes).\n- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes).\n- net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes).\n- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes).\n- net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).\n- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).\n- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).\n- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).\n- net: mana: Allow variable size indirection table (bsc#1239016).\n- net: mana: Assigning IRQ affinity on HT cores (bsc#1239015).\n- net: mana: Avoid open coded arithmetic (bsc#1239016).\n- net: mana: Cleanup \"mana\" debugfs dir after cleanup of all children (bsc#1236760).\n- net: mana: Enable debugfs files for MANA device (bsc#1236758).\n- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015).\n- net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015).\n- net: mana: Support holes in device list reply msg (git-fixes).\n- net: mana: add a function to spread IRQs per CPUs (bsc#1239015).\n- net: mana: cleanup mana struct after debugfs_remove() (git-fixes).\n- net: move altnames together with the netdevice (bsc#1233749).\n- net: netvsc: Update default VMBus channels (bsc#1236757).\n- net: reduce indentation of __dev_alloc_name() (bsc#1233749).\n- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).\n- net: remove else after return in dev_prep_valid_name() (bsc#1233749).\n- net: rose: lock the socket in rose_bind() (git-fixes).\n- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).\n- net: smc: fix spurious error message from __sock_release() (bsc#1237126).\n- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).\n- net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes).\n- net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes).\n- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480).\n- net: use unrcu_pointer() helper (git-fixes).\n- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).\n- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes).\n- net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes).\n- net_sched: sch_sfq: annotate data-races around q-\u003eperturb_period (git-fixes).\n- net_sched: sch_sfq: handle bigger packets (git-fixes).\n- nfs: clear SB_RDONLY before getting superblock (bsc#1238565).\n- nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565).\n- nfsd: clear acl_access/acl_default after releasing them (git-fixes).\n- nfsd: put dl_stid if fail to queue dl_recall (git-fixes).\n- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).\n- ntb: Force physically contiguous allocation of rx ring buffers (git-fixes).\n- ntb: intel: Fix using link status DB\u0027s (git-fixes).\n- ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes).\n- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes).\n- ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes).\n- ntb_perf: Fix printk format (git-fixes).\n- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).\n- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).\n- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).\n- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).\n- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).\n- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).\n- null_blk: fix validation of block size (git-fixes).\n- nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649).\n- nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649).\n- nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649).\n- nvme-fc: use ctrl state getter (git-fixes).\n- nvme-ioctl: fix leaked requests on mapping error (git-fixes).\n- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).\n- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).\n- nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes).\n- nvme-pci: remove stale comment (git-fixes).\n- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).\n- nvme-tcp: Fix a C2HTermReq error message (git-fixes).\n- nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes).\n- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).\n- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes).\n- nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes).\n- nvme/ioctl: add missing space in err message (git-fixes).\n- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).\n- nvme: introduce nvme_disk_is_ns_head helper (git-fixes).\n- nvme: make nvme_tls_attrs_group static (git-fixes).\n- nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes).\n- nvme: move passthrough logging attribute to head (git-fixes).\n- nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649).\n- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- nvme: tcp: Fix compilation warning with W=1 (git-fixes).\n- nvmet-fc: Remove unused functions (git-fixes).\n- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes).\n- nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes).\n- nvmet: Fix crash when a namespace is disabled (git-fixes).\n- nvmet: remove old function prototype (git-fixes).\n- objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes).\n- objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes).\n- objtool: Fix segfault in ignore_unreachable_insn() (git-fixes).\n- ocfs2: check dir i_size in ocfs2_find_entry (git-fixes).\n- ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes).\n- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).\n- ocfs2: handle a symlink read error correctly (git-fixes).\n- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes).\n- ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes).\n- orangefs: fix a oob in orangefs_debug_write (git-fixes).\n- padata: Clean up in padata_do_multithreaded() (bsc#1237563).\n- padata: Honor the caller\u0027s alignment in case of chunk_size 0 (bsc#1237563).\n- padata: fix sysfs store callback check (git-fixes).\n- partitions: ldm: remove the initial kernel-doc notation (git-fixes).\n- partitions: mac: fix handling of bogus partition table (git-fixes).\n- perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).\n- perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).\n- perf tools: annotate asm_pure_loop.S (bsc#1239906).\n- perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309).\n- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).\n- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).\n- phy: tegra: xusb: reset VBUS \u0026 ID OVERRIDE (git-fixes).\n- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes).\n- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).\n- pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes).\n- pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes).\n- pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes).\n- pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes).\n- pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes).\n- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).\n- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).\n- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).\n- platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes).\n- platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes).\n- platform/x86: ISST: Correct command storage data length (git-fixes).\n- platform/x86: ISST: Ignore minor version change (bsc#1237452).\n- platform/x86: acer-wmi: Ignore AC events (stable-fixes).\n- platform/x86: dell-ddv: Fix temperature calculation (git-fixes).\n- platform/x86: int3472: Check for adev == NULL (stable-fixes).\n- platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes).\n- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes).\n- platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes).\n- platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes).\n- pnfs/flexfiles: retry getting layout segment for reads (git-fixes).\n- power: supply: da9150-fg: fix potential overflow (git-fixes).\n- power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes).\n- powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes).\n- powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes).\n- powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes).\n- powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes).\n- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).\n- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).\n- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).\n- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).\n- powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573).\n- powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573).\n- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid\n mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932).\n- powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055).\n- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).\n- powerpc: Stop using no_llseek (bsc#1239573).\n- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).\n- r8169: enable SG/TSO on selected chip versions per default (bsc#1235874).\n- rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes).\n- rapidio: fix an API misues when rio_add_net() fails (git-fixes).\n- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).\n- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).\n- rbd: do not move requests to the running list on errors (git-fixes).\n- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).\n- regmap-irq: Add missing kfree() (git-fixes).\n- regulator: check that dummy regulator has been probed before using it (stable-fixes).\n- regulator: core: Fix deadlock in create_regulator() (git-fixes).\n- regulator: dummy: force synchronous probing (git-fixes).\n- rndis_host: Flag RNDIS modems as WWAN devices (git-fixes).\n- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)\n- rpm/release-projects: Update the ALP projects again (bsc#1231293).\n- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)\n- rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013).\n- s390/cio: Fix CHPID \"configure\" attribute caching (git-fixes bsc#1240979).\n- s390/cio: rename bitmap_size() -\u003e idset_bitmap_size() (git-fixes bsc#1236205).\n- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).\n- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).\n- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).\n- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).\n- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).\n- s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978).\n- s390/pci: Ignore RID for isolated VFs (bsc#1236752).\n- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).\n- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).\n- s390/pci: Use topology ID for multi-function devices (bsc#1236752).\n- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).\n- s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594).\n- s390/topology: Improve topology detection (bsc#1236591).\n- s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595).\n- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).\n- sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743).\n- sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052)\n- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).\n- scsi: core: Clear driver private data when retrying request (git-fixes).\n- scsi: core: Do not retry I/Os during depopulation (git-fixes).\n- scsi: core: Handle depopulation and restoration in progress (git-fixes).\n- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).\n- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).\n- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).\n- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).\n- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).\n- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).\n- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).\n- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).\n- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).\n- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).\n- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).\n- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).\n- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).\n- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).\n- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).\n- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).\n- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).\n- scsi: myrb: Remove dead code (git-fixes).\n- scsi: qedi: Fix potential deadlock on \u0026qedi_percpu-\u003ep_work_lock (git-fixes).\n- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).\n- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).\n- scsi: sg: Enable runtime power management (git-fixes).\n- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).\n- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).\n- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).\n- scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375).\n- selftest: hugetlb_dio: fix test naming (git-fixes).\n- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).\n- selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes).\n- selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes).\n- selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes).\n- selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes).\n- selftests/bpf: add fp-leaking precise subprog result tests (git-fixes).\n- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).\n- selftests/mm/cow: fix the incorrect error handling (git-fixes).\n- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).\n- selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes).\n- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).\n- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).\n- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).\n- selftests: mptcp: close fd_in before returning in main_loop (git-fixes).\n- selftests: mptcp: connect: -f: no reconnect (git-fixes).\n- selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes).\n- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).\n- selinux: Implement mptcp_add_subflow hook (bsc#1240375).\n- seq_file: add helper macro to define attribute for rw file (jsc#PED-12416).\n- serial: 8250: Fix fifo underflow on flush (git-fixes).\n- serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes).\n- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).\n- slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes).\n- smb3: fix creating FIFOs when mounting with \"sfu\" mount option (git-fixes).\n- smb3: request handle caching when caching directories (bsc#1231432).\n- smb3: retrying on failed server close (bsc#1231432).\n- smb: cached directories can be more than root file handle (bsc#1231432).\n- smb: cilent: set reparse mount points as automounts (git-fixes).\n- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).\n- smb: client: Fix minor whitespace errors and warnings (git-fixes).\n- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).\n- smb: client: add support for WSL reparse points (git-fixes).\n- smb: client: allow creating special files via reparse points (git-fixes).\n- smb: client: allow creating symlinks via reparse points (git-fixes).\n- smb: client: cleanup smb2_query_reparse_point() (git-fixes).\n- smb: client: destroy cfid_put_wq on module exit (git-fixes).\n- smb: client: do not query reparse points twice on symlinks (git-fixes).\n- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).\n- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).\n- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).\n- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).\n- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).\n- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).\n- smb: client: fix hardlinking of reparse points (git-fixes).\n- smb: client: fix missing mode bits for SMB symlinks (git-fixes).\n- smb: client: fix open_cached_dir retries with \u0027hard\u0027 mount option (bsc#1240616).\n- smb: client: fix possible double free in smb2_set_ea() (git-fixes).\n- smb: client: fix potential broken compound request (git-fixes).\n- smb: client: fix renaming of reparse points (git-fixes).\n- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).\n- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).\n- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).\n- smb: client: handle path separator of created SMB symlinks (git-fixes).\n- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).\n- smb: client: ignore unhandled reparse tags (git-fixes).\n- smb: client: implement -\u003equery_reparse_point() for SMB1 (git-fixes).\n- smb: client: instantiate when creating SFU files (git-fixes).\n- smb: client: introduce -\u003eparse_reparse_point() (git-fixes).\n- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).\n- smb: client: introduce cifs_sfu_make_node() (git-fixes).\n- smb: client: introduce reparse mount option (git-fixes).\n- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).\n- smb: client: move most of reparse point handling code to common file (git-fixes).\n- smb: client: move some params to cifs_open_info_data (bsc#1231432).\n- smb: client: optimise reparse point querying (git-fixes).\n- smb: client: parse owner/group when creating reparse points (git-fixes).\n- smb: client: parse reparse point flag in create response (bsc#1231432).\n- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).\n- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).\n- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).\n- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).\n- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).\n- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).\n- smb: client: retry compound request without reusing lease (git-fixes).\n- smb: client: return reparse type in /proc/mounts (git-fixes).\n- smb: client: reuse file lease key in compound operations (git-fixes).\n- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).\n- smb: client: set correct file type from NFS reparse points (git-fixes).\n- smb: client: stop revalidating reparse points unnecessarily (git-fixes).\n- smb: use kernel_connect() and kernel_bind() (git-fixes).\n- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).\n- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).\n- soc: imx8m: Remove global soc_uid (stable-fixes).\n- soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes).\n- soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes).\n- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).\n- soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes).\n- soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes).\n- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).\n- soc: qcom: pdr: Fix the potential deadlock (git-fixes).\n- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).\n- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).\n- soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes).\n- soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes).\n- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).\n- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).\n- spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes).\n- spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes).\n- spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes).\n- spi: sn-f-ospi: Fix division by zero (git-fixes).\n- splice: do not checksum AF_UNIX sockets (bsc#1240333).\n- staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes).\n- sunrpc: suppress warnings for unused procfs functions (git-fixes).\n- supported.conf: add now-included qat_420xx (external, intel)\n- tcp: Add memory barrier to tcp_push() (git-fixes).\n- tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes).\n- tcp: Annotate data-race around sk-\u003esk_mark in tcp_v4_send_reset (git-fixes).\n- tcp: Defer ts_recent changes until req is owned (git-fixes).\n- tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes).\n- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes).\n- tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes).\n- tcp: Update window clamping condition (git-fixes).\n- tcp: add tcp_done_with_error() helper (git-fixes).\n- tcp: adjust rcvq_space after updating scaling ratio (git-fixes).\n- tcp: annotate data-races around tp-\u003ewindow_clamp (git-fixes).\n- tcp: avoid premature drops in tcp_add_backlog() (git-fixes).\n- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes).\n- tcp: check mptcp-level constraints for backlog coalescing (git-fixes).\n- tcp: check space before adding MPTCP SYN options (git-fixes).\n- tcp: clear tp-\u003eretrans_stamp in tcp_rcv_fastopen_synack() (git-fixes).\n- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes).\n- tcp: define initial scaling factor value as a macro (git-fixes).\n- tcp: derive delack_max from rto_min (git-fixes).\n- tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes).\n- tcp: fix cookie_init_timestamp() overflows (git-fixes).\n- tcp: fix forever orphan socket caused by tcp_abort (git-fixes).\n- tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes).\n- tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes).\n- tcp: fix mid stream window clamp (git-fixes).\n- tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes).\n- tcp: fix race in tcp_write_err() (git-fixes).\n- tcp: fix races in tcp_abort() (git-fixes).\n- tcp: fix races in tcp_v_err() (git-fixes).\n- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it\u0027s safe (git-fixes).\n- tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes).\n- tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes).\n- tcp: increase the default TCP scaling ratio (git-fixes).\n- tcp: introduce tcp_clock_ms() (git-fixes).\n- tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes).\n- tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes).\n- tcp: remove 64 KByte limit for initial tp-\u003ercv_wnd value (git-fixes).\n- tcp: replace tcp_time_stamp_raw() (git-fixes).\n- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).\n- thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes).\n- thermal: int340x: Add NULL check for adev (git-fixes).\n- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).\n- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes).\n- tools: fix annoying \"mkdir -p ...\" logs when building tools in parallel (git-fixes).\n- tools: move alignment-related macros to new \u0026lt;linux/align.h\u003e (git-fixes).\n- topology: Set capacity_freq_ref in all cases (bsc#1238052)\n- tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes).\n- tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870).\n- tpm: do not start chip while suspended (git-fixes).\n- tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870).\n- tpm: tis: Double the timeout B to 4s (bsc#1235870).\n- tpm_tis: Move CRC check to generic send routine (bsc#1235870).\n- tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870).\n- tty: serial: 8250: Add Brainboxes XC devices (stable-fixes).\n- tty: serial: 8250: Add some more device IDs (stable-fixes).\n- tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes).\n- tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes).\n- tty: xilinx_uartps: split sysrq handling (git-fixes).\n- ubi: Add a check for ubi_num (git-fixes).\n- ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes).\n- ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes).\n- ubi: correct the calculation of fastmap size (stable-fixes).\n- ubi: eba: properly rollback inside self_check_eba (git-fixes).\n- ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes).\n- ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes).\n- ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes).\n- ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes).\n- ublk: fix error code for unsupported command (git-fixes).\n- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).\n- ublk: move ublk_cancel_dev() out of ub-\u003emutex (git-fixes).\n- ublk: move zone report data out of request pdu (git-fixes).\n- ucsi_ccg: Do not show failed to get FW build information error (git-fixes).\n- usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes).\n- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).\n- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).\n- usb: chipidea: ci_hdrc_imx: decrement device\u0027s refcount in .remove() and in the error path of .probe() (git-fixes).\n- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).\n- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).\n- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).\n- usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes).\n- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).\n- usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes).\n- usb: gadget: Check bmAttributes only if configuration is valid (git-fixes).\n- usb: gadget: Fix setting self-powered state on suspend (git-fixes).\n- usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes).\n- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).\n- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).\n- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).\n- usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes).\n- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).\n- usb: hub: lack of clearing xHC resources (git-fixes).\n- usb: phy: generic: Use proper helper for property detection (stable-fixes).\n- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes).\n- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).\n- usb: renesas_usbhs: Call clk_put() (git-fixes).\n- usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes).\n- usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes).\n- usb: roles: set switch registered flag early on (git-fixes).\n- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes).\n- usb: typec: ucsi: Fix NULL pointer access (git-fixes).\n- usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes).\n- usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes).\n- usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes).\n- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).\n- usb: xhci: correct debug message page size calculation (git-fixes).\n- usb: xhci: remove \u0027retval\u0027 from xhci_pci_resume() (git-fixes).\n- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).\n- usbnet: ipheth: document scope of NCM implementation (stable-fixes).\n- usbnet:fix NPE during rx_complete (git-fixes).\n- util_macros.h: fix/rework find_closest() macros (git-fixes).\n- vboxsf: fix building with GCC 15 (stable-fixes).\n- vfio/pci: Lock external INTx masking ops (bsc#1222803).\n- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).\n- virtio-mem: check if the config changed before fake offlining memory (git-fixes).\n- virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes).\n- virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes).\n- virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes).\n- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- virtio: hookup irq_get_affinity callback (bsc#1236896).\n- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).\n- vsock/virtio: cancel close work in the destructor (git-fixes)\n- vsock: Keep the binding until socket destruction (git-fixes)\n- vsock: reset socket state when de-assigning the transport (git-fixes)\n- wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes).\n- wifi: ath11k: add srng-\u003elock for ath11k_hal_srng_* in monitor mode (git-fixes).\n- wifi: ath11k: choose default PM policy for hibernation (bsc#1207948).\n- wifi: ath11k: determine PM policy based on machine model (bsc#1207948).\n- wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes).\n- wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes).\n- wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes).\n- wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948).\n- wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948).\n- wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948).\n- wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes).\n- wifi: ath12k: encode max Tx power in scan channel list command (git-fixes).\n- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).\n- wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes).\n- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).\n- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).\n- wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes).\n- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).\n- wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes).\n- wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes).\n- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).\n- wifi: iwlwifi: avoid memory leak (stable-fixes).\n- wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes).\n- wifi: iwlwifi: limit printed string from FW file (git-fixes).\n- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).\n- wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes).\n- wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes).\n- wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes).\n- wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes).\n- wifi: mt76: Add check for devm_kstrdup() (git-fixes).\n- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).\n- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).\n- wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes).\n- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).\n- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).\n- wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes).\n- wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes).\n- wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes).\n- wifi: mwifiex: Fix premature release of RF calibration data (git-fixes).\n- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).\n- wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes).\n- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).\n- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).\n- wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes).\n- wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes).\n- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).\n- x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes).\n- x86/asm: Make serialize() always_inline (git-fixes).\n- x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Temporarily map initrd for microcode loading (git-fixes).\n- x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes).\n- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).\n- x86/coco: Replace \u0027static const cc_mask\u0027 with the newly introduced cc_get_mask() function (git-fixes).\n- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes).\n- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).\n- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).\n- x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes).\n- x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes).\n- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).\n- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes).\n- x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes).\n- x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes).\n- x86/microcode/32: Move early loading after paging enable (git-fixes).\n- x86/microcode/amd: Cache builtin microcode too (git-fixes).\n- x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes).\n- x86/microcode/amd: Use cached microcode for AP load (git-fixes).\n- x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes).\n- x86/microcode/intel: Add a minimum required revision for late loading (git-fixes).\n- x86/microcode/intel: Cleanup code further (git-fixes).\n- x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes).\n- x86/microcode/intel: Remove debug code (git-fixes).\n- x86/microcode/intel: Remove pointless mutex (git-fixes).\n- x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes).\n- x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes).\n- x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes).\n- x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes).\n- x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes).\n- x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes).\n- x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes).\n- x86/microcode/intel: Simplify early loading (git-fixes).\n- x86/microcode/intel: Simplify scan_microcode() (git-fixes).\n- x86/microcode/intel: Switch to kvmalloc() (git-fixes).\n- x86/microcode/intel: Unify microcode apply() functions (git-fixes).\n- x86/microcode: Add per CPU control field (git-fixes).\n- x86/microcode: Add per CPU result state (git-fixes).\n- x86/microcode: Clarify the late load logic (git-fixes).\n- x86/microcode: Clean up mc_cpu_down_prep() (git-fixes).\n- x86/microcode: Get rid of the schedule work indirection (git-fixes).\n- x86/microcode: Handle \"nosmt\" correctly (git-fixes).\n- x86/microcode: Handle \"offline\" CPUs correctly (git-fixes).\n- x86/microcode: Hide the config knob (git-fixes).\n- x86/microcode: Include vendor headers into microcode.h (git-fixes).\n- x86/microcode: Make reload_early_microcode() static (git-fixes).\n- x86/microcode: Mop up early loading leftovers (git-fixes).\n- x86/microcode: Move core specific defines to local header (git-fixes).\n- x86/microcode: Prepare for minimal revision check (git-fixes).\n- x86/microcode: Protect against instrumentation (git-fixes).\n- x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes).\n- x86/microcode: Provide new control functions (git-fixes).\n- x86/microcode: Remove microcode_mutex (git-fixes).\n- x86/microcode: Remove pointless apply() invocation (git-fixes).\n- x86/microcode: Rendezvous and load in NMI (git-fixes).\n- x86/microcode: Replace the all-in-one rendevous handler (git-fixes).\n- x86/microcode: Sanitize __wait_for_cpus() (git-fixes).\n- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).\n- x86/mm: Remove unused microcode.h include (git-fixes).\n- x86/platform/olpc: Remove unused variable \u0027len\u0027 in olpc_dt_compatible_match() (git-fixes).\n- x86/speculation: Add __update_spec_ctrl() helper (git-fixes).\n- x86/usercopy: Fix kernel-doc func param name in clean_cache_range()\u0027s description (git-fixes).\n- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).\n- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).\n- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).\n- xen/swiotlb: relax alignment requirements (git-fixes).\n- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes).\n- xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes).\n- xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701).\n- xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701).\n- xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes).\n- xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550).\n- xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550).\n- xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes).\n- xhci: dbc: Convert to use sysfs_streq() (git-fixes).\n- xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes).\n- xhci: dbc: Fix STALL transfer event handling (git-fixes).\n- xhci: dbc: Replace custom return value with proper Linux error code (git-fixes).\n- xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes).\n- xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes).\n- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).\n- xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550).\n- xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes).\n- xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes).\n- xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes).\n- xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes).\n- xhci: pci: Use standard pattern for device IDs (git-fixes).\n- zram: clear IDLE flag after recompression (git-fixes).\n- zram: clear IDLE flag in mark_idle() (git-fixes).\n- zram: do not mark idle slots that cannot be idle (git-fixes).\n- zram: fix potential UAF of zram table (git-fixes).\n- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).\n- zram: refuse to use zero sized block device as backing device (git-fixes).\n- zram: split memory-tracking and ac-time tracking (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-kernel-14",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20192-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20192-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520192-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20192-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021150.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1207948",
"url": "https://bugzilla.suse.com/1207948"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1215211",
"url": "https://bugzilla.suse.com/1215211"
},
{
"category": "self",
"summary": "SUSE Bug 1218470",
"url": "https://bugzilla.suse.com/1218470"
},
{
"category": "self",
"summary": "SUSE Bug 1219367",
"url": "https://bugzilla.suse.com/1219367"
},
{
"category": "self",
"summary": "SUSE Bug 1221651",
"url": "https://bugzilla.suse.com/1221651"
},
{
"category": "self",
"summary": "SUSE Bug 1222649",
"url": "https://bugzilla.suse.com/1222649"
},
{
"category": "self",
"summary": "SUSE Bug 1222672",
"url": "https://bugzilla.suse.com/1222672"
},
{
"category": "self",
"summary": "SUSE Bug 1222803",
"url": "https://bugzilla.suse.com/1222803"
},
{
"category": "self",
"summary": "SUSE Bug 1223047",
"url": "https://bugzilla.suse.com/1223047"
},
{
"category": "self",
"summary": "SUSE Bug 1224013",
"url": "https://bugzilla.suse.com/1224013"
},
{
"category": "self",
"summary": "SUSE Bug 1224049",
"url": "https://bugzilla.suse.com/1224049"
},
{
"category": "self",
"summary": "SUSE Bug 1224489",
"url": "https://bugzilla.suse.com/1224489"
},
{
"category": "self",
"summary": "SUSE Bug 1224610",
"url": "https://bugzilla.suse.com/1224610"
},
{
"category": "self",
"summary": "SUSE Bug 1224757",
"url": "https://bugzilla.suse.com/1224757"
},
{
"category": "self",
"summary": "SUSE Bug 1225533",
"url": "https://bugzilla.suse.com/1225533"
},
{
"category": "self",
"summary": "SUSE Bug 1225606",
"url": "https://bugzilla.suse.com/1225606"
},
{
"category": "self",
"summary": "SUSE Bug 1225742",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "self",
"summary": "SUSE Bug 1225770",
"url": "https://bugzilla.suse.com/1225770"
},
{
"category": "self",
"summary": "SUSE Bug 1225981",
"url": "https://bugzilla.suse.com/1225981"
},
{
"category": "self",
"summary": "SUSE Bug 1226871",
"url": "https://bugzilla.suse.com/1226871"
},
{
"category": "self",
"summary": "SUSE Bug 1227858",
"url": "https://bugzilla.suse.com/1227858"
},
{
"category": "self",
"summary": "SUSE Bug 1227937",
"url": "https://bugzilla.suse.com/1227937"
},
{
"category": "self",
"summary": "SUSE Bug 1228521",
"url": "https://bugzilla.suse.com/1228521"
},
{
"category": "self",
"summary": "SUSE Bug 1228653",
"url": "https://bugzilla.suse.com/1228653"
},
{
"category": "self",
"summary": "SUSE Bug 1228659",
"url": "https://bugzilla.suse.com/1228659"
},
{
"category": "self",
"summary": "SUSE Bug 1229311",
"url": "https://bugzilla.suse.com/1229311"
},
{
"category": "self",
"summary": "SUSE Bug 1229361",
"url": "https://bugzilla.suse.com/1229361"
},
{
"category": "self",
"summary": "SUSE Bug 1230235",
"url": "https://bugzilla.suse.com/1230235"
},
{
"category": "self",
"summary": "SUSE Bug 1230438",
"url": "https://bugzilla.suse.com/1230438"
},
{
"category": "self",
"summary": "SUSE Bug 1230439",
"url": "https://bugzilla.suse.com/1230439"
},
{
"category": "self",
"summary": "SUSE Bug 1230497",
"url": "https://bugzilla.suse.com/1230497"
},
{
"category": "self",
"summary": "SUSE Bug 1230728",
"url": "https://bugzilla.suse.com/1230728"
},
{
"category": "self",
"summary": "SUSE Bug 1230769",
"url": "https://bugzilla.suse.com/1230769"
},
{
"category": "self",
"summary": "SUSE Bug 1230832",
"url": "https://bugzilla.suse.com/1230832"
},
{
"category": "self",
"summary": "SUSE Bug 1231088",
"url": "https://bugzilla.suse.com/1231088"
},
{
"category": "self",
"summary": "SUSE Bug 1231293",
"url": "https://bugzilla.suse.com/1231293"
},
{
"category": "self",
"summary": "SUSE Bug 1231432",
"url": "https://bugzilla.suse.com/1231432"
},
{
"category": "self",
"summary": "SUSE Bug 1231910",
"url": "https://bugzilla.suse.com/1231910"
},
{
"category": "self",
"summary": "SUSE Bug 1231912",
"url": "https://bugzilla.suse.com/1231912"
},
{
"category": "self",
"summary": "SUSE Bug 1231920",
"url": "https://bugzilla.suse.com/1231920"
},
{
"category": "self",
"summary": "SUSE Bug 1231949",
"url": "https://bugzilla.suse.com/1231949"
},
{
"category": "self",
"summary": "SUSE Bug 1232159",
"url": "https://bugzilla.suse.com/1232159"
},
{
"category": "self",
"summary": "SUSE Bug 1232198",
"url": "https://bugzilla.suse.com/1232198"
},
{
"category": "self",
"summary": "SUSE Bug 1232201",
"url": "https://bugzilla.suse.com/1232201"
},
{
"category": "self",
"summary": "SUSE Bug 1232299",
"url": "https://bugzilla.suse.com/1232299"
},
{
"category": "self",
"summary": "SUSE Bug 1232364",
"url": "https://bugzilla.suse.com/1232364"
},
{
"category": "self",
"summary": "SUSE Bug 1232389",
"url": "https://bugzilla.suse.com/1232389"
},
{
"category": "self",
"summary": "SUSE Bug 1232421",
"url": "https://bugzilla.suse.com/1232421"
},
{
"category": "self",
"summary": "SUSE Bug 1232508",
"url": "https://bugzilla.suse.com/1232508"
},
{
"category": "self",
"summary": "SUSE Bug 1232520",
"url": "https://bugzilla.suse.com/1232520"
},
{
"category": "self",
"summary": "SUSE Bug 1232743",
"url": "https://bugzilla.suse.com/1232743"
},
{
"category": "self",
"summary": "SUSE Bug 1232812",
"url": "https://bugzilla.suse.com/1232812"
},
{
"category": "self",
"summary": "SUSE Bug 1232848",
"url": "https://bugzilla.suse.com/1232848"
},
{
"category": "self",
"summary": "SUSE Bug 1232895",
"url": "https://bugzilla.suse.com/1232895"
},
{
"category": "self",
"summary": "SUSE Bug 1232919",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "self",
"summary": "SUSE Bug 1233028",
"url": "https://bugzilla.suse.com/1233028"
},
{
"category": "self",
"summary": "SUSE Bug 1233033",
"url": "https://bugzilla.suse.com/1233033"
},
{
"category": "self",
"summary": "SUSE Bug 1233060",
"url": "https://bugzilla.suse.com/1233060"
},
{
"category": "self",
"summary": "SUSE Bug 1233109",
"url": "https://bugzilla.suse.com/1233109"
},
{
"category": "self",
"summary": "SUSE Bug 1233221",
"url": "https://bugzilla.suse.com/1233221"
},
{
"category": "self",
"summary": "SUSE Bug 1233248",
"url": "https://bugzilla.suse.com/1233248"
},
{
"category": "self",
"summary": "SUSE Bug 1233259",
"url": "https://bugzilla.suse.com/1233259"
},
{
"category": "self",
"summary": "SUSE Bug 1233260",
"url": "https://bugzilla.suse.com/1233260"
},
{
"category": "self",
"summary": "SUSE Bug 1233479",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "self",
"summary": "SUSE Bug 1233483",
"url": "https://bugzilla.suse.com/1233483"
},
{
"category": "self",
"summary": "SUSE Bug 1233522",
"url": "https://bugzilla.suse.com/1233522"
},
{
"category": "self",
"summary": "SUSE Bug 1233551",
"url": "https://bugzilla.suse.com/1233551"
},
{
"category": "self",
"summary": "SUSE Bug 1233557",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "self",
"summary": "SUSE Bug 1233749",
"url": "https://bugzilla.suse.com/1233749"
},
{
"category": "self",
"summary": "SUSE Bug 1234070",
"url": "https://bugzilla.suse.com/1234070"
},
{
"category": "self",
"summary": "SUSE Bug 1234074",
"url": "https://bugzilla.suse.com/1234074"
},
{
"category": "self",
"summary": "SUSE Bug 1234157",
"url": "https://bugzilla.suse.com/1234157"
},
{
"category": "self",
"summary": "SUSE Bug 1234222",
"url": "https://bugzilla.suse.com/1234222"
},
{
"category": "self",
"summary": "SUSE Bug 1234480",
"url": "https://bugzilla.suse.com/1234480"
},
{
"category": "self",
"summary": "SUSE Bug 1234698",
"url": "https://bugzilla.suse.com/1234698"
},
{
"category": "self",
"summary": "SUSE Bug 1234828",
"url": "https://bugzilla.suse.com/1234828"
},
{
"category": "self",
"summary": "SUSE Bug 1234853",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "self",
"summary": "SUSE Bug 1234857",
"url": "https://bugzilla.suse.com/1234857"
},
{
"category": "self",
"summary": "SUSE Bug 1234891",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "self",
"summary": "SUSE Bug 1234894",
"url": "https://bugzilla.suse.com/1234894"
},
{
"category": "self",
"summary": "SUSE Bug 1234895",
"url": "https://bugzilla.suse.com/1234895"
},
{
"category": "self",
"summary": "SUSE Bug 1234896",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "self",
"summary": "SUSE Bug 1234936",
"url": "https://bugzilla.suse.com/1234936"
},
{
"category": "self",
"summary": "SUSE Bug 1234963",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "self",
"summary": "SUSE Bug 1235054",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "self",
"summary": "SUSE Bug 1235061",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "self",
"summary": "SUSE Bug 1235073",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "self",
"summary": "SUSE Bug 1235244",
"url": "https://bugzilla.suse.com/1235244"
},
{
"category": "self",
"summary": "SUSE Bug 1235435",
"url": "https://bugzilla.suse.com/1235435"
},
{
"category": "self",
"summary": "SUSE Bug 1235436",
"url": "https://bugzilla.suse.com/1235436"
},
{
"category": "self",
"summary": "SUSE Bug 1235441",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "self",
"summary": "SUSE Bug 1235455",
"url": "https://bugzilla.suse.com/1235455"
},
{
"category": "self",
"summary": "SUSE Bug 1235485",
"url": "https://bugzilla.suse.com/1235485"
},
{
"category": "self",
"summary": "SUSE Bug 1235501",
"url": "https://bugzilla.suse.com/1235501"
},
{
"category": "self",
"summary": "SUSE Bug 1235524",
"url": "https://bugzilla.suse.com/1235524"
},
{
"category": "self",
"summary": "SUSE Bug 1235550",
"url": "https://bugzilla.suse.com/1235550"
},
{
"category": "self",
"summary": "SUSE Bug 1235589",
"url": "https://bugzilla.suse.com/1235589"
},
{
"category": "self",
"summary": "SUSE Bug 1235591",
"url": "https://bugzilla.suse.com/1235591"
},
{
"category": "self",
"summary": "SUSE Bug 1235592",
"url": "https://bugzilla.suse.com/1235592"
},
{
"category": "self",
"summary": "SUSE Bug 1235599",
"url": "https://bugzilla.suse.com/1235599"
},
{
"category": "self",
"summary": "SUSE Bug 1235609",
"url": "https://bugzilla.suse.com/1235609"
},
{
"category": "self",
"summary": "SUSE Bug 1235621",
"url": "https://bugzilla.suse.com/1235621"
},
{
"category": "self",
"summary": "SUSE Bug 1235637",
"url": "https://bugzilla.suse.com/1235637"
},
{
"category": "self",
"summary": "SUSE Bug 1235698",
"url": "https://bugzilla.suse.com/1235698"
},
{
"category": "self",
"summary": "SUSE Bug 1235711",
"url": "https://bugzilla.suse.com/1235711"
},
{
"category": "self",
"summary": "SUSE Bug 1235712",
"url": "https://bugzilla.suse.com/1235712"
},
{
"category": "self",
"summary": "SUSE Bug 1235715",
"url": "https://bugzilla.suse.com/1235715"
},
{
"category": "self",
"summary": "SUSE Bug 1235729",
"url": "https://bugzilla.suse.com/1235729"
},
{
"category": "self",
"summary": "SUSE Bug 1235733",
"url": "https://bugzilla.suse.com/1235733"
},
{
"category": "self",
"summary": "SUSE Bug 1235761",
"url": "https://bugzilla.suse.com/1235761"
},
{
"category": "self",
"summary": "SUSE Bug 1235870",
"url": "https://bugzilla.suse.com/1235870"
},
{
"category": "self",
"summary": "SUSE Bug 1235874",
"url": "https://bugzilla.suse.com/1235874"
},
{
"category": "self",
"summary": "SUSE Bug 1235914",
"url": "https://bugzilla.suse.com/1235914"
},
{
"category": "self",
"summary": "SUSE Bug 1235932",
"url": "https://bugzilla.suse.com/1235932"
},
{
"category": "self",
"summary": "SUSE Bug 1235933",
"url": "https://bugzilla.suse.com/1235933"
},
{
"category": "self",
"summary": "SUSE Bug 1235973",
"url": "https://bugzilla.suse.com/1235973"
},
{
"category": "self",
"summary": "SUSE Bug 1236099",
"url": "https://bugzilla.suse.com/1236099"
},
{
"category": "self",
"summary": "SUSE Bug 1236111",
"url": "https://bugzilla.suse.com/1236111"
},
{
"category": "self",
"summary": "SUSE Bug 1236113",
"url": "https://bugzilla.suse.com/1236113"
},
{
"category": "self",
"summary": "SUSE Bug 1236114",
"url": "https://bugzilla.suse.com/1236114"
},
{
"category": "self",
"summary": "SUSE Bug 1236115",
"url": "https://bugzilla.suse.com/1236115"
},
{
"category": "self",
"summary": "SUSE Bug 1236122",
"url": "https://bugzilla.suse.com/1236122"
},
{
"category": "self",
"summary": "SUSE Bug 1236123",
"url": "https://bugzilla.suse.com/1236123"
},
{
"category": "self",
"summary": "SUSE Bug 1236133",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "self",
"summary": "SUSE Bug 1236138",
"url": "https://bugzilla.suse.com/1236138"
},
{
"category": "self",
"summary": "SUSE Bug 1236199",
"url": "https://bugzilla.suse.com/1236199"
},
{
"category": "self",
"summary": "SUSE Bug 1236200",
"url": "https://bugzilla.suse.com/1236200"
},
{
"category": "self",
"summary": "SUSE Bug 1236203",
"url": "https://bugzilla.suse.com/1236203"
},
{
"category": "self",
"summary": "SUSE Bug 1236205",
"url": "https://bugzilla.suse.com/1236205"
},
{
"category": "self",
"summary": "SUSE Bug 1236206",
"url": "https://bugzilla.suse.com/1236206"
},
{
"category": "self",
"summary": "SUSE Bug 1236333",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "self",
"summary": "SUSE Bug 1236573",
"url": "https://bugzilla.suse.com/1236573"
},
{
"category": "self",
"summary": "SUSE Bug 1236575",
"url": "https://bugzilla.suse.com/1236575"
},
{
"category": "self",
"summary": "SUSE Bug 1236576",
"url": "https://bugzilla.suse.com/1236576"
},
{
"category": "self",
"summary": "SUSE Bug 1236591",
"url": "https://bugzilla.suse.com/1236591"
},
{
"category": "self",
"summary": "SUSE Bug 1236661",
"url": "https://bugzilla.suse.com/1236661"
},
{
"category": "self",
"summary": "SUSE Bug 1236677",
"url": "https://bugzilla.suse.com/1236677"
},
{
"category": "self",
"summary": "SUSE Bug 1236680",
"url": "https://bugzilla.suse.com/1236680"
},
{
"category": "self",
"summary": "SUSE Bug 1236681",
"url": "https://bugzilla.suse.com/1236681"
},
{
"category": "self",
"summary": "SUSE Bug 1236682",
"url": "https://bugzilla.suse.com/1236682"
},
{
"category": "self",
"summary": "SUSE Bug 1236683",
"url": "https://bugzilla.suse.com/1236683"
},
{
"category": "self",
"summary": "SUSE Bug 1236684",
"url": "https://bugzilla.suse.com/1236684"
},
{
"category": "self",
"summary": "SUSE Bug 1236685",
"url": "https://bugzilla.suse.com/1236685"
},
{
"category": "self",
"summary": "SUSE Bug 1236689",
"url": "https://bugzilla.suse.com/1236689"
},
{
"category": "self",
"summary": "SUSE Bug 1236692",
"url": "https://bugzilla.suse.com/1236692"
},
{
"category": "self",
"summary": "SUSE Bug 1236694",
"url": "https://bugzilla.suse.com/1236694"
},
{
"category": "self",
"summary": "SUSE Bug 1236698",
"url": "https://bugzilla.suse.com/1236698"
},
{
"category": "self",
"summary": "SUSE Bug 1236700",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "self",
"summary": "SUSE Bug 1236702",
"url": "https://bugzilla.suse.com/1236702"
},
{
"category": "self",
"summary": "SUSE Bug 1236752",
"url": "https://bugzilla.suse.com/1236752"
},
{
"category": "self",
"summary": "SUSE Bug 1236757",
"url": "https://bugzilla.suse.com/1236757"
},
{
"category": "self",
"summary": "SUSE Bug 1236758",
"url": "https://bugzilla.suse.com/1236758"
},
{
"category": "self",
"summary": "SUSE Bug 1236759",
"url": "https://bugzilla.suse.com/1236759"
},
{
"category": "self",
"summary": "SUSE Bug 1236760",
"url": "https://bugzilla.suse.com/1236760"
},
{
"category": "self",
"summary": "SUSE Bug 1236761",
"url": "https://bugzilla.suse.com/1236761"
},
{
"category": "self",
"summary": "SUSE Bug 1236821",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "self",
"summary": "SUSE Bug 1236822",
"url": "https://bugzilla.suse.com/1236822"
},
{
"category": "self",
"summary": "SUSE Bug 1236896",
"url": "https://bugzilla.suse.com/1236896"
},
{
"category": "self",
"summary": "SUSE Bug 1236897",
"url": "https://bugzilla.suse.com/1236897"
},
{
"category": "self",
"summary": "SUSE Bug 1236952",
"url": "https://bugzilla.suse.com/1236952"
},
{
"category": "self",
"summary": "SUSE Bug 1236967",
"url": "https://bugzilla.suse.com/1236967"
},
{
"category": "self",
"summary": "SUSE Bug 1236994",
"url": "https://bugzilla.suse.com/1236994"
},
{
"category": "self",
"summary": "SUSE Bug 1237007",
"url": "https://bugzilla.suse.com/1237007"
},
{
"category": "self",
"summary": "SUSE Bug 1237017",
"url": "https://bugzilla.suse.com/1237017"
},
{
"category": "self",
"summary": "SUSE Bug 1237025",
"url": "https://bugzilla.suse.com/1237025"
},
{
"category": "self",
"summary": "SUSE Bug 1237028",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "self",
"summary": "SUSE Bug 1237029",
"url": "https://bugzilla.suse.com/1237029"
},
{
"category": "self",
"summary": "SUSE Bug 1237045",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "self",
"summary": "SUSE Bug 1237126",
"url": "https://bugzilla.suse.com/1237126"
},
{
"category": "self",
"summary": "SUSE Bug 1237132",
"url": "https://bugzilla.suse.com/1237132"
},
{
"category": "self",
"summary": "SUSE Bug 1237139",
"url": "https://bugzilla.suse.com/1237139"
},
{
"category": "self",
"summary": "SUSE Bug 1237155",
"url": "https://bugzilla.suse.com/1237155"
},
{
"category": "self",
"summary": "SUSE Bug 1237158",
"url": "https://bugzilla.suse.com/1237158"
},
{
"category": "self",
"summary": "SUSE Bug 1237159",
"url": "https://bugzilla.suse.com/1237159"
},
{
"category": "self",
"summary": "SUSE Bug 1237164",
"url": "https://bugzilla.suse.com/1237164"
},
{
"category": "self",
"summary": "SUSE Bug 1237232",
"url": "https://bugzilla.suse.com/1237232"
},
{
"category": "self",
"summary": "SUSE Bug 1237234",
"url": "https://bugzilla.suse.com/1237234"
},
{
"category": "self",
"summary": "SUSE Bug 1237313",
"url": "https://bugzilla.suse.com/1237313"
},
{
"category": "self",
"summary": "SUSE Bug 1237325",
"url": "https://bugzilla.suse.com/1237325"
},
{
"category": "self",
"summary": "SUSE Bug 1237356",
"url": "https://bugzilla.suse.com/1237356"
},
{
"category": "self",
"summary": "SUSE Bug 1237415",
"url": "https://bugzilla.suse.com/1237415"
},
{
"category": "self",
"summary": "SUSE Bug 1237452",
"url": "https://bugzilla.suse.com/1237452"
},
{
"category": "self",
"summary": "SUSE Bug 1237504",
"url": "https://bugzilla.suse.com/1237504"
},
{
"category": "self",
"summary": "SUSE Bug 1237521",
"url": "https://bugzilla.suse.com/1237521"
},
{
"category": "self",
"summary": "SUSE Bug 1237530",
"url": "https://bugzilla.suse.com/1237530"
},
{
"category": "self",
"summary": "SUSE Bug 1237558",
"url": "https://bugzilla.suse.com/1237558"
},
{
"category": "self",
"summary": "SUSE Bug 1237562",
"url": "https://bugzilla.suse.com/1237562"
},
{
"category": "self",
"summary": "SUSE Bug 1237563",
"url": "https://bugzilla.suse.com/1237563"
},
{
"category": "self",
"summary": "SUSE Bug 1237565",
"url": "https://bugzilla.suse.com/1237565"
},
{
"category": "self",
"summary": "SUSE Bug 1237571",
"url": "https://bugzilla.suse.com/1237571"
},
{
"category": "self",
"summary": "SUSE Bug 1237848",
"url": "https://bugzilla.suse.com/1237848"
},
{
"category": "self",
"summary": "SUSE Bug 1237849",
"url": "https://bugzilla.suse.com/1237849"
},
{
"category": "self",
"summary": "SUSE Bug 1237853",
"url": "https://bugzilla.suse.com/1237853"
},
{
"category": "self",
"summary": "SUSE Bug 1237856",
"url": "https://bugzilla.suse.com/1237856"
},
{
"category": "self",
"summary": "SUSE Bug 1237873",
"url": "https://bugzilla.suse.com/1237873"
},
{
"category": "self",
"summary": "SUSE Bug 1237874",
"url": "https://bugzilla.suse.com/1237874"
},
{
"category": "self",
"summary": "SUSE Bug 1237875",
"url": "https://bugzilla.suse.com/1237875"
},
{
"category": "self",
"summary": "SUSE Bug 1237876",
"url": "https://bugzilla.suse.com/1237876"
},
{
"category": "self",
"summary": "SUSE Bug 1237877",
"url": "https://bugzilla.suse.com/1237877"
},
{
"category": "self",
"summary": "SUSE Bug 1237879",
"url": "https://bugzilla.suse.com/1237879"
},
{
"category": "self",
"summary": "SUSE Bug 1237881",
"url": "https://bugzilla.suse.com/1237881"
},
{
"category": "self",
"summary": "SUSE Bug 1237882",
"url": "https://bugzilla.suse.com/1237882"
},
{
"category": "self",
"summary": "SUSE Bug 1237885",
"url": "https://bugzilla.suse.com/1237885"
},
{
"category": "self",
"summary": "SUSE Bug 1237889",
"url": "https://bugzilla.suse.com/1237889"
},
{
"category": "self",
"summary": "SUSE Bug 1237890",
"url": "https://bugzilla.suse.com/1237890"
},
{
"category": "self",
"summary": "SUSE Bug 1237891",
"url": "https://bugzilla.suse.com/1237891"
},
{
"category": "self",
"summary": "SUSE Bug 1237894",
"url": "https://bugzilla.suse.com/1237894"
},
{
"category": "self",
"summary": "SUSE Bug 1237897",
"url": "https://bugzilla.suse.com/1237897"
},
{
"category": "self",
"summary": "SUSE Bug 1237900",
"url": "https://bugzilla.suse.com/1237900"
},
{
"category": "self",
"summary": "SUSE Bug 1237901",
"url": "https://bugzilla.suse.com/1237901"
},
{
"category": "self",
"summary": "SUSE Bug 1237906",
"url": "https://bugzilla.suse.com/1237906"
},
{
"category": "self",
"summary": "SUSE Bug 1237907",
"url": "https://bugzilla.suse.com/1237907"
},
{
"category": "self",
"summary": "SUSE Bug 1237911",
"url": "https://bugzilla.suse.com/1237911"
},
{
"category": "self",
"summary": "SUSE Bug 1237912",
"url": "https://bugzilla.suse.com/1237912"
},
{
"category": "self",
"summary": "SUSE Bug 1237950",
"url": "https://bugzilla.suse.com/1237950"
},
{
"category": "self",
"summary": "SUSE Bug 1238052",
"url": "https://bugzilla.suse.com/1238052"
},
{
"category": "self",
"summary": "SUSE Bug 1238212",
"url": "https://bugzilla.suse.com/1238212"
},
{
"category": "self",
"summary": "SUSE Bug 1238214",
"url": "https://bugzilla.suse.com/1238214"
},
{
"category": "self",
"summary": "SUSE Bug 1238303",
"url": "https://bugzilla.suse.com/1238303"
},
{
"category": "self",
"summary": "SUSE Bug 1238347",
"url": "https://bugzilla.suse.com/1238347"
},
{
"category": "self",
"summary": "SUSE Bug 1238368",
"url": "https://bugzilla.suse.com/1238368"
},
{
"category": "self",
"summary": "SUSE Bug 1238474",
"url": "https://bugzilla.suse.com/1238474"
},
{
"category": "self",
"summary": "SUSE Bug 1238475",
"url": "https://bugzilla.suse.com/1238475"
},
{
"category": "self",
"summary": "SUSE Bug 1238479",
"url": "https://bugzilla.suse.com/1238479"
},
{
"category": "self",
"summary": "SUSE Bug 1238494",
"url": "https://bugzilla.suse.com/1238494"
},
{
"category": "self",
"summary": "SUSE Bug 1238496",
"url": "https://bugzilla.suse.com/1238496"
},
{
"category": "self",
"summary": "SUSE Bug 1238497",
"url": "https://bugzilla.suse.com/1238497"
},
{
"category": "self",
"summary": "SUSE Bug 1238500",
"url": "https://bugzilla.suse.com/1238500"
},
{
"category": "self",
"summary": "SUSE Bug 1238501",
"url": "https://bugzilla.suse.com/1238501"
},
{
"category": "self",
"summary": "SUSE Bug 1238502",
"url": "https://bugzilla.suse.com/1238502"
},
{
"category": "self",
"summary": "SUSE Bug 1238503",
"url": "https://bugzilla.suse.com/1238503"
},
{
"category": "self",
"summary": "SUSE Bug 1238506",
"url": "https://bugzilla.suse.com/1238506"
},
{
"category": "self",
"summary": "SUSE Bug 1238507",
"url": "https://bugzilla.suse.com/1238507"
},
{
"category": "self",
"summary": "SUSE Bug 1238509",
"url": "https://bugzilla.suse.com/1238509"
},
{
"category": "self",
"summary": "SUSE Bug 1238510",
"url": "https://bugzilla.suse.com/1238510"
},
{
"category": "self",
"summary": "SUSE Bug 1238511",
"url": "https://bugzilla.suse.com/1238511"
},
{
"category": "self",
"summary": "SUSE Bug 1238512",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "self",
"summary": "SUSE Bug 1238521",
"url": "https://bugzilla.suse.com/1238521"
},
{
"category": "self",
"summary": "SUSE Bug 1238523",
"url": "https://bugzilla.suse.com/1238523"
},
{
"category": "self",
"summary": "SUSE Bug 1238525",
"url": "https://bugzilla.suse.com/1238525"
},
{
"category": "self",
"summary": "SUSE Bug 1238526",
"url": "https://bugzilla.suse.com/1238526"
},
{
"category": "self",
"summary": "SUSE Bug 1238528",
"url": "https://bugzilla.suse.com/1238528"
},
{
"category": "self",
"summary": "SUSE Bug 1238529",
"url": "https://bugzilla.suse.com/1238529"
},
{
"category": "self",
"summary": "SUSE Bug 1238531",
"url": "https://bugzilla.suse.com/1238531"
},
{
"category": "self",
"summary": "SUSE Bug 1238532",
"url": "https://bugzilla.suse.com/1238532"
},
{
"category": "self",
"summary": "SUSE Bug 1238565",
"url": "https://bugzilla.suse.com/1238565"
},
{
"category": "self",
"summary": "SUSE Bug 1238570",
"url": "https://bugzilla.suse.com/1238570"
},
{
"category": "self",
"summary": "SUSE Bug 1238715",
"url": "https://bugzilla.suse.com/1238715"
},
{
"category": "self",
"summary": "SUSE Bug 1238716",
"url": "https://bugzilla.suse.com/1238716"
},
{
"category": "self",
"summary": "SUSE Bug 1238734",
"url": "https://bugzilla.suse.com/1238734"
},
{
"category": "self",
"summary": "SUSE Bug 1238735",
"url": "https://bugzilla.suse.com/1238735"
},
{
"category": "self",
"summary": "SUSE Bug 1238736",
"url": "https://bugzilla.suse.com/1238736"
},
{
"category": "self",
"summary": "SUSE Bug 1238738",
"url": "https://bugzilla.suse.com/1238738"
},
{
"category": "self",
"summary": "SUSE Bug 1238739",
"url": "https://bugzilla.suse.com/1238739"
},
{
"category": "self",
"summary": "SUSE Bug 1238746",
"url": "https://bugzilla.suse.com/1238746"
},
{
"category": "self",
"summary": "SUSE Bug 1238747",
"url": "https://bugzilla.suse.com/1238747"
},
{
"category": "self",
"summary": "SUSE Bug 1238751",
"url": "https://bugzilla.suse.com/1238751"
},
{
"category": "self",
"summary": "SUSE Bug 1238753",
"url": "https://bugzilla.suse.com/1238753"
},
{
"category": "self",
"summary": "SUSE Bug 1238754",
"url": "https://bugzilla.suse.com/1238754"
},
{
"category": "self",
"summary": "SUSE Bug 1238757",
"url": "https://bugzilla.suse.com/1238757"
},
{
"category": "self",
"summary": "SUSE Bug 1238759",
"url": "https://bugzilla.suse.com/1238759"
},
{
"category": "self",
"summary": "SUSE Bug 1238760",
"url": "https://bugzilla.suse.com/1238760"
},
{
"category": "self",
"summary": "SUSE Bug 1238762",
"url": "https://bugzilla.suse.com/1238762"
},
{
"category": "self",
"summary": "SUSE Bug 1238763",
"url": "https://bugzilla.suse.com/1238763"
},
{
"category": "self",
"summary": "SUSE Bug 1238767",
"url": "https://bugzilla.suse.com/1238767"
},
{
"category": "self",
"summary": "SUSE Bug 1238768",
"url": "https://bugzilla.suse.com/1238768"
},
{
"category": "self",
"summary": "SUSE Bug 1238771",
"url": "https://bugzilla.suse.com/1238771"
},
{
"category": "self",
"summary": "SUSE Bug 1238772",
"url": "https://bugzilla.suse.com/1238772"
},
{
"category": "self",
"summary": "SUSE Bug 1238773",
"url": "https://bugzilla.suse.com/1238773"
},
{
"category": "self",
"summary": "SUSE Bug 1238775",
"url": "https://bugzilla.suse.com/1238775"
},
{
"category": "self",
"summary": "SUSE Bug 1238780",
"url": "https://bugzilla.suse.com/1238780"
},
{
"category": "self",
"summary": "SUSE Bug 1238781",
"url": "https://bugzilla.suse.com/1238781"
},
{
"category": "self",
"summary": "SUSE Bug 1238785",
"url": "https://bugzilla.suse.com/1238785"
},
{
"category": "self",
"summary": "SUSE Bug 1238860",
"url": "https://bugzilla.suse.com/1238860"
},
{
"category": "self",
"summary": "SUSE Bug 1238863",
"url": "https://bugzilla.suse.com/1238863"
},
{
"category": "self",
"summary": "SUSE Bug 1238864",
"url": "https://bugzilla.suse.com/1238864"
},
{
"category": "self",
"summary": "SUSE Bug 1238865",
"url": "https://bugzilla.suse.com/1238865"
},
{
"category": "self",
"summary": "SUSE Bug 1238876",
"url": "https://bugzilla.suse.com/1238876"
},
{
"category": "self",
"summary": "SUSE Bug 1238877",
"url": "https://bugzilla.suse.com/1238877"
},
{
"category": "self",
"summary": "SUSE Bug 1238903",
"url": "https://bugzilla.suse.com/1238903"
},
{
"category": "self",
"summary": "SUSE Bug 1238904",
"url": "https://bugzilla.suse.com/1238904"
},
{
"category": "self",
"summary": "SUSE Bug 1238905",
"url": "https://bugzilla.suse.com/1238905"
},
{
"category": "self",
"summary": "SUSE Bug 1238909",
"url": "https://bugzilla.suse.com/1238909"
},
{
"category": "self",
"summary": "SUSE Bug 1238911",
"url": "https://bugzilla.suse.com/1238911"
},
{
"category": "self",
"summary": "SUSE Bug 1238917",
"url": "https://bugzilla.suse.com/1238917"
},
{
"category": "self",
"summary": "SUSE Bug 1238958",
"url": "https://bugzilla.suse.com/1238958"
},
{
"category": "self",
"summary": "SUSE Bug 1238959",
"url": "https://bugzilla.suse.com/1238959"
},
{
"category": "self",
"summary": "SUSE Bug 1238963",
"url": "https://bugzilla.suse.com/1238963"
},
{
"category": "self",
"summary": "SUSE Bug 1238964",
"url": "https://bugzilla.suse.com/1238964"
},
{
"category": "self",
"summary": "SUSE Bug 1238969",
"url": "https://bugzilla.suse.com/1238969"
},
{
"category": "self",
"summary": "SUSE Bug 1238970",
"url": "https://bugzilla.suse.com/1238970"
},
{
"category": "self",
"summary": "SUSE Bug 1238971",
"url": "https://bugzilla.suse.com/1238971"
},
{
"category": "self",
"summary": "SUSE Bug 1238973",
"url": "https://bugzilla.suse.com/1238973"
},
{
"category": "self",
"summary": "SUSE Bug 1238975",
"url": "https://bugzilla.suse.com/1238975"
},
{
"category": "self",
"summary": "SUSE Bug 1238978",
"url": "https://bugzilla.suse.com/1238978"
},
{
"category": "self",
"summary": "SUSE Bug 1238979",
"url": "https://bugzilla.suse.com/1238979"
},
{
"category": "self",
"summary": "SUSE Bug 1238981",
"url": "https://bugzilla.suse.com/1238981"
},
{
"category": "self",
"summary": "SUSE Bug 1238984",
"url": "https://bugzilla.suse.com/1238984"
},
{
"category": "self",
"summary": "SUSE Bug 1238986",
"url": "https://bugzilla.suse.com/1238986"
},
{
"category": "self",
"summary": "SUSE Bug 1238990",
"url": "https://bugzilla.suse.com/1238990"
},
{
"category": "self",
"summary": "SUSE Bug 1238993",
"url": "https://bugzilla.suse.com/1238993"
},
{
"category": "self",
"summary": "SUSE Bug 1238994",
"url": "https://bugzilla.suse.com/1238994"
},
{
"category": "self",
"summary": "SUSE Bug 1238997",
"url": "https://bugzilla.suse.com/1238997"
},
{
"category": "self",
"summary": "SUSE Bug 1239015",
"url": "https://bugzilla.suse.com/1239015"
},
{
"category": "self",
"summary": "SUSE Bug 1239016",
"url": "https://bugzilla.suse.com/1239016"
},
{
"category": "self",
"summary": "SUSE Bug 1239027",
"url": "https://bugzilla.suse.com/1239027"
},
{
"category": "self",
"summary": "SUSE Bug 1239029",
"url": "https://bugzilla.suse.com/1239029"
},
{
"category": "self",
"summary": "SUSE Bug 1239030",
"url": "https://bugzilla.suse.com/1239030"
},
{
"category": "self",
"summary": "SUSE Bug 1239033",
"url": "https://bugzilla.suse.com/1239033"
},
{
"category": "self",
"summary": "SUSE Bug 1239034",
"url": "https://bugzilla.suse.com/1239034"
},
{
"category": "self",
"summary": "SUSE Bug 1239036",
"url": "https://bugzilla.suse.com/1239036"
},
{
"category": "self",
"summary": "SUSE Bug 1239037",
"url": "https://bugzilla.suse.com/1239037"
},
{
"category": "self",
"summary": "SUSE Bug 1239038",
"url": "https://bugzilla.suse.com/1239038"
},
{
"category": "self",
"summary": "SUSE Bug 1239039",
"url": "https://bugzilla.suse.com/1239039"
},
{
"category": "self",
"summary": "SUSE Bug 1239045",
"url": "https://bugzilla.suse.com/1239045"
},
{
"category": "self",
"summary": "SUSE Bug 1239065",
"url": "https://bugzilla.suse.com/1239065"
},
{
"category": "self",
"summary": "SUSE Bug 1239066",
"url": "https://bugzilla.suse.com/1239066"
},
{
"category": "self",
"summary": "SUSE Bug 1239068",
"url": "https://bugzilla.suse.com/1239068"
},
{
"category": "self",
"summary": "SUSE Bug 1239073",
"url": "https://bugzilla.suse.com/1239073"
},
{
"category": "self",
"summary": "SUSE Bug 1239076",
"url": "https://bugzilla.suse.com/1239076"
},
{
"category": "self",
"summary": "SUSE Bug 1239080",
"url": "https://bugzilla.suse.com/1239080"
},
{
"category": "self",
"summary": "SUSE Bug 1239085",
"url": "https://bugzilla.suse.com/1239085"
},
{
"category": "self",
"summary": "SUSE Bug 1239087",
"url": "https://bugzilla.suse.com/1239087"
},
{
"category": "self",
"summary": "SUSE Bug 1239095",
"url": "https://bugzilla.suse.com/1239095"
},
{
"category": "self",
"summary": "SUSE Bug 1239104",
"url": "https://bugzilla.suse.com/1239104"
},
{
"category": "self",
"summary": "SUSE Bug 1239105",
"url": "https://bugzilla.suse.com/1239105"
},
{
"category": "self",
"summary": "SUSE Bug 1239109",
"url": "https://bugzilla.suse.com/1239109"
},
{
"category": "self",
"summary": "SUSE Bug 1239112",
"url": "https://bugzilla.suse.com/1239112"
},
{
"category": "self",
"summary": "SUSE Bug 1239114",
"url": "https://bugzilla.suse.com/1239114"
},
{
"category": "self",
"summary": "SUSE Bug 1239115",
"url": "https://bugzilla.suse.com/1239115"
},
{
"category": "self",
"summary": "SUSE Bug 1239117",
"url": "https://bugzilla.suse.com/1239117"
},
{
"category": "self",
"summary": "SUSE Bug 1239167",
"url": "https://bugzilla.suse.com/1239167"
},
{
"category": "self",
"summary": "SUSE Bug 1239174",
"url": "https://bugzilla.suse.com/1239174"
},
{
"category": "self",
"summary": "SUSE Bug 1239346",
"url": "https://bugzilla.suse.com/1239346"
},
{
"category": "self",
"summary": "SUSE Bug 1239349",
"url": "https://bugzilla.suse.com/1239349"
},
{
"category": "self",
"summary": "SUSE Bug 1239435",
"url": "https://bugzilla.suse.com/1239435"
},
{
"category": "self",
"summary": "SUSE Bug 1239467",
"url": "https://bugzilla.suse.com/1239467"
},
{
"category": "self",
"summary": "SUSE Bug 1239468",
"url": "https://bugzilla.suse.com/1239468"
},
{
"category": "self",
"summary": "SUSE Bug 1239471",
"url": "https://bugzilla.suse.com/1239471"
},
{
"category": "self",
"summary": "SUSE Bug 1239473",
"url": "https://bugzilla.suse.com/1239473"
},
{
"category": "self",
"summary": "SUSE Bug 1239474",
"url": "https://bugzilla.suse.com/1239474"
},
{
"category": "self",
"summary": "SUSE Bug 1239475",
"url": "https://bugzilla.suse.com/1239475"
},
{
"category": "self",
"summary": "SUSE Bug 1239477",
"url": "https://bugzilla.suse.com/1239477"
},
{
"category": "self",
"summary": "SUSE Bug 1239478",
"url": "https://bugzilla.suse.com/1239478"
},
{
"category": "self",
"summary": "SUSE Bug 1239479",
"url": "https://bugzilla.suse.com/1239479"
},
{
"category": "self",
"summary": "SUSE Bug 1239481",
"url": "https://bugzilla.suse.com/1239481"
},
{
"category": "self",
"summary": "SUSE Bug 1239482",
"url": "https://bugzilla.suse.com/1239482"
},
{
"category": "self",
"summary": "SUSE Bug 1239483",
"url": "https://bugzilla.suse.com/1239483"
},
{
"category": "self",
"summary": "SUSE Bug 1239484",
"url": "https://bugzilla.suse.com/1239484"
},
{
"category": "self",
"summary": "SUSE Bug 1239486",
"url": "https://bugzilla.suse.com/1239486"
},
{
"category": "self",
"summary": "SUSE Bug 1239508",
"url": "https://bugzilla.suse.com/1239508"
},
{
"category": "self",
"summary": "SUSE Bug 1239512",
"url": "https://bugzilla.suse.com/1239512"
},
{
"category": "self",
"summary": "SUSE Bug 1239518",
"url": "https://bugzilla.suse.com/1239518"
},
{
"category": "self",
"summary": "SUSE Bug 1239573",
"url": "https://bugzilla.suse.com/1239573"
},
{
"category": "self",
"summary": "SUSE Bug 1239594",
"url": "https://bugzilla.suse.com/1239594"
},
{
"category": "self",
"summary": "SUSE Bug 1239595",
"url": "https://bugzilla.suse.com/1239595"
},
{
"category": "self",
"summary": "SUSE Bug 1239600",
"url": "https://bugzilla.suse.com/1239600"
},
{
"category": "self",
"summary": "SUSE Bug 1239605",
"url": "https://bugzilla.suse.com/1239605"
},
{
"category": "self",
"summary": "SUSE Bug 1239615",
"url": "https://bugzilla.suse.com/1239615"
},
{
"category": "self",
"summary": "SUSE Bug 1239644",
"url": "https://bugzilla.suse.com/1239644"
},
{
"category": "self",
"summary": "SUSE Bug 1239684",
"url": "https://bugzilla.suse.com/1239684"
},
{
"category": "self",
"summary": "SUSE Bug 1239707",
"url": "https://bugzilla.suse.com/1239707"
},
{
"category": "self",
"summary": "SUSE Bug 1239906",
"url": "https://bugzilla.suse.com/1239906"
},
{
"category": "self",
"summary": "SUSE Bug 1239925",
"url": "https://bugzilla.suse.com/1239925"
},
{
"category": "self",
"summary": "SUSE Bug 1239986",
"url": "https://bugzilla.suse.com/1239986"
},
{
"category": "self",
"summary": "SUSE Bug 1239994",
"url": "https://bugzilla.suse.com/1239994"
},
{
"category": "self",
"summary": "SUSE Bug 1240167",
"url": "https://bugzilla.suse.com/1240167"
},
{
"category": "self",
"summary": "SUSE Bug 1240168",
"url": "https://bugzilla.suse.com/1240168"
},
{
"category": "self",
"summary": "SUSE Bug 1240169",
"url": "https://bugzilla.suse.com/1240169"
},
{
"category": "self",
"summary": "SUSE Bug 1240171",
"url": "https://bugzilla.suse.com/1240171"
},
{
"category": "self",
"summary": "SUSE Bug 1240172",
"url": "https://bugzilla.suse.com/1240172"
},
{
"category": "self",
"summary": "SUSE Bug 1240173",
"url": "https://bugzilla.suse.com/1240173"
},
{
"category": "self",
"summary": "SUSE Bug 1240175",
"url": "https://bugzilla.suse.com/1240175"
},
{
"category": "self",
"summary": "SUSE Bug 1240176",
"url": "https://bugzilla.suse.com/1240176"
},
{
"category": "self",
"summary": "SUSE Bug 1240177",
"url": "https://bugzilla.suse.com/1240177"
},
{
"category": "self",
"summary": "SUSE Bug 1240179",
"url": "https://bugzilla.suse.com/1240179"
},
{
"category": "self",
"summary": "SUSE Bug 1240182",
"url": "https://bugzilla.suse.com/1240182"
},
{
"category": "self",
"summary": "SUSE Bug 1240183",
"url": "https://bugzilla.suse.com/1240183"
},
{
"category": "self",
"summary": "SUSE Bug 1240184",
"url": "https://bugzilla.suse.com/1240184"
},
{
"category": "self",
"summary": "SUSE Bug 1240185",
"url": "https://bugzilla.suse.com/1240185"
},
{
"category": "self",
"summary": "SUSE Bug 1240186",
"url": "https://bugzilla.suse.com/1240186"
},
{
"category": "self",
"summary": "SUSE Bug 1240188",
"url": "https://bugzilla.suse.com/1240188"
},
{
"category": "self",
"summary": "SUSE Bug 1240189",
"url": "https://bugzilla.suse.com/1240189"
},
{
"category": "self",
"summary": "SUSE Bug 1240191",
"url": "https://bugzilla.suse.com/1240191"
},
{
"category": "self",
"summary": "SUSE Bug 1240192",
"url": "https://bugzilla.suse.com/1240192"
},
{
"category": "self",
"summary": "SUSE Bug 1240333",
"url": "https://bugzilla.suse.com/1240333"
},
{
"category": "self",
"summary": "SUSE Bug 1240334",
"url": "https://bugzilla.suse.com/1240334"
},
{
"category": "self",
"summary": "SUSE Bug 1240375",
"url": "https://bugzilla.suse.com/1240375"
},
{
"category": "self",
"summary": "SUSE Bug 1240575",
"url": "https://bugzilla.suse.com/1240575"
},
{
"category": "self",
"summary": "SUSE Bug 1240581",
"url": "https://bugzilla.suse.com/1240581"
},
{
"category": "self",
"summary": "SUSE Bug 1240582",
"url": "https://bugzilla.suse.com/1240582"
},
{
"category": "self",
"summary": "SUSE Bug 1240583",
"url": "https://bugzilla.suse.com/1240583"
},
{
"category": "self",
"summary": "SUSE Bug 1240584",
"url": "https://bugzilla.suse.com/1240584"
},
{
"category": "self",
"summary": "SUSE Bug 1240585",
"url": "https://bugzilla.suse.com/1240585"
},
{
"category": "self",
"summary": "SUSE Bug 1240587",
"url": "https://bugzilla.suse.com/1240587"
},
{
"category": "self",
"summary": "SUSE Bug 1240590",
"url": "https://bugzilla.suse.com/1240590"
},
{
"category": "self",
"summary": "SUSE Bug 1240591",
"url": "https://bugzilla.suse.com/1240591"
},
{
"category": "self",
"summary": "SUSE Bug 1240592",
"url": "https://bugzilla.suse.com/1240592"
},
{
"category": "self",
"summary": "SUSE Bug 1240594",
"url": "https://bugzilla.suse.com/1240594"
},
{
"category": "self",
"summary": "SUSE Bug 1240595",
"url": "https://bugzilla.suse.com/1240595"
},
{
"category": "self",
"summary": "SUSE Bug 1240596",
"url": "https://bugzilla.suse.com/1240596"
},
{
"category": "self",
"summary": "SUSE Bug 1240600",
"url": "https://bugzilla.suse.com/1240600"
},
{
"category": "self",
"summary": "SUSE Bug 1240612",
"url": "https://bugzilla.suse.com/1240612"
},
{
"category": "self",
"summary": "SUSE Bug 1240616",
"url": "https://bugzilla.suse.com/1240616"
},
{
"category": "self",
"summary": "SUSE Bug 1240639",
"url": "https://bugzilla.suse.com/1240639"
},
{
"category": "self",
"summary": "SUSE Bug 1240643",
"url": "https://bugzilla.suse.com/1240643"
},
{
"category": "self",
"summary": "SUSE Bug 1240647",
"url": "https://bugzilla.suse.com/1240647"
},
{
"category": "self",
"summary": "SUSE Bug 1240691",
"url": "https://bugzilla.suse.com/1240691"
},
{
"category": "self",
"summary": "SUSE Bug 1240700",
"url": "https://bugzilla.suse.com/1240700"
},
{
"category": "self",
"summary": "SUSE Bug 1240701",
"url": "https://bugzilla.suse.com/1240701"
},
{
"category": "self",
"summary": "SUSE Bug 1240703",
"url": "https://bugzilla.suse.com/1240703"
},
{
"category": "self",
"summary": "SUSE Bug 1240708",
"url": "https://bugzilla.suse.com/1240708"
},
{
"category": "self",
"summary": "SUSE Bug 1240714",
"url": "https://bugzilla.suse.com/1240714"
},
{
"category": "self",
"summary": "SUSE Bug 1240715",
"url": "https://bugzilla.suse.com/1240715"
},
{
"category": "self",
"summary": "SUSE Bug 1240716",
"url": "https://bugzilla.suse.com/1240716"
},
{
"category": "self",
"summary": "SUSE Bug 1240718",
"url": "https://bugzilla.suse.com/1240718"
},
{
"category": "self",
"summary": "SUSE Bug 1240719",
"url": "https://bugzilla.suse.com/1240719"
},
{
"category": "self",
"summary": "SUSE Bug 1240720",
"url": "https://bugzilla.suse.com/1240720"
},
{
"category": "self",
"summary": "SUSE Bug 1240722",
"url": "https://bugzilla.suse.com/1240722"
},
{
"category": "self",
"summary": "SUSE Bug 1240727",
"url": "https://bugzilla.suse.com/1240727"
},
{
"category": "self",
"summary": "SUSE Bug 1240739",
"url": "https://bugzilla.suse.com/1240739"
},
{
"category": "self",
"summary": "SUSE Bug 1240742",
"url": "https://bugzilla.suse.com/1240742"
},
{
"category": "self",
"summary": "SUSE Bug 1240779",
"url": "https://bugzilla.suse.com/1240779"
},
{
"category": "self",
"summary": "SUSE Bug 1240783",
"url": "https://bugzilla.suse.com/1240783"
},
{
"category": "self",
"summary": "SUSE Bug 1240784",
"url": "https://bugzilla.suse.com/1240784"
},
{
"category": "self",
"summary": "SUSE Bug 1240795",
"url": "https://bugzilla.suse.com/1240795"
},
{
"category": "self",
"summary": "SUSE Bug 1240796",
"url": "https://bugzilla.suse.com/1240796"
},
{
"category": "self",
"summary": "SUSE Bug 1240797",
"url": "https://bugzilla.suse.com/1240797"
},
{
"category": "self",
"summary": "SUSE Bug 1240799",
"url": "https://bugzilla.suse.com/1240799"
},
{
"category": "self",
"summary": "SUSE Bug 1240801",
"url": "https://bugzilla.suse.com/1240801"
},
{
"category": "self",
"summary": "SUSE Bug 1240806",
"url": "https://bugzilla.suse.com/1240806"
},
{
"category": "self",
"summary": "SUSE Bug 1240808",
"url": "https://bugzilla.suse.com/1240808"
},
{
"category": "self",
"summary": "SUSE Bug 1240812",
"url": "https://bugzilla.suse.com/1240812"
},
{
"category": "self",
"summary": "SUSE Bug 1240813",
"url": "https://bugzilla.suse.com/1240813"
},
{
"category": "self",
"summary": "SUSE Bug 1240815",
"url": "https://bugzilla.suse.com/1240815"
},
{
"category": "self",
"summary": "SUSE Bug 1240816",
"url": "https://bugzilla.suse.com/1240816"
},
{
"category": "self",
"summary": "SUSE Bug 1240819",
"url": "https://bugzilla.suse.com/1240819"
},
{
"category": "self",
"summary": "SUSE Bug 1240821",
"url": "https://bugzilla.suse.com/1240821"
},
{
"category": "self",
"summary": "SUSE Bug 1240825",
"url": "https://bugzilla.suse.com/1240825"
},
{
"category": "self",
"summary": "SUSE Bug 1240829",
"url": "https://bugzilla.suse.com/1240829"
},
{
"category": "self",
"summary": "SUSE Bug 1240873",
"url": "https://bugzilla.suse.com/1240873"
},
{
"category": "self",
"summary": "SUSE Bug 1240937",
"url": "https://bugzilla.suse.com/1240937"
},
{
"category": "self",
"summary": "SUSE Bug 1240938",
"url": "https://bugzilla.suse.com/1240938"
},
{
"category": "self",
"summary": "SUSE Bug 1240940",
"url": "https://bugzilla.suse.com/1240940"
},
{
"category": "self",
"summary": "SUSE Bug 1240942",
"url": "https://bugzilla.suse.com/1240942"
},
{
"category": "self",
"summary": "SUSE Bug 1240943",
"url": "https://bugzilla.suse.com/1240943"
},
{
"category": "self",
"summary": "SUSE Bug 1240978",
"url": "https://bugzilla.suse.com/1240978"
},
{
"category": "self",
"summary": "SUSE Bug 1240979",
"url": "https://bugzilla.suse.com/1240979"
},
{
"category": "self",
"summary": "SUSE Bug 1241038",
"url": "https://bugzilla.suse.com/1241038"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52831 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52924 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52925 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52926 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52926/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52927 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26634 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26634/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26708 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26810 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26873 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27415 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27415/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35826 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35910 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35910/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38606 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41005 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41077 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41149 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41149/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42307 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43820 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45010 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46736 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46782 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46796 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46858 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47408 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47408/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47701 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47794 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49571 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49884 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49924 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49940 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49940/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49950 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50029 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50036 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50038 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50038/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50073 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50115 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50126 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50140 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50142 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50152 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50185 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50251 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50251/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50258 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50290 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50294 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50294/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50304 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-52559 page",
"url": "https://www.suse.com/security/cve/CVE-2024-52559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53057 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53123 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53124 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53139 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53140 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53147 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53163 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53173 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53177 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53178 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53226 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53239 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53680 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-54683 page",
"url": "https://www.suse.com/security/cve/CVE-2024-54683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56539 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56548 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56579 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56592 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56592/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56605 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56605/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56633 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56638 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56640 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56647 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56658 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56702 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56703 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56718 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56719 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56720 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56751 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56758 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56758/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56770 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56770/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57807 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57834 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57882 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57889 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57900 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57947 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57948 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57973 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57978 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57979 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57979/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57981 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57986 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57990 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57990/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57993 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57996 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57997 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57999 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58002 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58005 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58006 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58007 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58011 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58012 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58013 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58014 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58017 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58018 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58019 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58020 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58034 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58034/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58051 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58052 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58054 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58054/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58057 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58058 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58061 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58069 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58071 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58071/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58072 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58072/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58076 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58078 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58079 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58080 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58083 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58086 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21631 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21635 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21635/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21636 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21637 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21638 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21639 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21640 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21647 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21659 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21665 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21666 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21667 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21668 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21669 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21670 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21671 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21675 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21675/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21678 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21680 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21681 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21684 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21687 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21688 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21689 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21689/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21690 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21693 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21699 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21701 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21703 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21704 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21705 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21706 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21708 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21711 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21714 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21715 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21716 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21718 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21719 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21723 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21727 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21729 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21731 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21732 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21733 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21734 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21735 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21736 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21738 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21739 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21741 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21742 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21743 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21743/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21744 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21745 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21745/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21749 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21750 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21753 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21755 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21755/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21756 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21759 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21759/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21760 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21760/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21761 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21762 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21762/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21763 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21764 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21765 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21765/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21766 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21767 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21772 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21773 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21773/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21775 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21776 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21776/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21779 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21780 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21780/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21781 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21782 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21784 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21784/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21785 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21790 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21793 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21793/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21794 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21796 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21799 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21802 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21804 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21804/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21806 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21810 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21815 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21819 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21820 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21821 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21823 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21825 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21828 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21829 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21830 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21831 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21832 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21835 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21836 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21838 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21838/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21844 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21846 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21847 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21848 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21848/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21850 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21855 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21856 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21857 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21858 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21859 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21861 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21862 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21863 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21864 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21865 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21866 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21871 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21873 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21875 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21876 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21877 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21878 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21883 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21883/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21884 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21885 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21886 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21887 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21887/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21888 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21889 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21890 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21891 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21892 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21892/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21894 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21894/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21895 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21905 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21906 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21908 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21908/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21909 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21909/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21910 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21910/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21912 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21915 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21915/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21916 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21916/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21917 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21917/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21918 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21922 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21922/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21923 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21924 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21927 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21928 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21928/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21930 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21930/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21934 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21935 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21935/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21936 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21936/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21937 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21941 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21941/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21943 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21943/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21948 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21950 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21951 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21951/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21953 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21953/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21956 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21957 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21960 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21960/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21961 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21961/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21966 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21966/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21968 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21969 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21970 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21971 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21972 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21975 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21975/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21978 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21979 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21979/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21981 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21991 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21992 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21992/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21993 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21995 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21996 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22001 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22003 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22003/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22007 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22008 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22009 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22010 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22013 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22014 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-2312 page",
"url": "https://www.suse.com/security/cve/CVE-2025-2312/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-04-17T14:37:10Z",
"generator": {
"date": "2025-04-17T14:37:10Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20192-1",
"initial_release_date": "2025-04-17T14:37:10Z",
"revision_history": [
{
"date": "2025-04-17T14:37:10Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-28.1.aarch64",
"product": {
"name": "kernel-default-6.4.0-28.1.aarch64",
"product_id": "kernel-default-6.4.0-28.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-28.1.21.6.aarch64",
"product": {
"name": "kernel-default-base-6.4.0-28.1.21.6.aarch64",
"product_id": "kernel-default-base-6.4.0-28.1.21.6.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.4.0-28.1.noarch",
"product": {
"name": "kernel-devel-6.4.0-28.1.noarch",
"product_id": "kernel-devel-6.4.0-28.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.4.0-28.1.noarch",
"product": {
"name": "kernel-macros-6.4.0-28.1.noarch",
"product_id": "kernel-macros-6.4.0-28.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-6.4.0-28.1.noarch",
"product": {
"name": "kernel-source-6.4.0-28.1.noarch",
"product_id": "kernel-source-6.4.0-28.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-28.1.s390x",
"product": {
"name": "kernel-default-6.4.0-28.1.s390x",
"product_id": "kernel-default-6.4.0-28.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-28.1.s390x",
"product": {
"name": "kernel-default-livepatch-6.4.0-28.1.s390x",
"product_id": "kernel-default-livepatch-6.4.0-28.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"product_id": "kernel-livepatch-6_4_0-28-default-1-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-default-6.4.0-28.1.x86_64",
"product_id": "kernel-default-6.4.0-28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-28.1.21.6.x86_64",
"product": {
"name": "kernel-default-base-6.4.0-28.1.21.6.x86_64",
"product_id": "kernel-default-base-6.4.0-28.1.21.6.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-default-livepatch-6.4.0-28.1.x86_64",
"product_id": "kernel-default-livepatch-6.4.0-28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-kvmsmall-6.4.0-28.1.x86_64",
"product_id": "kernel-kvmsmall-6.4.0-28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-28-default-1-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-28.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64"
},
"product_reference": "kernel-default-6.4.0-28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-28.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x"
},
"product_reference": "kernel-default-6.4.0-28.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-default-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-28.1.21.6.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64"
},
"product_reference": "kernel-default-base-6.4.0-28.1.21.6.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-28.1.21.6.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64"
},
"product_reference": "kernel-default-base-6.4.0-28.1.21.6.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-28.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x"
},
"product_reference": "kernel-default-livepatch-6.4.0-28.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-default-livepatch-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.4.0-28.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch"
},
"product_reference": "kernel-devel-6.4.0-28.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-kvmsmall-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.4.0-28.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch"
},
"product_reference": "kernel-macros-6.4.0-28.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.4.0-28.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
},
"product_reference": "kernel-source-6.4.0-28.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpu/hotplug: Don\u0027t offline the last non-isolated CPU\n\nIf a system has isolated CPUs via the \"isolcpus=\" command line parameter,\nthen an attempt to offline the last housekeeping CPU will result in a\nWARN_ON() when rebuilding the scheduler domains and a subsequent panic due\nto and unhandled empty CPU mas in partition_sched_domains_locked().\n\ncpuset_hotplug_workfn()\n rebuild_sched_domains_locked()\n ndoms = generate_sched_domains(\u0026doms, \u0026attr);\n cpumask_and(doms[0], top_cpuset.effective_cpus, housekeeping_cpumask(HK_FLAG_DOMAIN));\n\nThus results in an empty CPU mask which triggers the warning and then the\nsubsequent crash:\n\nWARNING: CPU: 4 PID: 80 at kernel/sched/topology.c:2366 build_sched_domains+0x120c/0x1408\nCall trace:\n build_sched_domains+0x120c/0x1408\n partition_sched_domains_locked+0x234/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n rebuild_sched_domains+0x30/0x58\n cpuset_hotplug_workfn+0x2a8/0x930\n\nUnable to handle kernel paging request at virtual address fffe80027ab37080\n partition_sched_domains_locked+0x318/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n\nAside of the resulting crash, it does not make any sense to offline the last\nlast housekeeping CPU.\n\nPrevent this by masking out the non-housekeeping CPUs when selecting a\ntarget CPU for initiating the CPU unplug operation via the work queue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52831",
"url": "https://www.suse.com/security/cve/CVE-2023-52831"
},
{
"category": "external",
"summary": "SUSE Bug 1225533 for CVE-2023-52831",
"url": "https://bugzilla.suse.com/1225533"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2023-52831"
},
{
"cve": "CVE-2023-52924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t skip expired elements during walk\n\nThere is an asymmetry between commit/abort and preparation phase if the\nfollowing conditions are met:\n\n1. set is a verdict map (\"1.2.3.4 : jump foo\")\n2. timeouts are enabled\n\nIn this case, following sequence is problematic:\n\n1. element E in set S refers to chain C\n2. userspace requests removal of set S\n3. kernel does a set walk to decrement chain-\u003euse count for all elements\n from preparation phase\n4. kernel does another set walk to remove elements from the commit phase\n (or another walk to do a chain-\u003euse increment for all elements from\n abort phase)\n\nIf E has already expired in 1), it will be ignored during list walk, so its use count\nwon\u0027t have been changed.\n\nThen, when set is culled, -\u003edestroy callback will zap the element via\nnf_tables_set_elem_destroy(), but this function is only safe for\nelements that have been deactivated earlier from the preparation phase:\nlack of earlier deactivate removes the element but leaks the chain use\ncount, which results in a WARN splat when the chain gets removed later,\nplus a leak of the nft_chain structure.\n\nUpdate pipapo_get() not to skip expired elements, otherwise flush\ncommand reports bogus ENOENT errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52924",
"url": "https://www.suse.com/security/cve/CVE-2023-52924"
},
{
"category": "external",
"summary": "SUSE Bug 1236821 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "external",
"summary": "SUSE Bug 1244630 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1244630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2023-52924"
},
{
"cve": "CVE-2023-52925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t fail inserts if duplicate has expired\n\nnftables selftests fail:\nrun-tests.sh testcases/sets/0044interval_overlap_0\nExpected: 0-2 . 0-3, got:\nW: [FAILED] ./testcases/sets/0044interval_overlap_0: got 1\n\nInsertion must ignore duplicate but expired entries.\n\nMoreover, there is a strange asymmetry in nft_pipapo_activate:\n\nIt refetches the current element, whereas the other -\u003eactivate callbacks\n(bitmap, hash, rhash, rbtree) use elem-\u003epriv.\nSame for .remove: other set implementations take elem-\u003epriv,\nnft_pipapo_remove fetches elem-\u003epriv, then does a relookup,\nremove this.\n\nI suspect this was the reason for the change that prompted the\nremoval of the expired check in pipapo_get() in the first place,\nbut skipping exired elements there makes no sense to me, this helper\nis used for normal get requests, insertions (duplicate check)\nand deactivate callback.\n\nIn first two cases expired elements must be skipped.\n\nFor -\u003edeactivate(), this gets called for DELSETELEM, so it\nseems to me that expired elements should be skipped as well, i.e.\ndelete request should fail with -ENOENT error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52925",
"url": "https://www.suse.com/security/cve/CVE-2023-52925"
},
{
"category": "external",
"summary": "SUSE Bug 1236822 for CVE-2023-52925",
"url": "https://bugzilla.suse.com/1236822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2023-52925"
},
{
"cve": "CVE-2023-52926",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52926"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIORING_OP_READ did not correctly consume the provided buffer list when\nread i/o returned \u003c 0 (except for -EAGAIN and -EIOCBQUEUED return).\nThis can lead to a potential use-after-free when the completion via\nio_rw_done runs at separate context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52926",
"url": "https://www.suse.com/security/cve/CVE-2023-52926"
},
{
"category": "external",
"summary": "SUSE Bug 1237565 for CVE-2023-52926",
"url": "https://bugzilla.suse.com/1237565"
},
{
"category": "external",
"summary": "SUSE Bug 1237567 for CVE-2023-52926",
"url": "https://bugzilla.suse.com/1237567"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2023-52926"
},
{
"cve": "CVE-2023-52927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: allow exp not to be removed in nf_ct_find_expectation\n\nCurrently nf_conntrack_in() calling nf_ct_find_expectation() will\nremove the exp from the hash table. However, in some scenario, we\nexpect the exp not to be removed when the created ct will not be\nconfirmed, like in OVS and TC conntrack in the following patches.\n\nThis patch allows exp not to be removed by setting IPS_CONFIRMED\nin the status of the tmpl.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52927",
"url": "https://www.suse.com/security/cve/CVE-2023-52927"
},
{
"category": "external",
"summary": "SUSE Bug 1239644 for CVE-2023-52927",
"url": "https://bugzilla.suse.com/1239644"
},
{
"category": "external",
"summary": "SUSE Bug 1246016 for CVE-2023-52927",
"url": "https://bugzilla.suse.com/1246016"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2023-52927"
},
{
"cve": "CVE-2024-26634",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26634"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix removing a namespace with conflicting altnames\n\nMark reports a BUG() when a net namespace is removed.\n\n kernel BUG at net/core/dev.c:11520!\n\nPhysical interfaces moved outside of init_net get \"refunded\"\nto init_net when that namespace disappears. The main interface\nname may get overwritten in the process if it would have\nconflicted. We need to also discard all conflicting altnames.\nRecent fixes addressed ensuring that altnames get moved\nwith the main interface, which surfaced this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26634",
"url": "https://www.suse.com/security/cve/CVE-2024-26634"
},
{
"category": "external",
"summary": "SUSE Bug 1221651 for CVE-2024-26634",
"url": "https://bugzilla.suse.com/1221651"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-26634"
},
{
"cve": "CVE-2024-26708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: really cope with fastopen race\n\nFastopen and PM-trigger subflow shutdown can race, as reported by\nsyzkaller.\n\nIn my first attempt to close such race, I missed the fact that\nthe subflow status can change again before the subflow_state_change\ncallback is invoked.\n\nAddress the issue additionally copying with all the states directly\nreachable from TCP_FIN_WAIT1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26708",
"url": "https://www.suse.com/security/cve/CVE-2024-26708"
},
{
"category": "external",
"summary": "SUSE Bug 1222672 for CVE-2024-26708",
"url": "https://bugzilla.suse.com/1222672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-26708"
},
{
"cve": "CVE-2024-26810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Lock external INTx masking ops\n\nMask operations through config space changes to DisINTx may race INTx\nconfiguration changes via ioctl. Create wrappers that add locking for\npaths outside of the core interrupt code.\n\nIn particular, irq_type is updated holding igate, therefore testing\nis_intx() requires holding igate. For example clearing DisINTx from\nconfig space can otherwise race changes of the interrupt configuration.\n\nThis aligns interfaces which may trigger the INTx eventfd into two\ncamps, one side serialized by igate and the other only enabled while\nINTx is configured. A subsequent patch introduces synchronization for\nthe latter flows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26810",
"url": "https://www.suse.com/security/cve/CVE-2024-26810"
},
{
"category": "external",
"summary": "SUSE Bug 1222803 for CVE-2024-26810",
"url": "https://bugzilla.suse.com/1222803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-26810"
},
{
"cve": "CVE-2024-26873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26873"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hisi_sas: Fix a deadlock issue related to automatic dump\n\nIf we issue a disabling PHY command, the device attached with it will go\noffline, if a 2 bit ECC error occurs at the same time, a hung task may be\nfound:\n\n[ 4613.652388] INFO: task kworker/u256:0:165233 blocked for more than 120 seconds.\n[ 4613.666297] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.674809] task:kworker/u256:0 state:D stack: 0 pid:165233 ppid: 2 flags:0x00000208\n[ 4613.683959] Workqueue: 0000:74:02.0_disco_q sas_revalidate_domain [libsas]\n[ 4613.691518] Call trace:\n[ 4613.694678] __switch_to+0xf8/0x17c\n[ 4613.698872] __schedule+0x660/0xee0\n[ 4613.703063] schedule+0xac/0x240\n[ 4613.706994] schedule_timeout+0x500/0x610\n[ 4613.711705] __down+0x128/0x36c\n[ 4613.715548] down+0x240/0x2d0\n[ 4613.719221] hisi_sas_internal_abort_timeout+0x1bc/0x260 [hisi_sas_main]\n[ 4613.726618] sas_execute_internal_abort+0x144/0x310 [libsas]\n[ 4613.732976] sas_execute_internal_abort_dev+0x44/0x60 [libsas]\n[ 4613.739504] hisi_sas_internal_task_abort_dev.isra.0+0xbc/0x1b0 [hisi_sas_main]\n[ 4613.747499] hisi_sas_dev_gone+0x174/0x250 [hisi_sas_main]\n[ 4613.753682] sas_notify_lldd_dev_gone+0xec/0x2e0 [libsas]\n[ 4613.759781] sas_unregister_common_dev+0x4c/0x7a0 [libsas]\n[ 4613.765962] sas_destruct_devices+0xb8/0x120 [libsas]\n[ 4613.771709] sas_do_revalidate_domain.constprop.0+0x1b8/0x31c [libsas]\n[ 4613.778930] sas_revalidate_domain+0x60/0xa4 [libsas]\n[ 4613.784716] process_one_work+0x248/0x950\n[ 4613.789424] worker_thread+0x318/0x934\n[ 4613.793878] kthread+0x190/0x200\n[ 4613.797810] ret_from_fork+0x10/0x18\n[ 4613.802121] INFO: task kworker/u256:4:316722 blocked for more than 120 seconds.\n[ 4613.816026] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.824538] task:kworker/u256:4 state:D stack: 0 pid:316722 ppid: 2 flags:0x00000208\n[ 4613.833670] Workqueue: 0000:74:02.0 hisi_sas_rst_work_handler [hisi_sas_main]\n[ 4613.841491] Call trace:\n[ 4613.844647] __switch_to+0xf8/0x17c\n[ 4613.848852] __schedule+0x660/0xee0\n[ 4613.853052] schedule+0xac/0x240\n[ 4613.856984] schedule_timeout+0x500/0x610\n[ 4613.861695] __down+0x128/0x36c\n[ 4613.865542] down+0x240/0x2d0\n[ 4613.869216] hisi_sas_controller_prereset+0x58/0x1fc [hisi_sas_main]\n[ 4613.876324] hisi_sas_rst_work_handler+0x40/0x8c [hisi_sas_main]\n[ 4613.883019] process_one_work+0x248/0x950\n[ 4613.887732] worker_thread+0x318/0x934\n[ 4613.892204] kthread+0x190/0x200\n[ 4613.896118] ret_from_fork+0x10/0x18\n[ 4613.900423] INFO: task kworker/u256:1:348985 blocked for more than 121 seconds.\n[ 4613.914341] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.922852] task:kworker/u256:1 state:D stack: 0 pid:348985 ppid: 2 flags:0x00000208\n[ 4613.931984] Workqueue: 0000:74:02.0_event_q sas_port_event_worker [libsas]\n[ 4613.939549] Call trace:\n[ 4613.942702] __switch_to+0xf8/0x17c\n[ 4613.946892] __schedule+0x660/0xee0\n[ 4613.951083] schedule+0xac/0x240\n[ 4613.955015] schedule_timeout+0x500/0x610\n[ 4613.959725] wait_for_common+0x200/0x610\n[ 4613.964349] wait_for_completion+0x3c/0x5c\n[ 4613.969146] flush_workqueue+0x198/0x790\n[ 4613.973776] sas_porte_broadcast_rcvd+0x1e8/0x320 [libsas]\n[ 4613.979960] sas_port_event_worker+0x54/0xa0 [libsas]\n[ 4613.985708] process_one_work+0x248/0x950\n[ 4613.990420] worker_thread+0x318/0x934\n[ 4613.994868] kthread+0x190/0x200\n[ 4613.998800] ret_from_fork+0x10/0x18\n\nThis is because when the device goes offline, we obtain the hisi_hba\nsemaphore and send the ABORT_DEV command to the device. However, the\ninternal abort timed out due to the 2 bit ECC error and triggers automatic\ndump. In addition, since the hisi_hba semaphore has been obtained, the dump\ncannot be executed and the controller cannot be reset.\n\nTherefore, the deadlocks occur on the following circular dependencies\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26873",
"url": "https://www.suse.com/security/cve/CVE-2024-26873"
},
{
"category": "external",
"summary": "SUSE Bug 1223047 for CVE-2024-26873",
"url": "https://bugzilla.suse.com/1223047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-26873"
},
{
"cve": "CVE-2024-27415",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27415"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: bridge: confirm multicast packets before passing them up the stack\n\nconntrack nf_confirm logic cannot handle cloned skbs referencing\nthe same nf_conn entry, which will happen for multicast (broadcast)\nframes on bridges.\n\n Example:\n macvlan0\n |\n br0\n / \\\n ethX ethY\n\n ethX (or Y) receives a L2 multicast or broadcast packet containing\n an IP packet, flow is not yet in conntrack table.\n\n 1. skb passes through bridge and fake-ip (br_netfilter)Prerouting.\n -\u003e skb-\u003e_nfct now references a unconfirmed entry\n 2. skb is broad/mcast packet. bridge now passes clones out on each bridge\n interface.\n 3. skb gets passed up the stack.\n 4. In macvlan case, macvlan driver retains clone(s) of the mcast skb\n and schedules a work queue to send them out on the lower devices.\n\n The clone skb-\u003e_nfct is not a copy, it is the same entry as the\n original skb. The macvlan rx handler then returns RX_HANDLER_PASS.\n 5. Normal conntrack hooks (in NF_INET_LOCAL_IN) confirm the orig skb.\n\nThe Macvlan broadcast worker and normal confirm path will race.\n\nThis race will not happen if step 2 already confirmed a clone. In that\ncase later steps perform skb_clone() with skb-\u003e_nfct already confirmed (in\nhash table). This works fine.\n\nBut such confirmation won\u0027t happen when eb/ip/nftables rules dropped the\npackets before they reached the nf_confirm step in postrouting.\n\nPablo points out that nf_conntrack_bridge doesn\u0027t allow use of stateful\nnat, so we can safely discard the nf_conn entry and let inet call\nconntrack again.\n\nThis doesn\u0027t work for bridge netfilter: skb could have a nat\ntransformation. Also bridge nf prevents re-invocation of inet prerouting\nvia \u0027sabotage_in\u0027 hook.\n\nWork around this problem by explicit confirmation of the entry at LOCAL_IN\ntime, before upper layer has a chance to clone the unconfirmed entry.\n\nThe downside is that this disables NAT and conntrack helpers.\n\nAlternative fix would be to add locking to all code parts that deal with\nunconfirmed packets, but even if that could be done in a sane way this\nopens up other problems, for example:\n\n-m physdev --physdev-out eth0 -j SNAT --snat-to 1.2.3.4\n-m physdev --physdev-out eth1 -j SNAT --snat-to 1.2.3.5\n\nFor multicast case, only one of such conflicting mappings will be\ncreated, conntrack only handles 1:1 NAT mappings.\n\nUsers should set create a setup that explicitly marks such traffic\nNOTRACK (conntrack bypass) to avoid this, but we cannot auto-bypass\nthem, ruleset might have accept rules for untracked traffic already,\nso user-visible behaviour would change.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27415",
"url": "https://www.suse.com/security/cve/CVE-2024-27415"
},
{
"category": "external",
"summary": "SUSE Bug 1224757 for CVE-2024-27415",
"url": "https://bugzilla.suse.com/1224757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-27415"
},
{
"cve": "CVE-2024-35826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35826"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix page refcounts for unaligned buffers in __bio_release_pages()\n\nFix an incorrect number of pages being released for buffers that do not\nstart at the beginning of a page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35826",
"url": "https://www.suse.com/security/cve/CVE-2024-35826"
},
{
"category": "external",
"summary": "SUSE Bug 1224610 for CVE-2024-35826",
"url": "https://bugzilla.suse.com/1224610"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-35826"
},
{
"cve": "CVE-2024-35910",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35910"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: properly terminate timers for kernel sockets\n\nWe had various syzbot reports about tcp timers firing after\nthe corresponding netns has been dismantled.\n\nFortunately Josef Bacik could trigger the issue more often,\nand could test a patch I wrote two years ago.\n\nWhen TCP sockets are closed, we call inet_csk_clear_xmit_timers()\nto \u0027stop\u0027 the timers.\n\ninet_csk_clear_xmit_timers() can be called from any context,\nincluding when socket lock is held.\nThis is the reason it uses sk_stop_timer(), aka del_timer().\nThis means that ongoing timers might finish much later.\n\nFor user sockets, this is fine because each running timer\nholds a reference on the socket, and the user socket holds\na reference on the netns.\n\nFor kernel sockets, we risk that the netns is freed before\ntimer can complete, because kernel sockets do not hold\nreference on the netns.\n\nThis patch adds inet_csk_clear_xmit_timers_sync() function\nthat using sk_stop_timer_sync() to make sure all timers\nare terminated before the kernel socket is released.\nModules using kernel sockets close them in their netns exit()\nhandler.\n\nAlso add sock_not_owned_by_me() helper to get LOCKDEP\nsupport : inet_csk_clear_xmit_timers_sync() must not be called\nwhile socket lock is held.\n\nIt is very possible we can revert in the future commit\n3a58f13a881e (\"net: rds: acquire refcount on TCP sockets\")\nwhich attempted to solve the issue in rds only.\n(net/smc/af_smc.c and net/mptcp/subflow.c have similar code)\n\nWe probably can remove the check_net() tests from\ntcp_out_of_resources() and __tcp_close() in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35910",
"url": "https://www.suse.com/security/cve/CVE-2024-35910"
},
{
"category": "external",
"summary": "SUSE Bug 1224489 for CVE-2024-35910",
"url": "https://bugzilla.suse.com/1224489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-35910"
},
{
"cve": "CVE-2024-38606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38606"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - validate slices count returned by FW\n\nThe function adf_send_admin_tl_start() enables the telemetry (TL)\nfeature on a QAT device by sending the ICP_QAT_FW_TL_START message to\nthe firmware. This triggers the FW to start writing TL data to a DMA\nbuffer in memory and returns an array containing the number of\naccelerators of each type (slices) supported by this HW.\nThe pointer to this array is stored in the adf_tl_hw_data data\nstructure called slice_cnt.\n\nThe array slice_cnt is then used in the function tl_print_dev_data()\nto report in debugfs only statistics about the supported accelerators.\nAn incorrect value of the elements in slice_cnt might lead to an out\nof bounds memory read.\nAt the moment, there isn\u0027t an implementation of FW that returns a wrong\nvalue, but for robustness validate the slice count array returned by FW.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38606",
"url": "https://www.suse.com/security/cve/CVE-2024-38606"
},
{
"category": "external",
"summary": "SUSE Bug 1226871 for CVE-2024-38606",
"url": "https://bugzilla.suse.com/1226871"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-38606"
},
{
"cve": "CVE-2024-40980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: replace spin_lock by raw_spin_lock\n\ntrace_drop_common() is called with preemption disabled, and it acquires\na spin_lock. This is problematic for RT kernels because spin_locks are\nsleeping locks in this configuration, which causes the following splat:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47\npreempt_count: 1, expected: 0\nRCU nest depth: 2, expected: 2\n5 locks held by rcuc/47/449:\n #0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210\n #1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130\n #2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210\n #3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70\n #4: ff1100086ee07520 (\u0026data-\u003elock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290\nirq event stamp: 139909\nhardirqs last enabled at (139908): [\u003cffffffffb1df2b33\u003e] _raw_spin_unlock_irqrestore+0x63/0x80\nhardirqs last disabled at (139909): [\u003cffffffffb19bd03d\u003e] trace_drop_common.constprop.0+0x26d/0x290\nsoftirqs last enabled at (139892): [\u003cffffffffb07a1083\u003e] __local_bh_enable_ip+0x103/0x170\nsoftirqs last disabled at (139898): [\u003cffffffffb0909b33\u003e] rcu_cpu_kthread+0x93/0x1f0\nPreemption disabled at:\n[\u003cffffffffb1de786b\u003e] rt_mutex_slowunlock+0xab/0x2e0\nCPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7\nHardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x8c/0xd0\n dump_stack+0x14/0x20\n __might_resched+0x21e/0x2f0\n rt_spin_lock+0x5e/0x130\n ? trace_drop_common.constprop.0+0xb5/0x290\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_drop_common.constprop.0+0xb5/0x290\n ? preempt_count_sub+0x1c/0xd0\n ? _raw_spin_unlock_irqrestore+0x4a/0x80\n ? __pfx_trace_drop_common.constprop.0+0x10/0x10\n ? rt_mutex_slowunlock+0x26a/0x2e0\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_rt_mutex_slowunlock+0x10/0x10\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_kfree_skb_hit+0x15/0x20\n trace_kfree_skb+0xe9/0x150\n kfree_skb_reason+0x7b/0x110\n skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_skb_queue_purge_reason.part.0+0x10/0x10\n ? mark_lock.part.0+0x8a/0x520\n...\n\ntrace_drop_common() also disables interrupts, but this is a minor issue\nbecause we could easily replace it with a local_lock.\n\nReplace the spin_lock with raw_spin_lock to avoid sleeping in atomic\ncontext.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40980",
"url": "https://www.suse.com/security/cve/CVE-2024-40980"
},
{
"category": "external",
"summary": "SUSE Bug 1227937 for CVE-2024-40980",
"url": "https://bugzilla.suse.com/1227937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-40980"
},
{
"cve": "CVE-2024-41005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetpoll: Fix race condition in netpoll_owner_active\n\nKCSAN detected a race condition in netpoll:\n\n\tBUG: KCSAN: data-race in net_rx_action / netpoll_send_skb\n\twrite (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10:\n\tnet_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)\n\u003csnip\u003e\n\tread to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2:\n\tnetpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393)\n\tnetpoll_send_udp (net/core/netpoll.c:?)\n\u003csnip\u003e\n\tvalue changed: 0x0000000a -\u003e 0xffffffff\n\nThis happens because netpoll_owner_active() needs to check if the\ncurrent CPU is the owner of the lock, touching napi-\u003epoll_owner\nnon atomically. The -\u003epoll_owner field contains the current CPU holding\nthe lock.\n\nUse an atomic read to check if the poll owner is the current CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41005",
"url": "https://www.suse.com/security/cve/CVE-2024-41005"
},
{
"category": "external",
"summary": "SUSE Bug 1227858 for CVE-2024-41005",
"url": "https://bugzilla.suse.com/1227858"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-41005"
},
{
"cve": "CVE-2024-41055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: prevent derefencing NULL ptr in pfn_section_valid()\n\nCommit 5ec8e8ea8b77 (\"mm/sparsemem: fix race in accessing\nmemory_section-\u003eusage\") changed pfn_section_valid() to add a READ_ONCE()\ncall around \"ms-\u003eusage\" to fix a race with section_deactivate() where\nms-\u003eusage can be cleared. The READ_ONCE() call, by itself, is not enough\nto prevent NULL pointer dereference. We need to check its value before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41055",
"url": "https://www.suse.com/security/cve/CVE-2024-41055"
},
{
"category": "external",
"summary": "SUSE Bug 1228521 for CVE-2024-41055",
"url": "https://bugzilla.suse.com/1228521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-41055"
},
{
"cve": "CVE-2024-41077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41077"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnull_blk: fix validation of block size\n\nBlock size should be between 512 and PAGE_SIZE and be a power of 2. The current\ncheck does not validate this, so update the check.\n\nWithout this patch, null_blk would Oops due to a null pointer deref when\nloaded with bs=1536 [1].\n\n\n[axboe: remove unnecessary braces and != 0 check]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41077",
"url": "https://www.suse.com/security/cve/CVE-2024-41077"
},
{
"category": "external",
"summary": "SUSE Bug 1228653 for CVE-2024-41077",
"url": "https://bugzilla.suse.com/1228653"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-41077"
},
{
"cve": "CVE-2024-41149",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41149"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: avoid to reuse `hctx` not removed from cpuhp callback list\n\nIf the \u0027hctx\u0027 isn\u0027t removed from cpuhp callback list, we can\u0027t reuse it,\notherwise use-after-free may be triggered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41149",
"url": "https://www.suse.com/security/cve/CVE-2024-41149"
},
{
"category": "external",
"summary": "SUSE Bug 1235698 for CVE-2024-41149",
"url": "https://bugzilla.suse.com/1235698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-41149"
},
{
"cve": "CVE-2024-42307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42307"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential null pointer use in destroy_workqueue in init_cifs error path\n\nDan Carpenter reported a Smack static checker warning:\n fs/smb/client/cifsfs.c:1981 init_cifs()\n error: we previously assumed \u0027serverclose_wq\u0027 could be null (see line 1895)\n\nThe patch which introduced the serverclose workqueue used the wrong\noredering in error paths in init_cifs() for freeing it on errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42307",
"url": "https://www.suse.com/security/cve/CVE-2024-42307"
},
{
"category": "external",
"summary": "SUSE Bug 1229361 for CVE-2024-42307",
"url": "https://bugzilla.suse.com/1229361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-42307"
},
{
"cve": "CVE-2024-43820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43820"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume\n\nrm-raid devices will occasionally trigger the following warning when\nbeing resumed after a table load because DM_RECOVERY_RUNNING is set:\n\nWARNING: CPU: 7 PID: 5660 at drivers/md/dm-raid.c:4105 raid_resume+0xee/0x100 [dm_raid]\n\nThe failing check is:\nWARN_ON_ONCE(test_bit(MD_RECOVERY_RUNNING, \u0026mddev-\u003erecovery));\n\nThis check is designed to make sure that the sync thread isn\u0027t\nregistered, but md_check_recovery can set MD_RECOVERY_RUNNING without\nthe sync_thread ever getting registered. Instead of checking if\nMD_RECOVERY_RUNNING is set, check if sync_thread is non-NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43820",
"url": "https://www.suse.com/security/cve/CVE-2024-43820"
},
{
"category": "external",
"summary": "SUSE Bug 1229311 for CVE-2024-43820",
"url": "https://bugzilla.suse.com/1229311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-43820"
},
{
"cve": "CVE-2024-44974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44974",
"url": "https://www.suse.com/security/cve/CVE-2024-44974"
},
{
"category": "external",
"summary": "SUSE Bug 1230235 for CVE-2024-44974",
"url": "https://bugzilla.suse.com/1230235"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-44974"
},
{
"cve": "CVE-2024-45009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the \"remove single subflow\" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \u0027subflow\u0027 endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\u0027s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45009",
"url": "https://www.suse.com/security/cve/CVE-2024-45009"
},
{
"category": "external",
"summary": "SUSE Bug 1230438 for CVE-2024-45009",
"url": "https://bugzilla.suse.com/1230438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-45009"
},
{
"cve": "CVE-2024-45010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \u0027subflow\u0027 endp as available\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the \"remove single address\" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \u0027signal\u0027 endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\u0027subflow\u0027 endpoints, and here it is a \u0027signal\u0027 endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \u0027subflow\u0027 endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45010",
"url": "https://www.suse.com/security/cve/CVE-2024-45010"
},
{
"category": "external",
"summary": "SUSE Bug 1230439 for CVE-2024-45010",
"url": "https://bugzilla.suse.com/1230439"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-45010"
},
{
"cve": "CVE-2024-46736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46736"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double put of @cfile in smb2_rename_path()\n\nIf smb2_set_path_attr() is called with a valid @cfile and returned\n-EINVAL, we need to call cifs_get_writable_path() again as the\nreference of @cfile was already dropped by previous smb2_compound_op()\ncall.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46736",
"url": "https://www.suse.com/security/cve/CVE-2024-46736"
},
{
"category": "external",
"summary": "SUSE Bug 1230728 for CVE-2024-46736",
"url": "https://bugzilla.suse.com/1230728"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-46736"
},
{
"cve": "CVE-2024-46782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: call nf_unregister_net_hooks() sooner\n\nsyzbot found an use-after-free Read in ila_nf_input [1]\n\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\nthen call nf_unregister_net_hooks().\n\nIt should be done in the reverse way, with a synchronize_rcu().\n\nThis is a good match for a pre_exit() method.\n\n[1]\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\n\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\n __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\n process_backlog+0x662/0x15b0 net/core/dev.c:6108\n __napi_poll+0xcb/0x490 net/core/dev.c:6772\n napi_poll net/core/dev.c:6841 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:6963\n handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\n run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\n smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xbfffffff(buddy)\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\n set_page_owner include/linux/page_owner.h:32 [inline]\n post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\n prep_new_page mm/page_alloc.c:1501 [inline]\n get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\n __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\n __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\n alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\n ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\n __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\n __do_kmalloc_node mm/slub.c:4146 [inline]\n __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\n __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\n bucket_table_alloc lib/rhashtable.c:186 [inline]\n rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\n ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\n ops_ini\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46782",
"url": "https://www.suse.com/security/cve/CVE-2024-46782"
},
{
"category": "external",
"summary": "SUSE Bug 1230769 for CVE-2024-46782",
"url": "https://bugzilla.suse.com/1230769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-46782"
},
{
"cve": "CVE-2024-46796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46796"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double put of @cfile in smb2_set_path_size()\n\nIf smb2_compound_op() is called with a valid @cfile and returned\n-EINVAL, we need to call cifs_get_writable_path() before retrying it\nas the reference of @cfile was already dropped by previous call.\n\nThis fixes the following KASAN splat when running fstests generic/013\nagainst Windows Server 2022:\n\n CIFS: Attempting to mount //w22-fs0/scratch\n run fstests generic/013 at 2024-09-02 19:48:59\n ==================================================================\n BUG: KASAN: slab-use-after-free in detach_if_pending+0xab/0x200\n Write of size 8 at addr ffff88811f1a3730 by task kworker/3:2/176\n\n CPU: 3 UID: 0 PID: 176 Comm: kworker/3:2 Not tainted 6.11.0-rc6 #2\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40\n 04/01/2014\n Workqueue: cifsoplockd cifs_oplock_break [cifs]\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ? detach_if_pending+0xab/0x200\n print_report+0x156/0x4d9\n ? detach_if_pending+0xab/0x200\n ? __virt_addr_valid+0x145/0x300\n ? __phys_addr+0x46/0x90\n ? detach_if_pending+0xab/0x200\n kasan_report+0xda/0x110\n ? detach_if_pending+0xab/0x200\n detach_if_pending+0xab/0x200\n timer_delete+0x96/0xe0\n ? __pfx_timer_delete+0x10/0x10\n ? rcu_is_watching+0x20/0x50\n try_to_grab_pending+0x46/0x3b0\n __cancel_work+0x89/0x1b0\n ? __pfx___cancel_work+0x10/0x10\n ? kasan_save_track+0x14/0x30\n cifs_close_deferred_file+0x110/0x2c0 [cifs]\n ? __pfx_cifs_close_deferred_file+0x10/0x10 [cifs]\n ? __pfx_down_read+0x10/0x10\n cifs_oplock_break+0x4c1/0xa50 [cifs]\n ? __pfx_cifs_oplock_break+0x10/0x10 [cifs]\n ? lock_is_held_type+0x85/0xf0\n ? mark_held_locks+0x1a/0x90\n process_one_work+0x4c6/0x9f0\n ? find_held_lock+0x8a/0xa0\n ? __pfx_process_one_work+0x10/0x10\n ? lock_acquired+0x220/0x550\n ? __list_add_valid_or_report+0x37/0x100\n worker_thread+0x2e4/0x570\n ? __kthread_parkme+0xd1/0xf0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x17f/0x1c0\n ? kthread+0xda/0x1c0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\n Allocated by task 1118:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n cifs_new_fileinfo+0xc8/0x9d0 [cifs]\n cifs_atomic_open+0x467/0x770 [cifs]\n lookup_open.isra.0+0x665/0x8b0\n path_openat+0x4c3/0x1380\n do_filp_open+0x167/0x270\n do_sys_openat2+0x129/0x160\n __x64_sys_creat+0xad/0xe0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 83:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x70\n poison_slab_object+0xe9/0x160\n __kasan_slab_free+0x32/0x50\n kfree+0xf2/0x300\n process_one_work+0x4c6/0x9f0\n worker_thread+0x2e4/0x570\n kthread+0x17f/0x1c0\n ret_from_fork+0x31/0x60\n ret_from_fork_asm+0x1a/0x30\n\n Last potentially related work creation:\n kasan_save_stack+0x30/0x50\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x29/0xe0\n __queue_work+0x5ea/0x760\n queue_work_on+0x6d/0x90\n _cifsFileInfo_put+0x3f6/0x770 [cifs]\n smb2_compound_op+0x911/0x3940 [cifs]\n smb2_set_path_size+0x228/0x270 [cifs]\n cifs_set_file_size+0x197/0x460 [cifs]\n cifs_setattr+0xd9c/0x14b0 [cifs]\n notify_change+0x4e3/0x740\n do_truncate+0xfa/0x180\n vfs_truncate+0x195/0x200\n __x64_sys_truncate+0x109/0x150\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46796",
"url": "https://www.suse.com/security/cve/CVE-2024-46796"
},
{
"category": "external",
"summary": "SUSE Bug 1230832 for CVE-2024-46796",
"url": "https://bugzilla.suse.com/1230832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-46796"
},
{
"cve": "CVE-2024-46858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: Fix uaf in __timer_delete_sync\n\nThere are two paths to access mptcp_pm_del_add_timer, result in a race\ncondition:\n\n CPU1\t\t\t\tCPU2\n ==== ====\n net_rx_action\n napi_poll netlink_sendmsg\n __napi_poll netlink_unicast\n process_backlog netlink_unicast_kernel\n __netif_receive_skb genl_rcv\n __netif_receive_skb_one_core netlink_rcv_skb\n NF_HOOK genl_rcv_msg\n ip_local_deliver_finish genl_family_rcv_msg\n ip_protocol_deliver_rcu genl_family_rcv_msg_doit\n tcp_v4_rcv mptcp_pm_nl_flush_addrs_doit\n tcp_v4_do_rcv mptcp_nl_remove_addrs_list\n tcp_rcv_established mptcp_pm_remove_addrs_and_subflows\n tcp_data_queue remove_anno_list_by_saddr\n mptcp_incoming_options mptcp_pm_del_add_timer\n mptcp_pm_del_add_timer kfree(entry)\n\nIn remove_anno_list_by_saddr(running on CPU2), after leaving the critical\nzone protected by \"pm.lock\", the entry will be released, which leads to the\noccurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1).\n\nKeeping a reference to add_timer inside the lock, and calling\nsk_stop_timer_sync() with this reference, instead of \"entry-\u003eadd_timer\".\n\nMove list_del(\u0026entry-\u003elist) to mptcp_pm_del_add_timer and inside the pm lock,\ndo not directly access any members of the entry outside the pm lock, which\ncan avoid similar \"entry-\u003ex\" uaf.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46858",
"url": "https://www.suse.com/security/cve/CVE-2024-46858"
},
{
"category": "external",
"summary": "SUSE Bug 1231088 for CVE-2024-46858",
"url": "https://bugzilla.suse.com/1231088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-46858"
},
{
"cve": "CVE-2024-47408",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47408"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check smcd_v2_ext_offset when receiving proposal msg\n\nWhen receiving proposal msg in server, the field smcd_v2_ext_offset in\nproposal msg is from the remote client and can not be fully trusted.\nOnce the value of smcd_v2_ext_offset exceed the max value, there has\nthe chance to access wrong address, and crash may happen.\n\nThis patch checks the value of smcd_v2_ext_offset before using it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47408",
"url": "https://www.suse.com/security/cve/CVE-2024-47408"
},
{
"category": "external",
"summary": "SUSE Bug 1235711 for CVE-2024-47408",
"url": "https://bugzilla.suse.com/1235711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-47408"
},
{
"cve": "CVE-2024-47701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid OOB when system.data xattr changes underneath the filesystem\n\nWhen looking up for an entry in an inlined directory, if e_value_offs is\nchanged underneath the filesystem by some change in the block device, it\nwill lead to an out-of-bounds access that KASAN detects as an UAF.\n\nEXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.\nloop0: detected capacity change from 2048 to 2047\n==================================================================\nBUG: KASAN: use-after-free in ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\nRead of size 1 at addr ffff88803e91130f by task syz-executor269/5103\n\nCPU: 0 UID: 0 PID: 5103 Comm: syz-executor269 Not tainted 6.11.0-rc4-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\n ext4_find_inline_entry+0x4be/0x5e0 fs/ext4/inline.c:1697\n __ext4_find_entry+0x2b4/0x1b30 fs/ext4/namei.c:1573\n ext4_lookup_entry fs/ext4/namei.c:1727 [inline]\n ext4_lookup+0x15f/0x750 fs/ext4/namei.c:1795\n lookup_one_qstr_excl+0x11f/0x260 fs/namei.c:1633\n filename_create+0x297/0x540 fs/namei.c:3980\n do_symlinkat+0xf9/0x3a0 fs/namei.c:4587\n __do_sys_symlinkat fs/namei.c:4610 [inline]\n __se_sys_symlinkat fs/namei.c:4607 [inline]\n __x64_sys_symlinkat+0x95/0xb0 fs/namei.c:4607\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f3e73ced469\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff4d40c258 EFLAGS: 00000246 ORIG_RAX: 000000000000010a\nRAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f3e73ced469\nRDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0\nRBP: 0000000000000000 R08: 00007fff4d40c290 R09: 00007fff4d40c290\nR10: 0023706f6f6c2f76 R11: 0000000000000246 R12: 00007fff4d40c27c\nR13: 0000000000000003 R14: 431bde82d7b634db R15: 00007fff4d40c2b0\n \u003c/TASK\u003e\n\nCalling ext4_xattr_ibody_find right after reading the inode with\next4_get_inode_loc will lead to a check of the validity of the xattrs,\navoiding this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47701",
"url": "https://www.suse.com/security/cve/CVE-2024-47701"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1231920 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1231920"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-47701"
},
{
"cve": "CVE-2024-47794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Prevent tailcall infinite loop caused by freplace\n\nThere is a potential infinite loop issue that can occur when using a\ncombination of tail calls and freplace.\n\nIn an upcoming selftest, the attach target for entry_freplace of\ntailcall_freplace.c is subprog_tc of tc_bpf2bpf.c, while the tail call in\nentry_freplace leads to entry_tc. This results in an infinite loop:\n\nentry_tc -\u003e subprog_tc -\u003e entry_freplace --tailcall-\u003e entry_tc.\n\nThe problem arises because the tail_call_cnt in entry_freplace resets to\nzero each time entry_freplace is executed, causing the tail call mechanism\nto never terminate, eventually leading to a kernel panic.\n\nTo fix this issue, the solution is twofold:\n\n1. Prevent updating a program extended by an freplace program to a\n prog_array map.\n2. Prevent extending a program that is already part of a prog_array map\n with an freplace program.\n\nThis ensures that:\n\n* If a program or its subprogram has been extended by an freplace program,\n it can no longer be updated to a prog_array map.\n* If a program has been added to a prog_array map, neither it nor its\n subprograms can be extended by an freplace program.\n\nMoreover, an extension program should not be tailcalled. As such, return\n-EINVAL if the program has a type of BPF_PROG_TYPE_EXT when adding it to a\nprog_array map.\n\nAdditionally, fix a minor code style issue by replacing eight spaces with a\ntab for proper formatting.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47794",
"url": "https://www.suse.com/security/cve/CVE-2024-47794"
},
{
"category": "external",
"summary": "SUSE Bug 1235712 for CVE-2024-47794",
"url": "https://bugzilla.suse.com/1235712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-47794"
},
{
"cve": "CVE-2024-49571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49571"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg\n\nWhen receiving proposal msg in server, the field iparea_offset\nand the field ipv6_prefixes_cnt in proposal msg are from the\nremote client and can not be fully trusted. Especially the\nfield iparea_offset, once exceed the max value, there has the\nchance to access wrong address, and crash may happen.\n\nThis patch checks iparea_offset and ipv6_prefixes_cnt before using them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49571",
"url": "https://www.suse.com/security/cve/CVE-2024-49571"
},
{
"category": "external",
"summary": "SUSE Bug 1235733 for CVE-2024-49571",
"url": "https://bugzilla.suse.com/1235733"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49571"
},
{
"cve": "CVE-2024-49884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix slab-use-after-free in ext4_split_extent_at()\n\nWe hit the following use-after-free:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_split_extent_at+0xba8/0xcc0\nRead of size 2 at addr ffff88810548ed08 by task kworker/u20:0/40\nCPU: 0 PID: 40 Comm: kworker/u20:0 Not tainted 6.9.0-dirty #724\nCall Trace:\n \u003cTASK\u003e\n kasan_report+0x93/0xc0\n ext4_split_extent_at+0xba8/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nAllocated by task 40:\n __kmalloc_noprof+0x1ac/0x480\n ext4_find_extent+0xf3b/0x1e70\n ext4_ext_map_blocks+0x188/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nFreed by task 40:\n kfree+0xf1/0x2b0\n ext4_find_extent+0xa71/0x1e70\n ext4_ext_insert_extent+0xa22/0x3260\n ext4_split_extent_at+0x3ef/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n==================================================================\n\nThe flow of issue triggering is as follows:\n\next4_split_extent_at\n path = *ppath\n ext4_ext_insert_extent(ppath)\n ext4_ext_create_new_leaf(ppath)\n ext4_find_extent(orig_path)\n path = *orig_path\n read_extent_tree_block\n // return -ENOMEM or -EIO\n ext4_free_ext_path(path)\n kfree(path)\n *orig_path = NULL\n a. If err is -ENOMEM:\n ext4_ext_dirty(path + path-\u003ep_depth)\n // path use-after-free !!!\n b. If err is -EIO and we have EXT_DEBUG defined:\n ext4_ext_show_leaf(path)\n eh = path[depth].p_hdr\n // path also use-after-free !!!\n\nSo when trying to zeroout or fix the extent length, call ext4_find_extent()\nto update the path.\n\nIn addition we use *ppath directly as an ext4_ext_show_leaf() input to\navoid possible use-after-free when EXT_DEBUG is defined, and to avoid\nunnecessary path updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49884",
"url": "https://www.suse.com/security/cve/CVE-2024-49884"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232198 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1232198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49884"
},
{
"cve": "CVE-2024-49924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: pxafb: Fix possible use after free in pxafb_task()\n\nIn the pxafb_probe function, it calls the pxafb_init_fbinfo function,\nafter which \u0026fbi-\u003etask is associated with pxafb_task. Moreover,\nwithin this pxafb_init_fbinfo function, the pxafb_blank function\nwithin the \u0026pxafb_ops struct is capable of scheduling work.\n\nIf we remove the module which will call pxafb_remove to make cleanup,\nit will call unregister_framebuffer function which can call\ndo_unregister_framebuffer to free fbi-\u003efb through\nput_fb_info(fb_info), while the work mentioned above will be used.\nThe sequence of operations that may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | pxafb_task\npxafb_remove |\nunregister_framebuffer(info) |\ndo_unregister_framebuffer(fb_info) |\nput_fb_info(fb_info) |\n// free fbi-\u003efb | set_ctrlr_state(fbi, state)\n | __pxafb_lcd_power(fbi, 0)\n | fbi-\u003elcd_power(on, \u0026fbi-\u003efb.var)\n | //use fbi-\u003efb\n\nFix it by ensuring that the work is canceled before proceeding\nwith the cleanup in pxafb_remove.\n\nNote that only root user can remove the driver at runtime.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49924",
"url": "https://www.suse.com/security/cve/CVE-2024-49924"
},
{
"category": "external",
"summary": "SUSE Bug 1232364 for CVE-2024-49924",
"url": "https://bugzilla.suse.com/1232364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49924"
},
{
"cve": "CVE-2024-49940",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49940"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: prevent possible tunnel refcount underflow\n\nWhen a session is created, it sets a backpointer to its tunnel. When\nthe session refcount drops to 0, l2tp_session_free drops the tunnel\nrefcount if session-\u003etunnel is non-NULL. However, session-\u003etunnel is\nset in l2tp_session_create, before the tunnel refcount is incremented\nby l2tp_session_register, which leaves a small window where\nsession-\u003etunnel is non-NULL when the tunnel refcount hasn\u0027t been\nbumped.\n\nMoving the assignment to l2tp_session_register is trivial but\nl2tp_session_create calls l2tp_session_set_header_len which uses\nsession-\u003etunnel to get the tunnel\u0027s encap. Add an encap arg to\nl2tp_session_set_header_len to avoid using session-\u003etunnel.\n\nIf l2tpv3 sessions have colliding IDs, it is possible for\nl2tp_v3_session_get to race with l2tp_session_register and fetch a\nsession which doesn\u0027t yet have session-\u003etunnel set. Add a check for\nthis case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49940",
"url": "https://www.suse.com/security/cve/CVE-2024-49940"
},
{
"category": "external",
"summary": "SUSE Bug 1232812 for CVE-2024-49940",
"url": "https://bugzilla.suse.com/1232812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49940"
},
{
"cve": "CVE-2024-49950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49950"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix uaf in l2cap_connect\n\n[Syzbot reported]\nBUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\nRead of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nWorkqueue: hci2 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\n l2cap_connect_req net/bluetooth/l2cap_core.c:4080 [inline]\n l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline]\n l2cap_recv_frame+0xf0b/0x8eb0 net/bluetooth/l2cap_core.c:6825\n l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514\n hci_acldata_packet net/bluetooth/hci_core.c:3791 [inline]\n hci_rx_work+0xaab/0x1610 net/bluetooth/hci_core.c:4028\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n...\n\nFreed by task 5245:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579\n poison_slab_object+0xf7/0x160 mm/kasan/common.c:240\n __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2256 [inline]\n slab_free mm/slub.c:4477 [inline]\n kfree+0x12a/0x3b0 mm/slub.c:4598\n l2cap_conn_free net/bluetooth/l2cap_core.c:1810 [inline]\n kref_put include/linux/kref.h:65 [inline]\n l2cap_conn_put net/bluetooth/l2cap_core.c:1822 [inline]\n l2cap_conn_del+0x59d/0x730 net/bluetooth/l2cap_core.c:1802\n l2cap_connect_cfm+0x9e6/0xf80 net/bluetooth/l2cap_core.c:7241\n hci_connect_cfm include/net/bluetooth/hci_core.h:1960 [inline]\n hci_conn_failed+0x1c3/0x370 net/bluetooth/hci_conn.c:1265\n hci_abort_conn_sync+0x75a/0xb50 net/bluetooth/hci_sync.c:5583\n abort_conn_sync+0x197/0x360 net/bluetooth/hci_conn.c:2917\n hci_cmd_sync_work+0x1a4/0x410 net/bluetooth/hci_sync.c:328\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49950",
"url": "https://www.suse.com/security/cve/CVE-2024-49950"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232159 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1232159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49950"
},
{
"cve": "CVE-2024-49994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix integer overflow in BLKSECDISCARD\n\nI independently rediscovered\n\n\tcommit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155\n\tblock: fix overflow in blk_ioctl_discard()\n\nbut for secure erase.\n\nSame problem:\n\n\tuint64_t r[2] = {512, 18446744073709551104ULL};\n\tioctl(fd, BLKSECDISCARD, r);\n\nwill enter near infinite loop inside blkdev_issue_secure_erase():\n\n\ta.out: attempt to access beyond end of device\n\tloop0: rw=5, sector=3399043073, nr_sectors = 1024 limit=2048\n\tbio_check_eod: 3286214 callbacks suppressed",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49994",
"url": "https://www.suse.com/security/cve/CVE-2024-49994"
},
{
"category": "external",
"summary": "SUSE Bug 1237757 for CVE-2024-49994",
"url": "https://bugzilla.suse.com/1237757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49994"
},
{
"cve": "CVE-2024-50029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50029"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync\n\nThis checks if the ACL connection remains valid as it could be destroyed\nwhile hci_enhanced_setup_sync is pending on cmd_sync leading to the\nfollowing trace:\n\nBUG: KASAN: slab-use-after-free in hci_enhanced_setup_sync+0x91b/0xa60\nRead of size 1 at addr ffff888002328ffd by task kworker/u5:2/37\n\nCPU: 0 UID: 0 PID: 37 Comm: kworker/u5:2 Not tainted 6.11.0-rc6-01300-g810be445d8d6 #7099\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ? hci_enhanced_setup_sync+0x91b/0xa60\n print_report+0x152/0x4c0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n ? __virt_addr_valid+0x1fa/0x420\n ? hci_enhanced_setup_sync+0x91b/0xa60\n kasan_report+0xda/0x1b0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n hci_enhanced_setup_sync+0x91b/0xa60\n ? __pfx_hci_enhanced_setup_sync+0x10/0x10\n ? __pfx___mutex_lock+0x10/0x10\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n ? __pfx_lock_acquire+0x10/0x10\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x167/0x240\n worker_thread+0x5b7/0xf60\n ? __kthread_parkme+0xac/0x1c0\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x293/0x360\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2f/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 34:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n __hci_conn_add+0x187/0x17d0\n hci_connect_sco+0x2e1/0xb90\n sco_sock_connect+0x2a2/0xb80\n __sys_connect+0x227/0x2a0\n __x64_sys_connect+0x6d/0xb0\n do_syscall_64+0x71/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 37:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x101/0x160\n kfree+0xd0/0x250\n device_release+0x9a/0x210\n kobject_put+0x151/0x280\n hci_conn_del+0x448/0xbf0\n hci_abort_conn_sync+0x46f/0x980\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n worker_thread+0x5b7/0xf60\n kthread+0x293/0x360\n ret_from_fork+0x2f/0x70\n ret_from_fork_asm+0x1a/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50029",
"url": "https://www.suse.com/security/cve/CVE-2024-50029"
},
{
"category": "external",
"summary": "SUSE Bug 1231949 for CVE-2024-50029",
"url": "https://bugzilla.suse.com/1231949"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50029"
},
{
"cve": "CVE-2024-50036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not delay dst_entries_add() in dst_release()\n\ndst_entries_add() uses per-cpu data that might be freed at netns\ndismantle from ip6_route_net_exit() calling dst_entries_destroy()\n\nBefore ip6_route_net_exit() can be called, we release all\nthe dsts associated with this netns, via calls to dst_release(),\nwhich waits an rcu grace period before calling dst_destroy()\n\ndst_entries_add() use in dst_destroy() is racy, because\ndst_entries_destroy() could have been called already.\n\nDecrementing the number of dsts must happen sooner.\n\nNotes:\n\n1) in CONFIG_XFRM case, dst_destroy() can call\n dst_release_immediate(child), this might also cause UAF\n if the child does not have DST_NOCOUNT set.\n IPSEC maintainers might take a look and see how to address this.\n\n2) There is also discussion about removing this count of dst,\n which might happen in future kernels.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50036",
"url": "https://www.suse.com/security/cve/CVE-2024-50036"
},
{
"category": "external",
"summary": "SUSE Bug 1231912 for CVE-2024-50036",
"url": "https://bugzilla.suse.com/1231912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50036"
},
{
"cve": "CVE-2024-50038",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50038"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xtables: avoid NFPROTO_UNSPEC where needed\n\nsyzbot managed to call xt_cluster match via ebtables:\n\n WARNING: CPU: 0 PID: 11 at net/netfilter/xt_cluster.c:72 xt_cluster_mt+0x196/0x780\n [..]\n ebt_do_table+0x174b/0x2a40\n\nModule registers to NFPROTO_UNSPEC, but it assumes ipv4/ipv6 packet\nprocessing. As this is only useful to restrict locally terminating\nTCP/UDP traffic, register this for ipv4 and ipv6 family only.\n\nPablo points out that this is a general issue, direct users of the\nset/getsockopt interface can call into targets/matches that were only\nintended for use with ip(6)tables.\n\nCheck all UNSPEC matches and targets for similar issues:\n\n- matches and targets are fine except if they assume skb_network_header()\n is valid -- this is only true when called from inet layer: ip(6) stack\n pulls the ip/ipv6 header into linear data area.\n- targets that return XT_CONTINUE or other xtables verdicts must be\n restricted too, they are incompatbile with the ebtables traverser, e.g.\n EBT_CONTINUE is a completely different value than XT_CONTINUE.\n\nMost matches/targets are changed to register for NFPROTO_IPV4/IPV6, as\nthey are provided for use by ip(6)tables.\n\nThe MARK target is also used by arptables, so register for NFPROTO_ARP too.\n\nWhile at it, bail out if connbytes fails to enable the corresponding\nconntrack family.\n\nThis change passes the selftests in iptables.git.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50038",
"url": "https://www.suse.com/security/cve/CVE-2024-50038"
},
{
"category": "external",
"summary": "SUSE Bug 1231910 for CVE-2024-50038",
"url": "https://bugzilla.suse.com/1231910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50038"
},
{
"cve": "CVE-2024-50056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c\n\nFix potential dereferencing of ERR_PTR() in find_format_by_pix()\nand uvc_v4l2_enum_format().\n\nFix the following smatch errors:\n\ndrivers/usb/gadget/function/uvc_v4l2.c:124 find_format_by_pix()\nerror: \u0027fmtdesc\u0027 dereferencing possible ERR_PTR()\n\ndrivers/usb/gadget/function/uvc_v4l2.c:392 uvc_v4l2_enum_format()\nerror: \u0027fmtdesc\u0027 dereferencing possible ERR_PTR()\n\nAlso, fix similar issue in uvc_v4l2_try_format() for potential\ndereferencing of ERR_PTR().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50056",
"url": "https://www.suse.com/security/cve/CVE-2024-50056"
},
{
"category": "external",
"summary": "SUSE Bug 1232389 for CVE-2024-50056",
"url": "https://bugzilla.suse.com/1232389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50056"
},
{
"cve": "CVE-2024-50073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50073"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Fix use-after-free in gsm_cleanup_mux\n\nBUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0\ndrivers/tty/n_gsm.c:3160 [n_gsm]\nRead of size 8 at addr ffff88815fe99c00 by task poc/3379\nCPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56\nHardware name: VMware, Inc. VMware Virtual Platform/440BX\nDesktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n \u003cTASK\u003e\n gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]\n __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389\n update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500\n __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846\n __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107\n __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]\n ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195\n ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79\n __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338\n __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\nAllocated by task 65:\n gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]\n gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]\n gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]\n gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]\n tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391\n tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39\n flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445\n process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229\n worker_thread+0x3dc/0x950 kernel/workqueue.c:3391\n kthread+0x2a3/0x370 kernel/kthread.c:389\n ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257\n\nFreed by task 3367:\n kfree+0x126/0x420 mm/slub.c:4580\n gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\n[Analysis]\ngsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux\ncan be freed by multi threads through ioctl,which leads\nto the occurrence of uaf. Protect it by gsm tx lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50073",
"url": "https://www.suse.com/security/cve/CVE-2024-50073"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232520 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1232520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-50073"
},
{
"cve": "CVE-2024-50085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow\n\nSyzkaller reported this splat:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n Read of size 4 at addr ffff8880569ac858 by task syz.1.2799/14662\n\n CPU: 0 UID: 0 PID: 14662 Comm: syz.1.2799 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:914 [inline]\n mptcp_nl_remove_id_zero_address+0x305/0x4a0 net/mptcp/pm_netlink.c:1572\n mptcp_pm_nl_del_addr_doit+0x5c9/0x770 net/mptcp/pm_netlink.c:1603\n genl_family_rcv_msg_doit+0x202/0x2f0 net/netlink/genetlink.c:1115\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0x565/0x800 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x165/0x410 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg net/socket.c:744 [inline]\n ____sys_sendmsg+0x9ae/0xb40 net/socket.c:2607\n ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661\n __sys_sendmsg+0x117/0x1f0 net/socket.c:2690\n do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]\n __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386\n do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411\n entry_SYSENTER_compat_after_hwframe+0x84/0x8e\n RIP: 0023:0xf7fe4579\n Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 \u003c5d\u003e 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00\n RSP: 002b:00000000f574556c EFLAGS: 00000296 ORIG_RAX: 0000000000000172\n RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000020000140\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\n Allocated by task 5387:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kmalloc_noprof include/linux/slab.h:878 [inline]\n kzalloc_noprof include/linux/slab.h:1014 [inline]\n subflow_create_ctx+0x87/0x2a0 net/mptcp/subflow.c:1803\n subflow_ulp_init+0xc3/0x4d0 net/mptcp/subflow.c:1956\n __tcp_set_ulp net/ipv4/tcp_ulp.c:146 [inline]\n tcp_set_ulp+0x326/0x7f0 net/ipv4/tcp_ulp.c:167\n mptcp_subflow_create_socket+0x4ae/0x10a0 net/mptcp/subflow.c:1764\n __mptcp_subflow_connect+0x3cc/0x1490 net/mptcp/subflow.c:1592\n mptcp_pm_create_subflow_or_signal_addr+0xbda/0x23a0 net/mptcp/pm_netlink.c:642\n mptcp_pm_nl_fully_established net/mptcp/pm_netlink.c:650 [inline]\n mptcp_pm_nl_work+0x3a1/0x4f0 net/mptcp/pm_netlink.c:943\n mptcp_worker+0x15a/0x1240 net/mptcp/protocol.c:2777\n process_one_work+0x958/0x1b30 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/ke\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50085",
"url": "https://www.suse.com/security/cve/CVE-2024-50085"
},
{
"category": "external",
"summary": "SUSE Bug 1232508 for CVE-2024-50085",
"url": "https://bugzilla.suse.com/1232508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50085"
},
{
"cve": "CVE-2024-50115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory\n\nIgnore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits\n4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn\u0027t\nenforce 32-byte alignment of nCR3.\n\nIn the absolute worst case scenario, failure to ignore bits 4:0 can result\nin an out-of-bounds read, e.g. if the target page is at the end of a\nmemslot, and the VMM isn\u0027t using guard pages.\n\nPer the APM:\n\n The CR3 register points to the base address of the page-directory-pointer\n table. The page-directory-pointer table is aligned on a 32-byte boundary,\n with the low 5 address bits 4:0 assumed to be 0.\n\nAnd the SDM\u0027s much more explicit:\n\n 4:0 Ignored\n\nNote, KVM gets this right when loading PDPTRs, it\u0027s only the nSVM flow\nthat is broken.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50115",
"url": "https://www.suse.com/security/cve/CVE-2024-50115"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232919 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "external",
"summary": "SUSE Bug 1233019 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1233019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-50115"
},
{
"cve": "CVE-2024-50126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50126"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: use RCU read-side critical section in taprio_dump()\n\nFix possible use-after-free in \u0027taprio_dump()\u0027 by adding RCU\nread-side critical section there. Never seen on x86 but\nfound on a KASAN-enabled arm64 system when investigating\nhttps://syzkaller.appspot.com/bug?extid=b65e0af58423fc8a73aa:\n\n[T15862] BUG: KASAN: slab-use-after-free in taprio_dump+0xa0c/0xbb0\n[T15862] Read of size 4 at addr ffff0000d4bb88f8 by task repro/15862\n[T15862]\n[T15862] CPU: 0 UID: 0 PID: 15862 Comm: repro Not tainted 6.11.0-rc1-00293-gdefaf1a2113a-dirty #2\n[T15862] Hardware name: QEMU QEMU Virtual Machine, BIOS edk2-20240524-5.fc40 05/24/2024\n[T15862] Call trace:\n[T15862] dump_backtrace+0x20c/0x220\n[T15862] show_stack+0x2c/0x40\n[T15862] dump_stack_lvl+0xf8/0x174\n[T15862] print_report+0x170/0x4d8\n[T15862] kasan_report+0xb8/0x1d4\n[T15862] __asan_report_load4_noabort+0x20/0x2c\n[T15862] taprio_dump+0xa0c/0xbb0\n[T15862] tc_fill_qdisc+0x540/0x1020\n[T15862] qdisc_notify.isra.0+0x330/0x3a0\n[T15862] tc_modify_qdisc+0x7b8/0x1838\n[T15862] rtnetlink_rcv_msg+0x3c8/0xc20\n[T15862] netlink_rcv_skb+0x1f8/0x3d4\n[T15862] rtnetlink_rcv+0x28/0x40\n[T15862] netlink_unicast+0x51c/0x790\n[T15862] netlink_sendmsg+0x79c/0xc20\n[T15862] __sock_sendmsg+0xe0/0x1a0\n[T15862] ____sys_sendmsg+0x6c0/0x840\n[T15862] ___sys_sendmsg+0x1ac/0x1f0\n[T15862] __sys_sendmsg+0x110/0x1d0\n[T15862] __arm64_sys_sendmsg+0x74/0xb0\n[T15862] invoke_syscall+0x88/0x2e0\n[T15862] el0_svc_common.constprop.0+0xe4/0x2a0\n[T15862] do_el0_svc+0x44/0x60\n[T15862] el0_svc+0x50/0x184\n[T15862] el0t_64_sync_handler+0x120/0x12c\n[T15862] el0t_64_sync+0x190/0x194\n[T15862]\n[T15862] Allocated by task 15857:\n[T15862] kasan_save_stack+0x3c/0x70\n[T15862] kasan_save_track+0x20/0x3c\n[T15862] kasan_save_alloc_info+0x40/0x60\n[T15862] __kasan_kmalloc+0xd4/0xe0\n[T15862] __kmalloc_cache_noprof+0x194/0x334\n[T15862] taprio_change+0x45c/0x2fe0\n[T15862] tc_modify_qdisc+0x6a8/0x1838\n[T15862] rtnetlink_rcv_msg+0x3c8/0xc20\n[T15862] netlink_rcv_skb+0x1f8/0x3d4\n[T15862] rtnetlink_rcv+0x28/0x40\n[T15862] netlink_unicast+0x51c/0x790\n[T15862] netlink_sendmsg+0x79c/0xc20\n[T15862] __sock_sendmsg+0xe0/0x1a0\n[T15862] ____sys_sendmsg+0x6c0/0x840\n[T15862] ___sys_sendmsg+0x1ac/0x1f0\n[T15862] __sys_sendmsg+0x110/0x1d0\n[T15862] __arm64_sys_sendmsg+0x74/0xb0\n[T15862] invoke_syscall+0x88/0x2e0\n[T15862] el0_svc_common.constprop.0+0xe4/0x2a0\n[T15862] do_el0_svc+0x44/0x60\n[T15862] el0_svc+0x50/0x184\n[T15862] el0t_64_sync_handler+0x120/0x12c\n[T15862] el0t_64_sync+0x190/0x194\n[T15862]\n[T15862] Freed by task 6192:\n[T15862] kasan_save_stack+0x3c/0x70\n[T15862] kasan_save_track+0x20/0x3c\n[T15862] kasan_save_free_info+0x4c/0x80\n[T15862] poison_slab_object+0x110/0x160\n[T15862] __kasan_slab_free+0x3c/0x74\n[T15862] kfree+0x134/0x3c0\n[T15862] taprio_free_sched_cb+0x18c/0x220\n[T15862] rcu_core+0x920/0x1b7c\n[T15862] rcu_core_si+0x10/0x1c\n[T15862] handle_softirqs+0x2e8/0xd64\n[T15862] __do_softirq+0x14/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50126",
"url": "https://www.suse.com/security/cve/CVE-2024-50126"
},
{
"category": "external",
"summary": "SUSE Bug 1232895 for CVE-2024-50126",
"url": "https://bugzilla.suse.com/1232895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50126"
},
{
"cve": "CVE-2024-50140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/core: Disable page allocation in task_tick_mm_cid()\n\nWith KASAN and PREEMPT_RT enabled, calling task_work_add() in\ntask_tick_mm_cid() may cause the following splat.\n\n[ 63.696416] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n[ 63.696416] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 610, name: modprobe\n[ 63.696416] preempt_count: 10001, expected: 0\n[ 63.696416] RCU nest depth: 1, expected: 1\n\nThis problem is caused by the following call trace.\n\n sched_tick() [ acquire rq-\u003e__lock ]\n -\u003e task_tick_mm_cid()\n -\u003e task_work_add()\n -\u003e __kasan_record_aux_stack()\n -\u003e kasan_save_stack()\n -\u003e stack_depot_save_flags()\n -\u003e alloc_pages_mpol_noprof()\n -\u003e __alloc_pages_noprof()\n\t -\u003e get_page_from_freelist()\n\t -\u003e rmqueue()\n\t -\u003e rmqueue_pcplist()\n\t -\u003e __rmqueue_pcplist()\n\t -\u003e rmqueue_bulk()\n\t -\u003e rt_spin_lock()\n\nThe rq lock is a raw_spinlock_t. We can\u0027t sleep while holding\nit. IOW, we can\u0027t call alloc_pages() in stack_depot_save_flags().\n\nThe task_tick_mm_cid() function with its task_work_add() call was\nintroduced by commit 223baf9d17f2 (\"sched: Fix performance regression\nintroduced by mm_cid\") in v6.4 kernel.\n\nFortunately, there is a kasan_record_aux_stack_noalloc() variant that\ncalls stack_depot_save_flags() while not allowing it to allocate\nnew pages. To allow task_tick_mm_cid() to use task_work without\npage allocation, a new TWAF_NO_ALLOC flag is added to enable calling\nkasan_record_aux_stack_noalloc() instead of kasan_record_aux_stack()\nif set. The task_tick_mm_cid() function is modified to add this new flag.\n\nThe possible downside is the missing stack trace in a KASAN report due\nto new page allocation required when task_work_add_noallloc() is called\nwhich should be rare.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50140",
"url": "https://www.suse.com/security/cve/CVE-2024-50140"
},
{
"category": "external",
"summary": "SUSE Bug 1233060 for CVE-2024-50140",
"url": "https://bugzilla.suse.com/1233060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50140"
},
{
"cve": "CVE-2024-50142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset\n\nThis expands the validation introduced in commit 07bf7908950a (\"xfrm:\nValidate address prefix lengths in the xfrm selector.\")\n\nsyzbot created an SA with\n usersa.sel.family = AF_UNSPEC\n usersa.sel.prefixlen_s = 128\n usersa.family = AF_INET\n\nBecause of the AF_UNSPEC selector, verify_newsa_info doesn\u0027t put\nlimits on prefixlen_{s,d}. But then copy_from_user_state sets\nx-\u003esel.family to usersa.family (AF_INET). Do the same conversion in\nverify_newsa_info before validating prefixlen_{s,d}, since that\u0027s how\nprefixlen is going to be used later on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50142",
"url": "https://www.suse.com/security/cve/CVE-2024-50142"
},
{
"category": "external",
"summary": "SUSE Bug 1233028 for CVE-2024-50142",
"url": "https://bugzilla.suse.com/1233028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50142"
},
{
"cve": "CVE-2024-50152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50152"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix possible double free in smb2_set_ea()\n\nClang static checker(scan-build) warning:\nfs/smb/client/smb2ops.c:1304:2: Attempt to free released memory.\n 1304 | kfree(ea);\n | ^~~~~~~~~\n\nThere is a double free in such case:\n\u0027ea is initialized to NULL\u0027 -\u003e \u0027first successful memory allocation for\nea\u0027 -\u003e \u0027something failed, goto sea_exit\u0027 -\u003e \u0027first memory release for ea\u0027\n-\u003e \u0027goto replay_again\u0027 -\u003e \u0027second goto sea_exit before allocate memory\nfor ea\u0027 -\u003e \u0027second memory release for ea resulted in double free\u0027.\n\nRe-initialie \u0027ea\u0027 to NULL near to the replay_again label, it can fix this\ndouble free problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50152",
"url": "https://www.suse.com/security/cve/CVE-2024-50152"
},
{
"category": "external",
"summary": "SUSE Bug 1233033 for CVE-2024-50152",
"url": "https://bugzilla.suse.com/1233033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50152"
},
{
"cve": "CVE-2024-50185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50185"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle consistently DSS corruption\n\nBugged peer implementation can send corrupted DSS options, consistently\nhitting a few warning in the data path. Use DEBUG_NET assertions, to\navoid the splat on some builds and handle consistently the error, dumping\nrelated MIBs and performing fallback and/or reset according to the\nsubflow type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50185",
"url": "https://www.suse.com/security/cve/CVE-2024-50185"
},
{
"category": "external",
"summary": "SUSE Bug 1233109 for CVE-2024-50185",
"url": "https://bugzilla.suse.com/1233109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50185"
},
{
"cve": "CVE-2024-50251",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50251"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_payload: sanitize offset and length before calling skb_checksum()\n\nIf access to offset + length is larger than the skbuff length, then\nskb_checksum() triggers BUG_ON().\n\nskb_checksum() internally subtracts the length parameter while iterating\nover skbuff, BUG_ON(len) at the end of it checks that the expected\nlength to be included in the checksum calculation is fully consumed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50251",
"url": "https://www.suse.com/security/cve/CVE-2024-50251"
},
{
"category": "external",
"summary": "SUSE Bug 1233248 for CVE-2024-50251",
"url": "https://bugzilla.suse.com/1233248"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50251"
},
{
"cve": "CVE-2024-50258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix crash when config small gso_max_size/gso_ipv4_max_size\n\nConfig a small gso_max_size/gso_ipv4_max_size will lead to an underflow\nin sk_dst_gso_max_size(), which may trigger a BUG_ON crash,\nbecause sk-\u003esk_gso_max_size would be much bigger than device limits.\nCall Trace:\ntcp_write_xmit\n tso_segs = tcp_init_tso_segs(skb, mss_now);\n tcp_set_skb_tso_segs\n tcp_skb_pcount_set\n // skb-\u003elen = 524288, mss_now = 8\n // u16 tso_segs = 524288/8 = 65535 -\u003e 0\n tso_segs = DIV_ROUND_UP(skb-\u003elen, mss_now)\n BUG_ON(!tso_segs)\nAdd check for the minimum value of gso_max_size and gso_ipv4_max_size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50258",
"url": "https://www.suse.com/security/cve/CVE-2024-50258"
},
{
"category": "external",
"summary": "SUSE Bug 1233221 for CVE-2024-50258",
"url": "https://bugzilla.suse.com/1233221"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50258"
},
{
"cve": "CVE-2024-50290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50290"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx24116: prevent overflows on SNR calculus\n\nas reported by Coverity, if reading SNR registers fail, a negative\nnumber will be returned, causing an underflow when reading SNR\nregisters.\n\nPrevent that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50290",
"url": "https://www.suse.com/security/cve/CVE-2024-50290"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233479 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "external",
"summary": "SUSE Bug 1233681 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-50290"
},
{
"cve": "CVE-2024-50294",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50294"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix missing locking causing hanging calls\n\nIf a call gets aborted (e.g. because kafs saw a signal) between it being\nqueued for connection and the I/O thread picking up the call, the abort\nwill be prioritised over the connection and it will be removed from\nlocal-\u003enew_client_calls by rxrpc_disconnect_client_call() without a lock\nbeing held. This may cause other calls on the list to disappear if a race\noccurs.\n\nFix this by taking the client_call_lock when removing a call from whatever\nlist its -\u003ewait_link happens to be on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50294",
"url": "https://www.suse.com/security/cve/CVE-2024-50294"
},
{
"category": "external",
"summary": "SUSE Bug 1233483 for CVE-2024-50294",
"url": "https://bugzilla.suse.com/1233483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50294"
},
{
"cve": "CVE-2024-50304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()\n\nThe per-netns IP tunnel hash table is protected by the RTNL mutex and\nip_tunnel_find() is only called from the control path where the mutex is\ntaken.\n\nAdd a lockdep expression to hlist_for_each_entry_rcu() in\nip_tunnel_find() in order to validate that the mutex is held and to\nsilence the suspicious RCU usage warning [1].\n\n[1]\nWARNING: suspicious RCU usage\n6.12.0-rc3-custom-gd95d9a31aceb #139 Not tainted\n-----------------------------\nnet/ipv4/ip_tunnel.c:221 RCU-list traversed in non-reader section!!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n1 lock held by ip/362:\n #0: ffffffff86fc7cb0 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x377/0xf60\n\nstack backtrace:\nCPU: 12 UID: 0 PID: 362 Comm: ip Not tainted 6.12.0-rc3-custom-gd95d9a31aceb #139\nHardware name: Bochs Bochs, BIOS Bochs 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xba/0x110\n lockdep_rcu_suspicious.cold+0x4f/0xd6\n ip_tunnel_find+0x435/0x4d0\n ip_tunnel_newlink+0x517/0x7a0\n ipgre_newlink+0x14c/0x170\n __rtnl_newlink+0x1173/0x19c0\n rtnl_newlink+0x6c/0xa0\n rtnetlink_rcv_msg+0x3cc/0xf60\n netlink_rcv_skb+0x171/0x450\n netlink_unicast+0x539/0x7f0\n netlink_sendmsg+0x8c1/0xd80\n ____sys_sendmsg+0x8f9/0xc20\n ___sys_sendmsg+0x197/0x1e0\n __sys_sendmsg+0x122/0x1f0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50304",
"url": "https://www.suse.com/security/cve/CVE-2024-50304"
},
{
"category": "external",
"summary": "SUSE Bug 1233522 for CVE-2024-50304",
"url": "https://bugzilla.suse.com/1233522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50304"
},
{
"cve": "CVE-2024-52559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-52559"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()\n\nThe \"submit-\u003ecmd[i].size\" and \"submit-\u003ecmd[i].offset\" variables are u32\nvalues that come from the user via the submit_lookup_cmds() function.\nThis addition could lead to an integer wrapping bug so use size_add()\nto prevent that.\n\nPatchwork: https://patchwork.freedesktop.org/patch/624696/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-52559",
"url": "https://www.suse.com/security/cve/CVE-2024-52559"
},
{
"category": "external",
"summary": "SUSE Bug 1238507 for CVE-2024-52559",
"url": "https://bugzilla.suse.com/1238507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-52559"
},
{
"cve": "CVE-2024-53057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT\n\nIn qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed\nto be either root or ingress. This assumption is bogus since it\u0027s valid\nto create egress qdiscs with major handle ffff:\nBudimir Markovic found that for qdiscs like DRR that maintain an active\nclass list, it will cause a UAF with a dangling class pointer.\n\nIn 066a3b5b2346, the concern was to avoid iterating over the ingress\nqdisc since its parent is itself. The proper fix is to stop when parent\nTC_H_ROOT is reached because the only way to retrieve ingress is when a\nhierarchy which does not contain a ffff: major handle call into\nqdisc_lookup with TC_H_MAJ(TC_H_ROOT).\n\nIn the scenario where major ffff: is an egress qdisc in any of the tree\nlevels, the updates will also propagate to TC_H_ROOT, which then the\niteration must stop.\n\n\n net/sched/sch_api.c | 2 +-\n 1 file changed, 1 insertion(+), 1 deletion(-)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53057",
"url": "https://www.suse.com/security/cve/CVE-2024-53057"
},
{
"category": "external",
"summary": "SUSE Bug 1233551 for CVE-2024-53057",
"url": "https://bugzilla.suse.com/1233551"
},
{
"category": "external",
"summary": "SUSE Bug 1245816 for CVE-2024-53057",
"url": "https://bugzilla.suse.com/1245816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-53057"
},
{
"cve": "CVE-2024-53063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvbdev: prevent the risk of out of memory access\n\nThe dvbdev contains a static variable used to store dvb minors.\n\nThe behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set\nor not. When not set, dvb_register_device() won\u0027t check for\nboundaries, as it will rely that a previous call to\ndvb_register_adapter() would already be enforcing it.\n\nOn a similar way, dvb_device_open() uses the assumption\nthat the register functions already did the needed checks.\n\nThis can be fragile if some device ends using different\ncalls. This also generate warnings on static check analysers\nlike Coverity.\n\nSo, add explicit guards to prevent potential risk of OOM issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53063",
"url": "https://www.suse.com/security/cve/CVE-2024-53063"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233557 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "external",
"summary": "SUSE Bug 1233619 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233619"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-53063"
},
{
"cve": "CVE-2024-53123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: error out earlier on disconnect\n\nEric reported a division by zero splat in the MPTCP protocol:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainted\n6.12.0-rc5-syzkaller-00291-g05b92660cdfe #0\nHardware name: Google Google Compute Engine/Google Compute Engine,\nBIOS Google 09/13/2024\nRIP: 0010:__tcp_select_window+0x5b4/0x1310 net/ipv4/tcp_output.c:3163\nCode: f6 44 01 e3 89 df e8 9b 75 09 f8 44 39 f3 0f 8d 11 ff ff ff e8\n0d 74 09 f8 45 89 f4 e9 04 ff ff ff e8 00 74 09 f8 44 89 f0 99 \u003cf7\u003e 7c\n24 14 41 29 d6 45 89 f4 e9 ec fe ff ff e8 e8 73 09 f8 48 89\nRSP: 0018:ffffc900041f7930 EFLAGS: 00010293\nRAX: 0000000000017e67 RBX: 0000000000017e67 RCX: ffffffff8983314b\nRDX: 0000000000000000 RSI: ffffffff898331b0 RDI: 0000000000000004\nRBP: 00000000005d6000 R08: 0000000000000004 R09: 0000000000017e67\nR10: 0000000000003e80 R11: 0000000000000000 R12: 0000000000003e80\nR13: ffff888031d9b440 R14: 0000000000017e67 R15: 00000000002eb000\nFS: 00007feb5d7f16c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007feb5d8adbb8 CR3: 0000000074e4c000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n__tcp_cleanup_rbuf+0x3e7/0x4b0 net/ipv4/tcp.c:1493\nmptcp_rcv_space_adjust net/mptcp/protocol.c:2085 [inline]\nmptcp_recvmsg+0x2156/0x2600 net/mptcp/protocol.c:2289\ninet_recvmsg+0x469/0x6a0 net/ipv4/af_inet.c:885\nsock_recvmsg_nosec net/socket.c:1051 [inline]\nsock_recvmsg+0x1b2/0x250 net/socket.c:1073\n__sys_recvfrom+0x1a5/0x2e0 net/socket.c:2265\n__do_sys_recvfrom net/socket.c:2283 [inline]\n__se_sys_recvfrom net/socket.c:2279 [inline]\n__x64_sys_recvfrom+0xe0/0x1c0 net/socket.c:2279\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7feb5d857559\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d\n01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007feb5d7f1208 EFLAGS: 00000246 ORIG_RAX: 000000000000002d\nRAX: ffffffffffffffda RBX: 00007feb5d8e1318 RCX: 00007feb5d857559\nRDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 00007feb5d8e1310 R08: 0000000000000000 R09: ffffffff81000000\nR10: 0000000000000100 R11: 0000000000000246 R12: 00007feb5d8e131c\nR13: 00007feb5d8ae074 R14: 000000800000000e R15: 00000000fffffdef\n\nand provided a nice reproducer.\n\nThe root cause is the current bad handling of racing disconnect.\nAfter the blamed commit below, sk_wait_data() can return (with\nerror) with the underlying socket disconnected and a zero rcv_mss.\n\nCatch the error and return without performing any additional\noperations on the current socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53123",
"url": "https://www.suse.com/security/cve/CVE-2024-53123"
},
{
"category": "external",
"summary": "SUSE Bug 1234070 for CVE-2024-53123",
"url": "https://bugzilla.suse.com/1234070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53123"
},
{
"cve": "CVE-2024-53124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53124"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix data-races around sk-\u003esk_forward_alloc\n\nSyzkaller reported this warning:\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 16 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x1c5/0x1e0\n Modules linked in:\n CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.12.0-rc5 #26\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n RIP: 0010:inet_sock_destruct+0x1c5/0x1e0\n Code: 24 12 4c 89 e2 5b 48 c7 c7 98 ec bb 82 41 5c e9 d1 18 17 ff 4c 89 e6 5b 48 c7 c7 d0 ec bb 82 41 5c e9 bf 18 17 ff 0f 0b eb 83 \u003c0f\u003e 0b eb 97 0f 0b eb 87 0f 0b e9 68 ff ff ff 66 66 2e 0f 1f 84 00\n RSP: 0018:ffffc9000008bd90 EFLAGS: 00010206\n RAX: 0000000000000300 RBX: ffff88810b172a90 RCX: 0000000000000007\n RDX: 0000000000000002 RSI: 0000000000000300 RDI: ffff88810b172a00\n RBP: ffff88810b172a00 R08: ffff888104273c00 R09: 0000000000100007\n R10: 0000000000020000 R11: 0000000000000006 R12: ffff88810b172a00\n R13: 0000000000000004 R14: 0000000000000000 R15: ffff888237c31f78\n FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ffc63fecac8 CR3: 000000000342e000 CR4: 00000000000006f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0x88/0x130\n ? inet_sock_destruct+0x1c5/0x1e0\n ? report_bug+0x18e/0x1a0\n ? handle_bug+0x53/0x90\n ? exc_invalid_op+0x18/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? inet_sock_destruct+0x1c5/0x1e0\n __sk_destruct+0x2a/0x200\n rcu_do_batch+0x1aa/0x530\n ? rcu_do_batch+0x13b/0x530\n rcu_core+0x159/0x2f0\n handle_softirqs+0xd3/0x2b0\n ? __pfx_smpboot_thread_fn+0x10/0x10\n run_ksoftirqd+0x25/0x30\n smpboot_thread_fn+0xdd/0x1d0\n kthread+0xd3/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n\nIts possible that two threads call tcp_v6_do_rcv()/sk_forward_alloc_add()\nconcurrently when sk-\u003esk_state == TCP_LISTEN with sk-\u003esk_lock unlocked,\nwhich triggers a data-race around sk-\u003esk_forward_alloc:\ntcp_v6_rcv\n tcp_v6_do_rcv\n skb_clone_and_charge_r\n sk_rmem_schedule\n __sk_mem_schedule\n sk_forward_alloc_add()\n skb_set_owner_r\n sk_mem_charge\n sk_forward_alloc_add()\n __kfree_skb\n skb_release_all\n skb_release_head_state\n sock_rfree\n sk_mem_uncharge\n sk_forward_alloc_add()\n sk_mem_reclaim\n // set local var reclaimable\n __sk_mem_reclaim\n sk_forward_alloc_add()\n\nIn this syzkaller testcase, two threads call\ntcp_v6_do_rcv() with skb-\u003etruesize=768, the sk_forward_alloc changes like\nthis:\n (cpu 1) | (cpu 2) | sk_forward_alloc\n ... | ... | 0\n __sk_mem_schedule() | | +4096 = 4096\n | __sk_mem_schedule() | +4096 = 8192\n sk_mem_charge() | | -768 = 7424\n | sk_mem_charge() | -768 = 6656\n ... | ... |\n sk_mem_uncharge() | | +768 = 7424\n reclaimable=7424 | |\n | sk_mem_uncharge() | +768 = 8192\n | reclaimable=8192 |\n __sk_mem_reclaim() | | -4096 = 4096\n | __sk_mem_reclaim() | -8192 = -4096 != 0\n\nThe skb_clone_and_charge_r() should not be called in tcp_v6_do_rcv() when\nsk-\u003esk_state is TCP_LISTEN, it happens later in tcp_v6_syn_recv_sock().\nFix the same issue in dccp_v6_do_rcv().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53124",
"url": "https://www.suse.com/security/cve/CVE-2024-53124"
},
{
"category": "external",
"summary": "SUSE Bug 1234074 for CVE-2024-53124",
"url": "https://bugzilla.suse.com/1234074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53124"
},
{
"cve": "CVE-2024-53139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53139"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: fix possible UAF in sctp_v6_available()\n\nA lockdep report [1] with CONFIG_PROVE_RCU_LIST=y hints\nthat sctp_v6_available() is calling dev_get_by_index_rcu()\nand ipv6_chk_addr() without holding rcu.\n\n[1]\n =============================\n WARNING: suspicious RCU usage\n 6.12.0-rc5-virtme #1216 Tainted: G W\n -----------------------------\n net/core/dev.c:876 RCU-list traversed in non-reader section!!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by sctp_hello/31495:\n #0: ffff9f1ebbdb7418 (sk_lock-AF_INET6){+.+.}-{0:0}, at: sctp_bind (./arch/x86/include/asm/jump_label.h:27 net/sctp/socket.c:315) sctp\n\nstack backtrace:\n CPU: 7 UID: 0 PID: 31495 Comm: sctp_hello Tainted: G W 6.12.0-rc5-virtme #1216\n Tainted: [W]=WARN\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:123)\n lockdep_rcu_suspicious (kernel/locking/lockdep.c:6822)\n dev_get_by_index_rcu (net/core/dev.c:876 (discriminator 7))\n sctp_v6_available (net/sctp/ipv6.c:701) sctp\n sctp_do_bind (net/sctp/socket.c:400 (discriminator 1)) sctp\n sctp_bind (net/sctp/socket.c:320) sctp\n inet6_bind_sk (net/ipv6/af_inet6.c:465)\n ? security_socket_bind (security/security.c:4581 (discriminator 1))\n __sys_bind (net/socket.c:1848 net/socket.c:1869)\n ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340)\n ? do_user_addr_fault (./arch/x86/include/asm/preempt.h:84 (discriminator 13) ./include/linux/rcupdate.h:98 (discriminator 13) ./include/linux/rcupdate.h:882 (discriminator 13) ./include/linux/mm.h:729 (discriminator 13) arch/x86/mm/fault.c:1340 (discriminator 13))\n __x64_sys_bind (net/socket.c:1877 (discriminator 1) net/socket.c:1875 (discriminator 1) net/socket.c:1875 (discriminator 1))\n do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n RIP: 0033:0x7f59b934a1e7\n Code: 44 00 00 48 8b 15 39 8c 0c 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 31 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 09 8c 0c 00 f7 d8 64 89 01 48\nAll code\n========\n 0:\t44 00 00 \tadd %r8b,(%rax)\n 3:\t48 8b 15 39 8c 0c 00 \tmov 0xc8c39(%rip),%rdx # 0xc8c43\n a:\tf7 d8 \tneg %eax\n c:\t64 89 02 \tmov %eax,%fs:(%rdx)\n f:\tb8 ff ff ff ff \tmov $0xffffffff,%eax\n 14:\teb bd \tjmp 0xffffffffffffffd3\n 16:\t66 2e 0f 1f 84 00 00 \tcs nopw 0x0(%rax,%rax,1)\n 1d:\t00 00 00\n 20:\t0f 1f 00 \tnopl (%rax)\n 23:\tb8 31 00 00 00 \tmov $0x31,%eax\n 28:\t0f 05 \tsyscall\n 2a:*\t48 3d 01 f0 ff ff \tcmp $0xfffffffffffff001,%rax\t\t\u003c-- trapping instruction\n 30:\t73 01 \tjae 0x33\n 32:\tc3 \tret\n 33:\t48 8b 0d 09 8c 0c 00 \tmov 0xc8c09(%rip),%rcx # 0xc8c43\n 3a:\tf7 d8 \tneg %eax\n 3c:\t64 89 01 \tmov %eax,%fs:(%rcx)\n 3f:\t48 \trex.W\n\nCode starting with the faulting instruction\n===========================================\n 0:\t48 3d 01 f0 ff ff \tcmp $0xfffffffffffff001,%rax\n 6:\t73 01 \tjae 0x9\n 8:\tc3 \tret\n 9:\t48 8b 0d 09 8c 0c 00 \tmov 0xc8c09(%rip),%rcx # 0xc8c19\n 10:\tf7 d8 \tneg %eax\n 12:\t64 89 01 \tmov %eax,%fs:(%rcx)\n 15:\t48 \trex.W\n RSP: 002b:00007ffe2d0ad398 EFLAGS: 00000202 ORIG_RAX: 0000000000000031\n RAX: ffffffffffffffda RBX: 00007ffe2d0ad3d0 RCX: 00007f59b934a1e7\n RDX: 000000000000001c RSI: 00007ffe2d0ad3d0 RDI: 0000000000000005\n RBP: 0000000000000005 R08: 1999999999999999 R09: 0000000000000000\n R10: 00007f59b9253298 R11: 000000000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53139",
"url": "https://www.suse.com/security/cve/CVE-2024-53139"
},
{
"category": "external",
"summary": "SUSE Bug 1234157 for CVE-2024-53139",
"url": "https://bugzilla.suse.com/1234157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53139"
},
{
"cve": "CVE-2024-53140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: terminate outstanding dump on socket close\n\nNetlink supports iterative dumping of data. It provides the families\nthe following ops:\n - start - (optional) kicks off the dumping process\n - dump - actual dump helper, keeps getting called until it returns 0\n - done - (optional) pairs with .start, can be used for cleanup\nThe whole process is asynchronous and the repeated calls to .dump\ndon\u0027t actually happen in a tight loop, but rather are triggered\nin response to recvmsg() on the socket.\n\nThis gives the user full control over the dump, but also means that\nthe user can close the socket without getting to the end of the dump.\nTo make sure .start is always paired with .done we check if there\nis an ongoing dump before freeing the socket, and if so call .done.\n\nThe complication is that sockets can get freed from BH and .done\nis allowed to sleep. So we use a workqueue to defer the call, when\nneeded.\n\nUnfortunately this does not work correctly. What we defer is not\nthe cleanup but rather releasing a reference on the socket.\nWe have no guarantee that we own the last reference, if someone\nelse holds the socket they may release it in BH and we\u0027re back\nto square one.\n\nThe whole dance, however, appears to be unnecessary. Only the user\ncan interact with dumps, so we can clean up when socket is closed.\nAnd close always happens in process context. Some async code may\nstill access the socket after close, queue notification skbs to it etc.\nbut no dumps can start, end or otherwise make progress.\n\nDelete the workqueue and flush the dump state directly from the release\nhandler. Note that further cleanup is possible in -next, for instance\nwe now always call .done before releasing the main module reference,\nso dump doesn\u0027t have to take a reference of its own.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53140",
"url": "https://www.suse.com/security/cve/CVE-2024-53140"
},
{
"category": "external",
"summary": "SUSE Bug 1234222 for CVE-2024-53140",
"url": "https://bugzilla.suse.com/1234222"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53140"
},
{
"cve": "CVE-2024-53147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix out-of-bounds access of directory entries\n\nIn the case of the directory size is greater than or equal to\nthe cluster size, if start_clu becomes an EOF cluster(an invalid\ncluster) due to file system corruption, then the directory entry\nwhere ei-\u003ehint_femp.eidx hint is outside the directory, resulting\nin an out-of-bounds access, which may cause further file system\ncorruption.\n\nThis commit adds a check for start_clu, if it is an invalid cluster,\nthe file or directory will be treated as empty.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53147",
"url": "https://www.suse.com/security/cve/CVE-2024-53147"
},
{
"category": "external",
"summary": "SUSE Bug 1234857 for CVE-2024-53147",
"url": "https://bugzilla.suse.com/1234857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53147"
},
{
"cve": "CVE-2024-53163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53163"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat/qat_420xx - fix off by one in uof_get_name()\n\nThis is called from uof_get_name_420xx() where \"num_objs\" is the\nARRAY_SIZE() of fw_objs[]. The \u003e needs to be \u003e= to prevent an out of\nbounds access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53163",
"url": "https://www.suse.com/security/cve/CVE-2024-53163"
},
{
"category": "external",
"summary": "SUSE Bug 1234828 for CVE-2024-53163",
"url": "https://bugzilla.suse.com/1234828"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53163"
},
{
"cve": "CVE-2024-53173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.0: Fix a use-after-free problem in the asynchronous open()\n\nYang Erkun reports that when two threads are opening files at the same\ntime, and are forced to abort before a reply is seen, then the call to\nnfs_release_seqid() in nfs4_opendata_free() can result in a\nuse-after-free of the pointer to the defunct rpc task of the other\nthread.\nThe fix is to ensure that if the RPC call is aborted before the call to\nnfs_wait_on_sequence() is complete, then we must call nfs_release_seqid()\nin nfs4_open_release() before the rpc_task is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53173",
"url": "https://www.suse.com/security/cve/CVE-2024-53173"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234891 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "external",
"summary": "SUSE Bug 1234892 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-53173"
},
{
"cve": "CVE-2024-53176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53176"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: During unmount, ensure all cached dir instances drop their dentry\n\nThe unmount process (cifs_kill_sb() calling close_all_cached_dirs()) can\nrace with various cached directory operations, which ultimately results\nin dentries not being dropped and these kernel BUGs:\n\nBUG: Dentry ffff88814f37e358{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nVFS: Busy inodes after unmount of cifs (cifs)\n------------[ cut here ]------------\nkernel BUG at fs/super.c:661!\n\nThis happens when a cfid is in the process of being cleaned up when, and\nhas been removed from the cfids-\u003eentries list, including:\n\n- Receiving a lease break from the server\n- Server reconnection triggers invalidate_all_cached_dirs(), which\n removes all the cfids from the list\n- The laundromat thread decides to expire an old cfid.\n\nTo solve these problems, dropping the dentry is done in queued work done\nin a newly-added cfid_put_wq workqueue, and close_all_cached_dirs()\nflushes that workqueue after it drops all the dentries of which it\u0027s\naware. This is a global workqueue (rather than scoped to a mount), but\nthe queued work is minimal.\n\nThe final cleanup work for cleaning up a cfid is performed via work\nqueued in the serverclose_wq workqueue; this is done separate from\ndropping the dentries so that close_all_cached_dirs() doesn\u0027t block on\nany server operations.\n\nBoth of these queued works expect to invoked with a cfid reference and\na tcon reference to avoid those objects from being freed while the work\nis ongoing.\n\nWhile we\u0027re here, add proper locking to close_all_cached_dirs(), and\nlocking around the freeing of cfid-\u003edentry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53176",
"url": "https://www.suse.com/security/cve/CVE-2024-53176"
},
{
"category": "external",
"summary": "SUSE Bug 1234894 for CVE-2024-53176",
"url": "https://bugzilla.suse.com/1234894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53176"
},
{
"cve": "CVE-2024-53177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: prevent use-after-free due to open_cached_dir error paths\n\nIf open_cached_dir() encounters an error parsing the lease from the\nserver, the error handling may race with receiving a lease break,\nresulting in open_cached_dir() freeing the cfid while the queued work is\npending.\n\nUpdate open_cached_dir() to drop refs rather than directly freeing the\ncfid.\n\nHave cached_dir_lease_break(), cfids_laundromat_worker(), and\ninvalidate_all_cached_dirs() clear has_lease immediately while still\nholding cfids-\u003ecfid_list_lock, and then use this to also simplify the\nreference counting in cfids_laundromat_worker() and\ninvalidate_all_cached_dirs().\n\nFixes this KASAN splat (which manually injects an error and lease break\nin open_cached_dir()):\n\n==================================================================\nBUG: KASAN: slab-use-after-free in smb2_cached_lease_break+0x27/0xb0\nRead of size 8 at addr ffff88811cc24c10 by task kworker/3:1/65\n\nCPU: 3 UID: 0 PID: 65 Comm: kworker/3:1 Not tainted 6.12.0-rc6-g255cf264e6e5-dirty #87\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nWorkqueue: cifsiod smb2_cached_lease_break\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x77/0xb0\n print_report+0xce/0x660\n kasan_report+0xd3/0x110\n smb2_cached_lease_break+0x27/0xb0\n process_one_work+0x50a/0xc50\n worker_thread+0x2ba/0x530\n kthread+0x17c/0x1c0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n open_cached_dir+0xa7d/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x51/0x70\n kfree+0x174/0x520\n open_cached_dir+0x97f/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nLast potentially related work creation:\n kasan_save_stack+0x33/0x60\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x32/0x100\n __queue_work+0x5c9/0x870\n queue_work_on+0x82/0x90\n open_cached_dir+0x1369/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe buggy address belongs to the object at ffff88811cc24c00\n which belongs to the cache kmalloc-1k of size 1024\nThe buggy address is located 16 bytes inside of\n freed 1024-byte region [ffff88811cc24c00, ffff88811cc25000)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53177",
"url": "https://www.suse.com/security/cve/CVE-2024-53177"
},
{
"category": "external",
"summary": "SUSE Bug 1234896 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "external",
"summary": "SUSE Bug 1235103 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1235103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-53177"
},
{
"cve": "CVE-2024-53178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53178"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: Don\u0027t leak cfid when reconnect races with open_cached_dir\n\nopen_cached_dir() may either race with the tcon reconnection even before\ncompound_send_recv() or directly trigger a reconnection via\nSMB2_open_init() or SMB_query_info_init().\n\nThe reconnection process invokes invalidate_all_cached_dirs() via\ncifs_mark_open_files_invalid(), which removes all cfids from the\ncfids-\u003eentries list but doesn\u0027t drop a ref if has_lease isn\u0027t true. This\nresults in the currently-being-constructed cfid not being on the list,\nbut still having a refcount of 2. It leaks if returned from\nopen_cached_dir().\n\nFix this by setting cfid-\u003ehas_lease when the ref is actually taken; the\ncfid will not be used by other threads until it has a valid time.\n\nAddresses these kmemleaks:\n\nunreferenced object 0xffff8881090c4000 (size 1024):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 32 bytes):\n 00 01 00 00 00 00 ad de 22 01 00 00 00 00 ad de ........\".......\n 00 ca 45 22 81 88 ff ff f8 dc 4f 04 81 88 ff ff ..E\"......O.....\n backtrace (crc 6f58c20f):\n [\u003cffffffff8b895a1e\u003e] __kmalloc_cache_noprof+0x2be/0x350\n [\u003cffffffff8bda06e3\u003e] open_cached_dir+0x993/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\nunreferenced object 0xffff8881044fdcf8 (size 8):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 8 bytes):\n 00 cc cc cc cc cc cc cc ........\n backtrace (crc 10c106a9):\n [\u003cffffffff8b89a3d3\u003e] __kmalloc_node_track_caller_noprof+0x363/0x480\n [\u003cffffffff8b7d7256\u003e] kstrdup+0x36/0x60\n [\u003cffffffff8bda0700\u003e] open_cached_dir+0x9b0/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAnd addresses these BUG splats when unmounting the SMB filesystem:\n\nBUG: Dentry ffff888140590ba0{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nWARNING: CPU: 3 PID: 3433 at fs/dcache.c:1536 umount_check+0xd0/0x100\nModules linked in:\nCPU: 3 UID: 0 PID: 3433 Comm: bash Not tainted 6.12.0-rc4-g850925a8133c-dirty #49\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nRIP: 0010:umount_check+0xd0/0x100\nCode: 8d 7c 24 40 e8 31 5a f4 ff 49 8b 54 24 40 41 56 49 89 e9 45 89 e8 48 89 d9 41 57 48 89 de 48 c7 c7 80 e7 db ac e8 f0 72 9a ff \u003c0f\u003e 0b 58 31 c0 5a 5b 5d 41 5c 41 5d 41 5e 41 5f e9 2b e5 5d 01 41\nRSP: 0018:ffff88811cc27978 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888140590ba0 RCX: ffffffffaaf20bae\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881f6fb6f40\nRBP: ffff8881462ec000 R08: 0000000000000001 R09: ffffed1023984ee3\nR10: ffff88811cc2771f R11: 00000000016cfcc0 R12: ffff888134383e08\nR13: 0000000000000002 R14: ffff8881462ec668 R15: ffffffffaceab4c0\nFS: 00007f23bfa98740(0000) GS:ffff8881f6f80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556de4a6f808 CR3: 0000000123c80000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n d_walk+0x6a/0x530\n shrink_dcache_for_umount+0x6a/0x200\n generic_shutdown_super+0x52/0x2a0\n kill_anon_super+0x22/0x40\n cifs_kill_sb+0x159/0x1e0\n deactivate_locked_super+0x66/0xe0\n cleanup_mnt+0x140/0x210\n task_work_run+0xfb/0x170\n syscall_exit_to_user_mode+0x29f/0x2b0\n do_syscall_64+0xa1/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f23bfb93ae7\nCode: ff ff ff ff c3 66 0f 1f 44 00 00 48 8b 0d 11 93 0d 00 f7 d8 64 89 01 b8 ff ff ff ff eb bf 0f 1f 44 00 00 b8 50 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d e9 92 0d 00 f7 d8 64 89 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53178",
"url": "https://www.suse.com/security/cve/CVE-2024-53178"
},
{
"category": "external",
"summary": "SUSE Bug 1234895 for CVE-2024-53178",
"url": "https://bugzilla.suse.com/1234895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53178"
},
{
"cve": "CVE-2024-53226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53226"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()\n\nib_map_mr_sg() allows ULPs to specify NULL as the sg_offset argument.\nThe driver needs to check whether it is a NULL pointer before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53226",
"url": "https://www.suse.com/security/cve/CVE-2024-53226"
},
{
"category": "external",
"summary": "SUSE Bug 1236576 for CVE-2024-53226",
"url": "https://bugzilla.suse.com/1236576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53226"
},
{
"cve": "CVE-2024-53239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: 6fire: Release resources at card release\n\nThe current 6fire code tries to release the resources right after the\ncall of usb6fire_chip_abort(). But at this moment, the card object\nmight be still in use (as we\u0027re calling snd_card_free_when_closed()).\n\nFor avoid potential UAFs, move the release of resources to the card\u0027s\nprivate_free instead of the manual call of usb6fire_chip_destroy() at\nthe USB disconnect callback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53239",
"url": "https://www.suse.com/security/cve/CVE-2024-53239"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235054 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "external",
"summary": "SUSE Bug 1235055 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-53239"
},
{
"cve": "CVE-2024-53680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()\n\nUnder certain kernel configurations when building with Clang/LLVM, the\ncompiler does not generate a return or jump as the terminator\ninstruction for ip_vs_protocol_init(), triggering the following objtool\nwarning during build time:\n\n vmlinux.o: warning: objtool: ip_vs_protocol_init() falls through to next function __initstub__kmod_ip_vs_rr__935_123_ip_vs_rr_init6()\n\nAt runtime, this either causes an oops when trying to load the ipvs\nmodule or a boot-time panic if ipvs is built-in. This same issue has\nbeen reported by the Intel kernel test robot previously.\n\nDigging deeper into both LLVM and the kernel code reveals this to be a\nundefined behavior problem. ip_vs_protocol_init() uses a on-stack buffer\nof 64 chars to store the registered protocol names and leaves it\nuninitialized after definition. The function calls strnlen() when\nconcatenating protocol names into the buffer. With CONFIG_FORTIFY_SOURCE\nstrnlen() performs an extra step to check whether the last byte of the\ninput char buffer is a null character (commit 3009f891bb9f (\"fortify:\nAllow strlen() and strnlen() to pass compile-time known lengths\")).\nThis, together with possibly other configurations, cause the following\nIR to be generated:\n\n define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #5 section \".init.text\" align 16 !kcfi_type !29 {\n %1 = alloca [64 x i8], align 16\n ...\n\n 14: ; preds = %11\n %15 = getelementptr inbounds i8, ptr %1, i64 63\n %16 = load i8, ptr %15, align 1\n %17 = tail call i1 @llvm.is.constant.i8(i8 %16)\n %18 = icmp eq i8 %16, 0\n %19 = select i1 %17, i1 %18, i1 false\n br i1 %19, label %20, label %23\n\n 20: ; preds = %14\n %21 = call i64 @strlen(ptr noundef nonnull dereferenceable(1) %1) #23\n ...\n\n 23: ; preds = %14, %11, %20\n %24 = call i64 @strnlen(ptr noundef nonnull dereferenceable(1) %1, i64 noundef 64) #24\n ...\n }\n\nThe above code calculates the address of the last char in the buffer\n(value %15) and then loads from it (value %16). Because the buffer is\nnever initialized, the LLVM GVN pass marks value %16 as undefined:\n\n %13 = getelementptr inbounds i8, ptr %1, i64 63\n br i1 undef, label %14, label %17\n\nThis gives later passes (SCCP, in particular) more DCE opportunities by\npropagating the undef value further, and eventually removes everything\nafter the load on the uninitialized stack location:\n\n define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #0 section \".init.text\" align 16 !kcfi_type !11 {\n %1 = alloca [64 x i8], align 16\n ...\n\n 12: ; preds = %11\n %13 = getelementptr inbounds i8, ptr %1, i64 63\n unreachable\n }\n\nIn this way, the generated native code will just fall through to the\nnext function, as LLVM does not generate any code for the unreachable IR\ninstruction and leaves the function without a terminator.\n\nZero the on-stack buffer to avoid this possible UB.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53680",
"url": "https://www.suse.com/security/cve/CVE-2024-53680"
},
{
"category": "external",
"summary": "SUSE Bug 1235715 for CVE-2024-53680",
"url": "https://bugzilla.suse.com/1235715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53680"
},
{
"cve": "CVE-2024-54683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-54683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: IDLETIMER: Fix for possible ABBA deadlock\n\nDeletion of the last rule referencing a given idletimer may happen at\nthe same time as a read of its file in sysfs:\n\n| ======================================================\n| WARNING: possible circular locking dependency detected\n| 6.12.0-rc7-01692-g5e9a28f41134-dirty #594 Not tainted\n| ------------------------------------------------------\n| iptables/3303 is trying to acquire lock:\n| ffff8881057e04b8 (kn-\u003eactive#48){++++}-{0:0}, at: __kernfs_remove+0x20\n|\n| but task is already holding lock:\n| ffffffffa0249068 (list_mutex){+.+.}-{3:3}, at: idletimer_tg_destroy_v]\n|\n| which lock already depends on the new lock.\n\nA simple reproducer is:\n\n| #!/bin/bash\n|\n| while true; do\n| iptables -A INPUT -i foo -j IDLETIMER --timeout 10 --label \"testme\"\n| iptables -D INPUT -i foo -j IDLETIMER --timeout 10 --label \"testme\"\n| done \u0026\n| while true; do\n| cat /sys/class/xt_idletimer/timers/testme \u003e/dev/null\n| done\n\nAvoid this by freeing list_mutex right after deleting the element from\nthe list, then continuing with the teardown.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-54683",
"url": "https://www.suse.com/security/cve/CVE-2024-54683"
},
{
"category": "external",
"summary": "SUSE Bug 1235729 for CVE-2024-54683",
"url": "https://bugzilla.suse.com/1235729"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-54683"
},
{
"cve": "CVE-2024-56539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()\n\nReplace one-element array with a flexible-array member in `struct\nmwifiex_ie_types_wildcard_ssid_params` to fix the following warning\non a MT8173 Chromebook (mt8173-elm-hana):\n\n[ 356.775250] ------------[ cut here ]------------\n[ 356.784543] memcpy: detected field-spanning write (size 6) of single field \"wildcard_ssid_tlv-\u003essid\" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1)\n[ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex]\n\nThe \"(size 6)\" above is exactly the length of the SSID of the network\nthis device was connected to. The source of the warning looks like:\n\n ssid_len = user_scan_in-\u003essid_list[i].ssid_len;\n [...]\n memcpy(wildcard_ssid_tlv-\u003essid,\n user_scan_in-\u003essid_list[i].ssid, ssid_len);\n\nThere is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this\nstruct, but it already didn\u0027t account for the size of the one-element\narray, so it doesn\u0027t need to be changed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56539",
"url": "https://www.suse.com/security/cve/CVE-2024-56539"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234963 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "external",
"summary": "SUSE Bug 1234964 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-56539"
},
{
"cve": "CVE-2024-56548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: don\u0027t query the device logical block size multiple times\n\nDevices block sizes may change. One of these cases is a loop device by\nusing ioctl LOOP_SET_BLOCK_SIZE.\n\nWhile this may cause other issues like IO being rejected, in the case of\nhfsplus, it will allocate a block by using that size and potentially write\nout-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the\nlatter function reads a different io_size.\n\nUsing a new min_io_size initally set to sb_min_blocksize works for the\npurposes of the original fix, since it will be set to the max between\nHFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the\nmax between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not\ninitialized.\n\nTested by mounting an hfsplus filesystem with loop block sizes 512, 1024\nand 4096.\n\nThe produced KASAN report before the fix looks like this:\n\n[ 419.944641] ==================================================================\n[ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a\n[ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678\n[ 419.947612]\n[ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84\n[ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 419.950035] Call Trace:\n[ 419.950384] \u003cTASK\u003e\n[ 419.950676] dump_stack_lvl+0x57/0x78\n[ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.951830] print_report+0x14c/0x49e\n[ 419.952361] ? __virt_addr_valid+0x267/0x278\n[ 419.952979] ? kmem_cache_debug_flags+0xc/0x1d\n[ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.954231] kasan_report+0x89/0xb0\n[ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955367] hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10\n[ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9\n[ 419.957214] ? _raw_spin_unlock+0x1a/0x2e\n[ 419.957772] hfsplus_fill_super+0x348/0x1590\n[ 419.958355] ? hlock_class+0x4c/0x109\n[ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.959499] ? __pfx_string+0x10/0x10\n[ 419.960006] ? lock_acquire+0x3e2/0x454\n[ 419.960532] ? bdev_name.constprop.0+0xce/0x243\n[ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10\n[ 419.961799] ? pointer+0x3f0/0x62f\n[ 419.962277] ? __pfx_pointer+0x10/0x10\n[ 419.962761] ? vsnprintf+0x6c4/0xfba\n[ 419.963178] ? __pfx_vsnprintf+0x10/0x10\n[ 419.963621] ? setup_bdev_super+0x376/0x3b3\n[ 419.964029] ? snprintf+0x9d/0xd2\n[ 419.964344] ? __pfx_snprintf+0x10/0x10\n[ 419.964675] ? lock_acquired+0x45c/0x5e9\n[ 419.965016] ? set_blocksize+0x139/0x1c1\n[ 419.965381] ? sb_set_blocksize+0x6d/0xae\n[ 419.965742] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.966179] mount_bdev+0x12f/0x1bf\n[ 419.966512] ? __pfx_mount_bdev+0x10/0x10\n[ 419.966886] ? vfs_parse_fs_string+0xce/0x111\n[ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10\n[ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10\n[ 419.968073] legacy_get_tree+0x104/0x178\n[ 419.968414] vfs_get_tree+0x86/0x296\n[ 419.968751] path_mount+0xba3/0xd0b\n[ 419.969157] ? __pfx_path_mount+0x10/0x10\n[ 419.969594] ? kmem_cache_free+0x1e2/0x260\n[ 419.970311] do_mount+0x99/0xe0\n[ 419.970630] ? __pfx_do_mount+0x10/0x10\n[ 419.971008] __do_sys_mount+0x199/0x1c9\n[ 419.971397] do_syscall_64+0xd0/0x135\n[ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 419.972233] RIP: 0033:0x7c3cb812972e\n[ 419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48\n[ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5\n[ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e\n[ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI:\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56548",
"url": "https://www.suse.com/security/cve/CVE-2024-56548"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235073 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "external",
"summary": "SUSE Bug 1235074 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-56548"
},
{
"cve": "CVE-2024-56579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56579"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: amphion: Set video drvdata before register video device\n\nThe video drvdata should be set before the video device is registered,\notherwise video_drvdata() may return NULL in the open() file ops, and led\nto oops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56579",
"url": "https://www.suse.com/security/cve/CVE-2024-56579"
},
{
"category": "external",
"summary": "SUSE Bug 1236575 for CVE-2024-56579",
"url": "https://bugzilla.suse.com/1236575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56579"
},
{
"cve": "CVE-2024-56592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56592"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Call free_htab_elem() after htab_unlock_bucket()\n\nFor htab of maps, when the map is removed from the htab, it may hold the\nlast reference of the map. bpf_map_fd_put_ptr() will invoke\nbpf_map_free_id() to free the id of the removed map element. However,\nbpf_map_fd_put_ptr() is invoked while holding a bucket lock\n(raw_spin_lock_t), and bpf_map_free_id() attempts to acquire map_idr_lock\n(spinlock_t), triggering the following lockdep warning:\n\n =============================\n [ BUG: Invalid wait context ]\n 6.11.0-rc4+ #49 Not tainted\n -----------------------------\n test_maps/4881 is trying to lock:\n ffffffff84884578 (map_idr_lock){+...}-{3:3}, at: bpf_map_free_id.part.0+0x21/0x70\n other info that might help us debug this:\n context-{5:5}\n 2 locks held by test_maps/4881:\n #0: ffffffff846caf60 (rcu_read_lock){....}-{1:3}, at: bpf_fd_htab_map_update_elem+0xf9/0x270\n #1: ffff888149ced148 (\u0026htab-\u003elockdep_key#2){....}-{2:2}, at: htab_map_update_elem+0x178/0xa80\n stack backtrace:\n CPU: 0 UID: 0 PID: 4881 Comm: test_maps Not tainted 6.11.0-rc4+ #49\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), ...\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6e/0xb0\n dump_stack+0x10/0x20\n __lock_acquire+0x73e/0x36c0\n lock_acquire+0x182/0x450\n _raw_spin_lock_irqsave+0x43/0x70\n bpf_map_free_id.part.0+0x21/0x70\n bpf_map_put+0xcf/0x110\n bpf_map_fd_put_ptr+0x9a/0xb0\n free_htab_elem+0x69/0xe0\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n bpf_map_update_value+0x266/0x380\n __sys_bpf+0x21bb/0x36b0\n __x64_sys_bpf+0x45/0x60\n x64_sys_call+0x1b2a/0x20d0\n do_syscall_64+0x5d/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nOne way to fix the lockdep warning is using raw_spinlock_t for\nmap_idr_lock as well. However, bpf_map_alloc_id() invokes\nidr_alloc_cyclic() after acquiring map_idr_lock, it will trigger a\nsimilar lockdep warning because the slab\u0027s lock (s-\u003ecpu_slab-\u003elock) is\nstill a spinlock.\n\nInstead of changing map_idr_lock\u0027s type, fix the issue by invoking\nhtab_put_fd_value() after htab_unlock_bucket(). However, only deferring\nthe invocation of htab_put_fd_value() is not enough, because the old map\npointers in htab of maps can not be saved during batched deletion.\nTherefore, also defer the invocation of free_htab_elem(), so these\nto-be-freed elements could be linked together similar to lru map.\n\nThere are four callers for -\u003emap_fd_put_ptr:\n\n(1) alloc_htab_elem() (through htab_put_fd_value())\nIt invokes -\u003emap_fd_put_ptr() under a raw_spinlock_t. The invocation of\nhtab_put_fd_value() can not simply move after htab_unlock_bucket(),\nbecause the old element has already been stashed in htab-\u003eextra_elems.\nIt may be reused immediately after htab_unlock_bucket() and the\ninvocation of htab_put_fd_value() after htab_unlock_bucket() may release\nthe newly-added element incorrectly. Therefore, saving the map pointer\nof the old element for htab of maps before unlocking the bucket and\nreleasing the map_ptr after unlock. Beside the map pointer in the old\nelement, should do the same thing for the special fields in the old\nelement as well.\n\n(2) free_htab_elem() (through htab_put_fd_value())\nIts caller includes __htab_map_lookup_and_delete_elem(),\nhtab_map_delete_elem() and __htab_map_lookup_and_delete_batch().\n\nFor htab_map_delete_elem(), simply invoke free_htab_elem() after\nhtab_unlock_bucket(). For __htab_map_lookup_and_delete_batch(), just\nlike lru map, linking the to-be-freed element into node_to_free list\nand invoking free_htab_elem() for these element after unlock. It is safe\nto reuse batch_flink as the link for node_to_free, because these\nelements have been removed from the hash llist.\n\nBecause htab of maps doesn\u0027t support lookup_and_delete operation,\n__htab_map_lookup_and_delete_elem() doesn\u0027t have the problem, so kept\nit as\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56592",
"url": "https://www.suse.com/security/cve/CVE-2024-56592"
},
{
"category": "external",
"summary": "SUSE Bug 1235244 for CVE-2024-56592",
"url": "https://bugzilla.suse.com/1235244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56592"
},
{
"cve": "CVE-2024-56605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56605"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()\n\nbt_sock_alloc() allocates the sk object and attaches it to the provided\nsock object. On error l2cap_sock_alloc() frees the sk object, but the\ndangling pointer is still attached to the sock object, which may create\nuse-after-free in other code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56605",
"url": "https://www.suse.com/security/cve/CVE-2024-56605"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235061 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "external",
"summary": "SUSE Bug 1235062 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-56605"
},
{
"cve": "CVE-2024-56633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg\n\nThe current sk memory accounting logic in __SK_REDIRECT is pre-uncharging\ntosend bytes, which is either msg-\u003esg.size or a smaller value apply_bytes.\n\nPotential problems with this strategy are as follows:\n\n- If the actual sent bytes are smaller than tosend, we need to charge some\n bytes back, as in line 487, which is okay but seems not clean.\n\n- When tosend is set to apply_bytes, as in line 417, and (ret \u003c 0), we may\n miss uncharging (msg-\u003esg.size - apply_bytes) bytes.\n\n[...]\n415 tosend = msg-\u003esg.size;\n416 if (psock-\u003eapply_bytes \u0026\u0026 psock-\u003eapply_bytes \u003c tosend)\n417 tosend = psock-\u003eapply_bytes;\n[...]\n443 sk_msg_return(sk, msg, tosend);\n444 release_sock(sk);\n446 origsize = msg-\u003esg.size;\n447 ret = tcp_bpf_sendmsg_redir(sk_redir, redir_ingress,\n448 msg, tosend, flags);\n449 sent = origsize - msg-\u003esg.size;\n[...]\n454 lock_sock(sk);\n455 if (unlikely(ret \u003c 0)) {\n456 int free = sk_msg_free_nocharge(sk, msg);\n458 if (!cork)\n459 *copied -= free;\n460 }\n[...]\n487 if (eval == __SK_REDIRECT)\n488 sk_mem_charge(sk, tosend - sent);\n[...]\n\nWhen running the selftest test_txmsg_redir_wait_sndmem with txmsg_apply,\nthe following warning will be reported:\n\n------------[ cut here ]------------\nWARNING: CPU: 6 PID: 57 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x190/0x1a0\nModules linked in:\nCPU: 6 UID: 0 PID: 57 Comm: kworker/6:0 Not tainted 6.12.0-rc1.bm.1-amd64+ #43\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nWorkqueue: events sk_psock_destroy\nRIP: 0010:inet_sock_destruct+0x190/0x1a0\nRSP: 0018:ffffad0a8021fe08 EFLAGS: 00010206\nRAX: 0000000000000011 RBX: ffff9aab4475b900 RCX: ffff9aab481a0800\nRDX: 0000000000000303 RSI: 0000000000000011 RDI: ffff9aab4475b900\nRBP: ffff9aab4475b990 R08: 0000000000000000 R09: ffff9aab40050ec0\nR10: 0000000000000000 R11: ffff9aae6fdb1d01 R12: ffff9aab49c60400\nR13: ffff9aab49c60598 R14: ffff9aab49c60598 R15: dead000000000100\nFS: 0000000000000000(0000) GS:ffff9aae6fd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffec7e47bd8 CR3: 00000001a1a1c004 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x89/0x130\n? inet_sock_destruct+0x190/0x1a0\n? report_bug+0xfc/0x1e0\n? handle_bug+0x5c/0xa0\n? exc_invalid_op+0x17/0x70\n? asm_exc_invalid_op+0x1a/0x20\n? inet_sock_destruct+0x190/0x1a0\n__sk_destruct+0x25/0x220\nsk_psock_destroy+0x2b2/0x310\nprocess_scheduled_works+0xa3/0x3e0\nworker_thread+0x117/0x240\n? __pfx_worker_thread+0x10/0x10\nkthread+0xcf/0x100\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x31/0x40\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\n\nIn __SK_REDIRECT, a more concise way is delaying the uncharging after sent\nbytes are finalized, and uncharge this value. When (ret \u003c 0), we shall\ninvoke sk_msg_free.\n\nSame thing happens in case __SK_DROP, when tosend is set to apply_bytes,\nwe may miss uncharging (msg-\u003esg.size - apply_bytes) bytes. The same\nwarning will be reported in selftest.\n\n[...]\n468 case __SK_DROP:\n469 default:\n470 sk_msg_free_partial(sk, msg, tosend);\n471 sk_msg_apply_bytes(psock, tosend);\n472 *copied -= (tosend + delta);\n473 return -EACCES;\n[...]\n\nSo instead of sk_msg_free_partial we can do sk_msg_free here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56633",
"url": "https://www.suse.com/security/cve/CVE-2024-56633"
},
{
"category": "external",
"summary": "SUSE Bug 1235485 for CVE-2024-56633",
"url": "https://bugzilla.suse.com/1235485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56633"
},
{
"cve": "CVE-2024-56638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_inner: incorrect percpu area handling under softirq\n\nSoftirq can interrupt ongoing packet from process context that is\nwalking over the percpu area that contains inner header offsets.\n\nDisable bh and perform three checks before restoring the percpu inner\nheader offsets to validate that the percpu area is valid for this\nskbuff:\n\n1) If the NFT_PKTINFO_INNER_FULL flag is set on, then this skbuff\n has already been parsed before for inner header fetching to\n register.\n\n2) Validate that the percpu area refers to this skbuff using the\n skbuff pointer as a cookie. If there is a cookie mismatch, then\n this skbuff needs to be parsed again.\n\n3) Finally, validate if the percpu area refers to this tunnel type.\n\nOnly after these three checks the percpu area is restored to a on-stack\ncopy and bh is enabled again.\n\nAfter inner header fetching, the on-stack copy is stored back to the\npercpu area.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56638",
"url": "https://www.suse.com/security/cve/CVE-2024-56638"
},
{
"category": "external",
"summary": "SUSE Bug 1235524 for CVE-2024-56638",
"url": "https://bugzilla.suse.com/1235524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56638"
},
{
"cve": "CVE-2024-56640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix LGR and link use-after-free issue\n\nWe encountered a LGR/link use-after-free issue, which manifested as\nthe LGR/link refcnt reaching 0 early and entering the clear process,\nmaking resource access unsafe.\n\n refcount_t: addition on 0; use-after-free.\n WARNING: CPU: 14 PID: 107447 at lib/refcount.c:25 refcount_warn_saturate+0x9c/0x140\n Workqueue: events smc_lgr_terminate_work [smc]\n Call trace:\n refcount_warn_saturate+0x9c/0x140\n __smc_lgr_terminate.part.45+0x2a8/0x370 [smc]\n smc_lgr_terminate_work+0x28/0x30 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nor\n\n refcount_t: underflow; use-after-free.\n WARNING: CPU: 6 PID: 93140 at lib/refcount.c:28 refcount_warn_saturate+0xf0/0x140\n Workqueue: smc_hs_wq smc_listen_work [smc]\n Call trace:\n refcount_warn_saturate+0xf0/0x140\n smcr_link_put+0x1cc/0x1d8 [smc]\n smc_conn_free+0x110/0x1b0 [smc]\n smc_conn_abort+0x50/0x60 [smc]\n smc_listen_find_device+0x75c/0x790 [smc]\n smc_listen_work+0x368/0x8a0 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nIt is caused by repeated release of LGR/link refcnt. One suspect is that\nsmc_conn_free() is called repeatedly because some smc_conn_free() from\nserver listening path are not protected by sock lock.\n\ne.g.\n\nCalls under socklock | smc_listen_work\n-------------------------------------------------------\nlock_sock(sk) | smc_conn_abort\nsmc_conn_free | \\- smc_conn_free\n\\- smcr_link_put | \\- smcr_link_put (duplicated)\nrelease_sock(sk)\n\nSo here add sock lock protection in smc_listen_work() path, making it\nexclusive with other connection operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56640",
"url": "https://www.suse.com/security/cve/CVE-2024-56640"
},
{
"category": "external",
"summary": "SUSE Bug 1235436 for CVE-2024-56640",
"url": "https://bugzilla.suse.com/1235436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56640"
},
{
"cve": "CVE-2024-56647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix icmp host relookup triggering ip_rt_bug\n\narp link failure may trigger ip_rt_bug while xfrm enabled, call trace is:\n\nWARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20\nModules linked in:\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:ip_rt_bug+0x14/0x20\nCall Trace:\n \u003cIRQ\u003e\n ip_send_skb+0x14/0x40\n __icmp_send+0x42d/0x6a0\n ipv4_link_failure+0xe2/0x1d0\n arp_error_report+0x3c/0x50\n neigh_invalidate+0x8d/0x100\n neigh_timer_handler+0x2e1/0x330\n call_timer_fn+0x21/0x120\n __run_timer_base.part.0+0x1c9/0x270\n run_timer_softirq+0x4c/0x80\n handle_softirqs+0xac/0x280\n irq_exit_rcu+0x62/0x80\n sysvec_apic_timer_interrupt+0x77/0x90\n\nThe script below reproduces this scenario:\nip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \\\n\tdir out priority 0 ptype main flag localok icmp\nip l a veth1 type veth\nip a a 192.168.141.111/24 dev veth0\nip l s veth0 up\nping 192.168.141.155 -c 1\n\nicmp_route_lookup() create input routes for locally generated packets\nwhile xfrm relookup ICMP traffic.Then it will set input route\n(dst-\u003eout = ip_rt_bug) to skb for DESTUNREACH.\n\nFor ICMP err triggered by locally generated packets, dst-\u003edev of output\nroute is loopback. Generally, xfrm relookup verification is not required\non loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1).\n\nSkip icmp relookup for locally generated packets to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56647",
"url": "https://www.suse.com/security/cve/CVE-2024-56647"
},
{
"category": "external",
"summary": "SUSE Bug 1235435 for CVE-2024-56647",
"url": "https://bugzilla.suse.com/1235435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56647"
},
{
"cve": "CVE-2024-56658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: defer final \u0027struct net\u0027 free in netns dismantle\n\nIlya reported a slab-use-after-free in dst_destroy [1]\n\nIssue is in xfrm6_net_init() and xfrm4_net_init() :\n\nThey copy xfrm[46]_dst_ops_template into net-\u003exfrm.xfrm[46]_dst_ops.\n\nBut net structure might be freed before all the dst callbacks are\ncalled. So when dst_destroy() calls later :\n\nif (dst-\u003eops-\u003edestroy)\n dst-\u003eops-\u003edestroy(dst);\n\ndst-\u003eops points to the old net-\u003exfrm.xfrm[46]_dst_ops, which has been freed.\n\nSee a relevant issue fixed in :\n\nac888d58869b (\"net: do not delay dst_entries_add() in dst_release()\")\n\nA fix is to queue the \u0027struct net\u0027 to be freed after one\nanother cleanup_net() round (and existing rcu_barrier())\n\n[1]\n\nBUG: KASAN: slab-use-after-free in dst_destroy (net/core/dst.c:112)\nRead of size 8 at addr ffff8882137ccab0 by task swapper/37/0\nDec 03 05:46:18 kernel:\nCPU: 37 UID: 0 PID: 0 Comm: swapper/37 Kdump: loaded Not tainted 6.12.0 #67\nHardware name: Red Hat KVM/RHEL, BIOS 1.16.1-1.el9 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\ndump_stack_lvl (lib/dump_stack.c:124)\nprint_address_description.constprop.0 (mm/kasan/report.c:378)\n? dst_destroy (net/core/dst.c:112)\nprint_report (mm/kasan/report.c:489)\n? dst_destroy (net/core/dst.c:112)\n? kasan_addr_to_slab (mm/kasan/common.c:37)\nkasan_report (mm/kasan/report.c:603)\n? dst_destroy (net/core/dst.c:112)\n? rcu_do_batch (kernel/rcu/tree.c:2567)\ndst_destroy (net/core/dst.c:112)\nrcu_do_batch (kernel/rcu/tree.c:2567)\n? __pfx_rcu_do_batch (kernel/rcu/tree.c:2491)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4339 kernel/locking/lockdep.c:4406)\nrcu_core (kernel/rcu/tree.c:2825)\nhandle_softirqs (kernel/softirq.c:554)\n__irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637)\nirq_exit_rcu (kernel/softirq.c:651)\nsysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1049 arch/x86/kernel/apic/apic.c:1049)\n \u003c/IRQ\u003e\n \u003cTASK\u003e\nasm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702)\nRIP: 0010:default_idle (./arch/x86/include/asm/irqflags.h:37 ./arch/x86/include/asm/irqflags.h:92 arch/x86/kernel/process.c:743)\nCode: 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 6e ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 0f 00 2d c7 c9 27 00 fb f4 \u003cfa\u003e c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90\nRSP: 0018:ffff888100d2fe00 EFLAGS: 00000246\nRAX: 00000000001870ed RBX: 1ffff110201a5fc2 RCX: ffffffffb61a3e46\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffb3d4d123\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed11c7e1835d\nR10: ffff888e3f0c1aeb R11: 0000000000000000 R12: 0000000000000000\nR13: ffff888100d20000 R14: dffffc0000000000 R15: 0000000000000000\n? ct_kernel_exit.constprop.0 (kernel/context_tracking.c:148)\n? cpuidle_idle_call (kernel/sched/idle.c:186)\ndefault_idle_call (./include/linux/cpuidle.h:143 kernel/sched/idle.c:118)\ncpuidle_idle_call (kernel/sched/idle.c:186)\n? __pfx_cpuidle_idle_call (kernel/sched/idle.c:168)\n? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406)\n? tsc_verify_tsc_adjust (arch/x86/kernel/tsc_sync.c:59)\ndo_idle (kernel/sched/idle.c:326)\ncpu_startup_entry (kernel/sched/idle.c:423 (discriminator 1))\nstart_secondary (arch/x86/kernel/smpboot.c:202 arch/x86/kernel/smpboot.c:282)\n? __pfx_start_secondary (arch/x86/kernel/smpboot.c:232)\n? soft_restart_cpu (arch/x86/kernel/head_64.S:452)\ncommon_startup_64 (arch/x86/kernel/head_64.S:414)\n \u003c/TASK\u003e\nDec 03 05:46:18 kernel:\nAllocated by task 12184:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69)\n__kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\nkmem_cache_alloc_noprof (mm/slub.c:4085 mm/slub.c:4134 mm/slub.c:4141)\ncopy_net_ns (net/core/net_namespace.c:421 net/core/net_namespace.c:480)\ncreate_new_namespaces\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56658",
"url": "https://www.suse.com/security/cve/CVE-2024-56658"
},
{
"category": "external",
"summary": "SUSE Bug 1235441 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "external",
"summary": "SUSE Bug 1235442 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-56658"
},
{
"cve": "CVE-2024-56702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Mark raw_tp arguments with PTR_MAYBE_NULL\n\nArguments to a raw tracepoint are tagged as trusted, which carries the\nsemantics that the pointer will be non-NULL. However, in certain cases,\na raw tracepoint argument may end up being NULL. More context about this\nissue is available in [0].\n\nThus, there is a discrepancy between the reality, that raw_tp arguments\ncan actually be NULL, and the verifier\u0027s knowledge, that they are never\nNULL, causing explicit NULL checks to be deleted, and accesses to such\npointers potentially crashing the kernel.\n\nTo fix this, mark raw_tp arguments as PTR_MAYBE_NULL, and then special\ncase the dereference and pointer arithmetic to permit it, and allow\npassing them into helpers/kfuncs; these exceptions are made for raw_tp\nprograms only. Ensure that we don\u0027t do this when ref_obj_id \u003e 0, as in\nthat case this is an acquired object and doesn\u0027t need such adjustment.\n\nThe reason we do mask_raw_tp_trusted_reg logic is because other will\nrecheck in places whether the register is a trusted_reg, and then\nconsider our register as untrusted when detecting the presence of the\nPTR_MAYBE_NULL flag.\n\nTo allow safe dereference, we enable PROBE_MEM marking when we see loads\ninto trusted pointers with PTR_MAYBE_NULL.\n\nWhile trusted raw_tp arguments can also be passed into helpers or kfuncs\nwhere such broken assumption may cause issues, a future patch set will\ntackle their case separately, as PTR_TO_BTF_ID (without PTR_TRUSTED) can\nalready be passed into helpers and causes similar problems. Thus, they\nare left alone for now.\n\nIt is possible that these checks also permit passing non-raw_tp args\nthat are trusted PTR_TO_BTF_ID with null marking. In such a case,\nallowing dereference when pointer is NULL expands allowed behavior, so\nwon\u0027t regress existing programs, and the case of passing these into\nhelpers is the same as above and will be dealt with later.\n\nAlso update the failure case in tp_btf_nullable selftest to capture the\nnew behavior, as the verifier will no longer cause an error when\ndirectly dereference a raw tracepoint argument marked as __nullable.\n\n [0]: https://lore.kernel.org/bpf/ZrCZS6nisraEqehw@jlelli-thinkpadt14gen4.remote.csb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56702",
"url": "https://www.suse.com/security/cve/CVE-2024-56702"
},
{
"category": "external",
"summary": "SUSE Bug 1235501 for CVE-2024-56702",
"url": "https://bugzilla.suse.com/1235501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56702"
},
{
"cve": "CVE-2024-56703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix soft lockups in fib6_select_path under high next hop churn\n\nSoft lockups have been observed on a cluster of Linux-based edge routers\nlocated in a highly dynamic environment. Using the `bird` service, these\nrouters continuously update BGP-advertised routes due to frequently\nchanging nexthop destinations, while also managing significant IPv6\ntraffic. The lockups occur during the traversal of the multipath\ncircular linked-list in the `fib6_select_path` function, particularly\nwhile iterating through the siblings in the list. The issue typically\narises when the nodes of the linked list are unexpectedly deleted\nconcurrently on a different core\u2014indicated by their \u0027next\u0027 and\n\u0027previous\u0027 elements pointing back to the node itself and their reference\ncount dropping to zero. This results in an infinite loop, leading to a\nsoft lockup that triggers a system panic via the watchdog timer.\n\nApply RCU primitives in the problematic code sections to resolve the\nissue. Where necessary, update the references to fib6_siblings to\nannotate or use the RCU APIs.\n\nInclude a test script that reproduces the issue. The script\nperiodically updates the routing table while generating a heavy load\nof outgoing IPv6 traffic through multiple iperf3 clients. It\nconsistently induces infinite soft lockups within a couple of minutes.\n\nKernel log:\n\n 0 [ffffbd13003e8d30] machine_kexec at ffffffff8ceaf3eb\n 1 [ffffbd13003e8d90] __crash_kexec at ffffffff8d0120e3\n 2 [ffffbd13003e8e58] panic at ffffffff8cef65d4\n 3 [ffffbd13003e8ed8] watchdog_timer_fn at ffffffff8d05cb03\n 4 [ffffbd13003e8f08] __hrtimer_run_queues at ffffffff8cfec62f\n 5 [ffffbd13003e8f70] hrtimer_interrupt at ffffffff8cfed756\n 6 [ffffbd13003e8fd0] __sysvec_apic_timer_interrupt at ffffffff8cea01af\n 7 [ffffbd13003e8ff0] sysvec_apic_timer_interrupt at ffffffff8df1b83d\n-- \u003cIRQ stack\u003e --\n 8 [ffffbd13003d3708] asm_sysvec_apic_timer_interrupt at ffffffff8e000ecb\n [exception RIP: fib6_select_path+299]\n RIP: ffffffff8ddafe7b RSP: ffffbd13003d37b8 RFLAGS: 00000287\n RAX: ffff975850b43600 RBX: ffff975850b40200 RCX: 0000000000000000\n RDX: 000000003fffffff RSI: 0000000051d383e4 RDI: ffff975850b43618\n RBP: ffffbd13003d3800 R8: 0000000000000000 R9: ffff975850b40200\n R10: 0000000000000000 R11: 0000000000000000 R12: ffffbd13003d3830\n R13: ffff975850b436a8 R14: ffff975850b43600 R15: 0000000000000007\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n 9 [ffffbd13003d3808] ip6_pol_route at ffffffff8ddb030c\n10 [ffffbd13003d3888] ip6_pol_route_input at ffffffff8ddb068c\n11 [ffffbd13003d3898] fib6_rule_lookup at ffffffff8ddf02b5\n12 [ffffbd13003d3928] ip6_route_input at ffffffff8ddb0f47\n13 [ffffbd13003d3a18] ip6_rcv_finish_core.constprop.0 at ffffffff8dd950d0\n14 [ffffbd13003d3a30] ip6_list_rcv_finish.constprop.0 at ffffffff8dd96274\n15 [ffffbd13003d3a98] ip6_sublist_rcv at ffffffff8dd96474\n16 [ffffbd13003d3af8] ipv6_list_rcv at ffffffff8dd96615\n17 [ffffbd13003d3b60] __netif_receive_skb_list_core at ffffffff8dc16fec\n18 [ffffbd13003d3be0] netif_receive_skb_list_internal at ffffffff8dc176b3\n19 [ffffbd13003d3c50] napi_gro_receive at ffffffff8dc565b9\n20 [ffffbd13003d3c80] ice_receive_skb at ffffffffc087e4f5 [ice]\n21 [ffffbd13003d3c90] ice_clean_rx_irq at ffffffffc0881b80 [ice]\n22 [ffffbd13003d3d20] ice_napi_poll at ffffffffc088232f [ice]\n23 [ffffbd13003d3d80] __napi_poll at ffffffff8dc18000\n24 [ffffbd13003d3db8] net_rx_action at ffffffff8dc18581\n25 [ffffbd13003d3e40] __do_softirq at ffffffff8df352e9\n26 [ffffbd13003d3eb0] run_ksoftirqd at ffffffff8ceffe47\n27 [ffffbd13003d3ec0] smpboot_thread_fn at ffffffff8cf36a30\n28 [ffffbd13003d3ee8] kthread at ffffffff8cf2b39f\n29 [ffffbd13003d3f28] ret_from_fork at ffffffff8ce5fa64\n30 [ffffbd13003d3f50] ret_from_fork_asm at ffffffff8ce03cbb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56703",
"url": "https://www.suse.com/security/cve/CVE-2024-56703"
},
{
"category": "external",
"summary": "SUSE Bug 1235455 for CVE-2024-56703",
"url": "https://bugzilla.suse.com/1235455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56703"
},
{
"cve": "CVE-2024-56718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: protect link down work from execute after lgr freed\n\nlink down work may be scheduled before lgr freed but execute\nafter lgr freed, which may result in crash. So it is need to\nhold a reference before shedule link down work, and put the\nreference after work executed or canceled.\n\nThe relevant crash call stack as follows:\n list_del corruption. prev-\u003enext should be ffffb638c9c0fe20,\n but was 0000000000000000\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:51!\n invalid opcode: 0000 [#1] SMP NOPTI\n CPU: 6 PID: 978112 Comm: kworker/6:119 Kdump: loaded Tainted: G #1\n Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 2221b89 04/01/2014\n Workqueue: events smc_link_down_work [smc]\n RIP: 0010:__list_del_entry_valid.cold+0x31/0x47\n RSP: 0018:ffffb638c9c0fdd8 EFLAGS: 00010086\n RAX: 0000000000000054 RBX: ffff942fb75e5128 RCX: 0000000000000000\n RDX: ffff943520930aa0 RSI: ffff94352091fc80 RDI: ffff94352091fc80\n RBP: 0000000000000000 R08: 0000000000000000 R09: ffffb638c9c0fc38\n R10: ffffb638c9c0fc30 R11: ffffffffa015eb28 R12: 0000000000000002\n R13: ffffb638c9c0fe20 R14: 0000000000000001 R15: ffff942f9cd051c0\n FS: 0000000000000000(0000) GS:ffff943520900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f4f25214000 CR3: 000000025fbae004 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n rwsem_down_write_slowpath+0x17e/0x470\n smc_link_down_work+0x3c/0x60 [smc]\n process_one_work+0x1ac/0x350\n worker_thread+0x49/0x2f0\n ? rescuer_thread+0x360/0x360\n kthread+0x118/0x140\n ? __kthread_bind_mask+0x60/0x60\n ret_from_fork+0x1f/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56718",
"url": "https://www.suse.com/security/cve/CVE-2024-56718"
},
{
"category": "external",
"summary": "SUSE Bug 1235589 for CVE-2024-56718",
"url": "https://bugzilla.suse.com/1235589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56718"
},
{
"cve": "CVE-2024-56719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: fix TSO DMA API usage causing oops\n\nCommit 66600fac7a98 (\"net: stmmac: TSO: Fix unbalanced DMA map/unmap\nfor non-paged SKB data\") moved the assignment of tx_skbuff_dma[]\u0027s\nmembers to be later in stmmac_tso_xmit().\n\nThe buf (dma cookie) and len stored in this structure are passed to\ndma_unmap_single() by stmmac_tx_clean(). The DMA API requires that\nthe dma cookie passed to dma_unmap_single() is the same as the value\nreturned from dma_map_single(). However, by moving the assignment\nlater, this is not the case when priv-\u003edma_cap.addr64 \u003e 32 as \"des\"\nis offset by proto_hdr_len.\n\nThis causes problems such as:\n\n dwc-eth-dwmac 2490000.ethernet eth0: Tx DMA map failed\n\nand with DMA_API_DEBUG enabled:\n\n DMA-API: dwc-eth-dwmac 2490000.ethernet: device driver tries to +free DMA memory it has not allocated [device address=0x000000ffffcf65c0] [size=66 bytes]\n\nFix this by maintaining \"des\" as the original DMA cookie, and use\ntso_des to pass the offset DMA cookie to stmmac_tso_allocator().\n\nFull details of the crashes can be found at:\nhttps://lore.kernel.org/all/d8112193-0386-4e14-b516-37c2d838171a@nvidia.com/\nhttps://lore.kernel.org/all/klkzp5yn5kq5efgtrow6wbvnc46bcqfxs65nz3qy77ujr5turc@bwwhelz2l4dw/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56719",
"url": "https://www.suse.com/security/cve/CVE-2024-56719"
},
{
"category": "external",
"summary": "SUSE Bug 1235591 for CVE-2024-56719",
"url": "https://bugzilla.suse.com/1235591"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56719"
},
{
"cve": "CVE-2024-56720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56720"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Several fixes to bpf_msg_pop_data\n\nSeveral fixes to bpf_msg_pop_data,\n1. In sk_msg_shift_left, we should put_page\n2. if (len == 0), return early is better\n3. pop the entire sk_msg (last == msg-\u003esg.size) should be supported\n4. Fix for the value of variable \"a\"\n5. In sk_msg_shift_left, after shifting, i has already pointed to the next\nelement. Addtional sk_msg_iter_var_next may result in BUG.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56720",
"url": "https://www.suse.com/security/cve/CVE-2024-56720"
},
{
"category": "external",
"summary": "SUSE Bug 1235592 for CVE-2024-56720",
"url": "https://bugzilla.suse.com/1235592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56720"
},
{
"cve": "CVE-2024-56751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56751"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: release nexthop on device removal\n\nThe CI is hitting some aperiodic hangup at device removal time in the\npmtu.sh self-test:\n\nunregister_netdevice: waiting for veth_A-R1 to become free. Usage count = 6\nref_tracker: veth_A-R1@ffff888013df15d8 has 1/5 users at\n\tdst_init+0x84/0x4a0\n\tdst_alloc+0x97/0x150\n\tip6_dst_alloc+0x23/0x90\n\tip6_rt_pcpu_alloc+0x1e6/0x520\n\tip6_pol_route+0x56f/0x840\n\tfib6_rule_lookup+0x334/0x630\n\tip6_route_output_flags+0x259/0x480\n\tip6_dst_lookup_tail.constprop.0+0x5c2/0x940\n\tip6_dst_lookup_flow+0x88/0x190\n\tudp_tunnel6_dst_lookup+0x2a7/0x4c0\n\tvxlan_xmit_one+0xbde/0x4a50 [vxlan]\n\tvxlan_xmit+0x9ad/0xf20 [vxlan]\n\tdev_hard_start_xmit+0x10e/0x360\n\t__dev_queue_xmit+0xf95/0x18c0\n\tarp_solicit+0x4a2/0xe00\n\tneigh_probe+0xaa/0xf0\n\nWhile the first suspect is the dst_cache, explicitly tracking the dst\nowing the last device reference via probes proved such dst is held by\nthe nexthop in the originating fib6_info.\n\nSimilar to commit f5b51fe804ec (\"ipv6: route: purge exception on\nremoval\"), we need to explicitly release the originating fib info when\ndisconnecting a to-be-removed device from a live ipv6 dst: move the\nfib6_info cleanup into ip6_dst_ifdown().\n\nTested running:\n\n./pmtu.sh cleanup_ipv6_exception\n\nin a tight loop for more than 400 iterations with no spat, running an\nunpatched kernel I observed a splat every ~10 iterations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56751",
"url": "https://www.suse.com/security/cve/CVE-2024-56751"
},
{
"category": "external",
"summary": "SUSE Bug 1234936 for CVE-2024-56751",
"url": "https://bugzilla.suse.com/1234936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56751"
},
{
"cve": "CVE-2024-56758",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56758"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: check folio mapping after unlock in relocate_one_folio()\n\nWhen we call btrfs_read_folio() to bring a folio uptodate, we unlock the\nfolio. The result of that is that a different thread can modify the\nmapping (like remove it with invalidate) before we call folio_lock().\nThis results in an invalid page and we need to try again.\n\nIn particular, if we are relocating concurrently with aborting a\ntransaction, this can result in a crash like the following:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP\n CPU: 76 PID: 1411631 Comm: kworker/u322:5\n Workqueue: events_unbound btrfs_reclaim_bgs_work\n RIP: 0010:set_page_extent_mapped+0x20/0xb0\n RSP: 0018:ffffc900516a7be8 EFLAGS: 00010246\n RAX: ffffea009e851d08 RBX: ffffea009e0b1880 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffffc900516a7b90 RDI: ffffea009e0b1880\n RBP: 0000000003573000 R08: 0000000000000001 R09: ffff88c07fd2f3f0\n R10: 0000000000000000 R11: 0000194754b575be R12: 0000000003572000\n R13: 0000000003572fff R14: 0000000000100cca R15: 0000000005582fff\n FS: 0000000000000000(0000) GS:ffff88c07fd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 000000407d00f002 CR4: 00000000007706f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x78/0xc0\n ? page_fault_oops+0x2a8/0x3a0\n ? __switch_to+0x133/0x530\n ? wq_worker_running+0xa/0x40\n ? exc_page_fault+0x63/0x130\n ? asm_exc_page_fault+0x22/0x30\n ? set_page_extent_mapped+0x20/0xb0\n relocate_file_extent_cluster+0x1a7/0x940\n relocate_data_extent+0xaf/0x120\n relocate_block_group+0x20f/0x480\n btrfs_relocate_block_group+0x152/0x320\n btrfs_relocate_chunk+0x3d/0x120\n btrfs_reclaim_bgs_work+0x2ae/0x4e0\n process_scheduled_works+0x184/0x370\n worker_thread+0xc6/0x3e0\n ? blk_add_timer+0xb0/0xb0\n kthread+0xae/0xe0\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork+0x2f/0x40\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n\nThis occurs because cleanup_one_transaction() calls\ndestroy_delalloc_inodes() which calls invalidate_inode_pages2() which\ntakes the folio_lock before setting mapping to NULL. We fail to check\nthis, and subsequently call set_extent_mapping(), which assumes that\nmapping != NULL (in fact it asserts that in debug mode)\n\nNote that the \"fixes\" patch here is not the one that introduced the\nrace (the very first iteration of this code from 2009) but a more recent\nchange that made this particular crash happen in practice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56758",
"url": "https://www.suse.com/security/cve/CVE-2024-56758"
},
{
"category": "external",
"summary": "SUSE Bug 1235621 for CVE-2024-56758",
"url": "https://bugzilla.suse.com/1235621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56758"
},
{
"cve": "CVE-2024-56770",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56770"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: netem: account for backlog updates from child qdisc\n\nIn general, \u0027qlen\u0027 of any classful qdisc should keep track of the\nnumber of packets that the qdisc itself and all of its children holds.\nIn case of netem, \u0027qlen\u0027 only accounts for the packets in its internal\ntfifo. When netem is used with a child qdisc, the child qdisc can use\n\u0027qdisc_tree_reduce_backlog\u0027 to inform its parent, netem, about created\nor dropped SKBs. This function updates \u0027qlen\u0027 and the backlog statistics\nof netem, but netem does not account for changes made by a child qdisc.\n\u0027qlen\u0027 then indicates the wrong number of packets in the tfifo.\nIf a child qdisc creates new SKBs during enqueue and informs its parent\nabout this, netem\u0027s \u0027qlen\u0027 value is increased. When netem dequeues the\nnewly created SKBs from the child, the \u0027qlen\u0027 in netem is not updated.\nIf \u0027qlen\u0027 reaches the configured sch-\u003elimit, the enqueue function stops\nworking, even though the tfifo is not full.\n\nReproduce the bug:\nEnsure that the sender machine has GSO enabled. Configure netem as root\nqdisc and tbf as its child on the outgoing interface of the machine\nas follows:\n$ tc qdisc add dev \u003coif\u003e root handle 1: netem delay 100ms limit 100\n$ tc qdisc add dev \u003coif\u003e parent 1:0 tbf rate 50Mbit burst 1542 latency 50ms\n\nSend bulk TCP traffic out via this interface, e.g., by running an iPerf3\nclient on the machine. Check the qdisc statistics:\n$ tc -s qdisc show dev \u003coif\u003e\n\nStatistics after 10s of iPerf3 TCP test before the fix (note that\nnetem\u0027s backlog \u003e limit, netem stopped accepting packets):\nqdisc netem 1: root refcnt 2 limit 1000 delay 100ms\n Sent 2767766 bytes 1848 pkt (dropped 652, overlimits 0 requeues 0)\n backlog 4294528236b 1155p requeues 0\nqdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms\n Sent 2767766 bytes 1848 pkt (dropped 327, overlimits 7601 requeues 0)\n backlog 0b 0p requeues 0\n\nStatistics after the fix:\nqdisc netem 1: root refcnt 2 limit 1000 delay 100ms\n Sent 37766372 bytes 24974 pkt (dropped 9, overlimits 0 requeues 0)\n backlog 0b 0p requeues 0\nqdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms\n Sent 37766372 bytes 24974 pkt (dropped 327, overlimits 96017 requeues 0)\n backlog 0b 0p requeues 0\n\ntbf segments the GSO SKBs (tbf_segment) and updates the netem\u0027s \u0027qlen\u0027.\nThe interface fully stops transferring packets and \"locks\". In this case,\nthe child qdisc and tfifo are empty, but \u0027qlen\u0027 indicates the tfifo is at\nits limit and no more packets are accepted.\n\nThis patch adds a counter for the entries in the tfifo. Netem\u0027s \u0027qlen\u0027 is\nonly decreased when a packet is returned by its dequeue function, and not\nduring enqueuing into the child qdisc. External updates to \u0027qlen\u0027 are thus\naccounted for and only the behavior of the backlog statistics changes. As\nin other qdiscs, \u0027qlen\u0027 then keeps track of how many packets are held in\nnetem and all of its children. As before, sch-\u003elimit remains as the\nmaximum number of packets in the tfifo. The same applies to netem\u0027s\nbacklog statistics.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56770",
"url": "https://www.suse.com/security/cve/CVE-2024-56770"
},
{
"category": "external",
"summary": "SUSE Bug 1235637 for CVE-2024-56770",
"url": "https://bugzilla.suse.com/1235637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56770"
},
{
"cve": "CVE-2024-57807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57807"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: megaraid_sas: Fix for a potential deadlock\n\nThis fixes a \u0027possible circular locking dependency detected\u0027 warning\n CPU0 CPU1\n ---- ----\n lock(\u0026instance-\u003ereset_mutex);\n lock(\u0026shost-\u003escan_mutex);\n lock(\u0026instance-\u003ereset_mutex);\n lock(\u0026shost-\u003escan_mutex);\n\nFix this by temporarily releasing the reset_mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57807",
"url": "https://www.suse.com/security/cve/CVE-2024-57807"
},
{
"category": "external",
"summary": "SUSE Bug 1235761 for CVE-2024-57807",
"url": "https://bugzilla.suse.com/1235761"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57807"
},
{
"cve": "CVE-2024-57834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57834"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread\n\nsyzbot report a null-ptr-deref in vidtv_mux_stop_thread. [1]\n\nIf dvb-\u003emux is not initialized successfully by vidtv_mux_init() in the\nvidtv_start_streaming(), it will trigger null pointer dereference about mux\nin vidtv_mux_stop_thread().\n\nAdjust the timing of streaming initialization and check it before\nstopping it.\n\n[1]\nKASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f]\nCPU: 0 UID: 0 PID: 5842 Comm: syz-executor248 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:vidtv_mux_stop_thread+0x26/0x80 drivers/media/test-drivers/vidtv/vidtv_mux.c:471\nCode: 90 90 90 90 66 0f 1f 00 55 53 48 89 fb e8 82 2e c8 f9 48 8d bb 28 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c0f\u003e b6 04 02 84 c0 74 02 7e 3b 0f b6 ab 28 01 00 00 31 ff 89 ee e8\nRSP: 0018:ffffc90003f2faa8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff87cfb125\nRDX: 0000000000000025 RSI: ffffffff87d120ce RDI: 0000000000000128\nRBP: ffff888029b8d220 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000003 R12: ffff888029b8d188\nR13: ffffffff8f590aa0 R14: ffffc9000581c5c8 R15: ffff888029a17710\nFS: 00007f7eef5156c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f7eef5e635c CR3: 0000000076ca6000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vidtv_stop_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:209 [inline]\n vidtv_stop_feed+0x151/0x250 drivers/media/test-drivers/vidtv/vidtv_bridge.c:252\n dmx_section_feed_stop_filtering+0x90/0x160 drivers/media/dvb-core/dvb_demux.c:1000\n dvb_dmxdev_feed_stop.isra.0+0x1ee/0x270 drivers/media/dvb-core/dmxdev.c:486\n dvb_dmxdev_filter_stop+0x22a/0x3a0 drivers/media/dvb-core/dmxdev.c:559\n dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline]\n dvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246\n __fput+0x3f8/0xb60 fs/file_table.c:450\n task_work_run+0x14e/0x250 kernel/task_work.c:239\n get_signal+0x1d3/0x2610 kernel/signal.c:2790\n arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337\n exit_to_user_mode_loop kernel/entry/common.c:111 [inline]\n exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218\n do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57834",
"url": "https://www.suse.com/security/cve/CVE-2024-57834"
},
{
"category": "external",
"summary": "SUSE Bug 1238993 for CVE-2024-57834",
"url": "https://bugzilla.suse.com/1238993"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57834"
},
{
"cve": "CVE-2024-57882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57882"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix TCP options overflow.\n\nSyzbot reported the following splat:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 UID: 0 PID: 5836 Comm: sshd Not tainted 6.13.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\nRIP: 0010:_compound_head include/linux/page-flags.h:242 [inline]\nRIP: 0010:put_page+0x23/0x260 include/linux/mm.h:1552\nCode: 90 90 90 90 90 90 90 55 41 57 41 56 53 49 89 fe 48 bd 00 00 00 00 00 fc ff df e8 f8 5e 12 f8 49 8d 5e 08 48 89 d8 48 c1 e8 03 \u003c80\u003e 3c 28 00 74 08 48 89 df e8 8f c7 78 f8 48 8b 1b 48 89 de 48 83\nRSP: 0000:ffffc90003916c90 EFLAGS: 00010202\nRAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888030458000\nRDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: dffffc0000000000 R08: ffffffff898ca81d R09: 1ffff110054414ac\nR10: dffffc0000000000 R11: ffffed10054414ad R12: 0000000000000007\nR13: ffff88802a20a542 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f34f496e800(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f9d6ec9ec28 CR3: 000000004d260000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n skb_page_unref include/linux/skbuff_ref.h:43 [inline]\n __skb_frag_unref include/linux/skbuff_ref.h:56 [inline]\n skb_release_data+0x483/0x8a0 net/core/skbuff.c:1119\n skb_release_all net/core/skbuff.c:1190 [inline]\n __kfree_skb+0x55/0x70 net/core/skbuff.c:1204\n tcp_clean_rtx_queue net/ipv4/tcp_input.c:3436 [inline]\n tcp_ack+0x2442/0x6bc0 net/ipv4/tcp_input.c:4032\n tcp_rcv_state_process+0x8eb/0x44e0 net/ipv4/tcp_input.c:6805\n tcp_v4_do_rcv+0x77d/0xc70 net/ipv4/tcp_ipv4.c:1939\n tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2351\n ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n __netif_receive_skb_one_core net/core/dev.c:5672 [inline]\n __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5785\n process_backlog+0x662/0x15b0 net/core/dev.c:6117\n __napi_poll+0xcb/0x490 net/core/dev.c:6883\n napi_poll net/core/dev.c:6952 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:7074\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0x57/0xc0 arch/x86/kernel/apic/apic.c:1049\n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702\nRIP: 0033:0x7f34f4519ad5\nCode: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83\nRSP: 002b:00007ffec5b32ce0 EFLAGS: 00000246\nRAX: 0000000000000001 RBX: 00000000000668a0 RCX: 00007f34f4519ad5\nRDX: 00007ffec5b32d00 RSI: 0000000000000004 RDI: 0000564f4bc6cae0\nRBP: 0000564f4bc6b5a0 R08: 0000000000000008 R09: 0000000000000000\nR10: 00007ffec5b32de8 R11: 0000000000000246 R12: 0000564f48ea8aa4\nR13: 0000000000000001 R14: 0000564f48ea93e8 R15: 00007ffec5b32d68\n \u003c/TASK\u003e\n\nEric noted a probable shinfo-\u003enr_frags corruption, which indeed\noccurs.\n\nThe root cause is a buggy MPTCP option len computation in some\ncircumstances: the ADD_ADDR option should be mutually exclusive\nwith DSS since the blamed commit.\n\nStill, mptcp_established_options_add_addr() tries to set the\nrelevant info in mptcp_out_options, if \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57882",
"url": "https://www.suse.com/security/cve/CVE-2024-57882"
},
{
"category": "external",
"summary": "SUSE Bug 1235914 for CVE-2024-57882",
"url": "https://bugzilla.suse.com/1235914"
},
{
"category": "external",
"summary": "SUSE Bug 1235916 for CVE-2024-57882",
"url": "https://bugzilla.suse.com/1235916"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-57882"
},
{
"cve": "CVE-2024-57889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking\n\nIf a device uses MCP23xxx IO expander to receive IRQs, the following\nbug can happen:\n\n BUG: sleeping function called from invalid context\n at kernel/locking/mutex.c:283\n in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ...\n preempt_count: 1, expected: 0\n ...\n Call Trace:\n ...\n __might_resched+0x104/0x10e\n __might_sleep+0x3e/0x62\n mutex_lock+0x20/0x4c\n regmap_lock_mutex+0x10/0x18\n regmap_update_bits_base+0x2c/0x66\n mcp23s08_irq_set_type+0x1ae/0x1d6\n __irq_set_trigger+0x56/0x172\n __setup_irq+0x1e6/0x646\n request_threaded_irq+0xb6/0x160\n ...\n\nWe observed the problem while experimenting with a touchscreen driver which\nused MCP23017 IO expander (I2C).\n\nThe regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from\nconcurrent accesses, which is the default for regmaps without .fast_io,\n.disable_locking, etc.\n\nmcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter\nlocks the mutex.\n\nHowever, __setup_irq() locks desc-\u003elock spinlock before calling these\nfunctions. As a result, the system tries to lock the mutex whole holding\nthe spinlock.\n\nIt seems, the internal regmap locks are not needed in this driver at all.\nmcp-\u003elock seems to protect the regmap from concurrent accesses already,\nexcept, probably, in mcp_pinconf_get/set.\n\nmcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under\nchip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes\nmcp-\u003elock and enables regmap caching, so that the potentially slow I2C\naccesses are deferred until chip_bus_unlock().\n\nThe accesses to the regmap from mcp23s08_probe_one() do not need additional\nlocking.\n\nIn all remaining places where the regmap is accessed, except\nmcp_pinconf_get/set(), the driver already takes mcp-\u003elock.\n\nThis patch adds locking in mcp_pinconf_get/set() and disables internal\nlocking in the regmap config. Among other things, it fixes the sleeping\nin atomic context described above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57889",
"url": "https://www.suse.com/security/cve/CVE-2024-57889"
},
{
"category": "external",
"summary": "SUSE Bug 1236573 for CVE-2024-57889",
"url": "https://bugzilla.suse.com/1236573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57889"
},
{
"cve": "CVE-2024-57900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57900"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: serialize calls to nf_register_net_hooks()\n\nsyzbot found a race in ila_add_mapping() [1]\n\ncommit 031ae72825ce (\"ila: call nf_unregister_net_hooks() sooner\")\nattempted to fix a similar issue.\n\nLooking at the syzbot repro, we have concurrent ILA_CMD_ADD commands.\n\nAdd a mutex to make sure at most one thread is calling nf_register_net_hooks().\n\n[1]\n BUG: KASAN: slab-use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: slab-use-after-free in __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604\nRead of size 4 at addr ffff888028f40008 by task dhcpcd/5501\n\nCPU: 1 UID: 0 PID: 5501 Comm: dhcpcd Not tainted 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:489\n kasan_report+0xd9/0x110 mm/kasan/report.c:602\n rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:127 [inline]\n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n ila_nf_input+0x1ee/0x620 net/ipv6/ila/ila_xlat.c:185\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xbb/0x200 net/netfilter/core.c:626\n nf_hook.constprop.0+0x42e/0x750 include/linux/netfilter.h:269\n NF_HOOK include/linux/netfilter.h:312 [inline]\n ipv6_rcv+0xa4/0x680 net/ipv6/ip6_input.c:309\n __netif_receive_skb_one_core+0x12e/0x1e0 net/core/dev.c:5672\n __netif_receive_skb+0x1d/0x160 net/core/dev.c:5785\n process_backlog+0x443/0x15f0 net/core/dev.c:6117\n __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:6883\n napi_poll net/core/dev.c:6952 [inline]\n net_rx_action+0xa94/0x1010 net/core/dev.c:7074\n handle_softirqs+0x213/0x8f0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0x109/0x170 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57900",
"url": "https://www.suse.com/security/cve/CVE-2024-57900"
},
{
"category": "external",
"summary": "SUSE Bug 1235973 for CVE-2024-57900",
"url": "https://bugzilla.suse.com/1235973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57900"
},
{
"cve": "CVE-2024-57947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_set_pipapo: fix initial map fill\n\nThe initial buffer has to be inited to all-ones, but it must restrict\nit to the size of the first field, not the total field size.\n\nAfter each round in the map search step, the result and the fill map\nare swapped, so if we have a set where f-\u003ebsize of the first element\nis smaller than m-\u003ebsize_max, those one-bits are leaked into future\nrounds result map.\n\nThis makes pipapo find an incorrect matching results for sets where\nfirst field size is not the largest.\n\nFollowup patch adds a test case to nft_concat_range.sh selftest script.\n\nThanks to Stefano Brivio for pointing out that we need to zero out\nthe remainder explicitly, only correcting memset() argument isn\u0027t enough.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57947",
"url": "https://www.suse.com/security/cve/CVE-2024-57947"
},
{
"category": "external",
"summary": "SUSE Bug 1236333 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "external",
"summary": "SUSE Bug 1245799 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1245799"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-57947"
},
{
"cve": "CVE-2024-57948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: check local interfaces before deleting sdata list\n\nsyzkaller reported a corrupted list in ieee802154_if_remove. [1]\n\nRemove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4\nhardware device from the system.\n\nCPU0\t\t\t\t\tCPU1\n====\t\t\t\t\t====\ngenl_family_rcv_msg_doit\t\tieee802154_unregister_hw\nieee802154_del_iface\t\t\tieee802154_remove_interfaces\nrdev_del_virtual_intf_deprecated\tlist_del(\u0026sdata-\u003elist)\nieee802154_if_remove\nlist_del_rcu\n\nThe net device has been unregistered, since the rcu grace period,\nunregistration must be run before ieee802154_if_remove.\n\nTo avoid this issue, add a check for local-\u003einterfaces before deleting\nsdata list.\n\n[1]\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 UID: 0 PID: 6277 Comm: syz-executor157 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:__list_del_entry_valid_or_report+0xf4/0x140 lib/list_debug.c:56\nCode: e8 a1 7e 00 07 90 0f 0b 48 c7 c7 e0 37 60 8c 4c 89 fe e8 8f 7e 00 07 90 0f 0b 48 c7 c7 40 38 60 8c 4c 89 fe e8 7d 7e 00 07 90 \u003c0f\u003e 0b 48 c7 c7 a0 38 60 8c 4c 89 fe e8 6b 7e 00 07 90 0f 0b 48 c7\nRSP: 0018:ffffc9000490f3d0 EFLAGS: 00010246\nRAX: 000000000000004e RBX: dead000000000122 RCX: d211eee56bb28d00\nRDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\nRBP: ffff88805b278dd8 R08: ffffffff8174a12c R09: 1ffffffff2852f0d\nR10: dffffc0000000000 R11: fffffbfff2852f0e R12: dffffc0000000000\nR13: dffffc0000000000 R14: dead000000000100 R15: ffff88805b278cc0\nFS: 0000555572f94380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000056262e4a3000 CR3: 0000000078496000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __list_del_entry_valid include/linux/list.h:124 [inline]\n __list_del_entry include/linux/list.h:215 [inline]\n list_del_rcu include/linux/rculist.h:157 [inline]\n ieee802154_if_remove+0x86/0x1e0 net/mac802154/iface.c:687\n rdev_del_virtual_intf_deprecated net/ieee802154/rdev-ops.h:24 [inline]\n ieee802154_del_iface+0x2c0/0x5c0 net/ieee802154/nl-phy.c:323\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:744\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2607\n ___sys_sendmsg net/socket.c:2661 [inline]\n __sys_sendmsg+0x292/0x380 net/socket.c:2690\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57948",
"url": "https://www.suse.com/security/cve/CVE-2024-57948"
},
{
"category": "external",
"summary": "SUSE Bug 1236677 for CVE-2024-57948",
"url": "https://bugzilla.suse.com/1236677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57948"
},
{
"cve": "CVE-2024-57973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57973"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrdma/cxgb4: Prevent potential integer overflow on 32bit\n\nThe \"gl-\u003etot_len\" variable is controlled by the user. It comes from\nprocess_responses(). On 32bit systems, the \"gl-\u003etot_len + sizeof(struct\ncpl_pass_accept_req) + sizeof(struct rss_header)\" addition could have an\ninteger wrapping bug. Use size_add() to prevent this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57973",
"url": "https://www.suse.com/security/cve/CVE-2024-57973"
},
{
"category": "external",
"summary": "SUSE Bug 1238531 for CVE-2024-57973",
"url": "https://bugzilla.suse.com/1238531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57973"
},
{
"cve": "CVE-2024-57974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudp: Deal with race between UDP socket address change and rehash\n\nIf a UDP socket changes its local address while it\u0027s receiving\ndatagrams, as a result of connect(), there is a period during which\na lookup operation might fail to find it, after the address is changed\nbut before the secondary hash (port and address) and the four-tuple\nhash (local and remote ports and addresses) are updated.\n\nSecondary hash chains were introduced by commit 30fff9231fad (\"udp:\nbind() optimisation\") and, as a result, a rehash operation became\nneeded to make a bound socket reachable again after a connect().\n\nThis operation was introduced by commit 719f835853a9 (\"udp: add\nrehash on connect()\") which isn\u0027t however a complete fix: the\nsocket will be found once the rehashing completes, but not while\nit\u0027s pending.\n\nThis is noticeable with a socat(1) server in UDP4-LISTEN mode, and a\nclient sending datagrams to it. After the server receives the first\ndatagram (cf. _xioopen_ipdgram_listen()), it issues a connect() to\nthe address of the sender, in order to set up a directed flow.\n\nNow, if the client, running on a different CPU thread, happens to\nsend a (subsequent) datagram while the server\u0027s socket changes its\naddress, but is not rehashed yet, this will result in a failed\nlookup and a port unreachable error delivered to the client, as\napparent from the following reproducer:\n\n LEN=$(($(cat /proc/sys/net/core/wmem_default) / 4))\n dd if=/dev/urandom bs=1 count=${LEN} of=tmp.in\n\n while :; do\n \ttaskset -c 1 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,trunc \u0026\n \tsleep 0.1 || sleep 1\n \ttaskset -c 2 socat OPEN:tmp.in UDP4:localhost:1337,shut-null\n \twait\n done\n\nwhere the client will eventually get ECONNREFUSED on a write()\n(typically the second or third one of a given iteration):\n\n 2024/11/13 21:28:23 socat[46901] E write(6, 0x556db2e3c000, 8192): Connection refused\n\nThis issue was first observed as a seldom failure in Podman\u0027s tests\nchecking UDP functionality while using pasta(1) to connect the\ncontainer\u0027s network namespace, which leads us to a reproducer with\nthe lookup error resulting in an ICMP packet on a tap device:\n\n LOCAL_ADDR=\"$(ip -j -4 addr show|jq -rM \u0027.[] | .addr_info[0] | select(.scope == \"global\").local\u0027)\"\n\n while :; do\n \t./pasta --config-net -p pasta.pcap -u 1337 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,trunc \u0026\n \tsleep 0.2 || sleep 1\n \tsocat OPEN:tmp.in UDP4:${LOCAL_ADDR}:1337,shut-null\n \twait\n \tcmp tmp.in tmp.out\n done\n\nOnce this fails:\n\n tmp.in tmp.out differ: char 8193, line 29\n\nwe can finally have a look at what\u0027s going on:\n\n $ tshark -r pasta.pcap\n 1 0.000000 :: ? ff02::16 ICMPv6 110 Multicast Listener Report Message v2\n 2 0.168690 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 3 0.168767 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 4 0.168806 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 5 0.168827 c6:47:05:8d:dc:04 ? Broadcast ARP 42 Who has 88.198.0.161? Tell 88.198.0.164\n 6 0.168851 9a:55:9a:55:9a:55 ? c6:47:05:8d:dc:04 ARP 42 88.198.0.161 is at 9a:55:9a:55:9a:55\n 7 0.168875 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 8 0.168896 88.198.0.164 ? 88.198.0.161 ICMP 590 Destination unreachable (Port unreachable)\n 9 0.168926 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 10 0.168959 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 11 0.168989 88.198.0.161 ? 88.198.0.164 UDP 4138 60260 ? 1337 Len=4096\n 12 0.169010 88.198.0.161 ? 88.198.0.164 UDP 42 60260 ? 1337 Len=0\n\nOn the third datagram received, the network namespace of the container\ninitiates an ARP lookup to deliver the ICMP message.\n\nIn another variant of this reproducer, starting the client with:\n\n strace -f pasta --config-net -u 1337 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,tru\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57974",
"url": "https://www.suse.com/security/cve/CVE-2024-57974"
},
{
"category": "external",
"summary": "SUSE Bug 1238532 for CVE-2024-57974",
"url": "https://bugzilla.suse.com/1238532"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57974"
},
{
"cve": "CVE-2024-57978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Fix potential error pointer dereference in detach_pm()\n\nThe proble is on the first line:\n\n\tif (jpeg-\u003epd_dev[i] \u0026\u0026 !pm_runtime_suspended(jpeg-\u003epd_dev[i]))\n\nIf jpeg-\u003epd_dev[i] is an error pointer, then passing it to\npm_runtime_suspended() will lead to an Oops. The other conditions\ncheck for both error pointers and NULL, but it would be more clear to\nuse the IS_ERR_OR_NULL() check for that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57978",
"url": "https://www.suse.com/security/cve/CVE-2024-57978"
},
{
"category": "external",
"summary": "SUSE Bug 1238523 for CVE-2024-57978",
"url": "https://bugzilla.suse.com/1238523"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57978"
},
{
"cve": "CVE-2024-57979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57979"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npps: Fix a use-after-free\n\nOn a board running ntpd and gpsd, I\u0027m seeing a consistent use-after-free\nin sys_exit() from gpsd when rebooting:\n\n pps pps1: removed\n ------------[ cut here ]------------\n kobject: \u0027(null)\u0027 (00000000db4bec24): is not initialized, yet kobject_put() is being called.\n WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150\n CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1\n Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : kobject_put+0x120/0x150\n lr : kobject_put+0x120/0x150\n sp : ffffffc0803d3ae0\n x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001\n x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440\n x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600\n x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20\n x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000\n x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n kobject_put+0x120/0x150\n cdev_put+0x20/0x3c\n __fput+0x2c4/0x2d8\n ____fput+0x1c/0x38\n task_work_run+0x70/0xfc\n do_exit+0x2a0/0x924\n do_group_exit+0x34/0x90\n get_signal+0x7fc/0x8c0\n do_signal+0x128/0x13b4\n do_notify_resume+0xdc/0x160\n el0_svc+0xd4/0xf8\n el0t_64_sync_handler+0x140/0x14c\n el0t_64_sync+0x190/0x194\n ---[ end trace 0000000000000000 ]---\n\n...followed by more symptoms of corruption, with similar stacks:\n\n refcount_t: underflow; use-after-free.\n kernel BUG at lib/list_debug.c:62!\n Kernel panic - not syncing: Oops - BUG: Fatal exception\n\nThis happens because pps_device_destruct() frees the pps_device with the\nembedded cdev immediately after calling cdev_del(), but, as the comment\nabove cdev_del() notes, fops for previously opened cdevs are still\ncallable even after cdev_del() returns. I think this bug has always\nbeen there: I can\u0027t explain why it suddenly started happening every time\nI reboot this particular board.\n\nIn commit d953e0e837e6 (\"pps: Fix a use-after free bug when\nunregistering a source.\"), George Spelvin suggested removing the\nembedded cdev. That seems like the simplest way to fix this, so I\u0027ve\nimplemented his suggestion, using __register_chrdev() with pps_idr\nbecoming the source of truth for which minor corresponds to which\ndevice.\n\nBut now that pps_idr defines userspace visibility instead of cdev_add(),\nwe need to be sure the pps-\u003edev refcount can\u0027t reach zero while\nuserspace can still find it again. So, the idr_remove() call moves to\npps_unregister_cdev(), and pps_idr now holds a reference to pps-\u003edev.\n\n pps_core: source serial1 got cdev (251:1)\n \u003c...\u003e\n pps pps1: removed\n pps_core: unregistering pps1\n pps_core: deallocating pps1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57979",
"url": "https://www.suse.com/security/cve/CVE-2024-57979"
},
{
"category": "external",
"summary": "SUSE Bug 1238521 for CVE-2024-57979",
"url": "https://bugzilla.suse.com/1238521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57979"
},
{
"cve": "CVE-2024-57980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix double free in error path\n\nIf the uvc_status_init() function fails to allocate the int_urb, it will\nfree the dev-\u003estatus pointer but doesn\u0027t reset the pointer to NULL. This\nresults in the kfree() call in uvc_status_cleanup() trying to\ndouble-free the memory. Fix it by resetting the dev-\u003estatus pointer to\nNULL after freeing it.\n\nReviewed by: Ricardo Ribalda \u003cribalda@chromium.org\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57980",
"url": "https://www.suse.com/security/cve/CVE-2024-57980"
},
{
"category": "external",
"summary": "SUSE Bug 1237911 for CVE-2024-57980",
"url": "https://bugzilla.suse.com/1237911"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57980"
},
{
"cve": "CVE-2024-57981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Fix NULL pointer dereference on certain command aborts\n\nIf a command is queued to the final usable TRB of a ring segment, the\nenqueue pointer is advanced to the subsequent link TRB and no further.\nIf the command is later aborted, when the abort completion is handled\nthe dequeue pointer is advanced to the first TRB of the next segment.\n\nIf no further commands are queued, xhci_handle_stopped_cmd_ring() sees\nthe ring pointers unequal and assumes that there is a pending command,\nso it calls xhci_mod_cmd_timer() which crashes if cur_cmd was NULL.\n\nDon\u0027t attempt timer setup if cur_cmd is NULL. The subsequent doorbell\nring likely is unnecessary too, but it\u0027s harmless. Leave it alone.\n\nThis is probably Bug 219532, but no confirmation has been received.\n\nThe issue has been independently reproduced and confirmed fixed using\na USB MCU programmed to NAK the Status stage of SET_ADDRESS forever.\nEverything continued working normally after several prevented crashes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57981",
"url": "https://www.suse.com/security/cve/CVE-2024-57981"
},
{
"category": "external",
"summary": "SUSE Bug 1237912 for CVE-2024-57981",
"url": "https://bugzilla.suse.com/1237912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57981"
},
{
"cve": "CVE-2024-57986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57986"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: Fix assumption that Resolution Multipliers must be in Logical Collections\n\nA report in 2019 by the syzbot fuzzer was found to be connected to two\nerrors in the HID core associated with Resolution Multipliers. One of\nthe errors was fixed by commit ea427a222d8b (\"HID: core: Fix deadloop\nin hid_apply_multiplier.\"), but the other has not been fixed.\n\nThis error arises because hid_apply_multipler() assumes that every\nResolution Multiplier control is contained in a Logical Collection,\ni.e., there\u0027s no way the routine can ever set multiplier_collection to\nNULL. This is in spite of the fact that the function starts with a\nbig comment saying:\n\n\t * \"The Resolution Multiplier control must be contained in the same\n\t * Logical Collection as the control(s) to which it is to be applied.\n\t ...\n\t * If no Logical Collection is\n\t * defined, the Resolution Multiplier is associated with all\n\t * controls in the report.\"\n\t * HID Usage Table, v1.12, Section 4.3.1, p30\n\t *\n\t * Thus, search from the current collection upwards until we find a\n\t * logical collection...\n\nThe comment and the code overlook the possibility that none of the\ncollections found may be a Logical Collection.\n\nThe fix is to set the multiplier_collection pointer to NULL if the\ncollection found isn\u0027t a Logical Collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57986",
"url": "https://www.suse.com/security/cve/CVE-2024-57986"
},
{
"category": "external",
"summary": "SUSE Bug 1237907 for CVE-2024-57986",
"url": "https://bugzilla.suse.com/1237907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57986"
},
{
"cve": "CVE-2024-57990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57990"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925: fix off by one in mt7925_load_clc()\n\nThis comparison should be \u003e= instead of \u003e to prevent an out of bounds\nread and write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57990",
"url": "https://www.suse.com/security/cve/CVE-2024-57990"
},
{
"category": "external",
"summary": "SUSE Bug 1237900 for CVE-2024-57990",
"url": "https://bugzilla.suse.com/1237900"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57990"
},
{
"cve": "CVE-2024-57993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check\n\nsyzbot has found a type mismatch between a USB pipe and the transfer\nendpoint, which is triggered by the hid-thrustmaster driver[1].\nThere is a number of similar, already fixed issues [2].\nIn this case as in others, implementing check for endpoint type fixes the issue.\n\n[1] https://syzkaller.appspot.com/bug?extid=040e8b3db6a96908d470\n[2] https://syzkaller.appspot.com/bug?extid=348331f63b034f89b622",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57993",
"url": "https://www.suse.com/security/cve/CVE-2024-57993"
},
{
"category": "external",
"summary": "SUSE Bug 1237894 for CVE-2024-57993",
"url": "https://bugzilla.suse.com/1237894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57993"
},
{
"cve": "CVE-2024-57994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()\n\nJakub added a lockdep_assert_no_hardirq() check in __page_pool_put_page()\nto increase test coverage.\n\nsyzbot found a splat caused by hard irq blocking in\nptr_ring_resize_multiple() [1]\n\nAs current users of ptr_ring_resize_multiple() do not require\nhard irqs being masked, replace it to only block BH.\n\nRename helpers to better reflect they are safe against BH only.\n\n- ptr_ring_resize_multiple() to ptr_ring_resize_multiple_bh()\n- skb_array_resize_multiple() to skb_array_resize_multiple_bh()\n\n[1]\n\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 __page_pool_put_page net/core/page_pool.c:709 [inline]\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nModules linked in:\nCPU: 1 UID: 0 PID: 9150 Comm: syz.1.1052 Not tainted 6.11.0-rc3-syzkaller-00202-gf8669d7b5f5d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:__page_pool_put_page net/core/page_pool.c:709 [inline]\nRIP: 0010:page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nCode: 74 0e e8 7c aa fb f7 eb 43 e8 75 aa fb f7 eb 3c 65 8b 1d 38 a8 6a 76 31 ff 89 de e8 a3 ae fb f7 85 db 74 0b e8 5a aa fb f7 90 \u003c0f\u003e 0b 90 eb 1d 65 8b 1d 15 a8 6a 76 31 ff 89 de e8 84 ae fb f7 85\nRSP: 0018:ffffc9000bda6b58 EFLAGS: 00010083\nRAX: ffffffff8997e523 RBX: 0000000000000000 RCX: 0000000000040000\nRDX: ffffc9000fbd0000 RSI: 0000000000001842 RDI: 0000000000001843\nRBP: 0000000000000000 R08: ffffffff8997df2c R09: 1ffffd40003a000d\nR10: dffffc0000000000 R11: fffff940003a000e R12: ffffea0001d00040\nR13: ffff88802e8a4000 R14: dffffc0000000000 R15: 00000000ffffffff\nFS: 00007fb7aaf716c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fa15a0d4b72 CR3: 00000000561b0000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n tun_ptr_free drivers/net/tun.c:617 [inline]\n __ptr_ring_swap_queue include/linux/ptr_ring.h:571 [inline]\n ptr_ring_resize_multiple_noprof include/linux/ptr_ring.h:643 [inline]\n tun_queue_resize drivers/net/tun.c:3694 [inline]\n tun_device_event+0xaaf/0x1080 drivers/net/tun.c:3714\n notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93\n call_netdevice_notifiers_extack net/core/dev.c:2032 [inline]\n call_netdevice_notifiers net/core/dev.c:2046 [inline]\n dev_change_tx_queue_len+0x158/0x2a0 net/core/dev.c:9024\n do_setlink+0xff6/0x41f0 net/core/rtnetlink.c:2923\n rtnl_setlink+0x40d/0x5a0 net/core/rtnetlink.c:3201\n rtnetlink_rcv_msg+0x73f/0xcf0 net/core/rtnetlink.c:6647\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2550",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57994",
"url": "https://www.suse.com/security/cve/CVE-2024-57994"
},
{
"category": "external",
"summary": "SUSE Bug 1237901 for CVE-2024-57994",
"url": "https://bugzilla.suse.com/1237901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57994"
},
{
"cve": "CVE-2024-57996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: don\u0027t allow 1 packet limit\n\nThe current implementation does not work correctly with a limit of\n1. iproute2 actually checks for this and this patch adds the check in\nkernel as well.\n\nThis fixes the following syzkaller reported crash:\n\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:210:6\nindex 65535 is out of range for type \u0027struct sfq_head[128]\u0027\nCPU: 0 PID: 2569 Comm: syz-executor101 Not tainted 5.10.0-smp-DEV #1\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n __dump_stack lib/dump_stack.c:79 [inline]\n dump_stack+0x125/0x19f lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:148 [inline]\n __ubsan_handle_out_of_bounds+0xed/0x120 lib/ubsan.c:347\n sfq_link net/sched/sch_sfq.c:210 [inline]\n sfq_dec+0x528/0x600 net/sched/sch_sfq.c:238\n sfq_dequeue+0x39b/0x9d0 net/sched/sch_sfq.c:500\n sfq_reset+0x13/0x50 net/sched/sch_sfq.c:525\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n tbf_reset+0x3d/0x100 net/sched/sch_tbf.c:319\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n dev_reset_queue+0x8c/0x140 net/sched/sch_generic.c:1296\n netdev_for_each_tx_queue include/linux/netdevice.h:2350 [inline]\n dev_deactivate_many+0x6dc/0xc20 net/sched/sch_generic.c:1362\n __dev_close_many+0x214/0x350 net/core/dev.c:1468\n dev_close_many+0x207/0x510 net/core/dev.c:1506\n unregister_netdevice_many+0x40f/0x16b0 net/core/dev.c:10738\n unregister_netdevice_queue+0x2be/0x310 net/core/dev.c:10695\n unregister_netdevice include/linux/netdevice.h:2893 [inline]\n __tun_detach+0x6b6/0x1600 drivers/net/tun.c:689\n tun_detach drivers/net/tun.c:705 [inline]\n tun_chr_close+0x104/0x1b0 drivers/net/tun.c:3640\n __fput+0x203/0x840 fs/file_table.c:280\n task_work_run+0x129/0x1b0 kernel/task_work.c:185\n exit_task_work include/linux/task_work.h:33 [inline]\n do_exit+0x5ce/0x2200 kernel/exit.c:931\n do_group_exit+0x144/0x310 kernel/exit.c:1046\n __do_sys_exit_group kernel/exit.c:1057 [inline]\n __se_sys_exit_group kernel/exit.c:1055 [inline]\n __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1055\n do_syscall_64+0x6c/0xd0\n entry_SYSCALL_64_after_hwframe+0x61/0xcb\nRIP: 0033:0x7fe5e7b52479\nCode: Unable to access opcode bytes at RIP 0x7fe5e7b5244f.\nRSP: 002b:00007ffd3c800398 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe5e7b52479\nRDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000\nRBP: 00007fe5e7bcd2d0 R08: ffffffffffffffb8 R09: 0000000000000014\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5e7bcd2d0\nR13: 0000000000000000 R14: 00007fe5e7bcdd20 R15: 00007fe5e7b24270\n\nThe crash can be also be reproduced with the following (with a tc\nrecompiled to allow for sfq limits of 1):\n\ntc qdisc add dev dummy0 handle 1: root tbf rate 1Kbit burst 100b lat 1s\n../iproute2-6.9.0/tc/tc qdisc add dev dummy0 handle 2: parent 1:10 sfq limit 1\nifconfig dummy0 up\nping -I dummy0 -f -c2 -W0.1 8.8.8.8\nsleep 1\n\nScenario that triggers the crash:\n\n* the first packet is sent and queued in TBF and SFQ; qdisc qlen is 1\n\n* TBF dequeues: it peeks from SFQ which moves the packet to the\n gso_skb list and keeps qdisc qlen set to 1. TBF is out of tokens so\n it schedules itself for later.\n\n* the second packet is sent and TBF tries to queues it to SFQ. qdisc\n qlen is now 2 and because the SFQ limit is 1 the packet is dropped\n by SFQ. At this point qlen is 1, and all of the SFQ slots are empty,\n however q-\u003etail is not NULL.\n\nAt this point, assuming no more packets are queued, when sch_dequeue\nruns again it will decrement the qlen for the current empty slot\ncausing an underflow and the subsequent out of bounds access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57996",
"url": "https://www.suse.com/security/cve/CVE-2024-57996"
},
{
"category": "external",
"summary": "SUSE Bug 1239076 for CVE-2024-57996",
"url": "https://bugzilla.suse.com/1239076"
},
{
"category": "external",
"summary": "SUSE Bug 1239077 for CVE-2024-57996",
"url": "https://bugzilla.suse.com/1239077"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-57996"
},
{
"cve": "CVE-2024-57997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57997"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wcn36xx: fix channel survey memory allocation size\n\nKASAN reported a memory allocation issue in wcn-\u003echan_survey\ndue to incorrect size calculation.\nThis commit uses kcalloc to allocate memory for wcn-\u003echan_survey,\nensuring proper initialization and preventing the use of uninitialized\nvalues when there are no frames on the channel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57997",
"url": "https://www.suse.com/security/cve/CVE-2024-57997"
},
{
"category": "external",
"summary": "SUSE Bug 1238529 for CVE-2024-57997",
"url": "https://bugzilla.suse.com/1238529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57997"
},
{
"cve": "CVE-2024-57999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57999"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW\n\nPower Hypervisor can possibily allocate MMIO window intersecting with\nDynamic DMA Window (DDW) range, which is over 32-bit addressing.\n\nThese MMIO pages needs to be marked as reserved so that IOMMU doesn\u0027t map\nDMA buffers in this range.\n\nThe current code is not marking these pages correctly which is resulting\nin LPAR to OOPS while booting. The stack is at below\n\nBUG: Unable to handle kernel data access on read at 0xc00800005cd40000\nFaulting instruction address: 0xc00000000005cdac\nOops: Kernel access of bad area, sig: 11 [#1]\nLE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries\nModules linked in: af_packet rfkill ibmveth(X) lpfc(+) nvmet_fc nvmet nvme_keyring crct10dif_vpmsum nvme_fc nvme_fabrics nvme_core be2net(+) nvme_auth rtc_generic nfsd auth_rpcgss nfs_acl lockd grace sunrpc fuse configfs ip_tables x_tables xfs libcrc32c dm_service_time ibmvfc(X) scsi_transport_fc vmx_crypto gf128mul crc32c_vpmsum dm_mirror dm_region_hash dm_log dm_multipath dm_mod sd_mod scsi_dh_emc scsi_dh_rdac scsi_dh_alua t10_pi crc64_rocksoft_generic crc64_rocksoft sg crc64 scsi_mod\nSupported: Yes, External\nCPU: 8 PID: 241 Comm: kworker/8:1 Kdump: loaded Not tainted 6.4.0-150600.23.14-default #1 SLE15-SP6 b44ee71c81261b9e4bab5e0cde1f2ed891d5359b\nHardware name: IBM,9080-M9S POWER9 (raw) 0x4e2103 0xf000005 of:IBM,FW950.B0 (VH950_149) hv:phyp pSeries\nWorkqueue: events work_for_cpu_fn\nNIP: c00000000005cdac LR: c00000000005e830 CTR: 0000000000000000\nREGS: c00001400c9ff770 TRAP: 0300 Not tainted (6.4.0-150600.23.14-default)\nMSR: 800000000280b033 \u003cSF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE\u003e CR: 24228448 XER: 00000001\nCFAR: c00000000005cdd4 DAR: c00800005cd40000 DSISR: 40000000 IRQMASK: 0\nGPR00: c00000000005e830 c00001400c9ffa10 c000000001987d00 c00001400c4fe800\nGPR04: 0000080000000000 0000000000000001 0000000004000000 0000000000800000\nGPR08: 0000000004000000 0000000000000001 c00800005cd40000 ffffffffffffffff\nGPR12: 0000000084228882 c00000000a4c4f00 0000000000000010 0000080000000000\nGPR16: c00001400c4fe800 0000000004000000 0800000000000000 c00000006088b800\nGPR20: c00001401a7be980 c00001400eff3800 c000000002a2da68 000000000000002b\nGPR24: c0000000026793a8 c000000002679368 000000000000002a c0000000026793c8\nGPR28: 000008007effffff 0000080000000000 0000000000800000 c00001400c4fe800\nNIP [c00000000005cdac] iommu_table_reserve_pages+0xac/0x100\nLR [c00000000005e830] iommu_init_table+0x80/0x1e0\nCall Trace:\n[c00001400c9ffa10] [c00000000005e810] iommu_init_table+0x60/0x1e0 (unreliable)\n[c00001400c9ffa90] [c00000000010356c] iommu_bypass_supported_pSeriesLP+0x9cc/0xe40\n[c00001400c9ffc30] [c00000000005c300] dma_iommu_dma_supported+0xf0/0x230\n[c00001400c9ffcb0] [c00000000024b0c4] dma_supported+0x44/0x90\n[c00001400c9ffcd0] [c00000000024b14c] dma_set_mask+0x3c/0x80\n[c00001400c9ffd00] [c0080000555b715c] be_probe+0xc4/0xb90 [be2net]\n[c00001400c9ffdc0] [c000000000986f3c] local_pci_probe+0x6c/0x110\n[c00001400c9ffe40] [c000000000188f28] work_for_cpu_fn+0x38/0x60\n[c00001400c9ffe70] [c00000000018e454] process_one_work+0x314/0x620\n[c00001400c9fff10] [c00000000018f280] worker_thread+0x2b0/0x620\n[c00001400c9fff90] [c00000000019bb18] kthread+0x148/0x150\n[c00001400c9fffe0] [c00000000000ded8] start_kernel_thread+0x14/0x18\n\nThere are 2 issues in the code\n\n1. The index is \"int\" while the address is \"unsigned long\". This results in\n negative value when setting the bitmap.\n\n2. The DMA offset is page shifted but the MMIO range is used as-is (64-bit\n address). MMIO address needs to be page shifted as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57999",
"url": "https://www.suse.com/security/cve/CVE-2024-57999"
},
{
"category": "external",
"summary": "SUSE Bug 1238526 for CVE-2024-57999",
"url": "https://bugzilla.suse.com/1238526"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57999"
},
{
"cve": "CVE-2024-58002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58002"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Remove dangling pointers\n\nWhen an async control is written, we copy a pointer to the file handle\nthat started the operation. That pointer will be used when the device is\ndone. Which could be anytime in the future.\n\nIf the user closes that file descriptor, its structure will be freed,\nand there will be one dangling pointer per pending async control, that\nthe driver will try to use.\n\nClean all the dangling pointers during release().\n\nTo avoid adding a performance penalty in the most common case (no async\noperation), a counter has been introduced with some logic to make sure\nthat it is properly handled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58002",
"url": "https://www.suse.com/security/cve/CVE-2024-58002"
},
{
"category": "external",
"summary": "SUSE Bug 1238503 for CVE-2024-58002",
"url": "https://bugzilla.suse.com/1238503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58002"
},
{
"cve": "CVE-2024-58005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Change to kvalloc() in eventlog/acpi.c\n\nThe following failure was reported on HPE ProLiant D320:\n\n[ 10.693310][ T1] tpm_tis STM0925:00: 2.0 TPM (device-id 0x3, rev-id 0)\n[ 10.848132][ T1] ------------[ cut here ]------------\n[ 10.853559][ T1] WARNING: CPU: 59 PID: 1 at mm/page_alloc.c:4727 __alloc_pages_noprof+0x2ca/0x330\n[ 10.862827][ T1] Modules linked in:\n[ 10.866671][ T1] CPU: 59 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-lp155.2.g52785e2-default #1 openSUSE Tumbleweed (unreleased) 588cd98293a7c9eba9013378d807364c088c9375\n[ 10.882741][ T1] Hardware name: HPE ProLiant DL320 Gen12/ProLiant DL320 Gen12, BIOS 1.20 10/28/2024\n[ 10.892170][ T1] RIP: 0010:__alloc_pages_noprof+0x2ca/0x330\n[ 10.898103][ T1] Code: 24 08 e9 4a fe ff ff e8 34 36 fa ff e9 88 fe ff ff 83 fe 0a 0f 86 b3 fd ff ff 80 3d 01 e7 ce 01 00 75 09 c6 05 f8 e6 ce 01 01 \u003c0f\u003e 0b 45 31 ff e9 e5 fe ff ff f7 c2 00 00 08 00 75 42 89 d9 80 e1\n[ 10.917750][ T1] RSP: 0000:ffffb7cf40077980 EFLAGS: 00010246\n[ 10.923777][ T1] RAX: 0000000000000000 RBX: 0000000000040cc0 RCX: 0000000000000000\n[ 10.931727][ T1] RDX: 0000000000000000 RSI: 000000000000000c RDI: 0000000000040cc0\n\nThe above transcript shows that ACPI pointed a 16 MiB buffer for the log\nevents because RSI maps to the \u0027order\u0027 parameter of __alloc_pages_noprof().\nAddress the bug by moving from devm_kmalloc() to devm_add_action() and\nkvmalloc() and devm_add_action().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58005",
"url": "https://www.suse.com/security/cve/CVE-2024-58005"
},
{
"category": "external",
"summary": "SUSE Bug 1237873 for CVE-2024-58005",
"url": "https://bugzilla.suse.com/1237873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58005"
},
{
"cve": "CVE-2024-58006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58006"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()\n\nIn commit 4284c88fff0e (\"PCI: designware-ep: Allow pci_epc_set_bar() update\ninbound map address\") set_bar() was modified to support dynamically\nchanging the backing physical address of a BAR that was already configured.\n\nThis means that set_bar() can be called twice, without ever calling\nclear_bar() (as calling clear_bar() would clear the BAR\u0027s PCI address\nassigned by the host).\n\nThis can only be done if the new BAR size/flags does not differ from the\nexisting BAR configuration. Add these missing checks.\n\nIf we allow set_bar() to set e.g. a new BAR size that differs from the\nexisting BAR size, the new address translation range will be smaller than\nthe BAR size already determined by the host, which would mean that a read\npast the new BAR size would pass the iATU untranslated, which could allow\nthe host to read memory not belonging to the new struct pci_epf_bar.\n\nWhile at it, add comments which clarifies the support for dynamically\nchanging the physical address of a BAR. (Which was also missing.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58006",
"url": "https://www.suse.com/security/cve/CVE-2024-58006"
},
{
"category": "external",
"summary": "SUSE Bug 1238772 for CVE-2024-58006",
"url": "https://bugzilla.suse.com/1238772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58006"
},
{
"cve": "CVE-2024-58007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58007"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: socinfo: Avoid out of bounds read of serial number\n\nOn MSM8916 devices, the serial number exposed in sysfs is constant and does\nnot change across individual devices. It\u0027s always:\n\n db410c:/sys/devices/soc0$ cat serial_number\n 2644893864\n\nThe firmware used on MSM8916 exposes SOCINFO_VERSION(0, 8), which does not\nhave support for the serial_num field in the socinfo struct. There is an\nexisting check to avoid exposing the serial number in that case, but it\u0027s\nnot correct: When checking the item_size returned by SMEM, we need to make\nsure the *end* of the serial_num is within bounds, instead of comparing\nwith the *start* offset. The serial_number currently exposed on MSM8916\ndevices is just an out of bounds read of whatever comes after the socinfo\nstruct in SMEM.\n\nFix this by changing offsetof() to offsetofend(), so that the size of the\nfield is also taken into account.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58007",
"url": "https://www.suse.com/security/cve/CVE-2024-58007"
},
{
"category": "external",
"summary": "SUSE Bug 1238511 for CVE-2024-58007",
"url": "https://bugzilla.suse.com/1238511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58007"
},
{
"cve": "CVE-2024-58009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc\n\nA NULL sock pointer is passed into l2cap_sock_alloc() when it is called\nfrom l2cap_sock_new_connection_cb() and the error handling paths should\nalso be aware of it.\n\nSeemingly a more elegant solution would be to swap bt_sock_alloc() and\nl2cap_chan_create() calls since they are not interdependent to that moment\nbut then l2cap_chan_create() adds the soon to be deallocated and still\ndummy-initialized channel to the global list accessible by many L2CAP\npaths. The channel would be removed from the list in short period of time\nbut be a bit more straight-forward here and just check for NULL instead of\nchanging the order of function calls.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58009",
"url": "https://www.suse.com/security/cve/CVE-2024-58009"
},
{
"category": "external",
"summary": "SUSE Bug 1238760 for CVE-2024-58009",
"url": "https://bugzilla.suse.com/1238760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58009"
},
{
"cve": "CVE-2024-58011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58011"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: int3472: Check for adev == NULL\n\nNot all devices have an ACPI companion fwnode, so adev might be NULL. This\ncan e.g. (theoretically) happen when a user manually binds one of\nthe int3472 drivers to another i2c/platform device through sysfs.\n\nAdd a check for adev not being set and return -ENODEV in that case to\navoid a possible NULL pointer deref in skl_int3472_get_acpi_buffer().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58011",
"url": "https://www.suse.com/security/cve/CVE-2024-58011"
},
{
"category": "external",
"summary": "SUSE Bug 1239080 for CVE-2024-58011",
"url": "https://bugzilla.suse.com/1239080"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58011"
},
{
"cve": "CVE-2024-58012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58012"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params\n\nEach cpu DAI should associate with a widget. However, the topology might\nnot create the right number of DAI widgets for aggregated amps. And it\nwill cause NULL pointer deference.\nCheck that the DAI widget associated with the CPU DAI is valid to prevent\nNULL pointer deference due to missing DAI widgets in topologies with\naggregated amps.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58012",
"url": "https://www.suse.com/security/cve/CVE-2024-58012"
},
{
"category": "external",
"summary": "SUSE Bug 1239104 for CVE-2024-58012",
"url": "https://bugzilla.suse.com/1239104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58012"
},
{
"cve": "CVE-2024-58013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync\n\nThis fixes the following crash:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543\nRead of size 8 at addr ffff88814128f898 by task kworker/u9:4/5961\n\nCPU: 1 UID: 0 PID: 5961 Comm: kworker/u9:4 Not tainted 6.12.0-syzkaller-10684-gf1cd565ce577 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543\n hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nAllocated by task 16026:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4314\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n mgmt_pending_new+0x65/0x250 net/bluetooth/mgmt_util.c:269\n mgmt_pending_add+0x36/0x120 net/bluetooth/mgmt_util.c:296\n remove_adv_monitor+0x102/0x1b0 net/bluetooth/mgmt.c:5568\n hci_mgmt_cmd+0xc47/0x11d0 net/bluetooth/hci_sock.c:1712\n hci_sock_sendmsg+0x7b8/0x11c0 net/bluetooth/hci_sock.c:1832\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:726\n sock_write_iter+0x2d7/0x3f0 net/socket.c:1147\n new_sync_write fs/read_write.c:586 [inline]\n vfs_write+0xaeb/0xd30 fs/read_write.c:679\n ksys_write+0x18f/0x2b0 fs/read_write.c:731\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 16022:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2338 [inline]\n slab_free mm/slub.c:4598 [inline]\n kfree+0x196/0x420 mm/slub.c:4746\n mgmt_pending_foreach+0xd1/0x130 net/bluetooth/mgmt_util.c:259\n __mgmt_power_off+0x183/0x430 net/bluetooth/mgmt.c:9550\n hci_dev_close_sync+0x6c4/0x11c0 net/bluetooth/hci_sync.c:5208\n hci_dev_do_close net/bluetooth/hci_core.c:483 [inline]\n hci_dev_close+0x112/0x210 net/bluetooth/hci_core.c:508\n sock_do_ioctl+0x158/0x460 net/socket.c:1209\n sock_ioctl+0x626/0x8e0 net/socket.c:1328\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58013",
"url": "https://www.suse.com/security/cve/CVE-2024-58013"
},
{
"category": "external",
"summary": "SUSE Bug 1239095 for CVE-2024-58013",
"url": "https://bugzilla.suse.com/1239095"
},
{
"category": "external",
"summary": "SUSE Bug 1239096 for CVE-2024-58013",
"url": "https://bugzilla.suse.com/1239096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-58013"
},
{
"cve": "CVE-2024-58014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58014"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()\n\nIn \u0027wlc_phy_iqcal_gainparams_nphy()\u0027, add gain range check to WARN()\ninstead of possible out-of-bounds \u0027tbl_iqcal_gainparams_nphy\u0027 access.\nCompile tested only.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58014",
"url": "https://www.suse.com/security/cve/CVE-2024-58014"
},
{
"category": "external",
"summary": "SUSE Bug 1239109 for CVE-2024-58014",
"url": "https://bugzilla.suse.com/1239109"
},
{
"category": "external",
"summary": "SUSE Bug 1239110 for CVE-2024-58014",
"url": "https://bugzilla.suse.com/1239110"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-58014"
},
{
"cve": "CVE-2024-58017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58017"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nprintk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX\n\nShifting 1 \u003c\u003c 31 on a 32-bit int causes signed integer overflow, which\nleads to undefined behavior. To prevent this, cast 1 to u32 before\nperforming the shift, ensuring well-defined behavior.\n\nThis change explicitly avoids any potential overflow by ensuring that\nthe shift occurs on an unsigned 32-bit integer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58017",
"url": "https://www.suse.com/security/cve/CVE-2024-58017"
},
{
"category": "external",
"summary": "SUSE Bug 1239112 for CVE-2024-58017",
"url": "https://bugzilla.suse.com/1239112"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58017"
},
{
"cve": "CVE-2024-58018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58018"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvkm: correctly calculate the available space of the GSP cmdq buffer\n\nr535_gsp_cmdq_push() waits for the available page in the GSP cmdq\nbuffer when handling a large RPC request. When it sees at least one\navailable page in the cmdq, it quits the waiting with the amount of\nfree buffer pages in the queue.\n\nUnfortunately, it always takes the [write pointer, buf_size) as\navailable buffer pages before rolling back and wrongly calculates the\nsize of the data should be copied. Thus, it can overwrite the RPC\nrequest that GSP is currently reading, which causes GSP hang due\nto corrupted RPC request:\n\n[ 549.209389] ------------[ cut here ]------------\n[ 549.214010] WARNING: CPU: 8 PID: 6314 at drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c:116 r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.225678] Modules linked in: nvkm(E+) gsp_log(E) snd_seq_dummy(E) snd_hrtimer(E) snd_seq(E) snd_timer(E) snd_seq_device(E) snd(E) soundcore(E) rfkill(E) qrtr(E) vfat(E) fat(E) ipmi_ssif(E) amd_atl(E) intel_rapl_msr(E) intel_rapl_common(E) mlx5_ib(E) amd64_edac(E) edac_mce_amd(E) kvm_amd(E) ib_uverbs(E) kvm(E) ib_core(E) acpi_ipmi(E) ipmi_si(E) mxm_wmi(E) ipmi_devintf(E) rapl(E) i2c_piix4(E) wmi_bmof(E) joydev(E) ptdma(E) acpi_cpufreq(E) k10temp(E) pcspkr(E) ipmi_msghandler(E) xfs(E) libcrc32c(E) ast(E) i2c_algo_bit(E) crct10dif_pclmul(E) drm_shmem_helper(E) nvme_tcp(E) crc32_pclmul(E) ahci(E) drm_kms_helper(E) libahci(E) nvme_fabrics(E) crc32c_intel(E) nvme(E) cdc_ether(E) mlx5_core(E) nvme_core(E) usbnet(E) drm(E) libata(E) ccp(E) ghash_clmulni_intel(E) mii(E) t10_pi(E) mlxfw(E) sp5100_tco(E) psample(E) pci_hyperv_intf(E) wmi(E) dm_multipath(E) sunrpc(E) dm_mirror(E) dm_region_hash(E) dm_log(E) dm_mod(E) be2iscsi(E) bnx2i(E) cnic(E) uio(E) cxgb4i(E) cxgb4(E) tls(E) libcxgbi(E) libcxgb(E) qla4xxx(E)\n[ 549.225752] iscsi_boot_sysfs(E) iscsi_tcp(E) libiscsi_tcp(E) libiscsi(E) scsi_transport_iscsi(E) fuse(E) [last unloaded: gsp_log(E)]\n[ 549.326293] CPU: 8 PID: 6314 Comm: insmod Tainted: G E 6.9.0-rc6+ #1\n[ 549.334039] Hardware name: ASRockRack 1U1G-MILAN/N/ROMED8-NL, BIOS L3.12E 09/06/2022\n[ 549.341781] RIP: 0010:r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.347343] Code: 08 00 00 89 da c1 e2 0c 48 8d ac 11 00 10 00 00 48 8b 0c 24 48 85 c9 74 1f c1 e0 0c 4c 8d 6d 30 83 e8 30 89 01 e9 68 ff ff ff \u003c0f\u003e 0b 49 c7 c5 92 ff ff ff e9 5a ff ff ff ba ff ff ff ff be c0 0c\n[ 549.366090] RSP: 0018:ffffacbccaaeb7d0 EFLAGS: 00010246\n[ 549.371315] RAX: 0000000000000000 RBX: 0000000000000012 RCX: 0000000000923e28\n[ 549.378451] RDX: 0000000000000000 RSI: 0000000055555554 RDI: ffffacbccaaeb730\n[ 549.385590] RBP: 0000000000000001 R08: ffff8bd14d235f70 R09: ffff8bd14d235f70\n[ 549.392721] R10: 0000000000000002 R11: ffff8bd14d233864 R12: 0000000000000020\n[ 549.399854] R13: ffffacbccaaeb818 R14: 0000000000000020 R15: ffff8bb298c67000\n[ 549.406988] FS: 00007f5179244740(0000) GS:ffff8bd14d200000(0000) knlGS:0000000000000000\n[ 549.415076] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 549.420829] CR2: 00007fa844000010 CR3: 00000001567dc005 CR4: 0000000000770ef0\n[ 549.427963] PKRU: 55555554\n[ 549.430672] Call Trace:\n[ 549.433126] \u003cTASK\u003e\n[ 549.435233] ? __warn+0x7f/0x130\n[ 549.438473] ? r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.443426] ? report_bug+0x18a/0x1a0\n[ 549.447098] ? handle_bug+0x3c/0x70\n[ 549.450589] ? exc_invalid_op+0x14/0x70\n[ 549.454430] ? asm_exc_invalid_op+0x16/0x20\n[ 549.458619] ? r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.463565] r535_gsp_msg_recv+0x46/0x230 [nvkm]\n[ 549.468257] r535_gsp_rpc_push+0x106/0x160 [nvkm]\n[ 549.473033] r535_gsp_rpc_rm_ctrl_push+0x40/0x130 [nvkm]\n[ 549.478422] nvidia_grid_init_vgpu_types+0xbc/0xe0 [nvkm]\n[ 549.483899] nvidia_grid_init+0xb1/0xd0 [nvkm]\n[ 549.488420] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 549.493213] nvkm_device_pci_probe+0x305/0x420 [nvkm]\n[ 549.498338] local_pci_probe+0x46/\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58018",
"url": "https://www.suse.com/security/cve/CVE-2024-58018"
},
{
"category": "external",
"summary": "SUSE Bug 1238990 for CVE-2024-58018",
"url": "https://bugzilla.suse.com/1238990"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58018"
},
{
"cve": "CVE-2024-58019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvkm/gsp: correctly advance the read pointer of GSP message queue\n\nA GSP event message consists three parts: message header, RPC header,\nmessage body. GSP calculates the number of pages to write from the\ntotal size of a GSP message. This behavior can be observed from the\nmovement of the write pointer.\n\nHowever, nvkm takes only the size of RPC header and message body as\nthe message size when advancing the read pointer. When handling a\ntwo-page GSP message in the non rollback case, It wrongly takes the\nmessage body of the previous message as the message header of the next\nmessage. As the \"message length\" tends to be zero, in the calculation of\nsize needs to be copied (0 - size of (message header)), the size needs to\nbe copied will be \"0xffffffxx\". It also triggers a kernel panic due to a\nNULL pointer error.\n\n[ 547.614102] msg: 00000f90: ff ff ff ff ff ff ff ff 40 d7 18 fb 8b 00 00 00 ........@.......\n[ 547.622533] msg: 00000fa0: 00 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 ................\n[ 547.630965] msg: 00000fb0: ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ................\n[ 547.639397] msg: 00000fc0: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................\n[ 547.647832] nvkm 0000:c1:00.0: gsp: peek msg rpc fn:0 len:0x0/0xffffffffffffffe0\n[ 547.655225] nvkm 0000:c1:00.0: gsp: get msg rpc fn:0 len:0x0/0xffffffffffffffe0\n[ 547.662532] BUG: kernel NULL pointer dereference, address: 0000000000000020\n[ 547.669485] #PF: supervisor read access in kernel mode\n[ 547.674624] #PF: error_code(0x0000) - not-present page\n[ 547.679755] PGD 0 P4D 0\n[ 547.682294] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 547.686643] CPU: 22 PID: 322 Comm: kworker/22:1 Tainted: G E 6.9.0-rc6+ #1\n[ 547.694893] Hardware name: ASRockRack 1U1G-MILAN/N/ROMED8-NL, BIOS L3.12E 09/06/2022\n[ 547.702626] Workqueue: events r535_gsp_msgq_work [nvkm]\n[ 547.707921] RIP: 0010:r535_gsp_msg_recv+0x87/0x230 [nvkm]\n[ 547.713375] Code: 00 8b 70 08 48 89 e1 31 d2 4c 89 f7 e8 12 f5 ff ff 48 89 c5 48 85 c0 0f 84 cf 00 00 00 48 81 fd 00 f0 ff ff 0f 87 c4 00 00 00 \u003c8b\u003e 55 10 41 8b 46 30 85 d2 0f 85 f6 00 00 00 83 f8 04 76 10 ba 05\n[ 547.732119] RSP: 0018:ffffabe440f87e10 EFLAGS: 00010203\n[ 547.737335] RAX: 0000000000000010 RBX: 0000000000000008 RCX: 000000000000003f\n[ 547.744461] RDX: 0000000000000000 RSI: ffffabe4480a8030 RDI: 0000000000000010\n[ 547.751585] RBP: 0000000000000010 R08: 0000000000000000 R09: ffffabe440f87bb0\n[ 547.758707] R10: ffffabe440f87dc8 R11: 0000000000000010 R12: 0000000000000000\n[ 547.765834] R13: 0000000000000000 R14: ffff9351df1e5000 R15: 0000000000000000\n[ 547.772958] FS: 0000000000000000(0000) GS:ffff93708eb00000(0000) knlGS:0000000000000000\n[ 547.781035] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 547.786771] CR2: 0000000000000020 CR3: 00000003cc220002 CR4: 0000000000770ef0\n[ 547.793896] PKRU: 55555554\n[ 547.796600] Call Trace:\n[ 547.799046] \u003cTASK\u003e\n[ 547.801152] ? __die+0x20/0x70\n[ 547.804211] ? page_fault_oops+0x75/0x170\n[ 547.808221] ? print_hex_dump+0x100/0x160\n[ 547.812226] ? exc_page_fault+0x64/0x150\n[ 547.816152] ? asm_exc_page_fault+0x22/0x30\n[ 547.820341] ? r535_gsp_msg_recv+0x87/0x230 [nvkm]\n[ 547.825184] r535_gsp_msgq_work+0x42/0x50 [nvkm]\n[ 547.829845] process_one_work+0x196/0x3d0\n[ 547.833861] worker_thread+0x2fc/0x410\n[ 547.837613] ? __pfx_worker_thread+0x10/0x10\n[ 547.841885] kthread+0xdf/0x110\n[ 547.845031] ? __pfx_kthread+0x10/0x10\n[ 547.848775] ret_from_fork+0x30/0x50\n[ 547.852354] ? __pfx_kthread+0x10/0x10\n[ 547.856097] ret_from_fork_asm+0x1a/0x30\n[ 547.860019] \u003c/TASK\u003e\n[ 547.862208] Modules linked in: nvkm(E) gsp_log(E) snd_seq_dummy(E) snd_hrtimer(E) snd_seq(E) snd_timer(E) snd_seq_device(E) snd(E) soundcore(E) rfkill(E) qrtr(E) vfat(E) fat(E) ipmi_ssif(E) amd_atl(E) intel_rapl_msr(E) intel_rapl_common(E) amd64_edac(E) mlx5_ib(E) edac_mce_amd(E) kvm_amd\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58019",
"url": "https://www.suse.com/security/cve/CVE-2024-58019"
},
{
"category": "external",
"summary": "SUSE Bug 1238997 for CVE-2024-58019",
"url": "https://bugzilla.suse.com/1238997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58019"
},
{
"cve": "CVE-2024-58020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: multitouch: Add NULL check in mt_input_configured\n\ndevm_kasprintf() can return a NULL pointer on failure,but this\nreturned value in mt_input_configured() is not checked.\nAdd NULL check in mt_input_configured(), to handle kernel NULL\npointer dereference error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58020",
"url": "https://www.suse.com/security/cve/CVE-2024-58020"
},
{
"category": "external",
"summary": "SUSE Bug 1239346 for CVE-2024-58020",
"url": "https://bugzilla.suse.com/1239346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58020"
},
{
"cve": "CVE-2024-58034",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58034"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()\n\nAs of_find_node_by_name() release the reference of the argument device\nnode, tegra_emc_find_node_by_ram_code() releases some device nodes while\nstill in use, resulting in possible UAFs. According to the bindings and\nthe in-tree DTS files, the \"emc-tables\" node is always device\u0027s child\nnode with the property \"nvidia,use-ram-code\", and the \"lpddr2\" node is a\nchild of the \"emc-tables\" node. Thus utilize the\nfor_each_child_of_node() macro and of_get_child_by_name() instead of\nof_find_node_by_name() to simplify the code.\n\nThis bug was found by an experimental verification tool that I am\ndeveloping.\n\n[krzysztof: applied v1, adjust the commit msg to incorporate v2 parts]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58034",
"url": "https://www.suse.com/security/cve/CVE-2024-58034"
},
{
"category": "external",
"summary": "SUSE Bug 1238773 for CVE-2024-58034",
"url": "https://bugzilla.suse.com/1238773"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58034"
},
{
"cve": "CVE-2024-58051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi: ipmb: Add check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this\nreturned value is not checked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58051",
"url": "https://www.suse.com/security/cve/CVE-2024-58051"
},
{
"category": "external",
"summary": "SUSE Bug 1238963 for CVE-2024-58051",
"url": "https://bugzilla.suse.com/1238963"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58051"
},
{
"cve": "CVE-2024-58052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table\n\nThe function atomctrl_get_smc_sclk_range_table() does not check the return\nvalue of smu_atom_get_data_table(). If smu_atom_get_data_table() fails to\nretrieve SMU_Info table, it returns NULL which is later dereferenced.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\nIn practice this should never happen as this code only gets called\non polaris chips and the vbios data table will always be present on\nthose chips.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58052",
"url": "https://www.suse.com/security/cve/CVE-2024-58052"
},
{
"category": "external",
"summary": "SUSE Bug 1238986 for CVE-2024-58052",
"url": "https://bugzilla.suse.com/1238986"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58052"
},
{
"cve": "CVE-2024-58054",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58054"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: media: max96712: fix kernel oops when removing module\n\nThe following kernel oops is thrown when trying to remove the max96712\nmodule:\n\nUnable to handle kernel paging request at virtual address 00007375746174db\nMem abort info:\n ESR = 0x0000000096000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=000000010af89000\n[00007375746174db] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 0000000096000004 [#1] PREEMPT SMP\nModules linked in: crct10dif_ce polyval_ce mxc_jpeg_encdec flexcan\n snd_soc_fsl_sai snd_soc_fsl_asoc_card snd_soc_fsl_micfil dwc_mipi_csi2\n imx_csi_formatter polyval_generic v4l2_jpeg imx_pcm_dma can_dev\n snd_soc_imx_audmux snd_soc_wm8962 snd_soc_imx_card snd_soc_fsl_utils\n max96712(C-) rpmsg_ctrl rpmsg_char pwm_fan fuse\n [last unloaded: imx8_isi]\nCPU: 0 UID: 0 PID: 754 Comm: rmmod\n\t Tainted: G C 6.12.0-rc6-06364-g327fec852c31 #17\nTainted: [C]=CRAP\nHardware name: NXP i.MX95 19X19 board (DT)\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : led_put+0x1c/0x40\nlr : v4l2_subdev_put_privacy_led+0x48/0x58\nsp : ffff80008699bbb0\nx29: ffff80008699bbb0 x28: ffff00008ac233c0 x27: 0000000000000000\nx26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\nx23: ffff000080cf1170 x22: ffff00008b53bd00 x21: ffff8000822ad1c8\nx20: ffff000080ff5c00 x19: ffff00008b53be40 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000004 x13: ffff0000800f8010 x12: 0000000000000000\nx11: ffff000082acf5c0 x10: ffff000082acf478 x9 : ffff0000800f8010\nx8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff6364626d\nx5 : 8080808000000000 x4 : 0000000000000020 x3 : 00000000553a3dc1\nx2 : ffff00008ac233c0 x1 : ffff00008ac233c0 x0 : ff00737574617473\nCall trace:\n led_put+0x1c/0x40\n v4l2_subdev_put_privacy_led+0x48/0x58\n v4l2_async_unregister_subdev+0x2c/0x1a4\n max96712_remove+0x1c/0x38 [max96712]\n i2c_device_remove+0x2c/0x9c\n device_remove+0x4c/0x80\n device_release_driver_internal+0x1cc/0x228\n driver_detach+0x4c/0x98\n bus_remove_driver+0x6c/0xbc\n driver_unregister+0x30/0x60\n i2c_del_driver+0x54/0x64\n max96712_i2c_driver_exit+0x18/0x1d0 [max96712]\n __arm64_sys_delete_module+0x1a4/0x290\n invoke_syscall+0x48/0x10c\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0xd8\n el0t_64_sync_handler+0x120/0x12c\n el0t_64_sync+0x190/0x194\nCode: f9000bf3 aa0003f3 f9402800 f9402000 (f9403400)\n---[ end trace 0000000000000000 ]---\n\nThis happens because in v4l2_i2c_subdev_init(), the i2c_set_cliendata()\nis called again and the data is overwritten to point to sd, instead of\npriv. So, in remove(), the wrong pointer is passed to\nv4l2_async_unregister_subdev(), leading to a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58054",
"url": "https://www.suse.com/security/cve/CVE-2024-58054"
},
{
"category": "external",
"summary": "SUSE Bug 1238975 for CVE-2024-58054",
"url": "https://bugzilla.suse.com/1238975"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58054"
},
{
"cve": "CVE-2024-58055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_tcm: Don\u0027t free command immediately\n\nDon\u0027t prematurely free the command. Wait for the status completion of\nthe sense status. It can be freed then. Otherwise we will double-free\nthe command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58055",
"url": "https://www.suse.com/security/cve/CVE-2024-58055"
},
{
"category": "external",
"summary": "SUSE Bug 1238959 for CVE-2024-58055",
"url": "https://bugzilla.suse.com/1238959"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58055"
},
{
"cve": "CVE-2024-58056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: core: Fix ida_free call while not allocated\n\nIn the rproc_alloc() function, on error, put_device(\u0026rproc-\u003edev) is\ncalled, leading to the call of the rproc_type_release() function.\nAn error can occurs before ida_alloc is called.\n\nIn such case in rproc_type_release(), the condition (rproc-\u003eindex \u003e= 0) is\ntrue as rproc-\u003eindex has been initialized to 0.\nida_free() is called reporting a warning:\n[ 4.181906] WARNING: CPU: 1 PID: 24 at lib/idr.c:525 ida_free+0x100/0x164\n[ 4.186378] stm32-display-dsi 5a000000.dsi: Fixed dependency cycle(s) with /soc/dsi@5a000000/panel@0\n[ 4.188854] ida_free called for id=0 which is not allocated.\n[ 4.198256] mipi-dsi 5a000000.dsi.0: Fixed dependency cycle(s) with /soc/dsi@5a000000\n[ 4.203556] Modules linked in: panel_orisetech_otm8009a dw_mipi_dsi_stm(+) gpu_sched dw_mipi_dsi stm32_rproc stm32_crc32 stm32_ipcc(+) optee(+)\n[ 4.224307] CPU: 1 UID: 0 PID: 24 Comm: kworker/u10:0 Not tainted 6.12.0 #442\n[ 4.231481] Hardware name: STM32 (Device Tree Support)\n[ 4.236627] Workqueue: events_unbound deferred_probe_work_func\n[ 4.242504] Call trace:\n[ 4.242522] unwind_backtrace from show_stack+0x10/0x14\n[ 4.250218] show_stack from dump_stack_lvl+0x50/0x64\n[ 4.255274] dump_stack_lvl from __warn+0x80/0x12c\n[ 4.260134] __warn from warn_slowpath_fmt+0x114/0x188\n[ 4.265199] warn_slowpath_fmt from ida_free+0x100/0x164\n[ 4.270565] ida_free from rproc_type_release+0x38/0x60\n[ 4.275832] rproc_type_release from device_release+0x30/0xa0\n[ 4.281601] device_release from kobject_put+0xc4/0x294\n[ 4.286762] kobject_put from rproc_alloc.part.0+0x208/0x28c\n[ 4.292430] rproc_alloc.part.0 from devm_rproc_alloc+0x80/0xc4\n[ 4.298393] devm_rproc_alloc from stm32_rproc_probe+0xd0/0x844 [stm32_rproc]\n[ 4.305575] stm32_rproc_probe [stm32_rproc] from platform_probe+0x5c/0xbc\n\nCalling ida_alloc earlier in rproc_alloc ensures that the rproc-\u003eindex is\nproperly set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58056",
"url": "https://www.suse.com/security/cve/CVE-2024-58056"
},
{
"category": "external",
"summary": "SUSE Bug 1238981 for CVE-2024-58056",
"url": "https://bugzilla.suse.com/1238981"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58056"
},
{
"cve": "CVE-2024-58057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: convert workqueues to unbound\n\nWhen a workqueue is created with `WQ_UNBOUND`, its work items are\nserved by special worker-pools, whose host workers are not bound to\nany specific CPU. In the default configuration (i.e. when\n`queue_delayed_work` and friends do not specify which CPU to run the\nwork item on), `WQ_UNBOUND` allows the work item to be executed on any\nCPU in the same node of the CPU it was enqueued on. While this\nsolution potentially sacrifices locality, it avoids contention with\nother processes that might dominate the CPU time of the processor the\nwork item was scheduled on.\n\nThis is not just a theoretical problem: in a particular scenario\nmisconfigured process was hogging most of the time from CPU0, leaving\nless than 0.5% of its CPU time to the kworker. The IDPF workqueues\nthat were using the kworker on CPU0 suffered large completion delays\nas a result, causing performance degradation, timeouts and eventual\nsystem crash.\n\n\n* I have also run a manual test to gauge the performance\n improvement. The test consists of an antagonist process\n (`./stress --cpu 2`) consuming as much of CPU 0 as possible. This\n process is run under `taskset 01` to bind it to CPU0, and its\n priority is changed with `chrt -pQ 9900 10000 ${pid}` and\n `renice -n -20 ${pid}` after start.\n\n Then, the IDPF driver is forced to prefer CPU0 by editing all calls\n to `queue_delayed_work`, `mod_delayed_work`, etc... to use CPU 0.\n\n Finally, `ktraces` for the workqueue events are collected.\n\n Without the current patch, the antagonist process can force\n arbitrary delays between `workqueue_queue_work` and\n `workqueue_execute_start`, that in my tests were as high as\n `30ms`. With the current patch applied, the workqueue can be\n migrated to another unloaded CPU in the same node, and, keeping\n everything else equal, the maximum delay I could see was `6us`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58057",
"url": "https://www.suse.com/security/cve/CVE-2024-58057"
},
{
"category": "external",
"summary": "SUSE Bug 1238969 for CVE-2024-58057",
"url": "https://bugzilla.suse.com/1238969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58057"
},
{
"cve": "CVE-2024-58058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: skip dumping tnc tree when zroot is null\n\nClearing slab cache will free all znode in memory and make\nc-\u003ezroot.znode = NULL, then dumping tnc tree will access\nc-\u003ezroot.znode which cause null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58058",
"url": "https://www.suse.com/security/cve/CVE-2024-58058"
},
{
"category": "external",
"summary": "SUSE Bug 1238979 for CVE-2024-58058",
"url": "https://bugzilla.suse.com/1238979"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58058"
},
{
"cve": "CVE-2024-58061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: prohibit deactivating all links\n\nIn the internal API this calls this is a WARN_ON, but that\nshould remain since internally we want to know about bugs\nthat may cause this. Prevent deactivating all links in the\ndebugfs write directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58061",
"url": "https://www.suse.com/security/cve/CVE-2024-58061"
},
{
"category": "external",
"summary": "SUSE Bug 1238973 for CVE-2024-58061",
"url": "https://bugzilla.suse.com/1238973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58061"
},
{
"cve": "CVE-2024-58063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: fix memory leaks and invalid access at probe error path\n\nDeinitialize at reverse order when probe fails.\n\nWhen init_sw_vars fails, rtl_deinit_core should not be called, specially\nnow that it destroys the rtl_wq workqueue.\n\nAnd call rtl_pci_deinit and deinit_sw_vars, otherwise, memory will be\nleaked.\n\nRemove pci_set_drvdata call as it will already be cleaned up by the core\ndriver code and could lead to memory leaks too. cf. commit 8d450935ae7f\n(\"wireless: rtlwifi: remove unnecessary pci_set_drvdata()\") and\ncommit 3d86b93064c7 (\"rtlwifi: Fix PCI probe error path orphaned memory\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58063",
"url": "https://www.suse.com/security/cve/CVE-2024-58063"
},
{
"category": "external",
"summary": "SUSE Bug 1238984 for CVE-2024-58063",
"url": "https://bugzilla.suse.com/1238984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58063"
},
{
"cve": "CVE-2024-58069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58069"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read\n\nThe nvmem interface supports variable buffer sizes, while the regmap\ninterface operates with fixed-size storage. If an nvmem client uses a\nbuffer size less than 4 bytes, regmap_read will write out of bounds\nas it expects the buffer to point at an unsigned int.\n\nFix this by using an intermediary unsigned int to hold the value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58069",
"url": "https://www.suse.com/security/cve/CVE-2024-58069"
},
{
"category": "external",
"summary": "SUSE Bug 1238978 for CVE-2024-58069",
"url": "https://bugzilla.suse.com/1238978"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58069"
},
{
"cve": "CVE-2024-58071",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58071"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nteam: prevent adding a device which is already a team device lower\n\nPrevent adding a device which is already a team device lower,\ne.g. adding veth0 if vlan1 was already added and veth0 is a lower of\nvlan1.\n\nThis is not useful in practice and can lead to recursive locking:\n\n$ ip link add veth0 type veth peer name veth1\n$ ip link set veth0 up\n$ ip link set veth1 up\n$ ip link add link veth0 name veth0.1 type vlan protocol 802.1Q id 1\n$ ip link add team0 type team\n$ ip link set veth0.1 down\n$ ip link set veth0.1 master team0\nteam0: Port device veth0.1 added\n$ ip link set veth0 down\n$ ip link set veth0 master team0\n\n============================================\nWARNING: possible recursive locking detected\n6.13.0-rc2-virtme-00441-ga14a429069bb #46 Not tainted\n--------------------------------------------\nip/7684 is trying to acquire lock:\nffff888016848e00 (team-\u003eteam_lock_key){+.+.}-{4:4}, at: team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n\nbut task is already holding lock:\nffff888016848e00 (team-\u003eteam_lock_key){+.+.}-{4:4}, at: team_add_slave (drivers/net/team/team_core.c:1147 drivers/net/team/team_core.c:1977)\n\nother info that might help us debug this:\nPossible unsafe locking scenario:\n\nCPU0\n----\nlock(team-\u003eteam_lock_key);\nlock(team-\u003eteam_lock_key);\n\n*** DEADLOCK ***\n\nMay be due to missing lock nesting notation\n\n2 locks held by ip/7684:\n\nstack backtrace:\nCPU: 3 UID: 0 PID: 7684 Comm: ip Not tainted 6.13.0-rc2-virtme-00441-ga14a429069bb #46\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl (lib/dump_stack.c:122)\nprint_deadlock_bug.cold (kernel/locking/lockdep.c:3040)\n__lock_acquire (kernel/locking/lockdep.c:3893 kernel/locking/lockdep.c:5226)\n? netlink_broadcast_filtered (net/netlink/af_netlink.c:1548)\nlock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 2))\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n? lock_acquire (kernel/locking/lockdep.c:5822)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n__mutex_lock (kernel/locking/mutex.c:587 kernel/locking/mutex.c:735)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n? fib_sync_up (net/ipv4/fib_semantics.c:2167)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\nteam_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\nnotifier_call_chain (kernel/notifier.c:85)\ncall_netdevice_notifiers_info (net/core/dev.c:1996)\n__dev_notify_flags (net/core/dev.c:8993)\n? __dev_change_flags (net/core/dev.c:8975)\ndev_change_flags (net/core/dev.c:9027)\nvlan_device_event (net/8021q/vlan.c:85 net/8021q/vlan.c:470)\n? br_device_event (net/bridge/br.c:143)\nnotifier_call_chain (kernel/notifier.c:85)\ncall_netdevice_notifiers_info (net/core/dev.c:1996)\ndev_open (net/core/dev.c:1519 net/core/dev.c:1505)\nteam_add_slave (drivers/net/team/team_core.c:1219 drivers/net/team/team_core.c:1977)\n? __pfx_team_add_slave (drivers/net/team/team_core.c:1972)\ndo_set_master (net/core/rtnetlink.c:2917)\ndo_setlink.isra.0 (net/core/rtnetlink.c:3117)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58071",
"url": "https://www.suse.com/security/cve/CVE-2024-58071"
},
{
"category": "external",
"summary": "SUSE Bug 1238970 for CVE-2024-58071",
"url": "https://bugzilla.suse.com/1238970"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58071"
},
{
"cve": "CVE-2024-58072",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58072"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: remove unused check_buddy_priv\n\nCommit 2461c7d60f9f (\"rtlwifi: Update header file\") introduced a global\nlist of private data structures.\n\nLater on, commit 26634c4b1868 (\"rtlwifi Modify existing bits to match\nvendor version 2013.02.07\") started adding the private data to that list at\nprobe time and added a hook, check_buddy_priv to find the private data from\na similar device.\n\nHowever, that function was never used.\n\nBesides, though there is a lock for that list, it is never used. And when\nthe probe fails, the private data is never removed from the list. This\nwould cause a second probe to access freed memory.\n\nRemove the unused hook, structures and members, which will prevent the\npotential race condition on the list and its corruption during a second\nprobe when probe fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58072",
"url": "https://www.suse.com/security/cve/CVE-2024-58072"
},
{
"category": "external",
"summary": "SUSE Bug 1238964 for CVE-2024-58072",
"url": "https://bugzilla.suse.com/1238964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58072"
},
{
"cve": "CVE-2024-58076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: gcc-sm6350: Add missing parent_map for two clocks\n\nIf a clk_rcg2 has a parent, it should also have parent_map defined,\notherwise we\u0027ll get a NULL pointer dereference when calling clk_set_rate\nlike the following:\n\n [ 3.388105] Call trace:\n [ 3.390664] qcom_find_src_index+0x3c/0x70 (P)\n [ 3.395301] qcom_find_src_index+0x1c/0x70 (L)\n [ 3.399934] _freq_tbl_determine_rate+0x48/0x100\n [ 3.404753] clk_rcg2_determine_rate+0x1c/0x28\n [ 3.409387] clk_core_determine_round_nolock+0x58/0xe4\n [ 3.421414] clk_core_round_rate_nolock+0x48/0xfc\n [ 3.432974] clk_core_round_rate_nolock+0xd0/0xfc\n [ 3.444483] clk_core_set_rate_nolock+0x8c/0x300\n [ 3.455886] clk_set_rate+0x38/0x14c\n\nAdd the parent_map property for two clocks where it\u0027s missing and also\nun-inline the parent_data as well to keep the matching parent_map and\nparent_data together.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58076",
"url": "https://www.suse.com/security/cve/CVE-2024-58076"
},
{
"category": "external",
"summary": "SUSE Bug 1239037 for CVE-2024-58076",
"url": "https://bugzilla.suse.com/1239037"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58076"
},
{
"cve": "CVE-2024-58078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors\n\nmisc_minor_alloc was allocating id using ida for minor only in case of\nMISC_DYNAMIC_MINOR but misc_minor_free was always freeing ids\nusing ida_free causing a mismatch and following warn:\n\u003e \u003e WARNING: CPU: 0 PID: 159 at lib/idr.c:525 ida_free+0x3e0/0x41f\n\u003e \u003e ida_free called for id=127 which is not allocated.\n\u003e \u003e \u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\n...\n\u003e \u003e [\u003c60941eb4\u003e] ida_free+0x3e0/0x41f\n\u003e \u003e [\u003c605ac993\u003e] misc_minor_free+0x3e/0xbc\n\u003e \u003e [\u003c605acb82\u003e] misc_deregister+0x171/0x1b3\n\nmisc_minor_alloc is changed to allocate id from ida for all minors\nfalling in the range of dynamic/ misc dynamic minors",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58078",
"url": "https://www.suse.com/security/cve/CVE-2024-58078"
},
{
"category": "external",
"summary": "SUSE Bug 1239034 for CVE-2024-58078",
"url": "https://bugzilla.suse.com/1239034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58078"
},
{
"cve": "CVE-2024-58079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix crash during unbind if gpio unit is in use\n\nWe used the wrong device for the device managed functions. We used the\nusb device, when we should be using the interface device.\n\nIf we unbind the driver from the usb interface, the cleanup functions\nare never called. In our case, the IRQ is never disabled.\n\nIf an IRQ is triggered, it will try to access memory sections that are\nalready free, causing an OOPS.\n\nWe cannot use the function devm_request_threaded_irq here. The devm_*\nclean functions may be called after the main structure is released by\nuvc_delete.\n\nLuckily this bug has small impact, as it is only affected by devices\nwith gpio units and the user has to unbind the device, a disconnect will\nnot trigger this error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58079",
"url": "https://www.suse.com/security/cve/CVE-2024-58079"
},
{
"category": "external",
"summary": "SUSE Bug 1239029 for CVE-2024-58079",
"url": "https://bugzilla.suse.com/1239029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58079"
},
{
"cve": "CVE-2024-58080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: dispcc-sm6350: Add missing parent_map for a clock\n\nIf a clk_rcg2 has a parent, it should also have parent_map defined,\notherwise we\u0027ll get a NULL pointer dereference when calling clk_set_rate\nlike the following:\n\n [ 3.388105] Call trace:\n [ 3.390664] qcom_find_src_index+0x3c/0x70 (P)\n [ 3.395301] qcom_find_src_index+0x1c/0x70 (L)\n [ 3.399934] _freq_tbl_determine_rate+0x48/0x100\n [ 3.404753] clk_rcg2_determine_rate+0x1c/0x28\n [ 3.409387] clk_core_determine_round_nolock+0x58/0xe4\n [ 3.421414] clk_core_round_rate_nolock+0x48/0xfc\n [ 3.432974] clk_core_round_rate_nolock+0xd0/0xfc\n [ 3.444483] clk_core_set_rate_nolock+0x8c/0x300\n [ 3.455886] clk_set_rate+0x38/0x14c\n\nAdd the parent_map property for the clock where it\u0027s missing and also\nun-inline the parent_data as well to keep the matching parent_map and\nparent_data together.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58080",
"url": "https://www.suse.com/security/cve/CVE-2024-58080"
},
{
"category": "external",
"summary": "SUSE Bug 1239027 for CVE-2024-58080",
"url": "https://bugzilla.suse.com/1239027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58080"
},
{
"cve": "CVE-2024-58083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58083"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Explicitly verify target vCPU is online in kvm_get_vcpu()\n\nExplicitly verify the target vCPU is fully online _prior_ to clamping the\nindex in kvm_get_vcpu(). If the index is \"bad\", the nospec clamping will\ngenerate \u00270\u0027, i.e. KVM will return vCPU0 instead of NULL.\n\nIn practice, the bug is unlikely to cause problems, as it will only come\ninto play if userspace or the guest is buggy or misbehaving, e.g. KVM may\nsend interrupts to vCPU0 instead of dropping them on the floor.\n\nHowever, returning vCPU0 when it shouldn\u0027t exist per online_vcpus is\nproblematic now that KVM uses an xarray for the vCPUs array, as KVM needs\nto insert into the xarray before publishing the vCPU to userspace (see\ncommit c5b077549136 (\"KVM: Convert the kvm-\u003evcpus array to a xarray\")),\ni.e. before vCPU creation is guaranteed to succeed.\n\nAs a result, incorrectly providing access to vCPU0 will trigger a\nuse-after-free if vCPU0 is dereferenced and kvm_vm_ioctl_create_vcpu()\nbails out of vCPU creation due to an error and frees vCPU0. Commit\nafb2acb2e3a3 (\"KVM: Fix vcpu_array[0] races\") papered over that issue, but\nin doing so introduced an unsolvable teardown conundrum. Preventing\naccesses to vCPU0 before it\u0027s fully online will allow reverting commit\nafb2acb2e3a3, without re-introducing the vcpu_array[0] UAF race.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58083",
"url": "https://www.suse.com/security/cve/CVE-2024-58083"
},
{
"category": "external",
"summary": "SUSE Bug 1239036 for CVE-2024-58083",
"url": "https://bugzilla.suse.com/1239036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58083"
},
{
"cve": "CVE-2024-58085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntomoyo: don\u0027t emit warning in tomoyo_write_control()\n\nsyzbot is reporting too large allocation warning at tomoyo_write_control(),\nfor one can write a very very long line without new line character. To fix\nthis warning, I use __GFP_NOWARN rather than checking for KMALLOC_MAX_SIZE,\nfor practically a valid line should be always shorter than 32KB where the\n\"too small to fail\" memory-allocation rule applies.\n\nOne might try to write a valid line that is longer than 32KB, but such\nrequest will likely fail with -ENOMEM. Therefore, I feel that separately\nreturning -EINVAL when a line is longer than KMALLOC_MAX_SIZE is redundant.\nThere is no need to distinguish over-32KB and over-KMALLOC_MAX_SIZE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58085",
"url": "https://www.suse.com/security/cve/CVE-2024-58085"
},
{
"category": "external",
"summary": "SUSE Bug 1239085 for CVE-2024-58085",
"url": "https://bugzilla.suse.com/1239085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58085"
},
{
"cve": "CVE-2024-58086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58086"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Stop active perfmon if it is being destroyed\n\nIf the active performance monitor (`v3d-\u003eactive_perfmon`) is being\ndestroyed, stop it first. Currently, the active perfmon is not\nstopped during destruction, leaving the `v3d-\u003eactive_perfmon` pointer\nstale. This can lead to undefined behavior and instability.\n\nThis patch ensures that the active perfmon is stopped before being\ndestroyed, aligning with the behavior introduced in commit\n7d1fd3638ee3 (\"drm/v3d: Stop the active perfmon before being destroyed\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58086",
"url": "https://www.suse.com/security/cve/CVE-2024-58086"
},
{
"category": "external",
"summary": "SUSE Bug 1239038 for CVE-2024-58086",
"url": "https://bugzilla.suse.com/1239038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58086"
},
{
"cve": "CVE-2025-21631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21631"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: fix waker_bfqq UAF after bfq_split_bfqq()\n\nOur syzkaller report a following UAF for v6.6:\n\nBUG: KASAN: slab-use-after-free in bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958\nRead of size 8 at addr ffff8881b57147d8 by task fsstress/232726\n\nCPU: 2 PID: 232726 Comm: fsstress Not tainted 6.6.0-g3629d1885222 #39\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106\n print_address_description.constprop.0+0x66/0x300 mm/kasan/report.c:364\n print_report+0x3e/0x70 mm/kasan/report.c:475\n kasan_report+0xb8/0xf0 mm/kasan/report.c:588\n hlist_add_head include/linux/list.h:1023 [inline]\n bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958\n bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271\n bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323\n blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660\n blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143\n __submit_bio+0xa0/0x6b0 block/blk-core.c:639\n __submit_bio_noacct_mq block/blk-core.c:718 [inline]\n submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747\n submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847\n __ext4_read_bh fs/ext4/super.c:205 [inline]\n ext4_read_bh+0x15e/0x2e0 fs/ext4/super.c:230\n __read_extent_tree_block+0x304/0x6f0 fs/ext4/extents.c:567\n ext4_find_extent+0x479/0xd20 fs/ext4/extents.c:947\n ext4_ext_map_blocks+0x1a3/0x2680 fs/ext4/extents.c:4182\n ext4_map_blocks+0x929/0x15a0 fs/ext4/inode.c:660\n ext4_iomap_begin_report+0x298/0x480 fs/ext4/inode.c:3569\n iomap_iter+0x3dd/0x1010 fs/iomap/iter.c:91\n iomap_fiemap+0x1f4/0x360 fs/iomap/fiemap.c:80\n ext4_fiemap+0x181/0x210 fs/ext4/extents.c:5051\n ioctl_fiemap.isra.0+0x1b4/0x290 fs/ioctl.c:220\n do_vfs_ioctl+0x31c/0x11a0 fs/ioctl.c:811\n __do_sys_ioctl fs/ioctl.c:869 [inline]\n __se_sys_ioctl+0xae/0x190 fs/ioctl.c:857\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x70/0x120 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\nAllocated by task 232719:\n kasan_save_stack+0x22/0x50 mm/kasan/common.c:45\n kasan_set_track+0x25/0x30 mm/kasan/common.c:52\n __kasan_slab_alloc+0x87/0x90 mm/kasan/common.c:328\n kasan_slab_alloc include/linux/kasan.h:188 [inline]\n slab_post_alloc_hook mm/slab.h:768 [inline]\n slab_alloc_node mm/slub.c:3492 [inline]\n kmem_cache_alloc_node+0x1b8/0x6f0 mm/slub.c:3537\n bfq_get_queue+0x215/0x1f00 block/bfq-iosched.c:5869\n bfq_get_bfqq_handle_split+0x167/0x5f0 block/bfq-iosched.c:6776\n bfq_init_rq+0x13a4/0x17a0 block/bfq-iosched.c:6938\n bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271\n bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323\n blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660\n blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143\n __submit_bio+0xa0/0x6b0 block/blk-core.c:639\n __submit_bio_noacct_mq block/blk-core.c:718 [inline]\n submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747\n submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847\n __ext4_read_bh fs/ext4/super.c:205 [inline]\n ext4_read_bh_nowait+0x15a/0x240 fs/ext4/super.c:217\n ext4_read_bh_lock+0xac/0xd0 fs/ext4/super.c:242\n ext4_bread_batch+0x268/0x500 fs/ext4/inode.c:958\n __ext4_find_entry+0x448/0x10f0 fs/ext4/namei.c:1671\n ext4_lookup_entry fs/ext4/namei.c:1774 [inline]\n ext4_lookup.part.0+0x359/0x6f0 fs/ext4/namei.c:1842\n ext4_lookup+0x72/0x90 fs/ext4/namei.c:1839\n __lookup_slow+0x257/0x480 fs/namei.c:1696\n lookup_slow fs/namei.c:1713 [inline]\n walk_component+0x454/0x5c0 fs/namei.c:2004\n link_path_walk.part.0+0x773/0xda0 fs/namei.c:2331\n link_path_walk fs/namei.c:3826 [inline]\n path_openat+0x1b9/0x520 fs/namei.c:3826\n do_filp_open+0x1b7/0x400 fs/namei.c:3857\n do_sys_openat2+0x5dc/0x6e0 fs/open.c:1428\n do_sys_open fs/open.c:1443 [inline]\n __do_sys_openat fs/open.c:1459 [inline]\n __se_sys_openat fs/open.c:1454 [inline]\n __x64_sys_openat+0x148/0x200 fs/open.c:1454\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_6\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21631",
"url": "https://www.suse.com/security/cve/CVE-2025-21631"
},
{
"category": "external",
"summary": "SUSE Bug 1236099 for CVE-2025-21631",
"url": "https://bugzilla.suse.com/1236099"
},
{
"category": "external",
"summary": "SUSE Bug 1236100 for CVE-2025-21631",
"url": "https://bugzilla.suse.com/1236100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21631"
},
{
"cve": "CVE-2025-21635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21635"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe per-netns structure can be obtained from the table-\u003edata using\ncontainer_of(), then the \u0027net\u0027 one can be retrieved from the listen\nsocket (if available).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21635",
"url": "https://www.suse.com/security/cve/CVE-2025-21635"
},
{
"category": "external",
"summary": "SUSE Bug 1236111 for CVE-2025-21635",
"url": "https://bugzilla.suse.com/1236111"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21635"
},
{
"cve": "CVE-2025-21636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21636"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.probe_interval\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21636",
"url": "https://www.suse.com/security/cve/CVE-2025-21636"
},
{
"category": "external",
"summary": "SUSE Bug 1236113 for CVE-2025-21636",
"url": "https://bugzilla.suse.com/1236113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21636"
},
{
"cve": "CVE-2025-21637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21637"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: udp_port: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21637",
"url": "https://www.suse.com/security/cve/CVE-2025-21637"
},
{
"category": "external",
"summary": "SUSE Bug 1236114 for CVE-2025-21637",
"url": "https://bugzilla.suse.com/1236114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21637"
},
{
"cve": "CVE-2025-21638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: auth_enable: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21638",
"url": "https://www.suse.com/security/cve/CVE-2025-21638"
},
{
"category": "external",
"summary": "SUSE Bug 1236115 for CVE-2025-21638",
"url": "https://bugzilla.suse.com/1236115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21638"
},
{
"cve": "CVE-2025-21639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21639"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: rto_min/max: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.rto_min/max\u0027 is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21639",
"url": "https://www.suse.com/security/cve/CVE-2025-21639"
},
{
"category": "external",
"summary": "SUSE Bug 1236122 for CVE-2025-21639",
"url": "https://bugzilla.suse.com/1236122"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21639"
},
{
"cve": "CVE-2025-21640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.sctp_hmac_alg\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21640",
"url": "https://www.suse.com/security/cve/CVE-2025-21640"
},
{
"category": "external",
"summary": "SUSE Bug 1236123 for CVE-2025-21640",
"url": "https://bugzilla.suse.com/1236123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21640"
},
{
"cve": "CVE-2025-21647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: add bounds checks to host bulk flow fairness counts\n\nEven though we fixed a logic error in the commit cited below, syzbot\nstill managed to trigger an underflow of the per-host bulk flow\ncounters, leading to an out of bounds memory access.\n\nTo avoid any such logic errors causing out of bounds memory accesses,\nthis commit factors out all accesses to the per-host bulk flow counters\nto a series of helpers that perform bounds-checking before any\nincrements and decrements. This also has the benefit of improving\nreadability by moving the conditional checks for the flow mode into\nthese helpers, instead of having them spread out throughout the\ncode (which was the cause of the original logic error).\n\nAs part of this change, the flow quantum calculation is consolidated\ninto a helper function, which means that the dithering applied to the\nost load scaling is now applied both in the DRR rotation and when a\nsparse flow\u0027s quantum is first initiated. The only user-visible effect\nof this is that the maximum packet size that can be sent while a flow\nstays sparse will now vary with +/- one byte in some cases. This should\nnot make a noticeable difference in practice, and thus it\u0027s not worth\ncomplicating the code to preserve the old behaviour.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21647",
"url": "https://www.suse.com/security/cve/CVE-2025-21647"
},
{
"category": "external",
"summary": "SUSE Bug 1236133 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "external",
"summary": "SUSE Bug 1236134 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21647"
},
{
"cve": "CVE-2025-21659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21659"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdev: prevent accessing NAPI instances from another namespace\n\nThe NAPI IDs were not fully exposed to user space prior to the netlink\nAPI, so they were never namespaced. The netlink API must ensure that\nat the very least NAPI instance belongs to the same netns as the owner\nof the genl sock.\n\nnapi_by_id() can become static now, but it needs to move because of\ndev_get_by_napi_id().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21659",
"url": "https://www.suse.com/security/cve/CVE-2025-21659"
},
{
"category": "external",
"summary": "SUSE Bug 1236206 for CVE-2025-21659",
"url": "https://bugzilla.suse.com/1236206"
},
{
"category": "external",
"summary": "SUSE Bug 1236207 for CVE-2025-21659",
"url": "https://bugzilla.suse.com/1236207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21659"
},
{
"cve": "CVE-2025-21665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilemap: avoid truncating 64-bit offset to 32 bits\n\nOn 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a\n64-bit value to 32 bits, leading to a possible infinite loop when writing\nto an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21665",
"url": "https://www.suse.com/security/cve/CVE-2025-21665"
},
{
"category": "external",
"summary": "SUSE Bug 1236684 for CVE-2025-21665",
"url": "https://bugzilla.suse.com/1236684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21665"
},
{
"cve": "CVE-2025-21666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21666"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: prevent null-ptr-deref in vsock_*[has_data|has_space]\n\nRecent reports have shown how we sometimes call vsock_*_has_data()\nwhen a vsock socket has been de-assigned from a transport (see attached\nlinks), but we shouldn\u0027t.\n\nPrevious commits should have solved the real problems, but we may have\nmore in the future, so to avoid null-ptr-deref, we can return 0\n(no space, no data available) but with a warning.\n\nThis way the code should continue to run in a nearly consistent state\nand have a warning that allows us to debug future problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21666",
"url": "https://www.suse.com/security/cve/CVE-2025-21666"
},
{
"category": "external",
"summary": "SUSE Bug 1236680 for CVE-2025-21666",
"url": "https://bugzilla.suse.com/1236680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21666"
},
{
"cve": "CVE-2025-21667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21667"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: avoid avoid truncating 64-bit offset to 32 bits\n\non 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a\n32-bit position due to folio_next_index() returning an unsigned long.\nThis could lead to an infinite loop when writing to an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21667",
"url": "https://www.suse.com/security/cve/CVE-2025-21667"
},
{
"category": "external",
"summary": "SUSE Bug 1236681 for CVE-2025-21667",
"url": "https://bugzilla.suse.com/1236681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21667"
},
{
"cve": "CVE-2025-21668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8mp-blk-ctrl: add missing loop break condition\n\nCurrently imx8mp_blk_ctrl_remove() will continue the for loop\nuntil an out-of-bounds exception occurs.\n\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : dev_pm_domain_detach+0x8/0x48\nlr : imx8mp_blk_ctrl_shutdown+0x58/0x90\nsp : ffffffc084f8bbf0\nx29: ffffffc084f8bbf0 x28: ffffff80daf32ac0 x27: 0000000000000000\nx26: ffffffc081658d78 x25: 0000000000000001 x24: ffffffc08201b028\nx23: ffffff80d0db9490 x22: ffffffc082340a78 x21: 00000000000005b0\nx20: ffffff80d19bc180 x19: 000000000000000a x18: ffffffffffffffff\nx17: ffffffc080a39e08 x16: ffffffc080a39c98 x15: 4f435f464f006c72\nx14: 0000000000000004 x13: ffffff80d0172110 x12: 0000000000000000\nx11: ffffff80d0537740 x10: ffffff80d05376c0 x9 : ffffffc0808ed2d8\nx8 : ffffffc084f8bab0 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : ffffff80d19b9420 x4 : fffffffe03466e60 x3 : 0000000080800077\nx2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000000\nCall trace:\n dev_pm_domain_detach+0x8/0x48\n platform_shutdown+0x2c/0x48\n device_shutdown+0x158/0x268\n kernel_restart_prepare+0x40/0x58\n kernel_kexec+0x58/0xe8\n __do_sys_reboot+0x198/0x258\n __arm64_sys_reboot+0x2c/0x40\n invoke_syscall+0x5c/0x138\n el0_svc_common.constprop.0+0x48/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x38/0xc8\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x190/0x198\nCode: 8128c2d0 ffffffc0 aa1e03e9 d503201f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21668",
"url": "https://www.suse.com/security/cve/CVE-2025-21668"
},
{
"category": "external",
"summary": "SUSE Bug 1236682 for CVE-2025-21668",
"url": "https://bugzilla.suse.com/1236682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21668"
},
{
"cve": "CVE-2025-21669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21669"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: discard packets if the transport changes\n\nIf the socket has been de-assigned or assigned to another transport,\nwe must discard any packets received because they are not expected\nand would cause issues when we access vsk-\u003etransport.\n\nA possible scenario is described by Hyunwoo Kim in the attached link,\nwhere after a first connect() interrupted by a signal, and a second\nconnect() failed, we can find `vsk-\u003etransport` at NULL, leading to a\nNULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21669",
"url": "https://www.suse.com/security/cve/CVE-2025-21669"
},
{
"category": "external",
"summary": "SUSE Bug 1236683 for CVE-2025-21669",
"url": "https://bugzilla.suse.com/1236683"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21669"
},
{
"cve": "CVE-2025-21670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21670"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/bpf: return early if transport is not assigned\n\nSome of the core functions can only be called if the transport\nhas been assigned.\n\nAs Michal reported, a socket might have the transport at NULL,\nfor example after a failed connect(), causing the following trace:\n\n BUG: kernel NULL pointer dereference, address: 00000000000000a0\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+\n RIP: 0010:vsock_connectible_has_data+0x1f/0x40\n Call Trace:\n vsock_bpf_recvmsg+0xca/0x5e0\n sock_recvmsg+0xb9/0xc0\n __sys_recvfrom+0xb3/0x130\n __x64_sys_recvfrom+0x20/0x30\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nSo we need to check the `vsk-\u003etransport` in vsock_bpf_recvmsg(),\nespecially for connected sockets (stream/seqpacket) as we already\ndo in __vsock_connectible_recvmsg().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21670",
"url": "https://www.suse.com/security/cve/CVE-2025-21670"
},
{
"category": "external",
"summary": "SUSE Bug 1236685 for CVE-2025-21670",
"url": "https://bugzilla.suse.com/1236685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21670"
},
{
"cve": "CVE-2025-21671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21671"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nzram: fix potential UAF of zram table\n\nIf zram_meta_alloc failed early, it frees allocated zram-\u003etable without\nsetting it NULL. Which will potentially cause zram_meta_free to access\nthe table if user reset an failed and uninitialized device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21671",
"url": "https://www.suse.com/security/cve/CVE-2025-21671"
},
{
"category": "external",
"summary": "SUSE Bug 1236692 for CVE-2025-21671",
"url": "https://bugzilla.suse.com/1236692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21671"
},
{
"cve": "CVE-2025-21673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double free of TCP_Server_Info::hostname\n\nWhen shutting down the server in cifs_put_tcp_session(), cifsd thread\nmight be reconnecting to multiple DFS targets before it realizes it\nshould exit the loop, so @server-\u003ehostname can\u0027t be freed as long as\ncifsd thread isn\u0027t done. Otherwise the following can happen:\n\n RIP: 0010:__slab_free+0x223/0x3c0\n Code: 5e 41 5f c3 cc cc cc cc 4c 89 de 4c 89 cf 44 89 44 24 08 4c 89\n 1c 24 e8 fb cf 8e 00 44 8b 44 24 08 4c 8b 1c 24 e9 5f fe ff ff \u003c0f\u003e\n 0b 41 f7 45 08 00 0d 21 00 0f 85 2d ff ff ff e9 1f ff ff ff 80\n RSP: 0018:ffffb26180dbfd08 EFLAGS: 00010246\n RAX: ffff8ea34728e510 RBX: ffff8ea34728e500 RCX: 0000000000800068\n RDX: 0000000000800068 RSI: 0000000000000000 RDI: ffff8ea340042400\n RBP: ffffe112041ca380 R08: 0000000000000001 R09: 0000000000000000\n R10: 6170732e31303000 R11: 70726f632e786563 R12: ffff8ea34728e500\n R13: ffff8ea340042400 R14: ffff8ea34728e500 R15: 0000000000800068\n FS: 0000000000000000(0000) GS:ffff8ea66fd80000(0000)\n 000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ffc25376080 CR3: 000000012a2ba001 CR4:\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? show_trace_log_lvl+0x1c4/0x2df\n ? show_trace_log_lvl+0x1c4/0x2df\n ? __reconnect_target_unlocked+0x3e/0x160 [cifs]\n ? __die_body.cold+0x8/0xd\n ? die+0x2b/0x50\n ? do_trap+0xce/0x120\n ? __slab_free+0x223/0x3c0\n ? do_error_trap+0x65/0x80\n ? __slab_free+0x223/0x3c0\n ? exc_invalid_op+0x4e/0x70\n ? __slab_free+0x223/0x3c0\n ? asm_exc_invalid_op+0x16/0x20\n ? __slab_free+0x223/0x3c0\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? __kmalloc+0x4b/0x140\n __reconnect_target_unlocked+0x3e/0x160 [cifs]\n reconnect_dfs_server+0x145/0x430 [cifs]\n cifs_handle_standard+0x1ad/0x1d0 [cifs]\n cifs_demultiplex_thread+0x592/0x730 [cifs]\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n kthread+0xdd/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x50\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21673",
"url": "https://www.suse.com/security/cve/CVE-2025-21673"
},
{
"category": "external",
"summary": "SUSE Bug 1236689 for CVE-2025-21673",
"url": "https://bugzilla.suse.com/1236689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21673"
},
{
"cve": "CVE-2025-21675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21675"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Clear port select structure when fail to create\n\nClear the port select structure on error so no stale values left after\ndefiners are destroyed. That\u0027s because the mlx5_lag_destroy_definers()\nalways try to destroy all lag definers in the tt_map, so in the flow\nbelow lag definers get double-destroyed and cause kernel crash:\n\n mlx5_lag_port_sel_create()\n mlx5_lag_create_definers()\n mlx5_lag_create_definer() \u003c- Failed on tt 1\n mlx5_lag_destroy_definers() \u003c- definers[tt=0] gets destroyed\n mlx5_lag_port_sel_create()\n mlx5_lag_create_definers()\n mlx5_lag_create_definer() \u003c- Failed on tt 0\n mlx5_lag_destroy_definers() \u003c- definers[tt=0] gets double-destroyed\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008\n Mem abort info:\n ESR = 0x0000000096000005\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x05: level 1 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n user pgtable: 64k pages, 48-bit VAs, pgdp=0000000112ce2e00\n [0000000000000008] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n Modules linked in: iptable_raw bonding ip_gre ip6_gre gre ip6_tunnel tunnel6 geneve ip6_udp_tunnel udp_tunnel ipip tunnel4 ip_tunnel rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) mlx5_fwctl(OE) fwctl(OE) mlx5_core(OE) mlxdevm(OE) ib_core(OE) mlxfw(OE) memtrack(OE) mlx_compat(OE) openvswitch nsh nf_conncount psample xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo xt_addrtype iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter bridge stp llc netconsole overlay efi_pstore sch_fq_codel zram ip_tables crct10dif_ce qemu_fw_cfg fuse ipv6 crc_ccitt [last unloaded: mlx_compat(OE)]\n CPU: 3 UID: 0 PID: 217 Comm: kworker/u53:2 Tainted: G OE 6.11.0+ #2\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\n Workqueue: mlx5_lag mlx5_do_bond_work [mlx5_core]\n pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mlx5_del_flow_rules+0x24/0x2c0 [mlx5_core]\n lr : mlx5_lag_destroy_definer+0x54/0x100 [mlx5_core]\n sp : ffff800085fafb00\n x29: ffff800085fafb00 x28: ffff0000da0c8000 x27: 0000000000000000\n x26: ffff0000da0c8000 x25: ffff0000da0c8000 x24: ffff0000da0c8000\n x23: ffff0000c31f81a0 x22: 0400000000000000 x21: ffff0000da0c8000\n x20: 0000000000000000 x19: 0000000000000001 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff8b0c9350\n x14: 0000000000000000 x13: ffff800081390d18 x12: ffff800081dc3cc0\n x11: 0000000000000001 x10: 0000000000000b10 x9 : ffff80007ab7304c\n x8 : ffff0000d00711f0 x7 : 0000000000000004 x6 : 0000000000000190\n x5 : ffff00027edb3010 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : ffff0000d39b8000 x1 : ffff0000d39b8000 x0 : 0400000000000000\n Call trace:\n mlx5_del_flow_rules+0x24/0x2c0 [mlx5_core]\n mlx5_lag_destroy_definer+0x54/0x100 [mlx5_core]\n mlx5_lag_destroy_definers+0xa0/0x108 [mlx5_core]\n mlx5_lag_port_sel_create+0x2d4/0x6f8 [mlx5_core]\n mlx5_activate_lag+0x60c/0x6f8 [mlx5_core]\n mlx5_do_bond_work+0x284/0x5c8 [mlx5_core]\n process_one_work+0x170/0x3e0\n worker_thread+0x2d8/0x3e0\n kthread+0x11c/0x128\n ret_from_fork+0x10/0x20\n Code: a9025bf5 aa0003f6 a90363f7 f90023f9 (f9400400)\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21675",
"url": "https://www.suse.com/security/cve/CVE-2025-21675"
},
{
"category": "external",
"summary": "SUSE Bug 1236694 for CVE-2025-21675",
"url": "https://bugzilla.suse.com/1236694"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21675"
},
{
"cve": "CVE-2025-21678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: Destroy device along with udp socket\u0027s netns dismantle.\n\ngtp_newlink() links the device to a list in dev_net(dev) instead of\nsrc_net, where a udp tunnel socket is created.\n\nEven when src_net is removed, the device stays alive on dev_net(dev).\nThen, removing src_net triggers the splat below. [0]\n\nIn this example, gtp0 is created in ns2, and the udp socket is created\nin ns1.\n\n ip netns add ns1\n ip netns add ns2\n ip -n ns1 link add netns ns2 name gtp0 type gtp role sgsn\n ip netns del ns1\n\nLet\u0027s link the device to the socket\u0027s netns instead.\n\nNow, gtp_net_exit_batch_rtnl() needs another netdev iteration to remove\nall gtp devices in the netns.\n\n[0]:\nref_tracker: net notrefcnt@000000003d6e7d05 has 1/2 users at\n sk_alloc (./include/net/net_namespace.h:345 net/core/sock.c:2236)\n inet_create (net/ipv4/af_inet.c:326 net/ipv4/af_inet.c:252)\n __sock_create (net/socket.c:1558)\n udp_sock_create4 (net/ipv4/udp_tunnel_core.c:18)\n gtp_create_sock (./include/net/udp_tunnel.h:59 drivers/net/gtp.c:1423)\n gtp_create_sockets (drivers/net/gtp.c:1447)\n gtp_newlink (drivers/net/gtp.c:1507)\n rtnl_newlink (net/core/rtnetlink.c:3786 net/core/rtnetlink.c:3897 net/core/rtnetlink.c:4012)\n rtnetlink_rcv_msg (net/core/rtnetlink.c:6922)\n netlink_rcv_skb (net/netlink/af_netlink.c:2542)\n netlink_unicast (net/netlink/af_netlink.c:1321 net/netlink/af_netlink.c:1347)\n netlink_sendmsg (net/netlink/af_netlink.c:1891)\n ____sys_sendmsg (net/socket.c:711 net/socket.c:726 net/socket.c:2583)\n ___sys_sendmsg (net/socket.c:2639)\n __sys_sendmsg (net/socket.c:2669)\n do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\n\nWARNING: CPU: 1 PID: 60 at lib/ref_tracker.c:179 ref_tracker_dir_exit (lib/ref_tracker.c:179)\nModules linked in:\nCPU: 1 UID: 0 PID: 60 Comm: kworker/u16:2 Not tainted 6.13.0-rc5-00147-g4c1224501e9d #5\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nWorkqueue: netns cleanup_net\nRIP: 0010:ref_tracker_dir_exit (lib/ref_tracker.c:179)\nCode: 00 00 00 fc ff df 4d 8b 26 49 bd 00 01 00 00 00 00 ad de 4c 39 f5 0f 85 df 00 00 00 48 8b 74 24 08 48 89 df e8 a5 cc 12 02 90 \u003c0f\u003e 0b 90 48 8d 6b 44 be 04 00 00 00 48 89 ef e8 80 de 67 ff 48 89\nRSP: 0018:ff11000009a07b60 EFLAGS: 00010286\nRAX: 0000000000002bd3 RBX: ff1100000f4e1aa0 RCX: 1ffffffff0e40ac6\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8423ee3c\nRBP: ff1100000f4e1af0 R08: 0000000000000001 R09: fffffbfff0e395ae\nR10: 0000000000000001 R11: 0000000000036001 R12: ff1100000f4e1af0\nR13: dead000000000100 R14: ff1100000f4e1af0 R15: dffffc0000000000\nFS: 0000000000000000(0000) GS:ff1100006ce80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f9b2464bd98 CR3: 0000000005286005 CR4: 0000000000771ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __warn (kernel/panic.c:748)\n ? ref_tracker_dir_exit (lib/ref_tracker.c:179)\n ? report_bug (lib/bug.c:201 lib/bug.c:219)\n ? handle_bug (arch/x86/kernel/traps.c:285)\n ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1))\n ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621)\n ? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:97 ./arch/x86/include/asm/irqflags.h:155 ./include/linux/spinlock_api_smp.h:151 kernel/locking/spinlock.c:194)\n ? ref_tracker_dir_exit (lib/ref_tracker.c:179)\n ? __pfx_ref_tracker_dir_exit (lib/ref_tracker.c:158)\n ? kfree (mm/slub.c:4613 mm/slub.c:4761)\n net_free (net/core/net_namespace.c:476 net/core/net_namespace.c:467)\n cleanup_net (net/core/net_namespace.c:664 (discriminator 3))\n process_one_work (kernel/workqueue.c:3229)\n worker_thread (kernel/workqueue.c:3304 kernel/workqueue.c:3391\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21678",
"url": "https://www.suse.com/security/cve/CVE-2025-21678"
},
{
"category": "external",
"summary": "SUSE Bug 1236698 for CVE-2025-21678",
"url": "https://bugzilla.suse.com/1236698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21678"
},
{
"cve": "CVE-2025-21680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: Avoid out-of-bounds access in get_imix_entries\n\nPassing a sufficient amount of imix entries leads to invalid access to the\npkt_dev-\u003eimix_entries array because of the incorrect boundary check.\n\nUBSAN: array-index-out-of-bounds in net/core/pktgen.c:874:24\nindex 20 is out of range for type \u0027imix_pkt [20]\u0027\nCPU: 2 PID: 1210 Comm: bash Not tainted 6.10.0-rc1 #121\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl lib/dump_stack.c:117\n__ubsan_handle_out_of_bounds lib/ubsan.c:429\nget_imix_entries net/core/pktgen.c:874\npktgen_if_write net/core/pktgen.c:1063\npde_write fs/proc/inode.c:334\nproc_reg_write fs/proc/inode.c:346\nvfs_write fs/read_write.c:593\nksys_write fs/read_write.c:644\ndo_syscall_64 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe arch/x86/entry/entry_64.S:130\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[ fp: allow to fill the array completely; minor changelog cleanup ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21680",
"url": "https://www.suse.com/security/cve/CVE-2025-21680"
},
{
"category": "external",
"summary": "SUSE Bug 1236700 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "external",
"summary": "SUSE Bug 1236701 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21680"
},
{
"cve": "CVE-2025-21681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: fix lockup on tx to unregistering netdev with carrier\n\nCommit in a fixes tag attempted to fix the issue in the following\nsequence of calls:\n\n do_output\n -\u003e ovs_vport_send\n -\u003e dev_queue_xmit\n -\u003e __dev_queue_xmit\n -\u003e netdev_core_pick_tx\n -\u003e skb_tx_hash\n\nWhen device is unregistering, the \u0027dev-\u003ereal_num_tx_queues\u0027 goes to\nzero and the \u0027while (unlikely(hash \u003e= qcount))\u0027 loop inside the\n\u0027skb_tx_hash\u0027 becomes infinite, locking up the core forever.\n\nBut unfortunately, checking just the carrier status is not enough to\nfix the issue, because some devices may still be in unregistering\nstate while reporting carrier status OK.\n\nOne example of such device is a net/dummy. It sets carrier ON\non start, but it doesn\u0027t implement .ndo_stop to set the carrier off.\nAnd it makes sense, because dummy doesn\u0027t really have a carrier.\nTherefore, while this device is unregistering, it\u0027s still easy to hit\nthe infinite loop in the skb_tx_hash() from the OVS datapath. There\nmight be other drivers that do the same, but dummy by itself is\nimportant for the OVS ecosystem, because it is frequently used as a\npacket sink for tcpdump while debugging OVS deployments. And when the\nissue is hit, the only way to recover is to reboot.\n\nFix that by also checking if the device is running. The running\nstate is handled by the net core during unregistering, so it covers\nunregistering case better, and we don\u0027t really need to send packets\nto devices that are not running anyway.\n\nWhile only checking the running state might be enough, the carrier\ncheck is preserved. The running and the carrier states seem disjoined\nthroughout the code and different drivers. And other core functions\nlike __dev_direct_xmit() check both before attempting to transmit\na packet. So, it seems safer to check both flags in OVS as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21681",
"url": "https://www.suse.com/security/cve/CVE-2025-21681"
},
{
"category": "external",
"summary": "SUSE Bug 1236702 for CVE-2025-21681",
"url": "https://bugzilla.suse.com/1236702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21681"
},
{
"cve": "CVE-2025-21684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21684"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: xilinx: Convert gpio_lock to raw spinlock\n\nirq_chip functions may be called in raw spinlock context. Therefore, we\nmust also use a raw spinlock for our own internal locking.\n\nThis fixes the following lockdep splat:\n\n[ 5.349336] =============================\n[ 5.353349] [ BUG: Invalid wait context ]\n[ 5.357361] 6.13.0-rc5+ #69 Tainted: G W\n[ 5.363031] -----------------------------\n[ 5.367045] kworker/u17:1/44 is trying to lock:\n[ 5.371587] ffffff88018b02c0 (\u0026chip-\u003egpio_lock){....}-{3:3}, at: xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.380079] other info that might help us debug this:\n[ 5.385138] context-{5:5}\n[ 5.387762] 5 locks held by kworker/u17:1/44:\n[ 5.392123] #0: ffffff8800014958 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3204)\n[ 5.402260] #1: ffffffc082fcbdd8 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3205)\n[ 5.411528] #2: ffffff880172c900 (\u0026dev-\u003emutex){....}-{4:4}, at: __device_attach (drivers/base/dd.c:1006)\n[ 5.419929] #3: ffffff88039c8268 (request_class#2){+.+.}-{4:4}, at: __setup_irq (kernel/irq/internals.h:156 kernel/irq/manage.c:1596)\n[ 5.428331] #4: ffffff88039c80c8 (lock_class#2){....}-{2:2}, at: __setup_irq (kernel/irq/manage.c:1614)\n[ 5.436472] stack backtrace:\n[ 5.439359] CPU: 2 UID: 0 PID: 44 Comm: kworker/u17:1 Tainted: G W 6.13.0-rc5+ #69\n[ 5.448690] Tainted: [W]=WARN\n[ 5.451656] Hardware name: xlnx,zynqmp (DT)\n[ 5.455845] Workqueue: events_unbound deferred_probe_work_func\n[ 5.461699] Call trace:\n[ 5.464147] show_stack+0x18/0x24 C\n[ 5.467821] dump_stack_lvl (lib/dump_stack.c:123)\n[ 5.471501] dump_stack (lib/dump_stack.c:130)\n[ 5.474824] __lock_acquire (kernel/locking/lockdep.c:4828 kernel/locking/lockdep.c:4898 kernel/locking/lockdep.c:5176)\n[ 5.478758] lock_acquire (arch/arm64/include/asm/percpu.h:40 kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851 kernel/locking/lockdep.c:5814)\n[ 5.482429] _raw_spin_lock_irqsave (include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\n[ 5.486797] xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.490737] irq_enable (kernel/irq/internals.h:236 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345)\n[ 5.494060] __irq_startup (kernel/irq/internals.h:241 kernel/irq/chip.c:180 kernel/irq/chip.c:250)\n[ 5.497645] irq_startup (kernel/irq/chip.c:270)\n[ 5.501143] __setup_irq (kernel/irq/manage.c:1807)\n[ 5.504728] request_threaded_irq (kernel/irq/manage.c:2208)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21684",
"url": "https://www.suse.com/security/cve/CVE-2025-21684"
},
{
"category": "external",
"summary": "SUSE Bug 1236952 for CVE-2025-21684",
"url": "https://bugzilla.suse.com/1236952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21684"
},
{
"cve": "CVE-2025-21687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/platform: check the bounds of read/write syscalls\n\ncount and offset are passed from user space and not checked, only\noffset is capped to 40 bits, which can be used to read/write out of\nbounds of the device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21687",
"url": "https://www.suse.com/security/cve/CVE-2025-21687"
},
{
"category": "external",
"summary": "SUSE Bug 1237045 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "external",
"summary": "SUSE Bug 1237046 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21687"
},
{
"cve": "CVE-2025-21688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21688"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Assign job pointer to NULL before signaling the fence\n\nIn commit e4b5ccd392b9 (\"drm/v3d: Ensure job pointer is set to NULL\nafter job completion\"), we introduced a change to assign the job pointer\nto NULL after completing a job, indicating job completion.\n\nHowever, this approach created a race condition between the DRM\nscheduler workqueue and the IRQ execution thread. As soon as the fence is\nsignaled in the IRQ execution thread, a new job starts to be executed.\nThis results in a race condition where the IRQ execution thread sets the\njob pointer to NULL simultaneously as the `run_job()` function assigns\na new job to the pointer.\n\nThis race condition can lead to a NULL pointer dereference if the IRQ\nexecution thread sets the job pointer to NULL after `run_job()` assigns\nit to the new job. When the new job completes and the GPU emits an\ninterrupt, `v3d_irq()` is triggered, potentially causing a crash.\n\n[ 466.310099] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0\n[ 466.318928] Mem abort info:\n[ 466.321723] ESR = 0x0000000096000005\n[ 466.325479] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 466.330807] SET = 0, FnV = 0\n[ 466.333864] EA = 0, S1PTW = 0\n[ 466.337010] FSC = 0x05: level 1 translation fault\n[ 466.341900] Data abort info:\n[ 466.344783] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 466.350285] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 466.355350] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 466.360677] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000089772000\n[ 466.367140] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 466.375875] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[ 466.382163] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device algif_hash algif_skcipher af_alg bnep binfmt_misc vc4 snd_soc_hdmi_codec drm_display_helper cec brcmfmac_wcc spidev rpivid_hevc(C) drm_client_lib brcmfmac hci_uart drm_dma_helper pisp_be btbcm brcmutil snd_soc_core aes_ce_blk v4l2_mem2mem bluetooth aes_ce_cipher snd_compress videobuf2_dma_contig ghash_ce cfg80211 gf128mul snd_pcm_dmaengine videobuf2_memops ecdh_generic sha2_ce ecc videobuf2_v4l2 snd_pcm v3d sha256_arm64 rfkill videodev snd_timer sha1_ce libaes gpu_sched snd videobuf2_common sha1_generic drm_shmem_helper mc rp1_pio drm_kms_helper raspberrypi_hwmon spi_bcm2835 gpio_keys i2c_brcmstb rp1 raspberrypi_gpiomem rp1_mailbox rp1_adc nvmem_rmem uio_pdrv_genirq uio i2c_dev drm ledtrig_pattern drm_panel_orientation_quirks backlight fuse dm_mod ip_tables x_tables ipv6\n[ 466.458429] CPU: 0 UID: 1000 PID: 2008 Comm: chromium Tainted: G C 6.13.0-v8+ #18\n[ 466.467336] Tainted: [C]=CRAP\n[ 466.470306] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\n[ 466.476157] pstate: 404000c9 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 466.483143] pc : v3d_irq+0x118/0x2e0 [v3d]\n[ 466.487258] lr : __handle_irq_event_percpu+0x60/0x228\n[ 466.492327] sp : ffffffc080003ea0\n[ 466.495646] x29: ffffffc080003ea0 x28: ffffff80c0c94200 x27: 0000000000000000\n[ 466.502807] x26: ffffffd08dd81d7b x25: ffffff80c0c94200 x24: ffffff8003bdc200\n[ 466.509969] x23: 0000000000000001 x22: 00000000000000a7 x21: 0000000000000000\n[ 466.517130] x20: ffffff8041bb0000 x19: 0000000000000001 x18: 0000000000000000\n[ 466.524291] x17: ffffffafadfb0000 x16: ffffffc080000000 x15: 0000000000000000\n[ 466.531452] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 466.538613] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffffd08c527eb0\n[ 466.545777] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n[ 466.552941] x5 : ffffffd08c4100d0 x4 : ffffffafadfb0000 x3 : ffffffc080003f70\n[ 466.560102] x2 : ffffffc0829e8058 x1 : 0000000000000001 x0 : 0000000000000000\n[ 466.567263] Call trace:\n[ 466.569711] v3d_irq+0x118/0x2e0 [v3d] (P)\n[ 466.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21688",
"url": "https://www.suse.com/security/cve/CVE-2025-21688"
},
{
"category": "external",
"summary": "SUSE Bug 1237007 for CVE-2025-21688",
"url": "https://bugzilla.suse.com/1237007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21688"
},
{
"cve": "CVE-2025-21689",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21689"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()\n\nThis patch addresses a null-ptr-deref in qt2_process_read_urb() due to\nan incorrect bounds check in the following:\n\n if (newport \u003e serial-\u003enum_ports) {\n dev_err(\u0026port-\u003edev,\n \"%s - port change to invalid port: %i\\n\",\n __func__, newport);\n break;\n }\n\nThe condition doesn\u0027t account for the valid range of the serial-\u003eport\nbuffer, which is from 0 to serial-\u003enum_ports - 1. When newport is equal\nto serial-\u003enum_ports, the assignment of \"port\" in the\nfollowing code is out-of-bounds and NULL:\n\n serial_priv-\u003ecurrent_port = newport;\n port = serial-\u003eport[serial_priv-\u003ecurrent_port];\n\nThe fix checks if newport is greater than or equal to serial-\u003enum_ports\nindicating it is out-of-bounds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21689",
"url": "https://www.suse.com/security/cve/CVE-2025-21689"
},
{
"category": "external",
"summary": "SUSE Bug 1237017 for CVE-2025-21689",
"url": "https://bugzilla.suse.com/1237017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21689"
},
{
"cve": "CVE-2025-21690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21690"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Ratelimit warning logs to prevent VM denial of service\n\nIf there\u0027s a persistent error in the hypervisor, the SCSI warning for\nfailed I/O can flood the kernel log and max out CPU utilization,\npreventing troubleshooting from the VM side. Ratelimit the warning so\nit doesn\u0027t DoS the VM.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21690",
"url": "https://www.suse.com/security/cve/CVE-2025-21690"
},
{
"category": "external",
"summary": "SUSE Bug 1237025 for CVE-2025-21690",
"url": "https://bugzilla.suse.com/1237025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21690"
},
{
"cve": "CVE-2025-21692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan \u003cg1042620637@gmail.com\u003e found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [ 18.852298] ------------[ cut here ]------------\n [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [ 18.853743] index 18446744073709551615 is out of range for type \u0027ets_class [16]\u0027\n [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [ 18.856532] Call Trace:\n [ 18.857441] \u003cTASK\u003e\n [ 18.858227] dump_stack_lvl+0xc2/0xf0\n [ 18.859607] dump_stack+0x10/0x20\n [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0\n [ 18.864022] ets_class_change+0x3d6/0x3f0\n [ 18.864322] tc_ctl_tclass+0x251/0x910\n [ 18.864587] ? lock_acquire+0x5e/0x140\n [ 18.865113] ? __mutex_lock+0x9c/0xe70\n [ 18.866009] ? __mutex_lock+0xa34/0xe70\n [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0\n [ 18.866806] ? __lock_acquire+0x578/0xc10\n [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [ 18.867503] netlink_rcv_skb+0x59/0x110\n [ 18.867776] rtnetlink_rcv+0x15/0x30\n [ 18.868159] netlink_unicast+0x1c3/0x2b0\n [ 18.868440] netlink_sendmsg+0x239/0x4b0\n [ 18.868721] ____sys_sendmsg+0x3e2/0x410\n [ 18.869012] ___sys_sendmsg+0x88/0xe0\n [ 18.869276] ? rseq_ip_fixup+0x198/0x260\n [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190\n [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0\n [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220\n [ 18.870547] ? do_syscall_64+0x93/0x150\n [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290\n [ 18.871157] __sys_sendmsg+0x69/0xd0\n [ 18.871416] __x64_sys_sendmsg+0x1d/0x30\n [ 18.871699] x64_sys_call+0x9e2/0x2670\n [ 18.871979] do_syscall_64+0x87/0x150\n [ 18.873280] ? do_syscall_64+0x93/0x150\n [ 18.874742] ? lock_release+0x7b/0x160\n [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0\n [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210\n [ 18.879608] ? irqentry_exit+0x77/0xb0\n [ 18.879808] ? clear_bhb_loop+0x15/0x70\n [ 18.880023] ? clear_bhb_loop+0x15/0x70\n [ 18.880223] ? clear_bhb_loop+0x15/0x70\n [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [ 18.880683] RIP: 0033:0x44a957\n [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [ 18.888395] \u003c/TASK\u003e\n [ 18.888610] ---[ end trace ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21692",
"url": "https://www.suse.com/security/cve/CVE-2025-21692"
},
{
"category": "external",
"summary": "SUSE Bug 1237028 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "external",
"summary": "SUSE Bug 1237048 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: zswap: properly synchronize freeing resources during CPU hotunplug\n\nIn zswap_compress() and zswap_decompress(), the per-CPU acomp_ctx of the\ncurrent CPU at the beginning of the operation is retrieved and used\nthroughout. However, since neither preemption nor migration are disabled,\nit is possible that the operation continues on a different CPU.\n\nIf the original CPU is hotunplugged while the acomp_ctx is still in use,\nwe run into a UAF bug as some of the resources attached to the acomp_ctx\nare freed during hotunplug in zswap_cpu_comp_dead() (i.e. \nacomp_ctx.buffer, acomp_ctx.req, or acomp_ctx.acomp).\n\nThe problem was introduced in commit 1ec3b5fe6eec (\"mm/zswap: move to use\ncrypto_acomp API for hardware acceleration\") when the switch to the\ncrypto_acomp API was made. Prior to that, the per-CPU crypto_comp was\nretrieved using get_cpu_ptr() which disables preemption and makes sure the\nCPU cannot go away from under us. Preemption cannot be disabled with the\ncrypto_acomp API as a sleepable context is needed.\n\nUse the acomp_ctx.mutex to synchronize CPU hotplug callbacks allocating\nand freeing resources with compression/decompression paths. Make sure\nthat acomp_ctx.req is NULL when the resources are freed. In the\ncompression/decompression paths, check if acomp_ctx.req is NULL after\nacquiring the mutex (meaning the CPU was offlined) and retry on the new\nCPU.\n\nThe initialization of acomp_ctx.mutex is moved from the CPU hotplug\ncallback to the pool initialization where it belongs (where the mutex is\nallocated). In addition to adding clarity, this makes sure that CPU\nhotplug cannot reinitialize a mutex that is already locked by\ncompression/decompression.\n\nPreviously a fix was attempted by holding cpus_read_lock() [1]. This\nwould have caused a potential deadlock as it is possible for code already\nholding the lock to fall into reclaim and enter zswap (causing a\ndeadlock). A fix was also attempted using SRCU for synchronization, but\nJohannes pointed out that synchronize_srcu() cannot be used in CPU hotplug\nnotifiers [2].\n\nAlternative fixes that were considered/attempted and could have worked:\n- Refcounting the per-CPU acomp_ctx. This involves complexity in\n handling the race between the refcount dropping to zero in\n zswap_[de]compress() and the refcount being re-initialized when the\n CPU is onlined.\n- Disabling migration before getting the per-CPU acomp_ctx [3], but\n that\u0027s discouraged and is a much bigger hammer than needed, and could\n result in subtle performance issues.\n\n[1]https://lkml.kernel.org/20241219212437.2714151-1-yosryahmed@google.com/\n[2]https://lkml.kernel.org/20250107074724.1756696-2-yosryahmed@google.com/\n[3]https://lkml.kernel.org/20250107222236.2715883-2-yosryahmed@google.com/\n\n[yosryahmed@google.com: remove comment]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21693",
"url": "https://www.suse.com/security/cve/CVE-2025-21693"
},
{
"category": "external",
"summary": "SUSE Bug 1237029 for CVE-2025-21693",
"url": "https://bugzilla.suse.com/1237029"
},
{
"category": "external",
"summary": "SUSE Bug 1237047 for CVE-2025-21693",
"url": "https://bugzilla.suse.com/1237047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21693"
},
{
"cve": "CVE-2025-21697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Ensure job pointer is set to NULL after job completion\n\nAfter a job completes, the corresponding pointer in the device must\nbe set to NULL. Failing to do so triggers a warning when unloading\nthe driver, as it appears the job is still active. To prevent this,\nassign the job pointer to NULL after completing the job, indicating\nthe job has finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21697",
"url": "https://www.suse.com/security/cve/CVE-2025-21697"
},
{
"category": "external",
"summary": "SUSE Bug 1237132 for CVE-2025-21697",
"url": "https://bugzilla.suse.com/1237132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "low"
}
],
"title": "CVE-2025-21697"
},
{
"cve": "CVE-2025-21699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Truncate address space when flipping GFS2_DIF_JDATA flag\n\nTruncate an inode\u0027s address space when flipping the GFS2_DIF_JDATA flag:\ndepending on that flag, the pages in the address space will either use\nbuffer heads or iomap_folio_state structs, and we cannot mix the two.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21699",
"url": "https://www.suse.com/security/cve/CVE-2025-21699"
},
{
"category": "external",
"summary": "SUSE Bug 1237139 for CVE-2025-21699",
"url": "https://bugzilla.suse.com/1237139"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21699"
},
{
"cve": "CVE-2025-21700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: Disallow replacing of child qdisc from one parent to another\n\nLion Ackermann was able to create a UAF which can be abused for privilege\nescalation with the following script\n\nStep 1. create root qdisc\ntc qdisc add dev lo root handle 1:0 drr\n\nstep2. a class for packet aggregation do demonstrate uaf\ntc class add dev lo classid 1:1 drr\n\nstep3. a class for nesting\ntc class add dev lo classid 1:2 drr\n\nstep4. a class to graft qdisc to\ntc class add dev lo classid 1:3 drr\n\nstep5.\ntc qdisc add dev lo parent 1:1 handle 2:0 plug limit 1024\n\nstep6.\ntc qdisc add dev lo parent 1:2 handle 3:0 drr\n\nstep7.\ntc class add dev lo classid 3:1 drr\n\nstep 8.\ntc qdisc add dev lo parent 3:1 handle 4:0 pfifo\n\nstep 9. Display the class/qdisc layout\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nstep10. trigger the bug \u003c=== prevented by this patch\ntc qdisc replace dev lo parent 1:3 handle 4:0\n\nstep 11. Redisplay again the qdiscs/classes\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 1:3 root leaf 4: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 refcnt 2 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nObserve that a) parent for 4:0 does not change despite the replace request.\nThere can only be one parent. b) refcount has gone up by two for 4:0 and\nc) both class 1:3 and 3:1 are pointing to it.\n\nStep 12. send one packet to plug\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10001))\nstep13. send one packet to the grafted fifo\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10003))\n\nstep14. lets trigger the uaf\ntc class delete dev lo classid 1:3\ntc class delete dev lo classid 1:1\n\nThe semantics of \"replace\" is for a del/add _on the same node_ and not\na delete from one node(3:1) and add to another node (1:3) as in step10.\nWhile we could \"fix\" with a more complex approach there could be\nconsequences to expectations so the patch takes the preventive approach of\n\"disallow such config\".\n\nJoint work with Lion Ackermann \u003cnnamrec@gmail.com\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21700",
"url": "https://www.suse.com/security/cve/CVE-2025-21700"
},
{
"category": "external",
"summary": "SUSE Bug 1237159 for CVE-2025-21700",
"url": "https://bugzilla.suse.com/1237159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21700"
},
{
"cve": "CVE-2025-21701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: avoid race between device unregistration and ethnl ops\n\nThe following trace can be seen if a device is being unregistered while\nits number of channels are being modified.\n\n DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120\n CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771\n RIP: 0010:__mutex_lock+0xc8a/0x1120\n Call Trace:\n \u003cTASK\u003e\n ethtool_check_max_channel+0x1ea/0x880\n ethnl_set_channels+0x3c3/0xb10\n ethnl_default_set_doit+0x306/0x650\n genl_family_rcv_msg_doit+0x1e3/0x2c0\n genl_rcv_msg+0x432/0x6f0\n netlink_rcv_skb+0x13d/0x3b0\n genl_rcv+0x28/0x40\n netlink_unicast+0x42e/0x720\n netlink_sendmsg+0x765/0xc20\n __sys_sendto+0x3ac/0x420\n __x64_sys_sendto+0xe0/0x1c0\n do_syscall_64+0x95/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThis is because unregister_netdevice_many_notify might run before the\nrtnl lock section of ethnl operations, eg. set_channels in the above\nexample. In this example the rss lock would be destroyed by the device\nunregistration path before being used again, but in general running\nethnl operations while dismantle has started is not a good idea.\n\nFix this by denying any operation on devices being unregistered. A check\nwas already there in ethnl_ops_begin, but not wide enough.\n\nNote that the same issue cannot be seen on the ioctl version\n(__dev_ethtool) because the device reference is retrieved from within\nthe rtnl lock section there. Once dismantle started, the net device is\nunlisted and no reference will be found.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21701",
"url": "https://www.suse.com/security/cve/CVE-2025-21701"
},
{
"category": "external",
"summary": "SUSE Bug 1237164 for CVE-2025-21701",
"url": "https://bugzilla.suse.com/1237164"
},
{
"category": "external",
"summary": "SUSE Bug 1245805 for CVE-2025-21701",
"url": "https://bugzilla.suse.com/1245805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21701"
},
{
"cve": "CVE-2025-21703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: Update sch-\u003eq.qlen before qdisc_tree_reduce_backlog()\n\nqdisc_tree_reduce_backlog() notifies parent qdisc only if child\nqdisc becomes empty, therefore we need to reduce the backlog of the\nchild qdisc before calling it. Otherwise it would miss the opportunity\nto call cops-\u003eqlen_notify(), in the case of DRR, it resulted in UAF\nsince DRR uses -\u003eqlen_notify() to maintain its active list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21703",
"url": "https://www.suse.com/security/cve/CVE-2025-21703"
},
{
"category": "external",
"summary": "SUSE Bug 1237313 for CVE-2025-21703",
"url": "https://bugzilla.suse.com/1237313"
},
{
"category": "external",
"summary": "SUSE Bug 1245796 for CVE-2025-21703",
"url": "https://bugzilla.suse.com/1245796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21703"
},
{
"cve": "CVE-2025-21704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21704"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdc-acm: Check control transfer buffer size before access\n\nIf the first fragment is shorter than struct usb_cdc_notification, we can\u0027t\ncalculate an expected_size. Log an error and discard the notification\ninstead of reading lengths from memory outside the received data, which can\nlead to memory corruption when the expected_size decreases between\nfragments, causing `expected_size - acm-\u003enb_index` to wrap.\n\nThis issue has been present since the beginning of git history; however,\nit only leads to memory corruption since commit ea2583529cd1\n(\"cdc-acm: reassemble fragmented notifications\").\n\nA mitigating factor is that acm_ctrl_irq() can only execute after userspace\nhas opened /dev/ttyACM*; but if ModemManager is running, ModemManager will\ndo that automatically depending on the USB device\u0027s vendor/product IDs and\nits other interfaces.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21704",
"url": "https://www.suse.com/security/cve/CVE-2025-21704"
},
{
"category": "external",
"summary": "SUSE Bug 1237571 for CVE-2025-21704",
"url": "https://bugzilla.suse.com/1237571"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21704"
},
{
"cve": "CVE-2025-21705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21705"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle fastopen disconnect correctly\n\nSyzbot was able to trigger a data stream corruption:\n\n WARNING: CPU: 0 PID: 9846 at net/mptcp/protocol.c:1024 __mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Modules linked in:\n CPU: 0 UID: 0 PID: 9846 Comm: syz-executor351 Not tainted 6.13.0-rc2-syzkaller-00059-g00a5acdbf398 #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\n RIP: 0010:__mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Code: fa ff ff 48 8b 4c 24 18 80 e1 07 fe c1 38 c1 0f 8c 8e fa ff ff 48 8b 7c 24 18 e8 e0 db 54 f6 e9 7f fa ff ff e8 e6 80 ee f5 90 \u003c0f\u003e 0b 90 4c 8b 6c 24 40 4d 89 f4 e9 04 f5 ff ff 44 89 f1 80 e1 07\n RSP: 0018:ffffc9000c0cf400 EFLAGS: 00010293\n RAX: ffffffff8bb0dd5a RBX: ffff888033f5d230 RCX: ffff888059ce8000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000c0cf518 R08: ffffffff8bb0d1dd R09: 1ffff110170c8928\n R10: dffffc0000000000 R11: ffffed10170c8929 R12: 0000000000000000\n R13: ffff888033f5d220 R14: dffffc0000000000 R15: ffff8880592b8000\n FS: 00007f6e866496c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f6e86f491a0 CR3: 00000000310e6000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n __mptcp_clean_una_wakeup+0x7f/0x2d0 net/mptcp/protocol.c:1074\n mptcp_release_cb+0x7cb/0xb30 net/mptcp/protocol.c:3493\n release_sock+0x1aa/0x1f0 net/core/sock.c:3640\n inet_wait_for_connect net/ipv4/af_inet.c:609 [inline]\n __inet_stream_connect+0x8bd/0xf30 net/ipv4/af_inet.c:703\n mptcp_sendmsg_fastopen+0x2a2/0x530 net/mptcp/protocol.c:1755\n mptcp_sendmsg+0x1884/0x1b10 net/mptcp/protocol.c:1830\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f6e86ebfe69\n Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007f6e86649168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f6e86f491b8 RCX: 00007f6e86ebfe69\n RDX: 0000000030004001 RSI: 0000000020000080 RDI: 0000000000000003\n RBP: 00007f6e86f491b0 R08: 00007f6e866496c0 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6e86f491bc\n R13: 000000000000006e R14: 00007ffe445d9420 R15: 00007ffe445d9508\n \u003c/TASK\u003e\n\nThe root cause is the bad handling of disconnect() generated internally\nby the MPTCP protocol in case of connect FASTOPEN errors.\n\nAddress the issue increasing the socket disconnect counter even on such\na case, to allow other threads waiting on the same socket lock to\nproperly error out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21705",
"url": "https://www.suse.com/security/cve/CVE-2025-21705"
},
{
"category": "external",
"summary": "SUSE Bug 1238525 for CVE-2025-21705",
"url": "https://bugzilla.suse.com/1238525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21705"
},
{
"cve": "CVE-2025-21706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21706"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only set fullmesh for subflow endp\n\nWith the in-kernel path-manager, it is possible to change the \u0027fullmesh\u0027\nflag. The code in mptcp_pm_nl_fullmesh() expects to change it only on\n\u0027subflow\u0027 endpoints, to recreate more or less subflows using the linked\naddress.\n\nUnfortunately, the set_flags() hook was a bit more permissive, and\nallowed \u0027implicit\u0027 endpoints to get the \u0027fullmesh\u0027 flag while it is not\nallowed before.\n\nThat\u0027s what syzbot found, triggering the following warning:\n\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 __mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064\n Modules linked in:\n CPU: 0 UID: 0 PID: 6499 Comm: syz.1.413 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n RIP: 0010:__mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]\n RIP: 0010:mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]\n RIP: 0010:mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]\n RIP: 0010:mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064\n Code: 01 00 00 49 89 c5 e8 fb 45 e8 f5 e9 b8 fc ff ff e8 f1 45 e8 f5 4c 89 f7 be 03 00 00 00 e8 44 1d 0b f9 eb a0 e8 dd 45 e8 f5 90 \u003c0f\u003e 0b 90 e9 17 ff ff ff 89 d9 80 e1 07 38 c1 0f 8c c9 fc ff ff 48\n RSP: 0018:ffffc9000d307240 EFLAGS: 00010293\n RAX: ffffffff8bb72e03 RBX: 0000000000000000 RCX: ffff88807da88000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000d307430 R08: ffffffff8bb72cf0 R09: 1ffff1100b842a5e\n R10: dffffc0000000000 R11: ffffed100b842a5f R12: ffff88801e2e5ac0\n R13: ffff88805c214800 R14: ffff88805c2152e8 R15: 1ffff1100b842a5d\n FS: 00005555619f6500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000020002840 CR3: 00000000247e6000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2542\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f5fe8785d29\n Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007fff571f5558 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f5fe8975fa0 RCX: 00007f5fe8785d29\n RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000007\n RBP: 00007f5fe8801b08 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 00007f5fe8975fa0 R14: 00007f5fe8975fa0 R15: 000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21706",
"url": "https://www.suse.com/security/cve/CVE-2025-21706"
},
{
"category": "external",
"summary": "SUSE Bug 1238528 for CVE-2025-21706",
"url": "https://bugzilla.suse.com/1238528"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21706"
},
{
"cve": "CVE-2025-21708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: rtl8150: enable basic endpoint checking\n\nSyzkaller reports [1] encountering a common issue of utilizing a wrong\nusb endpoint type during URB submitting stage. This, in turn, triggers\na warning shown below.\n\nFor now, enable simple endpoint checking (specifically, bulk and\ninterrupt eps, testing control one is not essential) to mitigate\nthe issue with a view to do other related cosmetic changes later,\nif they are necessary.\n\n[1] Syzkaller report:\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 1 PID: 2586 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 driv\u003e\nModules linked in:\nCPU: 1 UID: 0 PID: 2586 Comm: dhcpcd Not tainted 6.11.0-rc4-syzkaller-00069-gfc88bb11617\u003e\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\nCode: 84 3c 02 00 00 e8 05 e4 fc fc 4c 89 ef e8 fd 25 d7 fe 45 89 e0 89 e9 4c 89 f2 48 8\u003e\nRSP: 0018:ffffc9000441f740 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff888112487a00 RCX: ffffffff811a99a9\nRDX: ffff88810df6ba80 RSI: ffffffff811a99b6 RDI: 0000000000000001\nRBP: 0000000000000003 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001\nR13: ffff8881023bf0a8 R14: ffff888112452a20 R15: ffff888112487a7c\nFS: 00007fc04eea5740(0000) GS:ffff8881f6300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f0a1de9f870 CR3: 000000010dbd0000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n rtl8150_open+0x300/0xe30 drivers/net/usb/rtl8150.c:733\n __dev_open+0x2d4/0x4e0 net/core/dev.c:1474\n __dev_change_flags+0x561/0x720 net/core/dev.c:8838\n dev_change_flags+0x8f/0x160 net/core/dev.c:8910\n devinet_ioctl+0x127a/0x1f10 net/ipv4/devinet.c:1177\n inet_ioctl+0x3aa/0x3f0 net/ipv4/af_inet.c:1003\n sock_do_ioctl+0x116/0x280 net/socket.c:1222\n sock_ioctl+0x22e/0x6c0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x193/0x220 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fc04ef73d49\n...\n\nThis change has not been tested on real hardware.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21708",
"url": "https://www.suse.com/security/cve/CVE-2025-21708"
},
{
"category": "external",
"summary": "SUSE Bug 1239087 for CVE-2025-21708",
"url": "https://bugzilla.suse.com/1239087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21708"
},
{
"cve": "CVE-2025-21711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21711"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rose: prevent integer overflows in rose_setsockopt()\n\nIn case of possible unpredictably large arguments passed to\nrose_setsockopt() and multiplied by extra values on top of that,\ninteger overflows may occur.\n\nDo the safest minimum and fix these issues by checking the\ncontents of \u0027opt\u0027 and returning -EINVAL if they are too large. Also,\nswitch to unsigned int and remove useless check for negative \u0027opt\u0027\nin ROSE_IDLE case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21711",
"url": "https://www.suse.com/security/cve/CVE-2025-21711"
},
{
"category": "external",
"summary": "SUSE Bug 1239114 for CVE-2025-21711",
"url": "https://bugzilla.suse.com/1239114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21711"
},
{
"cve": "CVE-2025-21714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21714"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix implicit ODP use after free\n\nPrevent double queueing of implicit ODP mr destroy work by using\n__xa_cmpxchg() to make sure this is the only time we are destroying this\nspecific mr.\n\nWithout this change, we could try to invalidate this mr twice, which in\nturn could result in queuing a MR work destroy twice, and eventually the\nsecond work could execute after the MR was freed due to the first work,\ncausing a user after free and trace below.\n\n refcount_t: underflow; use-after-free.\n WARNING: CPU: 2 PID: 12178 at lib/refcount.c:28 refcount_warn_saturate+0x12b/0x130\n Modules linked in: bonding ib_ipoib vfio_pci ip_gre geneve nf_tables ip6_gre gre ip6_tunnel tunnel6 ipip tunnel4 ib_umad rdma_ucm mlx5_vfio_pci vfio_pci_core vfio_iommu_type1 mlx5_ib vfio ib_uverbs mlx5_core iptable_raw openvswitch nsh rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm ib_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay zram zsmalloc fuse [last unloaded: ib_uverbs]\n CPU: 2 PID: 12178 Comm: kworker/u20:5 Not tainted 6.5.0-rc1_net_next_mlx5_58c644e #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: events_unbound free_implicit_child_mr_work [mlx5_ib]\n RIP: 0010:refcount_warn_saturate+0x12b/0x130\n Code: 48 c7 c7 38 95 2a 82 c6 05 bc c6 fe 00 01 e8 0c 66 aa ff 0f 0b 5b c3 48 c7 c7 e0 94 2a 82 c6 05 a7 c6 fe 00 01 e8 f5 65 aa ff \u003c0f\u003e 0b 5b c3 90 8b 07 3d 00 00 00 c0 74 12 83 f8 01 74 13 8d 50 ff\n RSP: 0018:ffff8881008e3e40 EFLAGS: 00010286\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000027\n RDX: ffff88852c91b5c8 RSI: 0000000000000001 RDI: ffff88852c91b5c0\n RBP: ffff8881dacd4e00 R08: 00000000ffffffff R09: 0000000000000019\n R10: 000000000000072e R11: 0000000063666572 R12: ffff88812bfd9e00\n R13: ffff8881c792d200 R14: ffff88810011c005 R15: ffff8881002099c0\n FS: 0000000000000000(0000) GS:ffff88852c900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f5694b5e000 CR3: 00000001153f6003 CR4: 0000000000370ea0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0x12b/0x130\n free_implicit_child_mr_work+0x180/0x1b0 [mlx5_ib]\n process_one_work+0x1cc/0x3c0\n worker_thread+0x218/0x3c0\n kthread+0xc6/0xf0\n ret_from_fork+0x1f/0x30\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21714",
"url": "https://www.suse.com/security/cve/CVE-2025-21714"
},
{
"category": "external",
"summary": "SUSE Bug 1237890 for CVE-2025-21714",
"url": "https://bugzilla.suse.com/1237890"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21714"
},
{
"cve": "CVE-2025-21715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21715"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: davicom: fix UAF in dm9000_drv_remove\n\ndm is netdev private data and it cannot be\nused after free_netdev() call. Using dm after free_netdev()\ncan cause UAF bug. Fix it by moving free_netdev() at the end of the\nfunction.\n\nThis is similar to the issue fixed in commit\nad297cd2db89 (\"net: qcom/emac: fix UAF in emac_remove\").\n\nThis bug is detected by our static analysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21715",
"url": "https://www.suse.com/security/cve/CVE-2025-21715"
},
{
"category": "external",
"summary": "SUSE Bug 1237889 for CVE-2025-21715",
"url": "https://bugzilla.suse.com/1237889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21715"
},
{
"cve": "CVE-2025-21716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21716"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix uninit-value in vxlan_vnifilter_dump()\n\nKMSAN reported an uninit-value access in vxlan_vnifilter_dump() [1].\n\nIf the length of the netlink message payload is less than\nsizeof(struct tunnel_msg), vxlan_vnifilter_dump() accesses bytes\nbeyond the message. This can lead to uninit-value access. Fix this by\nreturning an error in such situations.\n\n[1]\nBUG: KMSAN: uninit-value in vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6786\n netlink_dump+0x93e/0x15f0 net/netlink/af_netlink.c:2317\n __netlink_dump_start+0x716/0xd60 net/netlink/af_netlink.c:2432\n netlink_dump_start include/linux/netlink.h:340 [inline]\n rtnetlink_dump_start net/core/rtnetlink.c:6815 [inline]\n rtnetlink_rcv_msg+0x1256/0x14a0 net/core/rtnetlink.c:6882\n netlink_rcv_skb+0x467/0x660 net/netlink/af_netlink.c:2542\n rtnetlink_rcv+0x35/0x40 net/core/rtnetlink.c:6944\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0xed6/0x1290 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x1092/0x1230 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4110 [inline]\n slab_alloc_node mm/slub.c:4153 [inline]\n kmem_cache_alloc_node_noprof+0x800/0xe80 mm/slub.c:4205\n kmalloc_reserve+0x13b/0x4b0 net/core/skbuff.c:587\n __alloc_skb+0x347/0x7d0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1323 [inline]\n netlink_alloc_large_skb+0xa5/0x280 net/netlink/af_netlink.c:1196\n netlink_sendmsg+0xac9/0x1230 net/netlink/af_netlink.c:1866\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 30991 Comm: syz.4.10630 Not tainted 6.12.0-10694-gc44daa7e3c73 #29\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21716",
"url": "https://www.suse.com/security/cve/CVE-2025-21716"
},
{
"category": "external",
"summary": "SUSE Bug 1237891 for CVE-2025-21716",
"url": "https://bugzilla.suse.com/1237891"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21716"
},
{
"cve": "CVE-2025-21718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: fix timer races against user threads\n\nRose timers only acquire the socket spinlock, without\nchecking if the socket is owned by one user thread.\n\nAdd a check and rearm the timers if needed.\n\nBUG: KASAN: slab-use-after-free in rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174\nRead of size 2 at addr ffff88802f09b82a by task swapper/0/0\n\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174\n call_timer_fn+0x187/0x650 kernel/time/timer.c:1793\n expire_timers kernel/time/timer.c:1844 [inline]\n __run_timers kernel/time/timer.c:2418 [inline]\n __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2430\n run_timer_base kernel/time/timer.c:2439 [inline]\n run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2449\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21718",
"url": "https://www.suse.com/security/cve/CVE-2025-21718"
},
{
"category": "external",
"summary": "SUSE Bug 1239073 for CVE-2025-21718",
"url": "https://bugzilla.suse.com/1239073"
},
{
"category": "external",
"summary": "SUSE Bug 1239074 for CVE-2025-21718",
"url": "https://bugzilla.suse.com/1239074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21718"
},
{
"cve": "CVE-2025-21719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmr: do not call mr_mfc_uses_dev() for unres entries\n\nsyzbot found that calling mr_mfc_uses_dev() for unres entries\nwould crash [1], because c-\u003emfc_un.res.minvif / c-\u003emfc_un.res.maxvif\nalias to \"struct sk_buff_head unresolved\", which contain two pointers.\n\nThis code never worked, lets remove it.\n\n[1]\nUnable to handle kernel paging request at virtual address ffff5fff2d536613\nKASAN: maybe wild-memory-access in range [0xfffefff96a9b3098-0xfffefff96a9b309f]\nModules linked in:\nCPU: 1 UID: 0 PID: 7321 Comm: syz.0.16 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline]\n pc : mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334\n lr : mr_mfc_uses_dev net/ipv4/ipmr_base.c:289 [inline]\n lr : mr_table_dump+0x694/0x8b0 net/ipv4/ipmr_base.c:334\nCall trace:\n mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline] (P)\n mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334 (P)\n mr_rtm_dumproute+0x254/0x454 net/ipv4/ipmr_base.c:382\n ipmr_rtm_dumproute+0x248/0x4b4 net/ipv4/ipmr.c:2648\n rtnl_dump_all+0x2e4/0x4e8 net/core/rtnetlink.c:4327\n rtnl_dumpit+0x98/0x1d0 net/core/rtnetlink.c:6791\n netlink_dump+0x4f0/0xbc0 net/netlink/af_netlink.c:2317\n netlink_recvmsg+0x56c/0xe64 net/netlink/af_netlink.c:1973\n sock_recvmsg_nosec net/socket.c:1033 [inline]\n sock_recvmsg net/socket.c:1055 [inline]\n sock_read_iter+0x2d8/0x40c net/socket.c:1125\n new_sync_read fs/read_write.c:484 [inline]\n vfs_read+0x740/0x970 fs/read_write.c:565\n ksys_read+0x15c/0x26c fs/read_write.c:708",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21719",
"url": "https://www.suse.com/security/cve/CVE-2025-21719"
},
{
"category": "external",
"summary": "SUSE Bug 1238860 for CVE-2025-21719",
"url": "https://bugzilla.suse.com/1238860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21719"
},
{
"cve": "CVE-2025-21723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21723"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix possible crash when setting up bsg fails\n\nIf bsg_setup_queue() fails, the bsg_queue is assigned a non-NULL value.\nConsequently, in mpi3mr_bsg_exit(), the condition \"if(!mrioc-\u003ebsg_queue)\"\nwill not be satisfied, preventing execution from entering\nbsg_remove_queue(), which could lead to the following crash:\n\nBUG: kernel NULL pointer dereference, address: 000000000000041c\nCall Trace:\n \u003cTASK\u003e\n mpi3mr_bsg_exit+0x1f/0x50 [mpi3mr]\n mpi3mr_remove+0x6f/0x340 [mpi3mr]\n pci_device_remove+0x3f/0xb0\n device_release_driver_internal+0x19d/0x220\n unbind_store+0xa4/0xb0\n kernfs_fop_write_iter+0x11f/0x200\n vfs_write+0x1fc/0x3e0\n ksys_write+0x67/0xe0\n do_syscall_64+0x38/0x80\n entry_SYSCALL_64_after_hwframe+0x78/0xe2",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21723",
"url": "https://www.suse.com/security/cve/CVE-2025-21723"
},
{
"category": "external",
"summary": "SUSE Bug 1238864 for CVE-2025-21723",
"url": "https://bugzilla.suse.com/1238864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21723"
},
{
"cve": "CVE-2025-21724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()\n\nResolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index()\nwhere shifting the constant \"1\" (of type int) by bitmap-\u003emapped.pgshift\n(an unsigned long value) could result in undefined behavior.\n\nThe constant \"1\" defaults to a 32-bit \"int\", and when \"pgshift\" exceeds\n31 (e.g., pgshift = 63) the shift operation overflows, as the result\ncannot be represented in a 32-bit type.\n\nTo resolve this, the constant is updated to \"1UL\", promoting it to an\nunsigned long type to match the operand\u0027s type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21724",
"url": "https://www.suse.com/security/cve/CVE-2025-21724"
},
{
"category": "external",
"summary": "SUSE Bug 1238863 for CVE-2025-21724",
"url": "https://bugzilla.suse.com/1238863"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21724"
},
{
"cve": "CVE-2025-21725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix oops due to unset link speed\n\nIt isn\u0027t guaranteed that NETWORK_INTERFACE_INFO::LinkSpeed will always\nbe set by the server, so the client must handle any values and then\nprevent oopses like below from happening:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 1323 Comm: cat Not tainted 6.13.0-rc7 #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41\n04/01/2014\nRIP: 0010:cifs_debug_data_proc_show+0xa45/0x1460 [cifs] Code: 00 00 48\n89 df e8 3b cd 1b c1 41 f6 44 24 2c 04 0f 84 50 01 00 00 48 89 ef e8\ne7 d0 1b c1 49 8b 44 24 18 31 d2 49 8d 7c 24 28 \u003c48\u003e f7 74 24 18 48 89\nc3 e8 6e cf 1b c1 41 8b 6c 24 28 49 8d 7c 24\nRSP: 0018:ffffc90001817be0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88811230022c RCX: ffffffffc041bd99\nRDX: 0000000000000000 RSI: 0000000000000567 RDI: ffff888112300228\nRBP: ffff888112300218 R08: fffff52000302f5f R09: ffffed1022fa58ac\nR10: ffff888117d2c566 R11: 00000000fffffffe R12: ffff888112300200\nR13: 000000012a15343f R14: 0000000000000001 R15: ffff888113f2db58\nFS: 00007fe27119e740(0000) GS:ffff888148600000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fe2633c5000 CR3: 0000000124da0000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? die+0x2e/0x50\n ? do_trap+0x159/0x1b0\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? do_error_trap+0x90/0x130\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? exc_divide_error+0x39/0x50\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? asm_exc_divide_error+0x1a/0x20\n ? cifs_debug_data_proc_show+0xa39/0x1460 [cifs]\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? seq_read_iter+0x42e/0x790\n seq_read_iter+0x19a/0x790\n proc_reg_read_iter+0xbe/0x110\n ? __pfx_proc_reg_read_iter+0x10/0x10\n vfs_read+0x469/0x570\n ? do_user_addr_fault+0x398/0x760\n ? __pfx_vfs_read+0x10/0x10\n ? find_held_lock+0x8a/0xa0\n ? __pfx_lock_release+0x10/0x10\n ksys_read+0xd3/0x170\n ? __pfx_ksys_read+0x10/0x10\n ? __rcu_read_unlock+0x50/0x270\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe271288911\nCode: 00 48 8b 15 01 25 10 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8\n20 ad 01 00 f3 0f 1e fa 80 3d b5 a7 10 00 00 74 13 31 c0 0f 05 \u003c48\u003e 3d\n00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec\nRSP: 002b:00007ffe87c079d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\nRAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007fe271288911\nRDX: 0000000000040000 RSI: 00007fe2633c6000 RDI: 0000000000000003\nRBP: 00007ffe87c07a00 R08: 0000000000000000 R09: 00007fe2713e6380\nR10: 0000000000000022 R11: 0000000000000246 R12: 0000000000040000\nR13: 00007fe2633c6000 R14: 0000000000000003 R15: 0000000000000000\n \u003c/TASK\u003e\n\nFix this by setting cifs_server_iface::speed to a sane value (1Gbps)\nby default when link speed is unset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21725",
"url": "https://www.suse.com/security/cve/CVE-2025-21725"
},
{
"category": "external",
"summary": "SUSE Bug 1238877 for CVE-2025-21725",
"url": "https://bugzilla.suse.com/1238877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21725"
},
{
"cve": "CVE-2025-21726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21726"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: avoid UAF for reorder_work\n\nAlthough the previous patch can avoid ps and ps UAF for _do_serial, it\ncan not avoid potential UAF issue for reorder_work. This issue can\nhappen just as below:\n\ncrypto_request\t\t\tcrypto_request\t\tcrypto_del_alg\npadata_do_serial\n ...\n padata_reorder\n // processes all remaining\n // requests then breaks\n while (1) {\n if (!padata)\n break;\n ...\n }\n\n\t\t\t\tpadata_do_serial\n\t\t\t\t // new request added\n\t\t\t\t list_add\n // sees the new request\n queue_work(reorder_work)\n\t\t\t\t padata_reorder\n\t\t\t\t queue_work_on(squeue-\u003ework)\n...\n\n\t\t\t\t\u003ckworker context\u003e\n\t\t\t\tpadata_serial_worker\n\t\t\t\t// completes new request,\n\t\t\t\t// no more outstanding\n\t\t\t\t// requests\n\n\t\t\t\t\t\t\tcrypto_del_alg\n\t\t\t\t\t\t\t // free pd\n\n\u003ckworker context\u003e\ninvoke_padata_reorder\n // UAF of pd\n\nTo avoid UAF for \u0027reorder_work\u0027, get \u0027pd\u0027 ref before put \u0027reorder_work\u0027\ninto the \u0027serial_wq\u0027 and put \u0027pd\u0027 ref until the \u0027serial_wq\u0027 finish.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21726",
"url": "https://www.suse.com/security/cve/CVE-2025-21726"
},
{
"category": "external",
"summary": "SUSE Bug 1238865 for CVE-2025-21726",
"url": "https://bugzilla.suse.com/1238865"
},
{
"category": "external",
"summary": "SUSE Bug 1240837 for CVE-2025-21726",
"url": "https://bugzilla.suse.com/1240837"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21726"
},
{
"cve": "CVE-2025-21727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: fix UAF in padata_reorder\n\nA bug was found when run ltp test:\n\nBUG: KASAN: slab-use-after-free in padata_find_next+0x29/0x1a0\nRead of size 4 at addr ffff88bbfe003524 by task kworker/u113:2/3039206\n\nCPU: 0 PID: 3039206 Comm: kworker/u113:2 Kdump: loaded Not tainted 6.6.0+\nWorkqueue: pdecrypt_parallel padata_parallel_worker\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl+0x32/0x50\nprint_address_description.constprop.0+0x6b/0x3d0\nprint_report+0xdd/0x2c0\nkasan_report+0xa5/0xd0\npadata_find_next+0x29/0x1a0\npadata_reorder+0x131/0x220\npadata_parallel_worker+0x3d/0xc0\nprocess_one_work+0x2ec/0x5a0\n\nIf \u0027mdelay(10)\u0027 is added before calling \u0027padata_find_next\u0027 in the\n\u0027padata_reorder\u0027 function, this issue could be reproduced easily with\nltp test (pcrypt_aead01).\n\nThis can be explained as bellow:\n\npcrypt_aead_encrypt\n...\npadata_do_parallel\nrefcount_inc(\u0026pd-\u003erefcnt); // add refcnt\n...\npadata_do_serial\npadata_reorder // pd\nwhile (1) {\npadata_find_next(pd, true); // using pd\nqueue_work_on\n...\npadata_serial_worker\t\t\t\tcrypto_del_alg\npadata_put_pd_cnt // sub refcnt\n\t\t\t\t\t\tpadata_free_shell\n\t\t\t\t\t\tpadata_put_pd(ps-\u003epd);\n\t\t\t\t\t\t// pd is freed\n// loop again, but pd is freed\n// call padata_find_next, UAF\n}\n\nIn the padata_reorder function, when it loops in \u0027while\u0027, if the alg is\ndeleted, the refcnt may be decreased to 0 before entering\n\u0027padata_find_next\u0027, which leads to UAF.\n\nAs mentioned in [1], do_serial is supposed to be called with BHs disabled\nand always happen under RCU protection, to address this issue, add\nsynchronize_rcu() in \u0027padata_free_shell\u0027 wait for all _do_serial calls\nto finish.\n\n[1] https://lore.kernel.org/all/20221028160401.cccypv4euxikusiq@parnassus.localdomain/\n[2] https://lore.kernel.org/linux-kernel/jfjz5d7zwbytztackem7ibzalm5lnxldi2eofeiczqmqs2m7o6@fq426cwnjtkm/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21727",
"url": "https://www.suse.com/security/cve/CVE-2025-21727"
},
{
"category": "external",
"summary": "SUSE Bug 1237876 for CVE-2025-21727",
"url": "https://bugzilla.suse.com/1237876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21727"
},
{
"cve": "CVE-2025-21728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Send signals asynchronously if !preemptible\n\nBPF programs can execute in all kinds of contexts and when a program\nrunning in a non-preemptible context uses the bpf_send_signal() kfunc,\nit will cause issues because this kfunc can sleep.\nChange `irqs_disabled()` to `!preemptible()`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21728",
"url": "https://www.suse.com/security/cve/CVE-2025-21728"
},
{
"category": "external",
"summary": "SUSE Bug 1237879 for CVE-2025-21728",
"url": "https://bugzilla.suse.com/1237879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21728"
},
{
"cve": "CVE-2025-21729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21729"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix race between cancel_hw_scan and hw_scan completion\n\nThe rtwdev-\u003escanning flag isn\u0027t protected by mutex originally, so\ncancel_hw_scan can pass the condition, but suddenly hw_scan completion\nunset the flag and calls ieee80211_scan_completed() that will free\nlocal-\u003ehw_scan_req. Then, cancel_hw_scan raises null-ptr-deref and\nuse-after-free. Fix it by moving the check condition to where\nprotected by mutex.\n\n KASAN: null-ptr-deref in range [0x0000000000000088-0x000000000000008f]\n CPU: 2 PID: 6922 Comm: kworker/2:2 Tainted: G OE\n Hardware name: LENOVO 2356AD1/2356AD1, BIOS G7ETB6WW (2.76 ) 09/10/2019\n Workqueue: events cfg80211_conn_work [cfg80211]\n RIP: 0010:rtw89_fw_h2c_scan_offload_be+0xc33/0x13c3 [rtw89_core]\n Code: 00 45 89 6c 24 1c 0f 85 23 01 00 00 48 8b 85 20 ff ff ff 48 8d\n RSP: 0018:ffff88811fd9f068 EFLAGS: 00010206\n RAX: dffffc0000000000 RBX: ffff88811fd9f258 RCX: 0000000000000001\n RDX: 0000000000000011 RSI: 0000000000000001 RDI: 0000000000000089\n RBP: ffff88811fd9f170 R08: 0000000000000000 R09: 0000000000000000\n R10: ffff88811fd9f108 R11: 0000000000000000 R12: ffff88810e47f960\n R13: 0000000000000000 R14: 000000000000ffff R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff8881d6f00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007531dfca55b0 CR3: 00000001be296004 CR4: 00000000001706e0\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x61/0x73\n ? __die_body+0x20/0x73\n ? die_addr+0x4f/0x7b\n ? exc_general_protection+0x191/0x1db\n ? asm_exc_general_protection+0x27/0x30\n ? rtw89_fw_h2c_scan_offload_be+0xc33/0x13c3 [rtw89_core]\n ? rtw89_fw_h2c_scan_offload_be+0x458/0x13c3 [rtw89_core]\n ? __pfx_rtw89_fw_h2c_scan_offload_be+0x10/0x10 [rtw89_core]\n ? do_raw_spin_lock+0x75/0xdb\n ? __pfx_do_raw_spin_lock+0x10/0x10\n rtw89_hw_scan_offload+0xb5e/0xbf7 [rtw89_core]\n ? _raw_spin_unlock+0xe/0x24\n ? __mutex_lock.constprop.0+0x40c/0x471\n ? __pfx_rtw89_hw_scan_offload+0x10/0x10 [rtw89_core]\n ? __mutex_lock_slowpath+0x13/0x1f\n ? mutex_lock+0xa2/0xdc\n ? __pfx_mutex_lock+0x10/0x10\n rtw89_hw_scan_abort+0x58/0xb7 [rtw89_core]\n rtw89_ops_cancel_hw_scan+0x120/0x13b [rtw89_core]\n ieee80211_scan_cancel+0x468/0x4d0 [mac80211]\n ieee80211_prep_connection+0x858/0x899 [mac80211]\n ieee80211_mgd_auth+0xbea/0xdde [mac80211]\n ? __pfx_ieee80211_mgd_auth+0x10/0x10 [mac80211]\n ? cfg80211_find_elem+0x15/0x29 [cfg80211]\n ? is_bss+0x1b7/0x1d7 [cfg80211]\n ieee80211_auth+0x18/0x27 [mac80211]\n cfg80211_mlme_auth+0x3bb/0x3e7 [cfg80211]\n cfg80211_conn_do_work+0x410/0xb81 [cfg80211]\n ? __pfx_cfg80211_conn_do_work+0x10/0x10 [cfg80211]\n ? __kasan_check_read+0x11/0x1f\n ? psi_group_change+0x8bc/0x944\n ? __kasan_check_write+0x14/0x22\n ? mutex_lock+0x8e/0xdc\n ? __pfx_mutex_lock+0x10/0x10\n ? __pfx___radix_tree_lookup+0x10/0x10\n cfg80211_conn_work+0x245/0x34d [cfg80211]\n ? __pfx_cfg80211_conn_work+0x10/0x10 [cfg80211]\n ? update_cfs_rq_load_avg+0x3bc/0x3d7\n ? sched_clock_noinstr+0x9/0x1a\n ? sched_clock+0x10/0x24\n ? sched_clock_cpu+0x7e/0x42e\n ? newidle_balance+0x796/0x937\n ? __pfx_sched_clock_cpu+0x10/0x10\n ? __pfx_newidle_balance+0x10/0x10\n ? __kasan_check_read+0x11/0x1f\n ? psi_group_change+0x8bc/0x944\n ? _raw_spin_unlock+0xe/0x24\n ? raw_spin_rq_unlock+0x47/0x54\n ? raw_spin_rq_unlock_irq+0x9/0x1f\n ? finish_task_switch.isra.0+0x347/0x586\n ? __schedule+0x27bf/0x2892\n ? mutex_unlock+0x80/0xd0\n ? do_raw_spin_lock+0x75/0xdb\n ? __pfx___schedule+0x10/0x10\n process_scheduled_works+0x58c/0x821\n worker_thread+0x4c7/0x586\n ? __kasan_check_read+0x11/0x1f\n kthread+0x285/0x294\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x6f\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21729",
"url": "https://www.suse.com/security/cve/CVE-2025-21729"
},
{
"category": "external",
"summary": "SUSE Bug 1237874 for CVE-2025-21729",
"url": "https://bugzilla.suse.com/1237874"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21729"
},
{
"cve": "CVE-2025-21731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21731"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: don\u0027t allow reconnect after disconnect\n\nFollowing process can cause nbd_config UAF:\n\n1) grab nbd_config temporarily;\n\n2) nbd_genl_disconnect() flush all recv_work() and release the\ninitial reference:\n\n nbd_genl_disconnect\n nbd_disconnect_and_put\n nbd_disconnect\n flush_workqueue(nbd-\u003erecv_workq)\n if (test_and_clear_bit(NBD_RT_HAS_CONFIG_REF, ...))\n nbd_config_put\n -\u003e due to step 1), reference is still not zero\n\n3) nbd_genl_reconfigure() queue recv_work() again;\n\n nbd_genl_reconfigure\n config = nbd_get_config_unlocked(nbd)\n if (!config)\n -\u003e succeed\n if (!test_bit(NBD_RT_BOUND, ...))\n -\u003e succeed\n nbd_reconnect_socket\n queue_work(nbd-\u003erecv_workq, \u0026args-\u003ework)\n\n4) step 1) release the reference;\n\n5) Finially, recv_work() will trigger UAF:\n\n recv_work\n nbd_config_put(nbd)\n -\u003e nbd_config is freed\n atomic_dec(\u0026config-\u003erecv_threads)\n -\u003e UAF\n\nFix the problem by clearing NBD_RT_BOUND in nbd_genl_disconnect(), so\nthat nbd_genl_reconfigure() will fail.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21731",
"url": "https://www.suse.com/security/cve/CVE-2025-21731"
},
{
"category": "external",
"summary": "SUSE Bug 1237881 for CVE-2025-21731",
"url": "https://bugzilla.suse.com/1237881"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21731"
},
{
"cve": "CVE-2025-21732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21732"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error\n\nThis patch addresses a race condition for an ODP MR that can result in a\nCQE with an error on the UMR QP.\n\nDuring the __mlx5_ib_dereg_mr() flow, the following sequence of calls\noccurs:\n\nmlx5_revoke_mr()\n mlx5r_umr_revoke_mr()\n mlx5r_umr_post_send_wait()\n\nAt this point, the lkey is freed from the hardware\u0027s perspective.\n\nHowever, concurrently, mlx5_ib_invalidate_range() might be triggered by\nanother task attempting to invalidate a range for the same freed lkey.\n\nThis task will:\n - Acquire the umem_odp-\u003eumem_mutex lock.\n - Call mlx5r_umr_update_xlt() on the UMR QP.\n - Since the lkey has already been freed, this can lead to a CQE error,\n causing the UMR QP to enter an error state [1].\n\nTo resolve this race condition, the umem_odp-\u003eumem_mutex lock is now also\nacquired as part of the mlx5_revoke_mr() scope. Upon successful revoke,\nwe set umem_odp-\u003eprivate which points to that MR to NULL, preventing any\nfurther invalidation attempts on its lkey.\n\n[1] From dmesg:\n\n infiniband rocep8s0f0: dump_cqe:277:(pid 0): WC error: 6, Message: memory bind operation error\n cqe_dump: 00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000030: 00 00 00 00 08 00 78 06 25 00 11 b9 00 0e dd d2\n\n WARNING: CPU: 15 PID: 1506 at drivers/infiniband/hw/mlx5/umr.c:394 mlx5r_umr_post_send_wait+0x15a/0x2b0 [mlx5_ib]\n Modules linked in: ip6table_mangle ip6table_natip6table_filter ip6_tables iptable_mangle xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_umad ib_ipoib ib_cm mlx5_ib ib_uverbs ib_core fuse mlx5_core\n CPU: 15 UID: 0 PID: 1506 Comm: ibv_rc_pingpong Not tainted 6.12.0-rc7+ #1626\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:mlx5r_umr_post_send_wait+0x15a/0x2b0 [mlx5_ib]\n [..]\n Call Trace:\n \u003cTASK\u003e\n mlx5r_umr_update_xlt+0x23c/0x3e0 [mlx5_ib]\n mlx5_ib_invalidate_range+0x2e1/0x330 [mlx5_ib]\n __mmu_notifier_invalidate_range_start+0x1e1/0x240\n zap_page_range_single+0xf1/0x1a0\n madvise_vma_behavior+0x677/0x6e0\n do_madvise+0x1a2/0x4b0\n __x64_sys_madvise+0x25/0x30\n do_syscall_64+0x6b/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21732",
"url": "https://www.suse.com/security/cve/CVE-2025-21732"
},
{
"category": "external",
"summary": "SUSE Bug 1237877 for CVE-2025-21732",
"url": "https://bugzilla.suse.com/1237877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21732"
},
{
"cve": "CVE-2025-21733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Fix resetting of tracepoints\n\nIf a timerlat tracer is started with the osnoise option OSNOISE_WORKLOAD\ndisabled, but then that option is enabled and timerlat is removed, the\ntracepoints that were enabled on timerlat registration do not get\ndisabled. If the option is disabled again and timelat is started, then it\ntriggers a warning in the tracepoint code due to registering the\ntracepoint again without ever disabling it.\n\nDo not use the same user space defined options to know to disable the\ntracepoints when timerlat is removed. Instead, set a global flag when it\nis enabled and use that flag to know to disable the events.\n\n ~# echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo timerlat \u003e /sys/kernel/tracing/current_tracer\n ~# echo OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo nop \u003e /sys/kernel/tracing/current_tracer\n ~# echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo timerlat \u003e /sys/kernel/tracing/current_tracer\n\nTriggers:\n\n ------------[ cut here ]------------\n WARNING: CPU: 6 PID: 1337 at kernel/tracepoint.c:294 tracepoint_add_func+0x3b6/0x3f0\n Modules linked in:\n CPU: 6 UID: 0 PID: 1337 Comm: rtla Not tainted 6.13.0-rc4-test-00018-ga867c441128e-dirty #73\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:tracepoint_add_func+0x3b6/0x3f0\n Code: 48 8b 53 28 48 8b 73 20 4c 89 04 24 e8 23 59 11 00 4c 8b 04 24 e9 36 fe ff ff 0f 0b b8 ea ff ff ff 45 84 e4 0f 84 68 fe ff ff \u003c0f\u003e 0b e9 61 fe ff ff 48 8b 7b 18 48 85 ff 0f 84 4f ff ff ff 49 8b\n RSP: 0018:ffffb9b003a87ca0 EFLAGS: 00010202\n RAX: 00000000ffffffef RBX: ffffffff92f30860 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffff9bf59e91ccd0 RDI: ffffffff913b6410\n RBP: 000000000000000a R08: 00000000000005c7 R09: 0000000000000002\n R10: ffffb9b003a87ce0 R11: 0000000000000002 R12: 0000000000000001\n R13: ffffb9b003a87ce0 R14: ffffffffffffffef R15: 0000000000000008\n FS: 00007fce81209240(0000) GS:ffff9bf6fdd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055e99b728000 CR3: 00000001277c0002 CR4: 0000000000172ef0\n Call Trace:\n \u003cTASK\u003e\n ? __warn.cold+0xb7/0x14d\n ? tracepoint_add_func+0x3b6/0x3f0\n ? report_bug+0xea/0x170\n ? handle_bug+0x58/0x90\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n ? tracepoint_add_func+0x3b6/0x3f0\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n tracepoint_probe_register+0x78/0xb0\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n osnoise_workload_start+0x2b5/0x370\n timerlat_tracer_init+0x76/0x1b0\n tracing_set_tracer+0x244/0x400\n tracing_set_trace_write+0xa0/0xe0\n vfs_write+0xfc/0x570\n ? do_sys_openat2+0x9c/0xe0\n ksys_write+0x72/0xf0\n do_syscall_64+0x79/0x1c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21733",
"url": "https://www.suse.com/security/cve/CVE-2025-21733"
},
{
"category": "external",
"summary": "SUSE Bug 1238494 for CVE-2025-21733",
"url": "https://bugzilla.suse.com/1238494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21733"
},
{
"cve": "CVE-2025-21734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21734"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix copy buffer page size\n\nFor non-registered buffer, fastrpc driver copies the buffer and\npass it to the remote subsystem. There is a problem with current\nimplementation of page size calculation which is not considering\nthe offset in the calculation. This might lead to passing of\nimproper and out-of-bounds page size which could result in\nmemory issue. Calculate page start and page end using the offset\nadjusted address instead of absolute address.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21734",
"url": "https://www.suse.com/security/cve/CVE-2025-21734"
},
{
"category": "external",
"summary": "SUSE Bug 1238734 for CVE-2025-21734",
"url": "https://bugzilla.suse.com/1238734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21734"
},
{
"cve": "CVE-2025-21735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21735"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: Add bounds checking in nci_hci_create_pipe()\n\nThe \"pipe\" variable is a u8 which comes from the network. If it\u0027s more\nthan 127, then it results in memory corruption in the caller,\nnci_hci_connect_gate().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21735",
"url": "https://www.suse.com/security/cve/CVE-2025-21735"
},
{
"category": "external",
"summary": "SUSE Bug 1238497 for CVE-2025-21735",
"url": "https://bugzilla.suse.com/1238497"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21735"
},
{
"cve": "CVE-2025-21736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21736"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix possible int overflows in nilfs_fiemap()\n\nSince nilfs_bmap_lookup_contig() in nilfs_fiemap() calculates its result\nby being prepared to go through potentially maxblocks == INT_MAX blocks,\nthe value in n may experience an overflow caused by left shift of blkbits.\n\nWhile it is extremely unlikely to occur, play it safe and cast right hand\nexpression to wider type to mitigate the issue.\n\nFound by Linux Verification Center (linuxtesting.org) with static analysis\ntool SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21736",
"url": "https://www.suse.com/security/cve/CVE-2025-21736"
},
{
"category": "external",
"summary": "SUSE Bug 1238715 for CVE-2025-21736",
"url": "https://bugzilla.suse.com/1238715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21736"
},
{
"cve": "CVE-2025-21738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21738"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-sff: Ensure that we cannot write outside the allocated buffer\n\nreveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND ioctl with out_len\nset to 0xd42, SCSI command set to ATA_16 PASS-THROUGH, ATA command set to\nATA_NOP, and protocol set to ATA_PROT_PIO, can cause ata_pio_sector() to\nwrite outside the allocated buffer, overwriting random memory.\n\nWhile a ATA device is supposed to abort a ATA_NOP command, there does seem\nto be a bug either in libata-sff or QEMU, where either this status is not\nset, or the status is cleared before read by ata_sff_hsm_move().\nAnyway, that is most likely a separate bug.\n\nLooking at __atapi_pio_bytes(), it already has a safety check to ensure\nthat __atapi_pio_bytes() cannot write outside the allocated buffer.\n\nAdd a similar check to ata_pio_sector(), such that also ata_pio_sector()\ncannot write outside the allocated buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21738",
"url": "https://www.suse.com/security/cve/CVE-2025-21738"
},
{
"category": "external",
"summary": "SUSE Bug 1238917 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1238917"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21738"
},
{
"cve": "CVE-2025-21739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21739"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix use-after free in init error and remove paths\n\ndevm_blk_crypto_profile_init() registers a cleanup handler to run when\nthe associated (platform-) device is being released. For UFS, the\ncrypto private data and pointers are stored as part of the ufs_hba\u0027s\ndata structure \u0027struct ufs_hba::crypto_profile\u0027. This structure is\nallocated as part of the underlying ufshcd and therefore Scsi_host\nallocation.\n\nDuring driver release or during error handling in ufshcd_pltfrm_init(),\nthis structure is released as part of ufshcd_dealloc_host() before the\n(platform-) device associated with the crypto call above is released.\nOnce this device is released, the crypto cleanup code will run, using\nthe just-released \u0027struct ufs_hba::crypto_profile\u0027. This causes a\nuse-after-free situation:\n\n Call trace:\n kfree+0x60/0x2d8 (P)\n kvfree+0x44/0x60\n blk_crypto_profile_destroy_callback+0x28/0x70\n devm_action_release+0x1c/0x30\n release_nodes+0x6c/0x108\n devres_release_all+0x98/0x100\n device_unbind_cleanup+0x20/0x70\n really_probe+0x218/0x2d0\n\nIn other words, the initialisation code flow is:\n\n platform-device probe\n ufshcd_pltfrm_init()\n ufshcd_alloc_host()\n scsi_host_alloc()\n allocation of struct ufs_hba\n creation of scsi-host devices\n devm_blk_crypto_profile_init()\n devm registration of cleanup handler using platform-device\n\nand during error handling of ufshcd_pltfrm_init() or during driver\nremoval:\n\n ufshcd_dealloc_host()\n scsi_host_put()\n put_device(scsi-host)\n release of struct ufs_hba\n put_device(platform-device)\n crypto cleanup handler\n\nTo fix this use-after free, change ufshcd_alloc_host() to register a\ndevres action to automatically cleanup the underlying SCSI device on\nufshcd destruction, without requiring explicit calls to\nufshcd_dealloc_host(). This way:\n\n * the crypto profile and all other ufs_hba-owned resources are\n destroyed before SCSI (as they\u0027ve been registered after)\n * a memleak is plugged in tc-dwc-g210-pci.c remove() as a\n side-effect\n * EXPORT_SYMBOL_GPL(ufshcd_dealloc_host) can be removed fully as\n it\u0027s not needed anymore\n * no future drivers using ufshcd_alloc_host() could ever forget\n adding the cleanup",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21739",
"url": "https://www.suse.com/security/cve/CVE-2025-21739"
},
{
"category": "external",
"summary": "SUSE Bug 1238506 for CVE-2025-21739",
"url": "https://bugzilla.suse.com/1238506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21739"
},
{
"cve": "CVE-2025-21741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21741"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: fix DPE OoB read\n\nFix an out-of-bounds DPE read, limit the number of processed DPEs to\nthe amount that fits into the fixed-size NDP16 header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21741",
"url": "https://www.suse.com/security/cve/CVE-2025-21741"
},
{
"category": "external",
"summary": "SUSE Bug 1238767 for CVE-2025-21741",
"url": "https://bugzilla.suse.com/1238767"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21741"
},
{
"cve": "CVE-2025-21742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21742"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: use static NDP16 location in URB\n\nOriginal code allowed for the start of NDP16 to be anywhere within the\nURB based on the `wNdpIndex` value in NTH16. Only the start position of\nNDP16 was checked, so it was possible for even the fixed-length part\nof NDP16 to extend past the end of URB, leading to an out-of-bounds\nread.\n\nOn iOS devices, the NDP16 header always directly follows NTH16. Rely on\nand check for this specific format.\n\nThis, along with NCM-specific minimal URB length check that already\nexists, will ensure that the fixed-length part of NDP16 plus a set\namount of DPEs fit within the URB.\n\nNote that this commit alone does not fully address the OoB read.\nThe limit on the amount of DPEs needs to be enforced separately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21742",
"url": "https://www.suse.com/security/cve/CVE-2025-21742"
},
{
"category": "external",
"summary": "SUSE Bug 1238771 for CVE-2025-21742",
"url": "https://bugzilla.suse.com/1238771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21742"
},
{
"cve": "CVE-2025-21743",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21743"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: fix possible overflow in DPE length check\n\nOriginally, it was possible for the DPE length check to overflow if\nwDatagramIndex + wDatagramLength \u003e U16_MAX. This could lead to an OoB\nread.\n\nMove the wDatagramIndex term to the other side of the inequality.\n\nAn existing condition ensures that wDatagramIndex \u003c urb-\u003eactual_length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21743",
"url": "https://www.suse.com/security/cve/CVE-2025-21743"
},
{
"category": "external",
"summary": "SUSE Bug 1238781 for CVE-2025-21743",
"url": "https://bugzilla.suse.com/1238781"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21743"
},
{
"cve": "CVE-2025-21744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21744"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()\n\nOn removal of the device or unloading of the kernel module a potential NULL\npointer dereference occurs.\n\nThe following sequence deletes the interface:\n\n brcmf_detach()\n brcmf_remove_interface()\n brcmf_del_if()\n\nInside the brcmf_del_if() function the drvr-\u003eif2bss[ifidx] is updated to\nBRCMF_BSSIDX_INVALID (-1) if the bsscfgidx matches.\n\nAfter brcmf_remove_interface() call the brcmf_proto_detach() function is\ncalled providing the following sequence:\n\n brcmf_detach()\n brcmf_proto_detach()\n brcmf_proto_msgbuf_detach()\n brcmf_flowring_detach()\n brcmf_msgbuf_delete_flowring()\n brcmf_msgbuf_remove_flowring()\n brcmf_flowring_delete()\n brcmf_get_ifp()\n brcmf_txfinalize()\n\nSince brcmf_get_ip() can and actually will return NULL in this case the\ncall to brcmf_txfinalize() will result in a NULL pointer dereference inside\nbrcmf_txfinalize() when trying to update ifp-\u003endev-\u003estats.tx_errors.\n\nThis will only happen if a flowring still has an skb.\n\nAlthough the NULL pointer dereference has only been seen when trying to\nupdate the tx statistic, all other uses of the ifp pointer have been\nguarded as well with an early return if ifp is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21744",
"url": "https://www.suse.com/security/cve/CVE-2025-21744"
},
{
"category": "external",
"summary": "SUSE Bug 1238903 for CVE-2025-21744",
"url": "https://bugzilla.suse.com/1238903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21744"
},
{
"cve": "CVE-2025-21745",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21745"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage\n\nblkcg_fill_root_iostats() iterates over @block_class\u0027s devices by\nclass_dev_iter_(init|next)(), but does not end iterating with\nclass_dev_iter_exit(), so causes the class\u0027s subsystem refcount leakage.\n\nFix by ending the iterating with class_dev_iter_exit().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21745",
"url": "https://www.suse.com/security/cve/CVE-2025-21745"
},
{
"category": "external",
"summary": "SUSE Bug 1238785 for CVE-2025-21745",
"url": "https://bugzilla.suse.com/1238785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21745"
},
{
"cve": "CVE-2025-21749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21749"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: lock the socket in rose_bind()\n\nsyzbot reported a soft lockup in rose_loopback_timer(),\nwith a repro calling bind() from multiple threads.\n\nrose_bind() must lock the socket to avoid this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21749",
"url": "https://www.suse.com/security/cve/CVE-2025-21749"
},
{
"category": "external",
"summary": "SUSE Bug 1238904 for CVE-2025-21749",
"url": "https://bugzilla.suse.com/1238904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "low"
}
],
"title": "CVE-2025-21749"
},
{
"cve": "CVE-2025-21750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21750"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: Check the return value of of_property_read_string_index()\n\nSomewhen between 6.10 and 6.11 the driver started to crash on my\nMacBookPro14,3. The property doesn\u0027t exist and \u0027tmp\u0027 remains\nuninitialized, so we pass a random pointer to devm_kstrdup().\n\nThe crash I am getting looks like this:\n\nBUG: unable to handle page fault for address: 00007f033c669379\nPF: supervisor read access in kernel mode\nPF: error_code(0x0001) - permissions violation\nPGD 8000000101341067 P4D 8000000101341067 PUD 101340067 PMD 1013bb067 PTE 800000010aee9025\nOops: Oops: 0001 [#1] SMP PTI\nCPU: 4 UID: 0 PID: 827 Comm: (udev-worker) Not tainted 6.11.8-gentoo #1\nHardware name: Apple Inc. MacBookPro14,3/Mac-551B86E5744E2388, BIOS 529.140.2.0.0 06/23/2024\nRIP: 0010:strlen+0x4/0x30\nCode: f7 75 ec 31 c0 c3 cc cc cc cc 48 89 f8 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa \u003c80\u003e 3f 00 74 14 48 89 f8 48 83 c0 01 80 38 00 75 f7 48 29 f8 c3 cc\nRSP: 0018:ffffb4aac0683ad8 EFLAGS: 00010202\nRAX: 00000000ffffffea RBX: 00007f033c669379 RCX: 0000000000000001\nRDX: 0000000000000cc0 RSI: 00007f033c669379 RDI: 00007f033c669379\nRBP: 00000000ffffffea R08: 0000000000000000 R09: 00000000c0ba916a\nR10: ffffffffffffffff R11: ffffffffb61ea260 R12: ffff91f7815b50c8\nR13: 0000000000000cc0 R14: ffff91fafefffe30 R15: ffffb4aac0683b30\nFS: 00007f033ccbe8c0(0000) GS:ffff91faeed00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f033c669379 CR3: 0000000107b1e004 CR4: 00000000003706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x149/0x4c0\n ? raw_spin_rq_lock_nested+0xe/0x20\n ? sched_balance_newidle+0x22b/0x3c0\n ? update_load_avg+0x78/0x770\n ? exc_page_fault+0x6f/0x150\n ? asm_exc_page_fault+0x26/0x30\n ? __pfx_pci_conf1_write+0x10/0x10\n ? strlen+0x4/0x30\n devm_kstrdup+0x25/0x70\n brcmf_of_probe+0x273/0x350 [brcmfmac]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21750",
"url": "https://www.suse.com/security/cve/CVE-2025-21750"
},
{
"category": "external",
"summary": "SUSE Bug 1238905 for CVE-2025-21750",
"url": "https://bugzilla.suse.com/1238905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21750"
},
{
"cve": "CVE-2025-21753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21753"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free when attempting to join an aborted transaction\n\nWhen we are trying to join the current transaction and if it\u0027s aborted,\nwe read its \u0027aborted\u0027 field after unlocking fs_info-\u003etrans_lock and\nwithout holding any extra reference count on it. This means that a\nconcurrent task that is aborting the transaction may free the transaction\nbefore we read its \u0027aborted\u0027 field, leading to a use-after-free.\n\nFix this by reading the \u0027aborted\u0027 field while holding fs_info-\u003etrans_lock\nsince any freeing task must first acquire that lock and set\nfs_info-\u003erunning_transaction to NULL before freeing the transaction.\n\nThis was reported by syzbot and Dmitry with the following stack traces\nfrom KASAN:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n Read of size 4 at addr ffff888011839024 by task kworker/u4:9/1128\n\n CPU: 0 UID: 0 PID: 1128 Comm: kworker/u4:9 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Workqueue: events_unbound btrfs_async_reclaim_data_space\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n flush_space+0x448/0xcf0 fs/btrfs/space-info.c:803\n btrfs_async_reclaim_data_space+0x159/0x510 fs/btrfs/space-info.c:1321\n process_one_work kernel/workqueue.c:3236 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317\n worker_thread+0x870/0xd30 kernel/workqueue.c:3398\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\n Allocated by task 5315:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329\n kmalloc_noprof include/linux/slab.h:901 [inline]\n join_transaction+0x144/0xda0 fs/btrfs/transaction.c:308\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n btrfs_create_common+0x1b2/0x2e0 fs/btrfs/inode.c:6572\n lookup_open fs/namei.c:3649 [inline]\n open_last_lookups fs/namei.c:3748 [inline]\n path_openat+0x1c03/0x3590 fs/namei.c:3984\n do_filp_open+0x27f/0x4e0 fs/namei.c:4014\n do_sys_openat2+0x13e/0x1d0 fs/open.c:1402\n do_sys_open fs/open.c:1417 [inline]\n __do_sys_creat fs/open.c:1495 [inline]\n __se_sys_creat fs/open.c:1489 [inline]\n __x64_sys_creat+0x123/0x170 fs/open.c:1489\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 5336:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2353 [inline]\n slab_free mm/slub.c:4613 [inline]\n kfree+0x196/0x430 mm/slub.c:4761\n cleanup_transaction fs/btrfs/transaction.c:2063 [inline]\n btrfs_commit_transaction+0x2c97/0x3720 fs/btrfs/transaction.c:2598\n insert_balance_item+0x1284/0x20b0 fs/btrfs/volumes.c:3757\n btrfs_balance+0x992/\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21753",
"url": "https://www.suse.com/security/cve/CVE-2025-21753"
},
{
"category": "external",
"summary": "SUSE Bug 1237875 for CVE-2025-21753",
"url": "https://bugzilla.suse.com/1237875"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21753"
},
{
"cve": "CVE-2025-21754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21754"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix assertion failure when splitting ordered extent after transaction abort\n\nIf while we are doing a direct IO write a transaction abort happens, we\nmark all existing ordered extents with the BTRFS_ORDERED_IOERR flag (done\nat btrfs_destroy_ordered_extents()), and then after that if we enter\nbtrfs_split_ordered_extent() and the ordered extent has bytes left\n(meaning we have a bio that doesn\u0027t cover the whole ordered extent, see\ndetails at btrfs_extract_ordered_extent()), we will fail on the following\nassertion at btrfs_split_ordered_extent():\n\n ASSERT(!(flags \u0026 ~BTRFS_ORDERED_TYPE_FLAGS));\n\nbecause the BTRFS_ORDERED_IOERR flag is set and the definition of\nBTRFS_ORDERED_TYPE_FLAGS is just the union of all flags that identify the\ntype of write (regular, nocow, prealloc, compressed, direct IO, encoded).\n\nFix this by returning an error from btrfs_extract_ordered_extent() if we\nfind the BTRFS_ORDERED_IOERR flag in the ordered extent. The error will\nbe the error that resulted in the transaction abort or -EIO if no\ntransaction abort happened.\n\nThis was recently reported by syzbot with the following trace:\n\n FAULT_INJECTION: forcing a failure.\n name failslab, interval 1, probability 0, space 0, times 1\n CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.13.0-rc5-syzkaller #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n fail_dump lib/fault-inject.c:53 [inline]\n should_fail_ex+0x3b0/0x4e0 lib/fault-inject.c:154\n should_failslab+0xac/0x100 mm/failslab.c:46\n slab_pre_alloc_hook mm/slub.c:4072 [inline]\n slab_alloc_node mm/slub.c:4148 [inline]\n __do_kmalloc_node mm/slub.c:4297 [inline]\n __kmalloc_noprof+0xdd/0x4c0 mm/slub.c:4310\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n btrfs_chunk_alloc_add_chunk_item+0x244/0x1100 fs/btrfs/volumes.c:5742\n reserve_chunk_space+0x1ca/0x2c0 fs/btrfs/block-group.c:4292\n check_system_chunk fs/btrfs/block-group.c:4319 [inline]\n do_chunk_alloc fs/btrfs/block-group.c:3891 [inline]\n btrfs_chunk_alloc+0x77b/0xf80 fs/btrfs/block-group.c:4187\n find_free_extent_update_loop fs/btrfs/extent-tree.c:4166 [inline]\n find_free_extent+0x42d1/0x5810 fs/btrfs/extent-tree.c:4579\n btrfs_reserve_extent+0x422/0x810 fs/btrfs/extent-tree.c:4672\n btrfs_new_extent_direct fs/btrfs/direct-io.c:186 [inline]\n btrfs_get_blocks_direct_write+0x706/0xfa0 fs/btrfs/direct-io.c:321\n btrfs_dio_iomap_begin+0xbb7/0x1180 fs/btrfs/direct-io.c:525\n iomap_iter+0x697/0xf60 fs/iomap/iter.c:90\n __iomap_dio_rw+0xeb9/0x25b0 fs/iomap/direct-io.c:702\n btrfs_dio_write fs/btrfs/direct-io.c:775 [inline]\n btrfs_direct_write+0x610/0xa30 fs/btrfs/direct-io.c:880\n btrfs_do_write_iter+0x2a0/0x760 fs/btrfs/file.c:1397\n do_iter_readv_writev+0x600/0x880\n vfs_writev+0x376/0xba0 fs/read_write.c:1050\n do_pwritev fs/read_write.c:1146 [inline]\n __do_sys_pwritev2 fs/read_write.c:1204 [inline]\n __se_sys_pwritev2+0x196/0x2b0 fs/read_write.c:1195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f1281f85d29\n RSP: 002b:00007f12819fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148\n RAX: ffffffffffffffda RBX: 00007f1282176080 RCX: 00007f1281f85d29\n RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000005\n RBP: 00007f12819fe090 R08: 0000000000000000 R09: 0000000000000003\n R10: 0000000000007000 R11: 0000000000000246 R12: 0000000000000002\n R13: 0000000000000000 R14: 00007f1282176080 R15: 00007ffcb9e23328\n \u003c/TASK\u003e\n BTRFS error (device loop0 state A): Transaction aborted (error -12)\n BTRFS: error (device loop0 state A\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21754",
"url": "https://www.suse.com/security/cve/CVE-2025-21754"
},
{
"category": "external",
"summary": "SUSE Bug 1238496 for CVE-2025-21754",
"url": "https://bugzilla.suse.com/1238496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21754"
},
{
"cve": "CVE-2025-21755",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21755"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21755",
"url": "https://www.suse.com/security/cve/CVE-2025-21755"
},
{
"category": "external",
"summary": "SUSE Bug 1237882 for CVE-2025-21755",
"url": "https://bugzilla.suse.com/1237882"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21755"
},
{
"cve": "CVE-2025-21756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Keep the binding until socket destruction\n\nPreserve sockets bindings; this includes both resulting from an explicit\nbind() and those implicitly bound through autobind during connect().\n\nPrevents socket unbinding during a transport reassignment, which fixes a\nuse-after-free:\n\n 1. vsock_create() (refcnt=1) calls vsock_insert_unbound() (refcnt=2)\n 2. transport-\u003erelease() calls vsock_remove_bound() without checking if\n sk was bound and moved to bound list (refcnt=1)\n 3. vsock_bind() assumes sk is in unbound list and before\n __vsock_insert_bound(vsock_bound_sockets()) calls\n __vsock_remove_bound() which does:\n list_del_init(\u0026vsk-\u003ebound_table); // nop\n sock_put(\u0026vsk-\u003esk); // refcnt=0\n\nBUG: KASAN: slab-use-after-free in __vsock_bind+0x62e/0x730\nRead of size 4 at addr ffff88816b46a74c by task a.out/2057\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n __vsock_bind+0x62e/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAllocated by task 2057:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n __vsock_create.constprop.0+0x2e/0xb60\n vsock_create+0xe4/0x420\n __sock_create+0x241/0x650\n __sys_socket+0xf2/0x1a0\n __x64_sys_socket+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2057:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n __vsock_bind+0x5e1/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 7 PID: 2057 at lib/refcount.c:25 refcount_warn_saturate+0xce/0x150\nRIP: 0010:refcount_warn_saturate+0xce/0x150\n __vsock_bind+0x66d/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 7 PID: 2057 at lib/refcount.c:28 refcount_warn_saturate+0xee/0x150\nRIP: 0010:refcount_warn_saturate+0xee/0x150\n vsock_remove_bound+0x187/0x1e0\n __vsock_release+0x383/0x4a0\n vsock_release+0x90/0x120\n __sock_release+0xa3/0x250\n sock_close+0x14/0x20\n __fput+0x359/0xa80\n task_work_run+0x107/0x1d0\n do_exit+0x847/0x2560\n do_group_exit+0xb8/0x250\n __x64_sys_exit_group+0x3a/0x50\n x64_sys_call+0xfec/0x14f0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21756",
"url": "https://www.suse.com/security/cve/CVE-2025-21756"
},
{
"category": "external",
"summary": "SUSE Bug 1238876 for CVE-2025-21756",
"url": "https://bugzilla.suse.com/1238876"
},
{
"category": "external",
"summary": "SUSE Bug 1245795 for CVE-2025-21756",
"url": "https://bugzilla.suse.com/1245795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21756"
},
{
"cve": "CVE-2025-21759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21759"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: extend RCU protection in igmp6_send()\n\nigmp6_send() can be called without RTNL or RCU being held.\n\nExtend RCU protection so that we can safely fetch the net pointer\nand avoid a potential UAF.\n\nNote that we no longer can use sock_alloc_send_skb() because\nipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.\n\nInstead use alloc_skb() and charge the net-\u003eipv6.igmp_sk\nsocket under RCU protection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21759",
"url": "https://www.suse.com/security/cve/CVE-2025-21759"
},
{
"category": "external",
"summary": "SUSE Bug 1238738 for CVE-2025-21759",
"url": "https://bugzilla.suse.com/1238738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21759"
},
{
"cve": "CVE-2025-21760",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21760"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: extend RCU protection in ndisc_send_skb()\n\nndisc_send_skb() can be called without RTNL or RCU held.\n\nAcquire rcu_read_lock() earlier, so that we can use dev_net_rcu()\nand avoid a potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21760",
"url": "https://www.suse.com/security/cve/CVE-2025-21760"
},
{
"category": "external",
"summary": "SUSE Bug 1238763 for CVE-2025-21760",
"url": "https://bugzilla.suse.com/1238763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21760"
},
{
"cve": "CVE-2025-21761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21761"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: use RCU protection in ovs_vport_cmd_fill_info()\n\novs_vport_cmd_fill_info() can be called without RTNL or RCU.\n\nUse RCU protection and dev_net_rcu() to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21761",
"url": "https://www.suse.com/security/cve/CVE-2025-21761"
},
{
"category": "external",
"summary": "SUSE Bug 1238775 for CVE-2025-21761",
"url": "https://bugzilla.suse.com/1238775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21761"
},
{
"cve": "CVE-2025-21762",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21762"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narp: use RCU protection in arp_xmit()\n\narp_xmit() can be called without RTNL or RCU protection.\n\nUse RCU protection to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21762",
"url": "https://www.suse.com/security/cve/CVE-2025-21762"
},
{
"category": "external",
"summary": "SUSE Bug 1238780 for CVE-2025-21762",
"url": "https://bugzilla.suse.com/1238780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21762"
},
{
"cve": "CVE-2025-21763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21763"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nneighbour: use RCU protection in __neigh_notify()\n\n__neigh_notify() can be called without RTNL or RCU protection.\n\nUse RCU protection to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21763",
"url": "https://www.suse.com/security/cve/CVE-2025-21763"
},
{
"category": "external",
"summary": "SUSE Bug 1237897 for CVE-2025-21763",
"url": "https://bugzilla.suse.com/1237897"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21763"
},
{
"cve": "CVE-2025-21764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21764"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: use RCU protection in ndisc_alloc_skb()\n\nndisc_alloc_skb() can be called without RTNL or RCU being held.\n\nAdd RCU protection to avoid possible UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21764",
"url": "https://www.suse.com/security/cve/CVE-2025-21764"
},
{
"category": "external",
"summary": "SUSE Bug 1237885 for CVE-2025-21764",
"url": "https://bugzilla.suse.com/1237885"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21764"
},
{
"cve": "CVE-2025-21765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21765"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: use RCU protection in ip6_default_advmss()\n\nip6_default_advmss() needs rcu protection to make\nsure the net structure it reads does not disappear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21765",
"url": "https://www.suse.com/security/cve/CVE-2025-21765"
},
{
"category": "external",
"summary": "SUSE Bug 1237906 for CVE-2025-21765",
"url": "https://bugzilla.suse.com/1237906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21765"
},
{
"cve": "CVE-2025-21766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21766"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: use RCU protection in __ip_rt_update_pmtu()\n\n__ip_rt_update_pmtu() must use RCU protection to make\nsure the net structure it reads does not disappear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21766",
"url": "https://www.suse.com/security/cve/CVE-2025-21766"
},
{
"category": "external",
"summary": "SUSE Bug 1238754 for CVE-2025-21766",
"url": "https://bugzilla.suse.com/1238754"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21766"
},
{
"cve": "CVE-2025-21767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21767"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context\n\nThe following bug report happened with a PREEMPT_RT kernel:\n\n BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog\n preempt_count: 1, expected: 0\n RCU nest depth: 0, expected: 0\n get_random_u32+0x4f/0x110\n clocksource_verify_choose_cpus+0xab/0x1a0\n clocksource_verify_percpu.part.0+0x6b/0x330\n clocksource_watchdog_kthread+0x193/0x1a0\n\nIt is due to the fact that clocksource_verify_choose_cpus() is invoked with\npreemption disabled. This function invokes get_random_u32() to obtain\nrandom numbers for choosing CPUs. The batched_entropy_32 local lock and/or\nthe base_crng.lock spinlock in driver/char/random.c will be acquired during\nthe call. In PREEMPT_RT kernel, they are both sleeping locks and so cannot\nbe acquired in atomic context.\n\nFix this problem by using migrate_disable() to allow smp_processor_id() to\nbe reliably used without introducing atomic context. preempt_disable() is\nthen called after clocksource_verify_choose_cpus() but before the\nclocksource measurement is being run to avoid introducing unexpected\nlatency.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21767",
"url": "https://www.suse.com/security/cve/CVE-2025-21767"
},
{
"category": "external",
"summary": "SUSE Bug 1238509 for CVE-2025-21767",
"url": "https://bugzilla.suse.com/1238509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21767"
},
{
"cve": "CVE-2025-21772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21772"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npartitions: mac: fix handling of bogus partition table\n\nFix several issues in partition probing:\n\n - The bailout for a bad partoffset must use put_dev_sector(), since the\n preceding read_part_sector() succeeded.\n - If the partition table claims a silly sector size like 0xfff bytes\n (which results in partition table entries straddling sector boundaries),\n bail out instead of accessing out-of-bounds memory.\n - We must not assume that the partition table contains proper NUL\n termination - use strnlen() and strncmp() instead of strlen() and\n strcmp().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21772",
"url": "https://www.suse.com/security/cve/CVE-2025-21772"
},
{
"category": "external",
"summary": "SUSE Bug 1238911 for CVE-2025-21772",
"url": "https://bugzilla.suse.com/1238911"
},
{
"category": "external",
"summary": "SUSE Bug 1238912 for CVE-2025-21772",
"url": "https://bugzilla.suse.com/1238912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21772"
},
{
"cve": "CVE-2025-21773",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21773"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: etas_es58x: fix potential NULL pointer dereference on udev-\u003eserial\n\nThe driver assumed that es58x_dev-\u003eudev-\u003eserial could never be NULL.\nWhile this is true on commercially available devices, an attacker\ncould spoof the device identity providing a NULL USB serial number.\nThat would trigger a NULL pointer dereference.\n\nAdd a check on es58x_dev-\u003eudev-\u003eserial before accessing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21773",
"url": "https://www.suse.com/security/cve/CVE-2025-21773"
},
{
"category": "external",
"summary": "SUSE Bug 1238762 for CVE-2025-21773",
"url": "https://bugzilla.suse.com/1238762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21773"
},
{
"cve": "CVE-2025-21775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21775"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: ctucanfd: handle skb allocation failure\n\nIf skb allocation fails, the pointer to struct can_frame is NULL. This\nis actually handled everywhere inside ctucan_err_interrupt() except for\nthe only place.\n\nAdd the missed NULL check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21775",
"url": "https://www.suse.com/security/cve/CVE-2025-21775"
},
{
"category": "external",
"summary": "SUSE Bug 1238501 for CVE-2025-21775",
"url": "https://bugzilla.suse.com/1238501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21775"
},
{
"cve": "CVE-2025-21776",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21776"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: hub: Ignore non-compliant devices with too many configs or interfaces\n\nRobert Morris created a test program which can cause\nusb_hub_to_struct_hub() to dereference a NULL or inappropriate\npointer:\n\nOops: general protection fault, probably for non-canonical address\n0xcccccccccccccccc: 0000 [#1] SMP DEBUG_PAGEALLOC PTI\nCPU: 7 UID: 0 PID: 117 Comm: kworker/7:1 Not tainted 6.13.0-rc3-00017-gf44d154d6e3d #14\nHardware name: FreeBSD BHYVE/BHYVE, BIOS 14.0 10/17/2021\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_hub_adjust_deviceremovable+0x78/0x110\n...\nCall Trace:\n \u003cTASK\u003e\n ? die_addr+0x31/0x80\n ? exc_general_protection+0x1b4/0x3c0\n ? asm_exc_general_protection+0x26/0x30\n ? usb_hub_adjust_deviceremovable+0x78/0x110\n hub_probe+0x7c7/0xab0\n usb_probe_interface+0x14b/0x350\n really_probe+0xd0/0x2d0\n ? __pfx___device_attach_driver+0x10/0x10\n __driver_probe_device+0x6e/0x110\n driver_probe_device+0x1a/0x90\n __device_attach_driver+0x7e/0xc0\n bus_for_each_drv+0x7f/0xd0\n __device_attach+0xaa/0x1a0\n bus_probe_device+0x8b/0xa0\n device_add+0x62e/0x810\n usb_set_configuration+0x65d/0x990\n usb_generic_driver_probe+0x4b/0x70\n usb_probe_device+0x36/0xd0\n\nThe cause of this error is that the device has two interfaces, and the\nhub driver binds to interface 1 instead of interface 0, which is where\nusb_hub_to_struct_hub() looks.\n\nWe can prevent the problem from occurring by refusing to accept hub\ndevices that violate the USB spec by having more than one\nconfiguration or interface.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21776",
"url": "https://www.suse.com/security/cve/CVE-2025-21776"
},
{
"category": "external",
"summary": "SUSE Bug 1238909 for CVE-2025-21776",
"url": "https://bugzilla.suse.com/1238909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21776"
},
{
"cve": "CVE-2025-21779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21779"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Reject Hyper-V\u0027s SEND_IPI hypercalls if local APIC isn\u0027t in-kernel\n\nAdvertise support for Hyper-V\u0027s SEND_IPI and SEND_IPI_EX hypercalls if and\nonly if the local API is emulated/virtualized by KVM, and explicitly reject\nsaid hypercalls if the local APIC is emulated in userspace, i.e. don\u0027t rely\non userspace to opt-in to KVM_CAP_HYPERV_ENFORCE_CPUID.\n\nRejecting SEND_IPI and SEND_IPI_EX fixes a NULL-pointer dereference if\nHyper-V enlightenments are exposed to the guest without an in-kernel local\nAPIC:\n\n dump_stack+0xbe/0xfd\n __kasan_report.cold+0x34/0x84\n kasan_report+0x3a/0x50\n __apic_accept_irq+0x3a/0x5c0\n kvm_hv_send_ipi.isra.0+0x34e/0x820\n kvm_hv_hypercall+0x8d9/0x9d0\n kvm_emulate_hypercall+0x506/0x7e0\n __vmx_handle_exit+0x283/0xb60\n vmx_handle_exit+0x1d/0xd0\n vcpu_enter_guest+0x16b0/0x24c0\n vcpu_run+0xc0/0x550\n kvm_arch_vcpu_ioctl_run+0x170/0x6d0\n kvm_vcpu_ioctl+0x413/0xb20\n __se_sys_ioctl+0x111/0x160\n do_syscal1_64+0x30/0x40\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nNote, checking the sending vCPU is sufficient, as the per-VM irqchip_mode\ncan\u0027t be modified after vCPUs are created, i.e. if one vCPU has an\nin-kernel local APIC, then all vCPUs have an in-kernel local APIC.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21779",
"url": "https://www.suse.com/security/cve/CVE-2025-21779"
},
{
"category": "external",
"summary": "SUSE Bug 1238768 for CVE-2025-21779",
"url": "https://bugzilla.suse.com/1238768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21779"
},
{
"cve": "CVE-2025-21780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21780"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()\n\nIt malicious user provides a small pptable through sysfs and then\na bigger pptable, it may cause buffer overflow attack in function\nsmu_sys_set_pp_table().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21780",
"url": "https://www.suse.com/security/cve/CVE-2025-21780"
},
{
"category": "external",
"summary": "SUSE Bug 1239115 for CVE-2025-21780",
"url": "https://bugzilla.suse.com/1239115"
},
{
"category": "external",
"summary": "SUSE Bug 1239116 for CVE-2025-21780",
"url": "https://bugzilla.suse.com/1239116"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21780"
},
{
"cve": "CVE-2025-21781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21781"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: fix panic during interface removal\n\nReference counting is used to ensure that\nbatadv_hardif_neigh_node and batadv_hard_iface\nare not freed before/during\nbatadv_v_elp_throughput_metric_update work is\nfinished.\n\nBut there isn\u0027t a guarantee that the hard if will\nremain associated with a soft interface up until\nthe work is finished.\n\nThis fixes a crash triggered by reboot that looks\nlike this:\n\nCall trace:\n batadv_v_mesh_free+0xd0/0x4dc [batman_adv]\n batadv_v_elp_throughput_metric_update+0x1c/0xa4\n process_one_work+0x178/0x398\n worker_thread+0x2e8/0x4d0\n kthread+0xd8/0xdc\n ret_from_fork+0x10/0x20\n\n(the batadv_v_mesh_free call is misleading,\nand does not actually happen)\n\nI was able to make the issue happen more reliably\nby changing hardif_neigh-\u003ebat_v.metric_work work\nto be delayed work. This allowed me to track down\nand confirm the fix.\n\n[sven@narfation.org: prevent entering batadv_v_elp_get_throughput without\n soft_iface]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21781",
"url": "https://www.suse.com/security/cve/CVE-2025-21781"
},
{
"category": "external",
"summary": "SUSE Bug 1238735 for CVE-2025-21781",
"url": "https://bugzilla.suse.com/1238735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21781"
},
{
"cve": "CVE-2025-21782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\norangefs: fix a oob in orangefs_debug_write\n\nI got a syzbot report: slab-out-of-bounds Read in\norangefs_debug_write... several people suggested fixes,\nI tested Al Viro\u0027s suggestion and made this patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21782",
"url": "https://www.suse.com/security/cve/CVE-2025-21782"
},
{
"category": "external",
"summary": "SUSE Bug 1239117 for CVE-2025-21782",
"url": "https://bugzilla.suse.com/1239117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21782"
},
{
"cve": "CVE-2025-21784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21784"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode()\n\nIn function psp_init_cap_microcode(), it should bail out when failed to\nload firmware, otherwise it may cause invalid memory access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21784",
"url": "https://www.suse.com/security/cve/CVE-2025-21784"
},
{
"category": "external",
"summary": "SUSE Bug 1238510 for CVE-2025-21784",
"url": "https://bugzilla.suse.com/1238510"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21784"
},
{
"cve": "CVE-2025-21785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21785"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array\n\nThe loop that detects/populates cache information already has a bounds\ncheck on the array size but does not account for cache levels with\nseparate data/instructions cache. Fix this by incrementing the index\nfor any populated leaf (instead of any populated level).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21785",
"url": "https://www.suse.com/security/cve/CVE-2025-21785"
},
{
"category": "external",
"summary": "SUSE Bug 1238747 for CVE-2025-21785",
"url": "https://bugzilla.suse.com/1238747"
},
{
"category": "external",
"summary": "SUSE Bug 1240745 for CVE-2025-21785",
"url": "https://bugzilla.suse.com/1240745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21785"
},
{
"cve": "CVE-2025-21790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21790"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: check vxlan_vnigroup_init() return value\n\nvxlan_init() must check vxlan_vnigroup_init() success\notherwise a crash happens later, spotted by syzbot.\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000002c: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000160-0x0000000000000167]\nCPU: 0 UID: 0 PID: 7313 Comm: syz-executor147 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:vxlan_vnigroup_uninit+0x89/0x500 drivers/net/vxlan/vxlan_vnifilter.c:912\nCode: 00 48 8b 44 24 08 4c 8b b0 98 41 00 00 49 8d 86 60 01 00 00 48 89 c2 48 89 44 24 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 4d 04 00 00 49 8b 86 60 01 00 00 48 ba 00 00 00\nRSP: 0018:ffffc9000cc1eea8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8672effb\nRDX: 000000000000002c RSI: ffffffff8672ecb9 RDI: ffff8880461b4f18\nRBP: ffff8880461b4ef4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000020000\nR13: ffff8880461b0d80 R14: 0000000000000000 R15: dffffc0000000000\nFS: 00007fecfa95d6c0(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fecfa95cfb8 CR3: 000000004472c000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vxlan_uninit+0x1ab/0x200 drivers/net/vxlan/vxlan_core.c:2942\n unregister_netdevice_many_notify+0x12d6/0x1f30 net/core/dev.c:11824\n unregister_netdevice_many net/core/dev.c:11866 [inline]\n unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11736\n register_netdevice+0x1829/0x1eb0 net/core/dev.c:10901\n __vxlan_dev_create+0x7c6/0xa30 drivers/net/vxlan/vxlan_core.c:3981\n vxlan_newlink+0xd1/0x130 drivers/net/vxlan/vxlan_core.c:4407\n rtnl_newlink_create net/core/rtnetlink.c:3795 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21790",
"url": "https://www.suse.com/security/cve/CVE-2025-21790"
},
{
"category": "external",
"summary": "SUSE Bug 1238753 for CVE-2025-21790",
"url": "https://bugzilla.suse.com/1238753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21790"
},
{
"cve": "CVE-2025-21791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: use RCU protection in l3mdev_l3_out()\n\nl3mdev_l3_out() can be called without RCU being held:\n\nraw_sendmsg()\n ip_push_pending_frames()\n ip_send_skb()\n ip_local_out()\n __ip_local_out()\n l3mdev_ip_out()\n\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\na potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21791",
"url": "https://www.suse.com/security/cve/CVE-2025-21791"
},
{
"category": "external",
"summary": "SUSE Bug 1238512 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "external",
"summary": "SUSE Bug 1240744 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1240744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21791"
},
{
"cve": "CVE-2025-21793",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21793"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: sn-f-ospi: Fix division by zero\n\nWhen there is no dummy cycle in the spi-nor commands, both dummy bus cycle\nbytes and width are zero. Because of the cpu\u0027s warning when divided by\nzero, the warning should be avoided. Return just zero to avoid such\ncalculations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21793",
"url": "https://www.suse.com/security/cve/CVE-2025-21793"
},
{
"category": "external",
"summary": "SUSE Bug 1238500 for CVE-2025-21793",
"url": "https://bugzilla.suse.com/1238500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21793"
},
{
"cve": "CVE-2025-21794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()\n\nSyzbot[1] has detected a stack-out-of-bounds read of the ep_addr array from\nhid-thrustmaster driver. This array is passed to usb_check_int_endpoints\nfunction from usb.c core driver, which executes a for loop that iterates\nover the elements of the passed array. Not finding a null element at the end of\nthe array, it tries to read the next, non-existent element, crashing the kernel.\n\nTo fix this, a 0 element was added at the end of the array to break the for\nloop.\n\n[1] https://syzkaller.appspot.com/bug?extid=9c9179ac46169c56c1ad",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21794",
"url": "https://www.suse.com/security/cve/CVE-2025-21794"
},
{
"category": "external",
"summary": "SUSE Bug 1238502 for CVE-2025-21794",
"url": "https://bugzilla.suse.com/1238502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21794"
},
{
"cve": "CVE-2025-21795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21795"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: fix hang in nfsd4_shutdown_callback\n\nIf nfs4_client is in courtesy state then there is no point to send\nthe callback. This causes nfsd4_shutdown_callback to hang since\ncl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP\nnotifies NFSD that the connection was dropped.\n\nThis patch modifies nfsd4_run_cb_work to skip the RPC call if\nnfs4_client is in courtesy state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21795",
"url": "https://www.suse.com/security/cve/CVE-2025-21795"
},
{
"category": "external",
"summary": "SUSE Bug 1238759 for CVE-2025-21795",
"url": "https://bugzilla.suse.com/1238759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21795"
},
{
"cve": "CVE-2025-21796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21796"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: clear acl_access/acl_default after releasing them\n\nIf getting acl_default fails, acl_access and acl_default will be released\nsimultaneously. However, acl_access will still retain a pointer pointing\nto the released posix_acl, which will trigger a WARNING in\nnfs3svc_release_getacl like this:\n\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 26 PID: 3199 at lib/refcount.c:28\nrefcount_warn_saturate+0xb5/0x170\nModules linked in:\nCPU: 26 UID: 0 PID: 3199 Comm: nfsd Not tainted\n6.12.0-rc6-00079-g04ae226af01f-dirty #8\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xb5/0x170\nCode: cc cc 0f b6 1d b3 20 a5 03 80 fb 01 0f 87 65 48 d8 00 83 e3 01 75\ne4 48 c7 c7 c0 3b 9b 85 c6 05 97 20 a5 03 01 e8 fb 3e 30 ff \u003c0f\u003e 0b eb\ncd 0f b6 1d 8a3\nRSP: 0018:ffffc90008637cd8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff83904fde\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88871ed36380\nRBP: ffff888158beeb40 R08: 0000000000000001 R09: fffff520010c6f56\nR10: ffffc90008637ab7 R11: 0000000000000001 R12: 0000000000000001\nR13: ffff888140e77400 R14: ffff888140e77408 R15: ffffffff858b42c0\nFS: 0000000000000000(0000) GS:ffff88871ed00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000562384d32158 CR3: 000000055cc6a000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0xb5/0x170\n ? __warn+0xa5/0x140\n ? refcount_warn_saturate+0xb5/0x170\n ? report_bug+0x1b1/0x1e0\n ? handle_bug+0x53/0xa0\n ? exc_invalid_op+0x17/0x40\n ? asm_exc_invalid_op+0x1a/0x20\n ? tick_nohz_tick_stopped+0x1e/0x40\n ? refcount_warn_saturate+0xb5/0x170\n ? refcount_warn_saturate+0xb5/0x170\n nfs3svc_release_getacl+0xc9/0xe0\n svc_process_common+0x5db/0xb60\n ? __pfx_svc_process_common+0x10/0x10\n ? __rcu_read_unlock+0x69/0xa0\n ? __pfx_nfsd_dispatch+0x10/0x10\n ? svc_xprt_received+0xa1/0x120\n ? xdr_init_decode+0x11d/0x190\n svc_process+0x2a7/0x330\n svc_handle_xprt+0x69d/0x940\n svc_recv+0x180/0x2d0\n nfsd+0x168/0x200\n ? __pfx_nfsd+0x10/0x10\n kthread+0x1a2/0x1e0\n ? kthread+0xf4/0x1e0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\nKernel panic - not syncing: kernel: panic_on_warn set ...\n\nClear acl_access/acl_default after posix_acl_release is called to prevent\nUAF from being triggered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21796",
"url": "https://www.suse.com/security/cve/CVE-2025-21796"
},
{
"category": "external",
"summary": "SUSE Bug 1238716 for CVE-2025-21796",
"url": "https://bugzilla.suse.com/1238716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21796"
},
{
"cve": "CVE-2025-21799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21799"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()\n\nWhen getting the IRQ we use k3_udma_glue_tx_get_irq() which returns\nnegative error value on error. So not NULL check is not sufficient\nto deteremine if IRQ is valid. Check that IRQ is greater then zero\nto ensure it is valid.\n\nThere is no issue at probe time but at runtime user can invoke\n.set_channels which results in the following call chain.\nam65_cpsw_set_channels()\n am65_cpsw_nuss_update_tx_rx_chns()\n am65_cpsw_nuss_remove_tx_chns()\n am65_cpsw_nuss_init_tx_chns()\n\nAt this point if am65_cpsw_nuss_init_tx_chns() fails due to\nk3_udma_glue_tx_get_irq() then tx_chn-\u003eirq will be set to a\nnegative value.\n\nThen, at subsequent .set_channels with higher channel count we\nwill attempt to free an invalid IRQ in am65_cpsw_nuss_remove_tx_chns()\nleading to a kernel warning.\n\nThe issue is present in the original commit that introduced this driver,\nalthough there, am65_cpsw_nuss_update_tx_rx_chns() existed as\nam65_cpsw_nuss_update_tx_chns().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21799",
"url": "https://www.suse.com/security/cve/CVE-2025-21799"
},
{
"category": "external",
"summary": "SUSE Bug 1238739 for CVE-2025-21799",
"url": "https://bugzilla.suse.com/1238739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21799"
},
{
"cve": "CVE-2025-21802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21802"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix oops when unload drivers paralleling\n\nWhen unload hclge driver, it tries to disable sriov first for each\nae_dev node from hnae3_ae_dev_list. If user unloads hns3 driver at\nthe time, because it removes all the ae_dev nodes, and it may cause\noops.\n\nBut we can\u0027t simply use hnae3_common_lock for this. Because in the\nprocess flow of pci_disable_sriov(), it will trigger the remove flow\nof VF, which will also take hnae3_common_lock.\n\nTo fixes it, introduce a new mutex to protect the unload process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21802",
"url": "https://www.suse.com/security/cve/CVE-2025-21802"
},
{
"category": "external",
"summary": "SUSE Bug 1238751 for CVE-2025-21802",
"url": "https://bugzilla.suse.com/1238751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21802"
},
{
"cve": "CVE-2025-21804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21804"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()\n\nThe rcar_pcie_parse_outbound_ranges() uses the devm_request_mem_region()\nmacro to request a needed resource. A string variable that lives on the\nstack is then used to store a dynamically computed resource name, which\nis then passed on as one of the macro arguments. This can lead to\nundefined behavior.\n\nDepending on the current contents of the memory, the manifestations of\nerrors may vary. One possible output may be as follows:\n\n $ cat /proc/iomem\n 30000000-37ffffff :\n 38000000-3fffffff :\n\nSometimes, garbage may appear after the colon.\n\nIn very rare cases, if no NULL-terminator is found in memory, the system\nmight crash because the string iterator will overrun which can lead to\naccess of unmapped memory above the stack.\n\nThus, fix this by replacing outbound_name with the name of the previously\nrequested resource. With the changes applied, the output will be as\nfollows:\n\n $ cat /proc/iomem\n 30000000-37ffffff : memory2\n 38000000-3fffffff : memory3\n\n[kwilczynski: commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21804",
"url": "https://www.suse.com/security/cve/CVE-2025-21804"
},
{
"category": "external",
"summary": "SUSE Bug 1238736 for CVE-2025-21804",
"url": "https://bugzilla.suse.com/1238736"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21804"
},
{
"cve": "CVE-2025-21806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21806"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: let net.core.dev_weight always be non-zero\n\nThe following problem was encountered during stability test:\n\n(NULL net_device): NAPI poll function process_backlog+0x0/0x530 \\\n\treturned 1, exceeding its budget of 0.\n------------[ cut here ]------------\nlist_add double add: new=ffff88905f746f48, prev=ffff88905f746f48, \\\n\tnext=ffff88905f746e40.\nWARNING: CPU: 18 PID: 5462 at lib/list_debug.c:35 \\\n\t__list_add_valid_or_report+0xf3/0x130\nCPU: 18 UID: 0 PID: 5462 Comm: ping Kdump: loaded Not tainted 6.13.0-rc7+\nRIP: 0010:__list_add_valid_or_report+0xf3/0x130\nCall Trace:\n? __warn+0xcd/0x250\n? __list_add_valid_or_report+0xf3/0x130\nenqueue_to_backlog+0x923/0x1070\nnetif_rx_internal+0x92/0x2b0\n__netif_rx+0x15/0x170\nloopback_xmit+0x2ef/0x450\ndev_hard_start_xmit+0x103/0x490\n__dev_queue_xmit+0xeac/0x1950\nip_finish_output2+0x6cc/0x1620\nip_output+0x161/0x270\nip_push_pending_frames+0x155/0x1a0\nraw_sendmsg+0xe13/0x1550\n__sys_sendto+0x3bf/0x4e0\n__x64_sys_sendto+0xdc/0x1b0\ndo_syscall_64+0x5b/0x170\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe reproduction command is as follows:\n sysctl -w net.core.dev_weight=0\n ping 127.0.0.1\n\nThis is because when the napi\u0027s weight is set to 0, process_backlog() may\nreturn 0 and clear the NAPI_STATE_SCHED bit of napi-\u003estate, causing this\nnapi to be re-polled in net_rx_action() until __do_softirq() times out.\nSince the NAPI_STATE_SCHED bit has been cleared, napi_schedule_rps() can\nbe retriggered in enqueue_to_backlog(), causing this issue.\n\nMaking the napi\u0027s weight always non-zero solves this problem.\n\nTriggering this issue requires system-wide admin (setting is\nnot namespaced).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21806",
"url": "https://www.suse.com/security/cve/CVE-2025-21806"
},
{
"category": "external",
"summary": "SUSE Bug 1238746 for CVE-2025-21806",
"url": "https://bugzilla.suse.com/1238746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21806"
},
{
"cve": "CVE-2025-21810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: class: Fix wild pointer dereferences in API class_dev_iter_next()\n\nThere are a potential wild pointer dereferences issue regarding APIs\nclass_dev_iter_(init|next|exit)(), as explained by below typical usage:\n\n// All members of @iter are wild pointers.\nstruct class_dev_iter iter;\n\n// class_dev_iter_init(@iter, @class, ...) checks parameter @class for\n// potential class_to_subsys() error, and it returns void type and does\n// not initialize its output parameter @iter, so caller can not detect\n// the error and continues to invoke class_dev_iter_next(@iter) even if\n// @iter still contains wild pointers.\nclass_dev_iter_init(\u0026iter, ...);\n\n// Dereference these wild pointers in @iter here once suffer the error.\nwhile (dev = class_dev_iter_next(\u0026iter)) { ... };\n\n// Also dereference these wild pointers here.\nclass_dev_iter_exit(\u0026iter);\n\nActually, all callers of these APIs have such usage pattern in kernel tree.\nFix by:\n- Initialize output parameter @iter by memset() in class_dev_iter_init()\n and give callers prompt by pr_crit() for the error.\n- Check if @iter is valid in class_dev_iter_next().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21810",
"url": "https://www.suse.com/security/cve/CVE-2025-21810"
},
{
"category": "external",
"summary": "SUSE Bug 1238757 for CVE-2025-21810",
"url": "https://bugzilla.suse.com/1238757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21810"
},
{
"cve": "CVE-2025-21815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21815"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/compaction: fix UBSAN shift-out-of-bounds warning\n\nsyzkaller reported a UBSAN shift-out-of-bounds warning of (1UL \u003c\u003c order)\nin isolate_freepages_block(). The bogus compound_order can be any value\nbecause it is union with flags. Add back the MAX_PAGE_ORDER check to fix\nthe warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21815",
"url": "https://www.suse.com/security/cve/CVE-2025-21815"
},
{
"category": "external",
"summary": "SUSE Bug 1238474 for CVE-2025-21815",
"url": "https://bugzilla.suse.com/1238474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21815"
},
{
"cve": "CVE-2025-21819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21819"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/amd/display: Use HW lock mgr for PSR1\"\n\nThis reverts commit\na2b5a9956269 (\"drm/amd/display: Use HW lock mgr for PSR1\")\n\nBecause it may cause system hang while connect with two edp panel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21819",
"url": "https://www.suse.com/security/cve/CVE-2025-21819"
},
{
"category": "external",
"summary": "SUSE Bug 1238994 for CVE-2025-21819",
"url": "https://bugzilla.suse.com/1238994"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21819"
},
{
"cve": "CVE-2025-21820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21820"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: xilinx_uartps: split sysrq handling\n\nlockdep detects the following circular locking dependency:\n\nCPU 0 CPU 1\n========================== ============================\ncdns_uart_isr() printk()\n uart_port_lock(port) console_lock()\n\t\t\t cdns_uart_console_write()\n if (!port-\u003esysrq)\n uart_port_lock(port)\n uart_handle_break()\n port-\u003esysrq = ...\n uart_handle_sysrq_char()\n printk()\n console_lock()\n\nThe fixed commit attempts to avoid this situation by only taking the\nport lock in cdns_uart_console_write if port-\u003esysrq unset. However, if\n(as shown above) cdns_uart_console_write runs before port-\u003esysrq is set,\nthen it will try to take the port lock anyway. This may result in a\ndeadlock.\n\nFix this by splitting sysrq handling into two parts. We use the prepare\nhelper under the port lock and defer handling until we release the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21820",
"url": "https://www.suse.com/security/cve/CVE-2025-21820"
},
{
"category": "external",
"summary": "SUSE Bug 1238479 for CVE-2025-21820",
"url": "https://bugzilla.suse.com/1238479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21820"
},
{
"cve": "CVE-2025-21821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21821"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omap: use threaded IRQ for LCD DMA\n\nWhen using touchscreen and framebuffer, Nokia 770 crashes easily with:\n\n BUG: scheduling while atomic: irq/144-ads7846/82/0x00010000\n Modules linked in: usb_f_ecm g_ether usb_f_rndis u_ether libcomposite configfs omap_udc ohci_omap ohci_hcd\n CPU: 0 UID: 0 PID: 82 Comm: irq/144-ads7846 Not tainted 6.12.7-770 #2\n Hardware name: Nokia 770\n Call trace:\n unwind_backtrace from show_stack+0x10/0x14\n show_stack from dump_stack_lvl+0x54/0x5c\n dump_stack_lvl from __schedule_bug+0x50/0x70\n __schedule_bug from __schedule+0x4d4/0x5bc\n __schedule from schedule+0x34/0xa0\n schedule from schedule_preempt_disabled+0xc/0x10\n schedule_preempt_disabled from __mutex_lock.constprop.0+0x218/0x3b4\n __mutex_lock.constprop.0 from clk_prepare_lock+0x38/0xe4\n clk_prepare_lock from clk_set_rate+0x18/0x154\n clk_set_rate from sossi_read_data+0x4c/0x168\n sossi_read_data from hwa742_read_reg+0x5c/0x8c\n hwa742_read_reg from send_frame_handler+0xfc/0x300\n send_frame_handler from process_pending_requests+0x74/0xd0\n process_pending_requests from lcd_dma_irq_handler+0x50/0x74\n lcd_dma_irq_handler from __handle_irq_event_percpu+0x44/0x130\n __handle_irq_event_percpu from handle_irq_event+0x28/0x68\n handle_irq_event from handle_level_irq+0x9c/0x170\n handle_level_irq from generic_handle_domain_irq+0x2c/0x3c\n generic_handle_domain_irq from omap1_handle_irq+0x40/0x8c\n omap1_handle_irq from generic_handle_arch_irq+0x28/0x3c\n generic_handle_arch_irq from call_with_stack+0x1c/0x24\n call_with_stack from __irq_svc+0x94/0xa8\n Exception stack(0xc5255da0 to 0xc5255de8)\n 5da0: 00000001 c22fc620 00000000 00000000 c08384a8 c106fc00 00000000 c240c248\n 5dc0: c113a600 c3f6ec30 00000001 00000000 c22fc620 c5255df0 c22fc620 c0279a94\n 5de0: 60000013 ffffffff\n __irq_svc from clk_prepare_lock+0x4c/0xe4\n clk_prepare_lock from clk_get_rate+0x10/0x74\n clk_get_rate from uwire_setup_transfer+0x40/0x180\n uwire_setup_transfer from spi_bitbang_transfer_one+0x2c/0x9c\n spi_bitbang_transfer_one from spi_transfer_one_message+0x2d0/0x664\n spi_transfer_one_message from __spi_pump_transfer_message+0x29c/0x498\n __spi_pump_transfer_message from __spi_sync+0x1f8/0x2e8\n __spi_sync from spi_sync+0x24/0x40\n spi_sync from ads7846_halfd_read_state+0x5c/0x1c0\n ads7846_halfd_read_state from ads7846_irq+0x58/0x348\n ads7846_irq from irq_thread_fn+0x1c/0x78\n irq_thread_fn from irq_thread+0x120/0x228\n irq_thread from kthread+0xc8/0xe8\n kthread from ret_from_fork+0x14/0x28\n\nAs a quick fix, switch to a threaded IRQ which provides a stable system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21821",
"url": "https://www.suse.com/security/cve/CVE-2025-21821"
},
{
"category": "external",
"summary": "SUSE Bug 1239174 for CVE-2025-21821",
"url": "https://bugzilla.suse.com/1239174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21821"
},
{
"cve": "CVE-2025-21823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21823"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: Drop unmanaged ELP metric worker\n\nThe ELP worker needs to calculate new metric values for all neighbors\n\"reachable\" over an interface. Some of the used metric sources require\nlocks which might need to sleep. This sleep is incompatible with the RCU\nlist iterator used for the recorded neighbors. The initial approach to work\naround of this problem was to queue another work item per neighbor and then\nrun this in a new context.\n\nEven when this solved the RCU vs might_sleep() conflict, it has a major\nproblems: Nothing was stopping the work item in case it is not needed\nanymore - for example because one of the related interfaces was removed or\nthe batman-adv module was unloaded - resulting in potential invalid memory\naccesses.\n\nDirectly canceling the metric worker also has various problems:\n\n* cancel_work_sync for a to-be-deactivated interface is called with\n rtnl_lock held. But the code in the ELP metric worker also tries to use\n rtnl_lock() - which will never return in this case. This also means that\n cancel_work_sync would never return because it is waiting for the worker\n to finish.\n* iterating over the neighbor list for the to-be-deactivated interface is\n currently done using the RCU specific methods. Which means that it is\n possible to miss items when iterating over it without the associated\n spinlock - a behaviour which is acceptable for a periodic metric check\n but not for a cleanup routine (which must \"stop\" all still running\n workers)\n\nThe better approch is to get rid of the per interface neighbor metric\nworker and handle everything in the interface worker. The original problems\nare solved by:\n\n* creating a list of neighbors which require new metric information inside\n the RCU protected context, gathering the metric according to the new list\n outside the RCU protected context\n* only use rcu_trylock inside metric gathering code to avoid a deadlock\n when the cancel_delayed_work_sync is called in the interface removal code\n (which is called with the rtnl_lock held)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21823",
"url": "https://www.suse.com/security/cve/CVE-2025-21823"
},
{
"category": "external",
"summary": "SUSE Bug 1238475 for CVE-2025-21823",
"url": "https://bugzilla.suse.com/1238475"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21823"
},
{
"cve": "CVE-2025-21825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21825"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Cancel the running bpf_timer through kworker for PREEMPT_RT\n\nDuring the update procedure, when overwrite element in a pre-allocated\nhtab, the freeing of old_element is protected by the bucket lock. The\nreason why the bucket lock is necessary is that the old_element has\nalready been stashed in htab-\u003eextra_elems after alloc_htab_elem()\nreturns. If freeing the old_element after the bucket lock is unlocked,\nthe stashed element may be reused by concurrent update procedure and the\nfreeing of old_element will run concurrently with the reuse of the\nold_element. However, the invocation of check_and_free_fields() may\nacquire a spin-lock which violates the lockdep rule because its caller\nhas already held a raw-spin-lock (bucket lock). The following warning\nwill be reported when such race happens:\n\n BUG: scheduling while atomic: test_progs/676/0x00000003\n 3 locks held by test_progs/676:\n #0: ffffffff864b0240 (rcu_read_lock_trace){....}-{0:0}, at: bpf_prog_test_run_syscall+0x2c0/0x830\n #1: ffff88810e961188 (\u0026htab-\u003elockdep_key){....}-{2:2}, at: htab_map_update_elem+0x306/0x1500\n #2: ffff8881f4eac1b8 (\u0026base-\u003esoftirq_expiry_lock){....}-{2:2}, at: hrtimer_cancel_wait_running+0xe9/0x1b0\n Modules linked in: bpf_testmod(O)\n Preemption disabled at:\n [\u003cffffffff817837a3\u003e] htab_map_update_elem+0x293/0x1500\n CPU: 0 UID: 0 PID: 676 Comm: test_progs Tainted: G ... 6.12.0+ #11\n Tainted: [W]=WARN, [O]=OOT_MODULE\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)...\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x57/0x70\n dump_stack+0x10/0x20\n __schedule_bug+0x120/0x170\n __schedule+0x300c/0x4800\n schedule_rtlock+0x37/0x60\n rtlock_slowlock_locked+0x6d9/0x54c0\n rt_spin_lock+0x168/0x230\n hrtimer_cancel_wait_running+0xe9/0x1b0\n hrtimer_cancel+0x24/0x30\n bpf_timer_delete_work+0x1d/0x40\n bpf_timer_cancel_and_free+0x5e/0x80\n bpf_obj_free_fields+0x262/0x4a0\n check_and_free_fields+0x1d0/0x280\n htab_map_update_elem+0x7fc/0x1500\n bpf_prog_9f90bc20768e0cb9_overwrite_cb+0x3f/0x43\n bpf_prog_ea601c4649694dbd_overwrite_timer+0x5d/0x7e\n bpf_prog_test_run_syscall+0x322/0x830\n __sys_bpf+0x135d/0x3ca0\n __x64_sys_bpf+0x75/0xb0\n x64_sys_call+0x1b5/0xa10\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n ...\n \u003c/TASK\u003e\n\nIt seems feasible to break the reuse and refill of per-cpu extra_elems\ninto two independent parts: reuse the per-cpu extra_elems with bucket\nlock being held and refill the old_element as per-cpu extra_elems after\nthe bucket lock is unlocked. However, it will make the concurrent\noverwrite procedures on the same CPU return unexpected -E2BIG error when\nthe map is full.\n\nTherefore, the patch fixes the lock problem by breaking the cancelling\nof bpf_timer into two steps for PREEMPT_RT:\n1) use hrtimer_try_to_cancel() and check its return value\n2) if the timer is running, use hrtimer_cancel() through a kworker to\n cancel it again\nConsidering that the current implementation of hrtimer_cancel() will try\nto acquire a being held softirq_expiry_lock when the current timer is\nrunning, these steps above are reasonable. However, it also has\ndownside. When the timer is running, the cancelling of the timer is\ndelayed when releasing the last map uref. The delay is also fixable\n(e.g., break the cancelling of bpf timer into two parts: one part in\nlocked scope, another one in unlocked scope), it can be revised later if\nnecessary.\n\nIt is a bit hard to decide the right fix tag. One reason is that the\nproblem depends on PREEMPT_RT which is enabled in v6.12. Considering the\nsoftirq_expiry_lock lock exists since v5.4 and bpf_timer is introduced\nin v5.15, the bpf_timer commit is used in the fixes tag and an extra\ndepends-on tag is added to state the dependency on PREEMPT_RT.\n\nDepends-on: v6.12+ with PREEMPT_RT enabled",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21825",
"url": "https://www.suse.com/security/cve/CVE-2025-21825"
},
{
"category": "external",
"summary": "SUSE Bug 1238971 for CVE-2025-21825",
"url": "https://bugzilla.suse.com/1238971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21825"
},
{
"cve": "CVE-2025-21828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21828"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: don\u0027t flush non-uploaded STAs\n\nIf STA state is pre-moved to AUTHORIZED (such as in IBSS\nscenarios) and insertion fails, the station is freed.\nIn this case, the driver never knew about the station,\nso trying to flush it is unexpected and may crash.\n\nCheck if the sta was uploaded to the driver before and\nfix this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21828",
"url": "https://www.suse.com/security/cve/CVE-2025-21828"
},
{
"category": "external",
"summary": "SUSE Bug 1238958 for CVE-2025-21828",
"url": "https://bugzilla.suse.com/1238958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21828"
},
{
"cve": "CVE-2025-21829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21829"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix the warning \"__rxe_cleanup+0x12c/0x170 [rdma_rxe]\"\n\nThe Call Trace is as below:\n\"\n \u003cTASK\u003e\n ? show_regs.cold+0x1a/0x1f\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? __warn+0x84/0xd0\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? report_bug+0x105/0x180\n ? handle_bug+0x46/0x80\n ? exc_invalid_op+0x19/0x70\n ? asm_exc_invalid_op+0x1b/0x20\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? __rxe_cleanup+0x124/0x170 [rdma_rxe]\n rxe_destroy_qp.cold+0x24/0x29 [rdma_rxe]\n ib_destroy_qp_user+0x118/0x190 [ib_core]\n rdma_destroy_qp.cold+0x43/0x5e [rdma_cm]\n rtrs_cq_qp_destroy.cold+0x1d/0x2b [rtrs_core]\n rtrs_srv_close_work.cold+0x1b/0x31 [rtrs_server]\n process_one_work+0x21d/0x3f0\n worker_thread+0x4a/0x3c0\n ? process_one_work+0x3f0/0x3f0\n kthread+0xf0/0x120\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n \u003c/TASK\u003e\n\"\nWhen too many rdma resources are allocated, rxe needs more time to\nhandle these rdma resources. Sometimes with the current timeout, rxe\ncan not release the rdma resources correctly.\n\nCompared with other rdma drivers, a bigger timeout is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21829",
"url": "https://www.suse.com/security/cve/CVE-2025-21829"
},
{
"category": "external",
"summary": "SUSE Bug 1239030 for CVE-2025-21829",
"url": "https://bugzilla.suse.com/1239030"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21829"
},
{
"cve": "CVE-2025-21830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21830"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Handle weird files\n\nA corrupted filesystem (e.g. bcachefs) might return weird files.\nInstead of throwing a warning and allowing access to such file, treat\nthem as regular files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21830",
"url": "https://www.suse.com/security/cve/CVE-2025-21830"
},
{
"category": "external",
"summary": "SUSE Bug 1239033 for CVE-2025-21830",
"url": "https://bugzilla.suse.com/1239033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21830"
},
{
"cve": "CVE-2025-21831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1\n\ncommit 9d26d3a8f1b0 (\"PCI: Put PCIe ports into D3 during suspend\") sets the\npolicy that all PCIe ports are allowed to use D3. When the system is\nsuspended if the port is not power manageable by the platform and won\u0027t be\nused for wakeup via a PME this sets up the policy for these ports to go\ninto D3hot.\n\nThis policy generally makes sense from an OSPM perspective but it leads to\nproblems with wakeup from suspend on the TUXEDO Sirius 16 Gen 1 with a\nspecific old BIOS. This manifests as a system hang.\n\nOn the affected Device + BIOS combination, add a quirk for the root port of\nthe problematic controller to ensure that these root ports are not put into\nD3hot at suspend.\n\nThis patch is based on\n\n https://lore.kernel.org/linux-pci/20230708214457.1229-2-mario.limonciello@amd.com\n\nbut with the added condition both in the documentation and in the code to\napply only to the TUXEDO Sirius 16 Gen 1 with a specific old BIOS and only\nthe affected root ports.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21831",
"url": "https://www.suse.com/security/cve/CVE-2025-21831"
},
{
"category": "external",
"summary": "SUSE Bug 1239039 for CVE-2025-21831",
"url": "https://bugzilla.suse.com/1239039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21831"
},
{
"cve": "CVE-2025-21832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21832"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: don\u0027t revert iter for -EIOCBQUEUED\n\nblkdev_read_iter() has a few odd checks, like gating the position and\ncount adjustment on whether or not the result is bigger-than-or-equal to\nzero (where bigger than makes more sense), and not checking the return\nvalue of blkdev_direct_IO() before doing an iov_iter_revert(). The\nlatter can lead to attempting to revert with a negative value, which\nwhen passed to iov_iter_revert() as an unsigned value will lead to\nthrowing a WARN_ON() because unroll is bigger than MAX_RW_COUNT.\n\nBe sane and don\u0027t revert for -EIOCBQUEUED, like what is done in other\nspots.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21832",
"url": "https://www.suse.com/security/cve/CVE-2025-21832"
},
{
"category": "external",
"summary": "SUSE Bug 1239105 for CVE-2025-21832",
"url": "https://bugzilla.suse.com/1239105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21832"
},
{
"cve": "CVE-2025-21835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21835"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_midi: fix MIDI Streaming descriptor lengths\n\nWhile the MIDI jacks are configured correctly, and the MIDIStreaming\nendpoint descriptors are filled with the correct information,\nbNumEmbMIDIJack and bLength are set incorrectly in these descriptors.\n\nThis does not matter when the numbers of in and out ports are equal, but\nwhen they differ the host will receive broken descriptors with\nuninitialized stack memory leaking into the descriptor for whichever\nvalue is smaller.\n\nThe precise meaning of \"in\" and \"out\" in the port counts is not clearly\ndefined and can be confusing. But elsewhere the driver consistently\nuses this to match the USB meaning of IN and OUT viewed from the host,\nso that \"in\" ports send data to the host and \"out\" ports receive data\nfrom it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21835",
"url": "https://www.suse.com/security/cve/CVE-2025-21835"
},
{
"category": "external",
"summary": "SUSE Bug 1239068 for CVE-2025-21835",
"url": "https://bugzilla.suse.com/1239068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21835"
},
{
"cve": "CVE-2025-21836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21836"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/kbuf: reallocate buf lists on upgrade\n\nIORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it\nwas created for legacy selected buffer and has been emptied. It violates\nthe requirement that most of the field should stay stable after publish.\nAlways reallocate it instead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21836",
"url": "https://www.suse.com/security/cve/CVE-2025-21836"
},
{
"category": "external",
"summary": "SUSE Bug 1239066 for CVE-2025-21836",
"url": "https://bugzilla.suse.com/1239066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21836"
},
{
"cve": "CVE-2025-21838",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21838"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: flush gadget workqueue after device removal\n\ndevice_del() can lead to new work being scheduled in gadget-\u003ework\nworkqueue. This is observed, for example, with the dwc3 driver with the\nfollowing call stack:\n device_del()\n gadget_unbind_driver()\n usb_gadget_disconnect_locked()\n dwc3_gadget_pullup()\n\t dwc3_gadget_soft_disconnect()\n\t usb_gadget_set_state()\n\t schedule_work(\u0026gadget-\u003ework)\n\nMove flush_work() after device_del() to ensure the workqueue is cleaned\nup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21838",
"url": "https://www.suse.com/security/cve/CVE-2025-21838"
},
{
"category": "external",
"summary": "SUSE Bug 1239065 for CVE-2025-21838",
"url": "https://bugzilla.suse.com/1239065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21838"
},
{
"cve": "CVE-2025-21844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21844"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Add check for next_buffer in receive_encrypted_standard()\n\nAdd check for the return value of cifs_buf_get() and cifs_small_buf_get()\nin receive_encrypted_standard() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21844",
"url": "https://www.suse.com/security/cve/CVE-2025-21844"
},
{
"category": "external",
"summary": "SUSE Bug 1239512 for CVE-2025-21844",
"url": "https://bugzilla.suse.com/1239512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21844"
},
{
"cve": "CVE-2025-21846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21846"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nacct: perform last write from workqueue\n\nIn [1] it was reported that the acct(2) system call can be used to\ntrigger NULL deref in cases where it is set to write to a file that\ntriggers an internal lookup. This can e.g., happen when pointing acc(2)\nto /sys/power/resume. At the point the where the write to this file\nhappens the calling task has already exited and called exit_fs(). A\nlookup will thus trigger a NULL-deref when accessing current-\u003efs.\n\nReorganize the code so that the the final write happens from the\nworkqueue but with the caller\u0027s credentials. This preserves the\n(strange) permission model and has almost no regression risk.\n\nThis api should stop to exist though.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21846",
"url": "https://www.suse.com/security/cve/CVE-2025-21846"
},
{
"category": "external",
"summary": "SUSE Bug 1239508 for CVE-2025-21846",
"url": "https://bugzilla.suse.com/1239508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21846"
},
{
"cve": "CVE-2025-21847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21847"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()\n\nThe nullity of sps-\u003ecstream should be checked similarly as it is done in\nsof_set_stream_data_offset() function.\nAssuming that it is not NULL if sps-\u003estream is NULL is incorrect and can\nlead to NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21847",
"url": "https://www.suse.com/security/cve/CVE-2025-21847"
},
{
"category": "external",
"summary": "SUSE Bug 1239471 for CVE-2025-21847",
"url": "https://bugzilla.suse.com/1239471"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21847"
},
{
"cve": "CVE-2025-21848",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21848"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfp: bpf: Add check for nfp_app_ctrl_msg_alloc()\n\nAdd check for the return value of nfp_app_ctrl_msg_alloc() in\nnfp_bpf_cmsg_alloc() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21848",
"url": "https://www.suse.com/security/cve/CVE-2025-21848"
},
{
"category": "external",
"summary": "SUSE Bug 1239479 for CVE-2025-21848",
"url": "https://bugzilla.suse.com/1239479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21848"
},
{
"cve": "CVE-2025-21850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21850"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: Fix crash when a namespace is disabled\n\nThe namespace percpu counter protects pending I/O, and we can\nonly safely diable the namespace once the counter drop to zero.\nOtherwise we end up with a crash when running blktests/nvme/058\n(eg for loop transport):\n\n[ 2352.930426] [ T53909] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN PTI\n[ 2352.930431] [ T53909] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]\n[ 2352.930434] [ T53909] CPU: 3 UID: 0 PID: 53909 Comm: kworker/u16:5 Tainted: G W 6.13.0-rc6 #232\n[ 2352.930438] [ T53909] Tainted: [W]=WARN\n[ 2352.930440] [ T53909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n[ 2352.930443] [ T53909] Workqueue: nvmet-wq nvme_loop_execute_work [nvme_loop]\n[ 2352.930449] [ T53909] RIP: 0010:blkcg_set_ioprio+0x44/0x180\n\nas the queue is already torn down when calling submit_bio();\n\nSo we need to init the percpu counter in nvmet_ns_enable(), and\nwait for it to drop to zero in nvmet_ns_disable() to avoid having\nI/O pending after the namespace has been disabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21850",
"url": "https://www.suse.com/security/cve/CVE-2025-21850"
},
{
"category": "external",
"summary": "SUSE Bug 1239477 for CVE-2025-21850",
"url": "https://bugzilla.suse.com/1239477"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21850"
},
{
"cve": "CVE-2025-21855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21855"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Don\u0027t reference skb after sending to VIOS\n\nPreviously, after successfully flushing the xmit buffer to VIOS,\nthe tx_bytes stat was incremented by the length of the skb.\n\nIt is invalid to access the skb memory after sending the buffer to\nthe VIOS because, at any point after sending, the VIOS can trigger\nan interrupt to free this memory. A race between reading skb-\u003elen\nand freeing the skb is possible (especially during LPM) and will\nresult in use-after-free:\n ==================================================================\n BUG: KASAN: slab-use-after-free in ibmvnic_xmit+0x75c/0x1808 [ibmvnic]\n Read of size 4 at addr c00000024eb48a70 by task hxecom/14495\n \u003c...\u003e\n Call Trace:\n [c000000118f66cf0] [c0000000018cba6c] dump_stack_lvl+0x84/0xe8 (unreliable)\n [c000000118f66d20] [c0000000006f0080] print_report+0x1a8/0x7f0\n [c000000118f66df0] [c0000000006f08f0] kasan_report+0x128/0x1f8\n [c000000118f66f00] [c0000000006f2868] __asan_load4+0xac/0xe0\n [c000000118f66f20] [c0080000046eac84] ibmvnic_xmit+0x75c/0x1808 [ibmvnic]\n [c000000118f67340] [c0000000014be168] dev_hard_start_xmit+0x150/0x358\n \u003c...\u003e\n Freed by task 0:\n kasan_save_stack+0x34/0x68\n kasan_save_track+0x2c/0x50\n kasan_save_free_info+0x64/0x108\n __kasan_mempool_poison_object+0x148/0x2d4\n napi_skb_cache_put+0x5c/0x194\n net_tx_action+0x154/0x5b8\n handle_softirqs+0x20c/0x60c\n do_softirq_own_stack+0x6c/0x88\n \u003c...\u003e\n The buggy address belongs to the object at c00000024eb48a00 which\n belongs to the cache skbuff_head_cache of size 224\n==================================================================",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21855",
"url": "https://www.suse.com/security/cve/CVE-2025-21855"
},
{
"category": "external",
"summary": "SUSE Bug 1239484 for CVE-2025-21855",
"url": "https://bugzilla.suse.com/1239484"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21855"
},
{
"cve": "CVE-2025-21856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21856"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ism: add release function for struct device\n\nAccording to device_release() in /drivers/base/core.c,\na device without a release function is a broken device\nand must be fixed.\n\nThe current code directly frees the device after calling device_add()\nwithout waiting for other kernel parts to release their references.\nThus, a reference could still be held to a struct device,\ne.g., by sysfs, leading to potential use-after-free\nissues if a proper release function is not set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21856",
"url": "https://www.suse.com/security/cve/CVE-2025-21856"
},
{
"category": "external",
"summary": "SUSE Bug 1239486 for CVE-2025-21856",
"url": "https://bugzilla.suse.com/1239486"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21856"
},
{
"cve": "CVE-2025-21857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21857"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_api: fix error handling causing NULL dereference\n\ntcf_exts_miss_cookie_base_alloc() calls xa_alloc_cyclic() which can\nreturn 1 if the allocation succeeded after wrapping. This was treated as\nan error, with value 1 returned to caller tcf_exts_init_ex() which sets\nexts-\u003eactions to NULL and returns 1 to caller fl_change().\n\nfl_change() treats err == 1 as success, calling tcf_exts_validate_ex()\nwhich calls tcf_action_init() with exts-\u003eactions as argument, where it\nis dereferenced.\n\nExample trace:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nCPU: 114 PID: 16151 Comm: handler114 Kdump: loaded Not tainted 5.14.0-503.16.1.el9_5.x86_64 #1\nRIP: 0010:tcf_action_init+0x1f8/0x2c0\nCall Trace:\n tcf_action_init+0x1f8/0x2c0\n tcf_exts_validate_ex+0x175/0x190\n fl_change+0x537/0x1120 [cls_flower]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21857",
"url": "https://www.suse.com/security/cve/CVE-2025-21857"
},
{
"category": "external",
"summary": "SUSE Bug 1239478 for CVE-2025-21857",
"url": "https://bugzilla.suse.com/1239478"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21857"
},
{
"cve": "CVE-2025-21858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngeneve: Fix use-after-free in geneve_find_dev().\n\nsyzkaller reported a use-after-free in geneve_find_dev() [0]\nwithout repro.\n\ngeneve_configure() links struct geneve_dev.next to\nnet_generic(net, geneve_net_id)-\u003egeneve_list.\n\nThe net here could differ from dev_net(dev) if IFLA_NET_NS_PID,\nIFLA_NET_NS_FD, or IFLA_TARGET_NETNSID is set.\n\nWhen dev_net(dev) is dismantled, geneve_exit_batch_rtnl() finally\ncalls unregister_netdevice_queue() for each dev in the netns,\nand later the dev is freed.\n\nHowever, its geneve_dev.next is still linked to the backend UDP\nsocket netns.\n\nThen, use-after-free will occur when another geneve dev is created\nin the netns.\n\nLet\u0027s call geneve_dellink() instead in geneve_destroy_tunnels().\n\n[0]:\nBUG: KASAN: slab-use-after-free in geneve_find_dev drivers/net/geneve.c:1295 [inline]\nBUG: KASAN: slab-use-after-free in geneve_configure+0x234/0x858 drivers/net/geneve.c:1343\nRead of size 2 at addr ffff000054d6ee24 by task syz.1.4029/13441\n\nCPU: 1 UID: 0 PID: 13441 Comm: syz.1.4029 Not tainted 6.13.0-g0ad9617c78ac #24 dc35ca22c79fb82e8e7bc5c9c9adafea898b1e3d\nHardware name: linux,dummy-virt (DT)\nCall trace:\n show_stack+0x38/0x50 arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0xbc/0x108 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x16c/0x6f0 mm/kasan/report.c:489\n kasan_report+0xc0/0x120 mm/kasan/report.c:602\n __asan_report_load2_noabort+0x20/0x30 mm/kasan/report_generic.c:379\n geneve_find_dev drivers/net/geneve.c:1295 [inline]\n geneve_configure+0x234/0x858 drivers/net/geneve.c:1343\n geneve_newlink+0xb8/0x128 drivers/net/geneve.c:1634\n rtnl_newlink_create+0x23c/0x868 net/core/rtnetlink.c:3795\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]\n rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x618/0x838 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x5fc/0x8b0 net/netlink/af_netlink.c:1892\n sock_sendmsg_nosec net/socket.c:713 [inline]\n __sock_sendmsg net/socket.c:728 [inline]\n ____sys_sendmsg+0x410/0x6f8 net/socket.c:2568\n ___sys_sendmsg+0x178/0x1d8 net/socket.c:2622\n __sys_sendmsg net/socket.c:2654 [inline]\n __do_sys_sendmsg net/socket.c:2659 [inline]\n __se_sys_sendmsg net/socket.c:2657 [inline]\n __arm64_sys_sendmsg+0x12c/0x1c8 net/socket.c:2657\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x90/0x278 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x13c/0x250 arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x54/0x70 arch/arm64/kernel/syscall.c:151\n el0_svc+0x4c/0xa8 arch/arm64/kernel/entry-common.c:744\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:762\n el0t_64_sync+0x198/0x1a0 arch/arm64/kernel/entry.S:600\n\nAllocated by task 13247:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x30/0x68 mm/kasan/common.c:68\n kasan_save_alloc_info+0x44/0x58 mm/kasan/generic.c:568\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x84/0xa0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4298 [inline]\n __kmalloc_node_noprof+0x2a0/0x560 mm/slub.c:4304\n __kvmalloc_node_noprof+0x9c/0x230 mm/util.c:645\n alloc_netdev_mqs+0xb8/0x11a0 net/core/dev.c:11470\n rtnl_create_link+0x2b8/0xb50 net/core/rtnetlink.c:3604\n rtnl_newlink_create+0x19c/0x868 net/core/rtnetlink.c:3780\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]\n rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938\n netlink_unicast_kernel net/netlink/af_n\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21858",
"url": "https://www.suse.com/security/cve/CVE-2025-21858"
},
{
"category": "external",
"summary": "SUSE Bug 1239468 for CVE-2025-21858",
"url": "https://bugzilla.suse.com/1239468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21858"
},
{
"cve": "CVE-2025-21859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21859"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: f_midi: f_midi_complete to call queue_work\n\nWhen using USB MIDI, a lock is attempted to be acquired twice through a\nre-entrant call to f_midi_transmit, causing a deadlock.\n\nFix it by using queue_work() to schedule the inner f_midi_transmit() via\na high priority work queue from the completion handler.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21859",
"url": "https://www.suse.com/security/cve/CVE-2025-21859"
},
{
"category": "external",
"summary": "SUSE Bug 1239467 for CVE-2025-21859",
"url": "https://bugzilla.suse.com/1239467"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21859"
},
{
"cve": "CVE-2025-21861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/migrate_device: don\u0027t add folio to be freed to LRU in migrate_device_finalize()\n\nIf migration succeeded, we called\nfolio_migrate_flags()-\u003emem_cgroup_migrate() to migrate the memcg from the\nold to the new folio. This will set memcg_data of the old folio to 0.\n\nSimilarly, if migration failed, memcg_data of the dst folio is left unset.\n\nIf we call folio_putback_lru() on such folios (memcg_data == 0), we will\nadd the folio to be freed to the LRU, making memcg code unhappy. Running\nthe hmm selftests:\n\n # ./hmm-tests\n ...\n # RUN hmm.hmm_device_private.migrate ...\n [ 102.078007][T14893] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7ff27d200 pfn:0x13cc00\n [ 102.079974][T14893] anon flags: 0x17ff00000020018(uptodate|dirty|swapbacked|node=0|zone=2|lastcpupid=0x7ff)\n [ 102.082037][T14893] raw: 017ff00000020018 dead000000000100 dead000000000122 ffff8881353896c9\n [ 102.083687][T14893] raw: 00000007ff27d200 0000000000000000 00000001ffffffff 0000000000000000\n [ 102.085331][T14893] page dumped because: VM_WARN_ON_ONCE_FOLIO(!memcg \u0026\u0026 !mem_cgroup_disabled())\n [ 102.087230][T14893] ------------[ cut here ]------------\n [ 102.088279][T14893] WARNING: CPU: 0 PID: 14893 at ./include/linux/memcontrol.h:726 folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.090478][T14893] Modules linked in:\n [ 102.091244][T14893] CPU: 0 UID: 0 PID: 14893 Comm: hmm-tests Not tainted 6.13.0-09623-g6c216bc522fd #151\n [ 102.093089][T14893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n [ 102.094848][T14893] RIP: 0010:folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.096104][T14893] Code: ...\n [ 102.099908][T14893] RSP: 0018:ffffc900236c37b0 EFLAGS: 00010293\n [ 102.101152][T14893] RAX: 0000000000000000 RBX: ffffea0004f30000 RCX: ffffffff8183f426\n [ 102.102684][T14893] RDX: ffff8881063cb880 RSI: ffffffff81b8117f RDI: ffff8881063cb880\n [ 102.104227][T14893] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000\n [ 102.105757][T14893] R10: 0000000000000001 R11: 0000000000000002 R12: ffffc900236c37d8\n [ 102.107296][T14893] R13: ffff888277a2bcb0 R14: 000000000000001f R15: 0000000000000000\n [ 102.108830][T14893] FS: 00007ff27dbdd740(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000\n [ 102.110643][T14893] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 102.111924][T14893] CR2: 00007ff27d400000 CR3: 000000010866e000 CR4: 0000000000750ef0\n [ 102.113478][T14893] PKRU: 55555554\n [ 102.114172][T14893] Call Trace:\n [ 102.114805][T14893] \u003cTASK\u003e\n [ 102.115397][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.116547][T14893] ? __warn.cold+0x110/0x210\n [ 102.117461][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.118667][T14893] ? report_bug+0x1b9/0x320\n [ 102.119571][T14893] ? handle_bug+0x54/0x90\n [ 102.120494][T14893] ? exc_invalid_op+0x17/0x50\n [ 102.121433][T14893] ? asm_exc_invalid_op+0x1a/0x20\n [ 102.122435][T14893] ? __wake_up_klogd.part.0+0x76/0xd0\n [ 102.123506][T14893] ? dump_page+0x4f/0x60\n [ 102.124352][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.125500][T14893] folio_batch_move_lru+0xd4/0x200\n [ 102.126577][T14893] ? __pfx_lru_add+0x10/0x10\n [ 102.127505][T14893] __folio_batch_add_and_move+0x391/0x720\n [ 102.128633][T14893] ? __pfx_lru_add+0x10/0x10\n [ 102.129550][T14893] folio_putback_lru+0x16/0x80\n [ 102.130564][T14893] migrate_device_finalize+0x9b/0x530\n [ 102.131640][T14893] dmirror_migrate_to_device.constprop.0+0x7c5/0xad0\n [ 102.133047][T14893] dmirror_fops_unlocked_ioctl+0x89b/0xc80\n\nLikely, nothing else goes wrong: putting the last folio reference will\nremove the folio from the LRU again. So besides memcg complaining, adding\nthe folio to be freed to the LRU is just an unnecessary step.\n\nThe new flow resembles what we have in migrate_folio_move(): add the dst\nto the lru, rem\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21861",
"url": "https://www.suse.com/security/cve/CVE-2025-21861"
},
{
"category": "external",
"summary": "SUSE Bug 1239483 for CVE-2025-21861",
"url": "https://bugzilla.suse.com/1239483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21861"
},
{
"cve": "CVE-2025-21862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21862"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: fix incorrect initialization order\n\nSyzkaller reports the following bug:\n\nBUG: spinlock bad magic on CPU#1, syz-executor.0/7995\n lock: 0xffff88805303f3e0, .magic: 00000000, .owner: \u003cnone\u003e/-1, .owner_cpu: 0\nCPU: 1 PID: 7995 Comm: syz-executor.0 Tainted: G E 5.10.209+ #1\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x119/0x179 lib/dump_stack.c:118\n debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline]\n do_raw_spin_lock+0x1f6/0x270 kernel/locking/spinlock_debug.c:112\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline]\n _raw_spin_lock_irqsave+0x50/0x70 kernel/locking/spinlock.c:159\n reset_per_cpu_data+0xe6/0x240 [drop_monitor]\n net_dm_cmd_trace+0x43d/0x17a0 [drop_monitor]\n genl_family_rcv_msg_doit+0x22f/0x330 net/netlink/genetlink.c:739\n genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]\n genl_rcv_msg+0x341/0x5a0 net/netlink/genetlink.c:800\n netlink_rcv_skb+0x14d/0x440 net/netlink/af_netlink.c:2497\n genl_rcv+0x29/0x40 net/netlink/genetlink.c:811\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x54b/0x800 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x914/0xe00 net/netlink/af_netlink.c:1916\n sock_sendmsg_nosec net/socket.c:651 [inline]\n __sock_sendmsg+0x157/0x190 net/socket.c:663\n ____sys_sendmsg+0x712/0x870 net/socket.c:2378\n ___sys_sendmsg+0xf8/0x170 net/socket.c:2432\n __sys_sendmsg+0xea/0x1b0 net/socket.c:2461\n do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x62/0xc7\nRIP: 0033:0x7f3f9815aee9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f3f972bf0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f3f9826d050 RCX: 00007f3f9815aee9\nRDX: 0000000020000000 RSI: 0000000020001300 RDI: 0000000000000007\nRBP: 00007f3f981b63bd R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000006e R14: 00007f3f9826d050 R15: 00007ffe01ee6768\n\nIf drop_monitor is built as a kernel module, syzkaller may have time\nto send a netlink NET_DM_CMD_START message during the module loading.\nThis will call the net_dm_monitor_start() function that uses\na spinlock that has not yet been initialized.\n\nTo fix this, let\u0027s place resource initialization above the registration\nof a generic netlink family.\n\nFound by InfoTeCS on behalf of Linux Verification Center\n(linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21862",
"url": "https://www.suse.com/security/cve/CVE-2025-21862"
},
{
"category": "external",
"summary": "SUSE Bug 1239474 for CVE-2025-21862",
"url": "https://bugzilla.suse.com/1239474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21862"
},
{
"cve": "CVE-2025-21863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21863"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: prevent opcode speculation\n\nsqe-\u003eopcode is used for different tables, make sure we santitise it\nagainst speculations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21863",
"url": "https://www.suse.com/security/cve/CVE-2025-21863"
},
{
"category": "external",
"summary": "SUSE Bug 1239475 for CVE-2025-21863",
"url": "https://bugzilla.suse.com/1239475"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21863"
},
{
"cve": "CVE-2025-21864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: drop secpath at the same time as we currently drop dst\n\nXiumei reported hitting the WARN in xfrm6_tunnel_net_exit while\nrunning tests that boil down to:\n - create a pair of netns\n - run a basic TCP test over ipcomp6\n - delete the pair of netns\n\nThe xfrm_state found on spi_byaddr was not deleted at the time we\ndelete the netns, because we still have a reference on it. This\nlingering reference comes from a secpath (which holds a ref on the\nxfrm_state), which is still attached to an skb. This skb is not\nleaked, it ends up on sk_receive_queue and then gets defer-free\u0027d by\nskb_attempt_defer_free.\n\nThe problem happens when we defer freeing an skb (push it on one CPU\u0027s\ndefer_list), and don\u0027t flush that list before the netns is deleted. In\nthat case, we still have a reference on the xfrm_state that we don\u0027t\nexpect at this point.\n\nWe already drop the skb\u0027s dst in the TCP receive path when it\u0027s no\nlonger needed, so let\u0027s also drop the secpath. At this point,\ntcp_filter has already called into the LSM hooks that may require the\nsecpath, so it should not be needed anymore. However, in some of those\nplaces, the MPTCP extension has just been attached to the skb, so we\ncannot simply drop all extensions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21864",
"url": "https://www.suse.com/security/cve/CVE-2025-21864"
},
{
"category": "external",
"summary": "SUSE Bug 1239482 for CVE-2025-21864",
"url": "https://bugzilla.suse.com/1239482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21864"
},
{
"cve": "CVE-2025-21865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21865"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().\n\nBrad Spengler reported the list_del() corruption splat in\ngtp_net_exit_batch_rtnl(). [0]\n\nCommit eb28fd76c0a0 (\"gtp: Destroy device along with udp socket\u0027s netns\ndismantle.\") added the for_each_netdev() loop in gtp_net_exit_batch_rtnl()\nto destroy devices in each netns as done in geneve and ip tunnels.\n\nHowever, this could trigger -\u003edellink() twice for the same device during\n-\u003eexit_batch_rtnl().\n\nSay we have two netns A \u0026 B and gtp device B that resides in netns B but\nwhose UDP socket is in netns A.\n\n 1. cleanup_net() processes netns A and then B.\n\n 2. gtp_net_exit_batch_rtnl() finds the device B while iterating\n netns A\u0027s gn-\u003egtp_dev_list and calls -\u003edellink().\n\n [ device B is not yet unlinked from netns B\n as unregister_netdevice_many() has not been called. ]\n\n 3. gtp_net_exit_batch_rtnl() finds the device B while iterating\n netns B\u0027s for_each_netdev() and calls -\u003edellink().\n\ngtp_dellink() cleans up the device\u0027s hash table, unlinks the dev from\ngn-\u003egtp_dev_list, and calls unregister_netdevice_queue().\n\nBasically, calling gtp_dellink() multiple times is fine unless\nCONFIG_DEBUG_LIST is enabled.\n\nLet\u0027s remove for_each_netdev() in gtp_net_exit_batch_rtnl() and\ndelegate the destruction to default_device_exit_batch() as done\nin bareudp.\n\n[0]:\nlist_del corruption, ffff8880aaa62c00-\u003enext (autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc00/0x1000 [slab object]) is LIST_POISON1 (ffffffffffffff02) (prev is 0xffffffffffffff04)\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN\nCPU: 1 UID: 0 PID: 1804 Comm: kworker/u8:7 Tainted: G T 6.12.13-grsec-full-20250211091339 #1\nTainted: [T]=RANDSTRUCT\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: netns cleanup_net\nRIP: 0010:[\u003cffffffff84947381\u003e] __list_del_entry_valid_or_report+0x141/0x200 lib/list_debug.c:58\nCode: c2 76 91 31 c0 e8 9f b1 f7 fc 0f 0b 4d 89 f0 48 c7 c1 02 ff ff ff 48 89 ea 48 89 ee 48 c7 c7 e0 c2 76 91 31 c0 e8 7f b1 f7 fc \u003c0f\u003e 0b 4d 89 e8 48 c7 c1 04 ff ff ff 48 89 ea 48 89 ee 48 c7 c7 60\nRSP: 0018:fffffe8040b4fbd0 EFLAGS: 00010283\nRAX: 00000000000000cc RBX: dffffc0000000000 RCX: ffffffff818c4054\nRDX: ffffffff84947381 RSI: ffffffff818d1512 RDI: 0000000000000000\nRBP: ffff8880aaa62c00 R08: 0000000000000001 R09: fffffbd008169f32\nR10: fffffe8040b4f997 R11: 0000000000000001 R12: a1988d84f24943e4\nR13: ffffffffffffff02 R14: ffffffffffffff04 R15: ffff8880aaa62c08\nRBX: kasan shadow of 0x0\nRCX: __wake_up_klogd.part.0+0x74/0xe0 kernel/printk/printk.c:4554\nRDX: __list_del_entry_valid_or_report+0x141/0x200 lib/list_debug.c:58\nRSI: vprintk+0x72/0x100 kernel/printk/printk_safe.c:71\nRBP: autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc00/0x1000 [slab object]\nRSP: process kstack fffffe8040b4fbd0+0x7bd0/0x8000 [kworker/u8:7+netns 1804 ]\nR09: kasan shadow of process kstack fffffe8040b4f990+0x7990/0x8000 [kworker/u8:7+netns 1804 ]\nR10: process kstack fffffe8040b4f997+0x7997/0x8000 [kworker/u8:7+netns 1804 ]\nR15: autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc08/0x1000 [slab object]\nFS: 0000000000000000(0000) GS:ffff888116000000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000748f5372c000 CR3: 0000000015408000 CR4: 00000000003406f0 shadow CR4: 00000000003406f0\nStack:\n 0000000000000000 ffffffff8a0c35e7 ffffffff8a0c3603 ffff8880aaa62c00\n ffff8880aaa62c00 0000000000000004 ffff88811145311c 0000000000000005\n 0000000000000001 ffff8880aaa62000 fffffe8040b4fd40 ffffffff8a0c360d\nCall Trace:\n \u003cTASK\u003e\n [\u003cffffffff8a0c360d\u003e] __list_del_entry_valid include/linux/list.h:131 [inline] fffffe8040b4fc28\n [\u003cffffffff8a0c360d\u003e] __list_del_entry include/linux/list.h:248 [inline] fffffe8040b4fc28\n [\u003cffffffff8a0c360d\u003e] list_del include/linux/list.h:262 [inl\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21865",
"url": "https://www.suse.com/security/cve/CVE-2025-21865"
},
{
"category": "external",
"summary": "SUSE Bug 1239481 for CVE-2025-21865",
"url": "https://bugzilla.suse.com/1239481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21865"
},
{
"cve": "CVE-2025-21866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC\n\nErhard reported the following KASAN hit while booting his PowerMac G4\nwith a KASAN-enabled kernel 6.13-rc6:\n\n BUG: KASAN: vmalloc-out-of-bounds in copy_to_kernel_nofault+0xd8/0x1c8\n Write of size 8 at addr f1000000 by task chronyd/1293\n\n CPU: 0 UID: 123 PID: 1293 Comm: chronyd Tainted: G W 6.13.0-rc6-PMacG4 #2\n Tainted: [W]=WARN\n Hardware name: PowerMac3,6 7455 0x80010303 PowerMac\n Call Trace:\n [c2437590] [c1631a84] dump_stack_lvl+0x70/0x8c (unreliable)\n [c24375b0] [c0504998] print_report+0xdc/0x504\n [c2437610] [c050475c] kasan_report+0xf8/0x108\n [c2437690] [c0505a3c] kasan_check_range+0x24/0x18c\n [c24376a0] [c03fb5e4] copy_to_kernel_nofault+0xd8/0x1c8\n [c24376c0] [c004c014] patch_instructions+0x15c/0x16c\n [c2437710] [c00731a8] bpf_arch_text_copy+0x60/0x7c\n [c2437730] [c0281168] bpf_jit_binary_pack_finalize+0x50/0xac\n [c2437750] [c0073cf4] bpf_int_jit_compile+0xb30/0xdec\n [c2437880] [c0280394] bpf_prog_select_runtime+0x15c/0x478\n [c24378d0] [c1263428] bpf_prepare_filter+0xbf8/0xc14\n [c2437990] [c12677ec] bpf_prog_create_from_user+0x258/0x2b4\n [c24379d0] [c027111c] do_seccomp+0x3dc/0x1890\n [c2437ac0] [c001d8e0] system_call_exception+0x2dc/0x420\n [c2437f30] [c00281ac] ret_from_syscall+0x0/0x2c\n --- interrupt: c00 at 0x5a1274\n NIP: 005a1274 LR: 006a3b3c CTR: 005296c8\n REGS: c2437f40 TRAP: 0c00 Tainted: G W (6.13.0-rc6-PMacG4)\n MSR: 0200f932 \u003cVEC,EE,PR,FP,ME,IR,DR,RI\u003e CR: 24004422 XER: 00000000\n\n GPR00: 00000166 af8f3fa0 a7ee3540 00000001 00000000 013b6500 005a5858 0200f932\n GPR08: 00000000 00001fe9 013d5fc8 005296c8 2822244c 00b2fcd8 00000000 af8f4b57\n GPR16: 00000000 00000001 00000000 00000000 00000000 00000001 00000000 00000002\n GPR24: 00afdbb0 00000000 00000000 00000000 006e0004 013ce060 006e7c1c 00000001\n NIP [005a1274] 0x5a1274\n LR [006a3b3c] 0x6a3b3c\n --- interrupt: c00\n\n The buggy address belongs to the virtual mapping at\n [f1000000, f1002000) created by:\n text_area_cpu_up+0x20/0x190\n\n The buggy address belongs to the physical page:\n page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x76e30\n flags: 0x80000000(zone=2)\n raw: 80000000 00000000 00000122 00000000 00000000 00000000 ffffffff 00000001\n raw: 00000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n f0ffff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n f0ffff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n \u003ef1000000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n f1000080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n f1000100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ==================================================================\n\nf8 corresponds to KASAN_VMALLOC_INVALID which means the area is not\ninitialised hence not supposed to be used yet.\n\nPowerpc text patching infrastructure allocates a virtual memory area\nusing get_vm_area() and flags it as VM_ALLOC. But that flag is meant\nto be used for vmalloc() and vmalloc() allocated memory is not\nsupposed to be used before a call to __vmalloc_node_range() which is\nnever called for that area.\n\nThat went undetected until commit e4137f08816b (\"mm, kasan, kmsan:\ninstrument copy_from/to_kernel_nofault\")\n\nThe area allocated by text_area_cpu_up() is not vmalloc memory, it is\nmapped directly on demand when needed by map_kernel_page(). There is\nno VM flag corresponding to such usage, so just pass no flag. That way\nthe area will be unpoisonned and usable immediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21866",
"url": "https://www.suse.com/security/cve/CVE-2025-21866"
},
{
"category": "external",
"summary": "SUSE Bug 1239473 for CVE-2025-21866",
"url": "https://bugzilla.suse.com/1239473"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21866"
},
{
"cve": "CVE-2025-21869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21869"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/code-patching: Disable KASAN report during patching via temporary mm\n\nErhard reports the following KASAN hit on Talos II (power9) with kernel 6.13:\n\n[ 12.028126] ==================================================================\n[ 12.028198] BUG: KASAN: user-memory-access in copy_to_kernel_nofault+0x8c/0x1a0\n[ 12.028260] Write of size 8 at addr 0000187e458f2000 by task systemd/1\n\n[ 12.028346] CPU: 87 UID: 0 PID: 1 Comm: systemd Tainted: G T 6.13.0-P9-dirty #3\n[ 12.028408] Tainted: [T]=RANDSTRUCT\n[ 12.028446] Hardware name: T2P9D01 REV 1.01 POWER9 0x4e1202 opal:skiboot-bc106a0 PowerNV\n[ 12.028500] Call Trace:\n[ 12.028536] [c000000008dbf3b0] [c000000001656a48] dump_stack_lvl+0xbc/0x110 (unreliable)\n[ 12.028609] [c000000008dbf3f0] [c0000000006e2fc8] print_report+0x6b0/0x708\n[ 12.028666] [c000000008dbf4e0] [c0000000006e2454] kasan_report+0x164/0x300\n[ 12.028725] [c000000008dbf600] [c0000000006e54d4] kasan_check_range+0x314/0x370\n[ 12.028784] [c000000008dbf640] [c0000000006e6310] __kasan_check_write+0x20/0x40\n[ 12.028842] [c000000008dbf660] [c000000000578e8c] copy_to_kernel_nofault+0x8c/0x1a0\n[ 12.028902] [c000000008dbf6a0] [c0000000000acfe4] __patch_instructions+0x194/0x210\n[ 12.028965] [c000000008dbf6e0] [c0000000000ade80] patch_instructions+0x150/0x590\n[ 12.029026] [c000000008dbf7c0] [c0000000001159bc] bpf_arch_text_copy+0x6c/0xe0\n[ 12.029085] [c000000008dbf800] [c000000000424250] bpf_jit_binary_pack_finalize+0x40/0xc0\n[ 12.029147] [c000000008dbf830] [c000000000115dec] bpf_int_jit_compile+0x3bc/0x930\n[ 12.029206] [c000000008dbf990] [c000000000423720] bpf_prog_select_runtime+0x1f0/0x280\n[ 12.029266] [c000000008dbfa00] [c000000000434b18] bpf_prog_load+0xbb8/0x1370\n[ 12.029324] [c000000008dbfb70] [c000000000436ebc] __sys_bpf+0x5ac/0x2e00\n[ 12.029379] [c000000008dbfd00] [c00000000043a228] sys_bpf+0x28/0x40\n[ 12.029435] [c000000008dbfd20] [c000000000038eb4] system_call_exception+0x334/0x610\n[ 12.029497] [c000000008dbfe50] [c00000000000c270] system_call_vectored_common+0xf0/0x280\n[ 12.029561] --- interrupt: 3000 at 0x3fff82f5cfa8\n[ 12.029608] NIP: 00003fff82f5cfa8 LR: 00003fff82f5cfa8 CTR: 0000000000000000\n[ 12.029660] REGS: c000000008dbfe80 TRAP: 3000 Tainted: G T (6.13.0-P9-dirty)\n[ 12.029735] MSR: 900000000280f032 \u003cSF,HV,VEC,VSX,EE,PR,FP,ME,IR,DR,RI\u003e CR: 42004848 XER: 00000000\n[ 12.029855] IRQMASK: 0\n GPR00: 0000000000000169 00003fffdcf789a0 00003fff83067100 0000000000000005\n GPR04: 00003fffdcf78a98 0000000000000090 0000000000000000 0000000000000008\n GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000\n GPR12: 0000000000000000 00003fff836ff7e0 c000000000010678 0000000000000000\n GPR16: 0000000000000000 0000000000000000 00003fffdcf78f28 00003fffdcf78f90\n GPR20: 0000000000000000 0000000000000000 0000000000000000 00003fffdcf78f80\n GPR24: 00003fffdcf78f70 00003fffdcf78d10 00003fff835c7239 00003fffdcf78bd8\n GPR28: 00003fffdcf78a98 0000000000000000 0000000000000000 000000011f547580\n[ 12.030316] NIP [00003fff82f5cfa8] 0x3fff82f5cfa8\n[ 12.030361] LR [00003fff82f5cfa8] 0x3fff82f5cfa8\n[ 12.030405] --- interrupt: 3000\n[ 12.030444] ==================================================================\n\nCommit c28c15b6d28a (\"powerpc/code-patching: Use temporary mm for\nRadix MMU\") is inspired from x86 but unlike x86 is doesn\u0027t disable\nKASAN reports during patching. This wasn\u0027t a problem at the begining\nbecause __patch_mem() is not instrumented.\n\nCommit 465cabc97b42 (\"powerpc/code-patching: introduce\npatch_instructions()\") use copy_to_kernel_nofault() to copy several\ninstructions at once. But when using temporary mm the destination is\nnot regular kernel memory but a kind of kernel-like memory located\nin user address space. \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21869",
"url": "https://www.suse.com/security/cve/CVE-2025-21869"
},
{
"category": "external",
"summary": "SUSE Bug 1240182 for CVE-2025-21869",
"url": "https://bugzilla.suse.com/1240182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21869"
},
{
"cve": "CVE-2025-21870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21870"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers\n\nOther, non DAI copier widgets could have the same stream name (sname) as\nthe ALH copier and in that case the copier-\u003edata is NULL, no alh_data is\nattached, which could lead to NULL pointer dereference.\nWe could check for this NULL pointer in sof_ipc4_prepare_copier_module()\nand avoid the crash, but a similar loop in sof_ipc4_widget_setup_comp_dai()\nwill miscalculate the ALH device count, causing broken audio.\n\nThe correct fix is to harden the matching logic by making sure that the\n1. widget is a DAI widget - so dai = w-\u003eprivate is valid\n2. the dai (and thus the copier) is ALH copier",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21870",
"url": "https://www.suse.com/security/cve/CVE-2025-21870"
},
{
"category": "external",
"summary": "SUSE Bug 1240191 for CVE-2025-21870",
"url": "https://bugzilla.suse.com/1240191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21870"
},
{
"cve": "CVE-2025-21871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21871"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: optee: Fix supplicant wait loop\n\nOP-TEE supplicant is a user-space daemon and it\u0027s possible for it\nbe hung or crashed or killed in the middle of processing an OP-TEE\nRPC call. It becomes more complicated when there is incorrect shutdown\nordering of the supplicant process vs the OP-TEE client application which\ncan eventually lead to system hang-up waiting for the closure of the\nclient application.\n\nAllow the client process waiting in kernel for supplicant response to\nbe killed rather than indefinitely waiting in an unkillable state. Also,\na normal uninterruptible wait should not have resulted in the hung-task\nwatchdog getting triggered, but the endless loop would.\n\nThis fixes issues observed during system reboot/shutdown when supplicant\ngot hung for some reason or gets crashed/killed which lead to client\ngetting hung in an unkillable state. It in turn lead to system being in\nhung up state requiring hard power off/on to recover.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21871",
"url": "https://www.suse.com/security/cve/CVE-2025-21871"
},
{
"category": "external",
"summary": "SUSE Bug 1240183 for CVE-2025-21871",
"url": "https://bugzilla.suse.com/1240183"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21871"
},
{
"cve": "CVE-2025-21873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21873"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: bsg: Fix crash when arpmb command fails\n\nIf the device doesn\u0027t support arpmb we\u0027ll crash due to copying user data in\nbsg_transport_sg_io_fn().\n\nIn the case where ufs_bsg_exec_advanced_rpmb_req() returns an error, do not\nset the job\u0027s reply_len.\n\nMemory crash backtrace:\n3,1290,531166405,-;ufshcd 0000:00:12.5: ARPMB OP failed: error code -22\n\n4,1308,531166555,-;Call Trace:\n\n4,1309,531166559,-; \u003cTASK\u003e\n\n4,1310,531166565,-; ? show_regs+0x6d/0x80\n\n4,1311,531166575,-; ? die+0x37/0xa0\n\n4,1312,531166583,-; ? do_trap+0xd4/0xf0\n\n4,1313,531166593,-; ? do_error_trap+0x71/0xb0\n\n4,1314,531166601,-; ? usercopy_abort+0x6c/0x80\n\n4,1315,531166610,-; ? exc_invalid_op+0x52/0x80\n\n4,1316,531166622,-; ? usercopy_abort+0x6c/0x80\n\n4,1317,531166630,-; ? asm_exc_invalid_op+0x1b/0x20\n\n4,1318,531166643,-; ? usercopy_abort+0x6c/0x80\n\n4,1319,531166652,-; __check_heap_object+0xe3/0x120\n\n4,1320,531166661,-; check_heap_object+0x185/0x1d0\n\n4,1321,531166670,-; __check_object_size.part.0+0x72/0x150\n\n4,1322,531166679,-; __check_object_size+0x23/0x30\n\n4,1323,531166688,-; bsg_transport_sg_io_fn+0x314/0x3b0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21873",
"url": "https://www.suse.com/security/cve/CVE-2025-21873"
},
{
"category": "external",
"summary": "SUSE Bug 1240184 for CVE-2025-21873",
"url": "https://bugzilla.suse.com/1240184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21873"
},
{
"cve": "CVE-2025-21875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21875"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: always handle address removal under msk socket lock\n\nSyzkaller reported a lockdep splat in the PM control path:\n\n WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 sock_owned_by_me include/net/sock.h:1711 [inline]\n WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 msk_owned_by_me net/mptcp/protocol.h:363 [inline]\n WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 mptcp_pm_nl_addr_send_ack+0x57c/0x610 net/mptcp/pm_netlink.c:788\n Modules linked in:\n CPU: 0 UID: 0 PID: 6693 Comm: syz.0.205 Not tainted 6.14.0-rc2-syzkaller-00303-gad1b832bf1cf #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024\n RIP: 0010:sock_owned_by_me include/net/sock.h:1711 [inline]\n RIP: 0010:msk_owned_by_me net/mptcp/protocol.h:363 [inline]\n RIP: 0010:mptcp_pm_nl_addr_send_ack+0x57c/0x610 net/mptcp/pm_netlink.c:788\n Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 ca 7b d3 f5 eb b9 e8 c3 7b d3 f5 90 0f 0b 90 e9 dd fb ff ff e8 b5 7b d3 f5 90 \u003c0f\u003e 0b 90 e9 3e fb ff ff 44 89 f1 80 e1 07 38 c1 0f 8c eb fb ff ff\n RSP: 0000:ffffc900034f6f60 EFLAGS: 00010283\n RAX: ffffffff8bee3c2b RBX: 0000000000000001 RCX: 0000000000080000\n RDX: ffffc90004d42000 RSI: 000000000000a407 RDI: 000000000000a408\n RBP: ffffc900034f7030 R08: ffffffff8bee37f6 R09: 0100000000000000\n R10: dffffc0000000000 R11: ffffed100bcc62e4 R12: ffff88805e6316e0\n R13: ffff88805e630c00 R14: dffffc0000000000 R15: ffff88805e630c00\n FS: 00007f7e9a7e96c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000001b2fd18ff8 CR3: 0000000032c24000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n mptcp_pm_remove_addr+0x103/0x1d0 net/mptcp/pm.c:59\n mptcp_pm_remove_anno_addr+0x1f4/0x2f0 net/mptcp/pm_netlink.c:1486\n mptcp_nl_remove_subflow_and_signal_addr net/mptcp/pm_netlink.c:1518 [inline]\n mptcp_pm_nl_del_addr_doit+0x118d/0x1af0 net/mptcp/pm_netlink.c:1629\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb1f/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x206/0x480 net/netlink/af_netlink.c:2543\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x8de/0xcb0 net/netlink/af_netlink.c:1892\n sock_sendmsg_nosec net/socket.c:718 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:733\n ____sys_sendmsg+0x53a/0x860 net/socket.c:2573\n ___sys_sendmsg net/socket.c:2627 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2659\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f7e9998cde9\n Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007f7e9a7e9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f7e99ba5fa0 RCX: 00007f7e9998cde9\n RDX: 000000002000c094 RSI: 0000400000000000 RDI: 0000000000000007\n RBP: 00007f7e99a0e2a0 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 0000000000000000 R14: 00007f7e99ba5fa0 R15: 00007fff49231088\n\nIndeed the PM can try to send a RM_ADDR over a msk without acquiring\nfirst the msk socket lock.\n\nThe bugged code-path comes from an early optimization: when there\nare no subflows, the PM should (usually) not send RM_ADDR\nnotifications.\n\nThe above statement is incorrect, as without locks another process\ncould concur\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21875",
"url": "https://www.suse.com/security/cve/CVE-2025-21875"
},
{
"category": "external",
"summary": "SUSE Bug 1240168 for CVE-2025-21875",
"url": "https://bugzilla.suse.com/1240168"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21875"
},
{
"cve": "CVE-2025-21876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21876"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix suspicious RCU usage\n\nCommit \u003cd74169ceb0d2\u003e (\"iommu/vt-d: Allocate DMAR fault interrupts\nlocally\") moved the call to enable_drhd_fault_handling() to a code\npath that does not hold any lock while traversing the drhd list. Fix\nit by ensuring the dmar_global_lock lock is held when traversing the\ndrhd list.\n\nWithout this fix, the following warning is triggered:\n =============================\n WARNING: suspicious RCU usage\n 6.14.0-rc3 #55 Not tainted\n -----------------------------\n drivers/iommu/intel/dmar.c:2046 RCU-list traversed in non-reader section!!\n other info that might help us debug this:\n rcu_scheduler_active = 1, debug_locks = 1\n 2 locks held by cpuhp/1/23:\n #0: ffffffff84a67c50 (cpu_hotplug_lock){++++}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0\n #1: ffffffff84a6a380 (cpuhp_state-up){+.+.}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0\n stack backtrace:\n CPU: 1 UID: 0 PID: 23 Comm: cpuhp/1 Not tainted 6.14.0-rc3 #55\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xb7/0xd0\n lockdep_rcu_suspicious+0x159/0x1f0\n ? __pfx_enable_drhd_fault_handling+0x10/0x10\n enable_drhd_fault_handling+0x151/0x180\n cpuhp_invoke_callback+0x1df/0x990\n cpuhp_thread_fun+0x1ea/0x2c0\n smpboot_thread_fn+0x1f5/0x2e0\n ? __pfx_smpboot_thread_fn+0x10/0x10\n kthread+0x12a/0x2d0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x4a/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nHolding the lock in enable_drhd_fault_handling() triggers a lockdep splat\nabout a possible deadlock between dmar_global_lock and cpu_hotplug_lock.\nThis is avoided by not holding dmar_global_lock when calling\niommu_device_register(), which initiates the device probe process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21876",
"url": "https://www.suse.com/security/cve/CVE-2025-21876"
},
{
"category": "external",
"summary": "SUSE Bug 1240179 for CVE-2025-21876",
"url": "https://bugzilla.suse.com/1240179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21876"
},
{
"cve": "CVE-2025-21877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21877"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: gl620a: fix endpoint checking in genelink_bind()\n\nSyzbot reports [1] a warning in usb_submit_urb() triggered by\ninconsistencies between expected and actually present endpoints\nin gl620a driver. Since genelink_bind() does not properly\nverify whether specified eps are in fact provided by the device,\nin this case, an artificially manufactured one, one may get a\nmismatch.\n\nFix the issue by resorting to a usbnet utility function\nusbnet_get_endpoints(), usually reserved for this very problem.\nCheck for endpoints and return early before proceeding further if\nany are missing.\n\n[1] Syzbot report:\nusb 5-1: Manufacturer: syz\nusb 5-1: SerialNumber: syz\nusb 5-1: config 0 descriptor??\ngl620a 5-1:0.23 usb0: register \u0027gl620a\u0027 at usb-dummy_hcd.0-1, ...\n------------[ cut here ]------------\nusb 5-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 2 PID: 1841 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\nModules linked in:\nCPU: 2 UID: 0 PID: 1841 Comm: kworker/2:2 Not tainted 6.12.0-syzkaller-07834-g06afb0f36106 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: mld mld_ifc_work\nRIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\n...\nCall Trace:\n \u003cTASK\u003e\n usbnet_start_xmit+0x6be/0x2780 drivers/net/usb/usbnet.c:1467\n __netdev_start_xmit include/linux/netdevice.h:5002 [inline]\n netdev_start_xmit include/linux/netdevice.h:5011 [inline]\n xmit_one net/core/dev.c:3590 [inline]\n dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3606\n sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343\n __dev_xmit_skb net/core/dev.c:3827 [inline]\n __dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4400\n dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n neigh_resolve_output net/core/neighbour.c:1514 [inline]\n neigh_resolve_output+0x5bc/0x950 net/core/neighbour.c:1494\n neigh_output include/net/neighbour.h:539 [inline]\n ip6_finish_output2+0xb1b/0x2070 net/ipv6/ip6_output.c:141\n __ip6_finish_output net/ipv6/ip6_output.c:215 [inline]\n ip6_finish_output+0x3f9/0x1360 net/ipv6/ip6_output.c:226\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip6_output+0x1f8/0x540 net/ipv6/ip6_output.c:247\n dst_output include/net/dst.h:450 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netfilter.h:308 [inline]\n mld_sendpack+0x9f0/0x11d0 net/ipv6/mcast.c:1819\n mld_send_cr net/ipv6/mcast.c:2120 [inline]\n mld_ifc_work+0x740/0xca0 net/ipv6/mcast.c:2651\n process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21877",
"url": "https://www.suse.com/security/cve/CVE-2025-21877"
},
{
"category": "external",
"summary": "SUSE Bug 1240172 for CVE-2025-21877",
"url": "https://bugzilla.suse.com/1240172"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21877"
},
{
"cve": "CVE-2025-21878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21878"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: npcm: disable interrupt enable bit before devm_request_irq\n\nThe customer reports that there is a soft lockup issue related to\nthe i2c driver. After checking, the i2c module was doing a tx transfer\nand the bmc machine reboots in the middle of the i2c transaction, the i2c\nmodule keeps the status without being reset.\n\nDue to such an i2c module status, the i2c irq handler keeps getting\ntriggered since the i2c irq handler is registered in the kernel booting\nprocess after the bmc machine is doing a warm rebooting.\nThe continuous triggering is stopped by the soft lockup watchdog timer.\n\nDisable the interrupt enable bit in the i2c module before calling\ndevm_request_irq to fix this issue since the i2c relative status bit\nis read-only.\n\nHere is the soft lockup log.\n[ 28.176395] watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [swapper/0:1]\n[ 28.183351] Modules linked in:\n[ 28.186407] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.15.120-yocto-s-dirty-bbebc78 #1\n[ 28.201174] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 28.208128] pc : __do_softirq+0xb0/0x368\n[ 28.212055] lr : __do_softirq+0x70/0x368\n[ 28.215972] sp : ffffff8035ebca00\n[ 28.219278] x29: ffffff8035ebca00 x28: 0000000000000002 x27: ffffff80071a3780\n[ 28.226412] x26: ffffffc008bdc000 x25: ffffffc008bcc640 x24: ffffffc008be50c0\n[ 28.233546] x23: ffffffc00800200c x22: 0000000000000000 x21: 000000000000001b\n[ 28.240679] x20: 0000000000000000 x19: ffffff80001c3200 x18: ffffffffffffffff\n[ 28.247812] x17: ffffffc02d2e0000 x16: ffffff8035eb8b40 x15: 00001e8480000000\n[ 28.254945] x14: 02c3647e37dbfcb6 x13: 02c364f2ab14200c x12: 0000000002c364f2\n[ 28.262078] x11: 00000000fa83b2da x10: 000000000000b67e x9 : ffffffc008010250\n[ 28.269211] x8 : 000000009d983d00 x7 : 7fffffffffffffff x6 : 0000036d74732434\n[ 28.276344] x5 : 00ffffffffffffff x4 : 0000000000000015 x3 : 0000000000000198\n[ 28.283476] x2 : ffffffc02d2e0000 x1 : 00000000000000e0 x0 : ffffffc008bdcb40\n[ 28.290611] Call trace:\n[ 28.293052] __do_softirq+0xb0/0x368\n[ 28.296625] __irq_exit_rcu+0xe0/0x100\n[ 28.300374] irq_exit+0x14/0x20\n[ 28.303513] handle_domain_irq+0x68/0x90\n[ 28.307440] gic_handle_irq+0x78/0xb0\n[ 28.311098] call_on_irq_stack+0x20/0x38\n[ 28.315019] do_interrupt_handler+0x54/0x5c\n[ 28.319199] el1_interrupt+0x2c/0x4c\n[ 28.322777] el1h_64_irq_handler+0x14/0x20\n[ 28.326872] el1h_64_irq+0x74/0x78\n[ 28.330269] __setup_irq+0x454/0x780\n[ 28.333841] request_threaded_irq+0xd0/0x1b4\n[ 28.338107] devm_request_threaded_irq+0x84/0x100\n[ 28.342809] npcm_i2c_probe_bus+0x188/0x3d0\n[ 28.346990] platform_probe+0x6c/0xc4\n[ 28.350653] really_probe+0xcc/0x45c\n[ 28.354227] __driver_probe_device+0x8c/0x160\n[ 28.358578] driver_probe_device+0x44/0xe0\n[ 28.362670] __driver_attach+0x124/0x1d0\n[ 28.366589] bus_for_each_dev+0x7c/0xe0\n[ 28.370426] driver_attach+0x28/0x30\n[ 28.373997] bus_add_driver+0x124/0x240\n[ 28.377830] driver_register+0x7c/0x124\n[ 28.381662] __platform_driver_register+0x2c/0x34\n[ 28.386362] npcm_i2c_init+0x3c/0x5c\n[ 28.389937] do_one_initcall+0x74/0x230\n[ 28.393768] kernel_init_freeable+0x24c/0x2b4\n[ 28.398126] kernel_init+0x28/0x130\n[ 28.401614] ret_from_fork+0x10/0x20\n[ 28.405189] Kernel panic - not syncing: softlockup: hung tasks\n[ 28.411011] SMP: stopping secondary CPUs\n[ 28.414933] Kernel Offset: disabled\n[ 28.418412] CPU features: 0x00000000,00000802\n[ 28.427644] Rebooting in 20 seconds..",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21878",
"url": "https://www.suse.com/security/cve/CVE-2025-21878"
},
{
"category": "external",
"summary": "SUSE Bug 1240192 for CVE-2025-21878",
"url": "https://bugzilla.suse.com/1240192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21878"
},
{
"cve": "CVE-2025-21881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nuprobes: Reject the shared zeropage in uprobe_write_opcode()\n\nWe triggered the following crash in syzkaller tests:\n\n BUG: Bad page state in process syz.7.38 pfn:1eff3\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eff3\n flags: 0x3fffff00004004(referenced|reserved|node=0|zone=1|lastcpupid=0x1fffff)\n raw: 003fffff00004004 ffffe6c6c07bfcc8 ffffe6c6c07bfcc8 0000000000000000\n raw: 0000000000000000 0000000000000000 00000000fffffffe 0000000000000000\n page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x32/0x50\n bad_page+0x69/0xf0\n free_unref_page_prepare+0x401/0x500\n free_unref_page+0x6d/0x1b0\n uprobe_write_opcode+0x460/0x8e0\n install_breakpoint.part.0+0x51/0x80\n register_for_each_vma+0x1d9/0x2b0\n __uprobe_register+0x245/0x300\n bpf_uprobe_multi_link_attach+0x29b/0x4f0\n link_create+0x1e2/0x280\n __sys_bpf+0x75f/0xac0\n __x64_sys_bpf+0x1a/0x30\n do_syscall_64+0x56/0x100\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\n BUG: Bad rss-counter state mm:00000000452453e0 type:MM_FILEPAGES val:-1\n\nThe following syzkaller test case can be used to reproduce:\n\n r2 = creat(\u0026(0x7f0000000000)=\u0027./file0\\x00\u0027, 0x8)\n write$nbd(r2, \u0026(0x7f0000000580)=ANY=[], 0x10)\n r4 = openat(0xffffffffffffff9c, \u0026(0x7f0000000040)=\u0027./file0\\x00\u0027, 0x42, 0x0)\n mmap$IORING_OFF_SQ_RING(\u0026(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r4, 0x0)\n r5 = userfaultfd(0x80801)\n ioctl$UFFDIO_API(r5, 0xc018aa3f, \u0026(0x7f0000000040)={0xaa, 0x20})\n r6 = userfaultfd(0x80801)\n ioctl$UFFDIO_API(r6, 0xc018aa3f, \u0026(0x7f0000000140))\n ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, \u0026(0x7f0000000100)={{\u0026(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x2})\n ioctl$UFFDIO_ZEROPAGE(r5, 0xc020aa04, \u0026(0x7f0000000000)={{\u0026(0x7f0000ffd000/0x1000)=nil, 0x1000}})\n r7 = bpf$PROG_LOAD(0x5, \u0026(0x7f0000000140)={0x2, 0x3, \u0026(0x7f0000000200)=ANY=[@ANYBLOB=\"1800000000120000000000000000000095\"], \u0026(0x7f0000000000)=\u0027GPL\\x00\u0027, 0x7, 0x0, 0x0, 0x0, 0x0, \u0027\\x00\u0027, 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)\n bpf$BPF_LINK_CREATE_XDP(0x1c, \u0026(0x7f0000000040)={r7, 0x0, 0x30, 0x1e, @val=@uprobe_multi={\u0026(0x7f0000000080)=\u0027./file0\\x00\u0027, \u0026(0x7f0000000100)=[0x2], 0x0, 0x0, 0x1}}, 0x40)\n\nThe cause is that zero pfn is set to the PTE without increasing the RSS\ncount in mfill_atomic_pte_zeropage() and the refcount of zero folio does\nnot increase accordingly. Then, the operation on the same pfn is performed\nin uprobe_write_opcode()-\u003e__replace_page() to unconditional decrease the\nRSS count and old_folio\u0027s refcount.\n\nTherefore, two bugs are introduced:\n\n 1. The RSS count is incorrect, when process exit, the check_mm() report\n error \"Bad rss-count\".\n\n 2. The reserved folio (zero folio) is freed when folio-\u003erefcount is zero,\n then free_pages_prepare-\u003efree_page_is_bad() report error\n \"Bad page state\".\n\nThere is more, the following warning could also theoretically be triggered:\n\n __replace_page()\n -\u003e ...\n -\u003e folio_remove_rmap_pte()\n -\u003e VM_WARN_ON_FOLIO(is_zero_folio(folio), folio)\n\nConsidering that uprobe hit on the zero folio is a very rare case, just\nreject zero old folio immediately after get_user_page_vma_remote().\n\n[ mingo: Cleaned up the changelog ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21881",
"url": "https://www.suse.com/security/cve/CVE-2025-21881"
},
{
"category": "external",
"summary": "SUSE Bug 1240185 for CVE-2025-21881",
"url": "https://bugzilla.suse.com/1240185"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21881"
},
{
"cve": "CVE-2025-21883",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21883"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix deinitializing VF in error path\n\nIf ice_ena_vfs() fails after calling ice_create_vf_entries(), it frees\nall VFs without removing them from snapshot PF-VF mailbox list, leading\nto list corruption.\n\nReproducer:\n devlink dev eswitch set $PF1_PCI mode switchdev\n ip l s $PF1 up\n ip l s $PF1 promisc on\n sleep 1\n echo 1 \u003e /sys/class/net/$PF1/device/sriov_numvfs\n sleep 1\n echo 1 \u003e /sys/class/net/$PF1/device/sriov_numvfs\n\nTrace (minimized):\n list_add corruption. next-\u003eprev should be prev (ffff8882e241c6f0), but was 0000000000000000. (next=ffff888455da1330).\n kernel BUG at lib/list_debug.c:29!\n RIP: 0010:__list_add_valid_or_report+0xa6/0x100\n ice_mbx_init_vf_info+0xa7/0x180 [ice]\n ice_initialize_vf_entry+0x1fa/0x250 [ice]\n ice_sriov_configure+0x8d7/0x1520 [ice]\n ? __percpu_ref_switch_mode+0x1b1/0x5d0\n ? __pfx_ice_sriov_configure+0x10/0x10 [ice]\n\nSometimes a KASAN report can be seen instead with a similar stack trace:\n BUG: KASAN: use-after-free in __list_add_valid_or_report+0xf1/0x100\n\nVFs are added to this list in ice_mbx_init_vf_info(), but only removed\nin ice_free_vfs(). Move the removing to ice_free_vf_entries(), which is\nalso being called in other places where VFs are being removed (including\nice_free_vfs() itself).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21883",
"url": "https://www.suse.com/security/cve/CVE-2025-21883"
},
{
"category": "external",
"summary": "SUSE Bug 1240189 for CVE-2025-21883",
"url": "https://bugzilla.suse.com/1240189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21883"
},
{
"cve": "CVE-2025-21884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: better track kernel sockets lifetime\n\nWhile kernel sockets are dismantled during pernet_operations-\u003eexit(),\ntheir freeing can be delayed by any tx packets still held in qdisc\nor device queues, due to skb_set_owner_w() prior calls.\n\nThis then trigger the following warning from ref_tracker_dir_exit() [1]\n\nTo fix this, make sure that kernel sockets own a reference on net-\u003epassive.\n\nAdd sk_net_refcnt_upgrade() helper, used whenever a kernel socket\nis converted to a refcounted one.\n\n[1]\n\n[ 136.263918][ T35] ref_tracker: net notrefcnt@ffff8880638f01e0 has 1/2 users at\n[ 136.263918][ T35] sk_alloc+0x2b3/0x370\n[ 136.263918][ T35] inet6_create+0x6ce/0x10f0\n[ 136.263918][ T35] __sock_create+0x4c0/0xa30\n[ 136.263918][ T35] inet_ctl_sock_create+0xc2/0x250\n[ 136.263918][ T35] igmp6_net_init+0x39/0x390\n[ 136.263918][ T35] ops_init+0x31e/0x590\n[ 136.263918][ T35] setup_net+0x287/0x9e0\n[ 136.263918][ T35] copy_net_ns+0x33f/0x570\n[ 136.263918][ T35] create_new_namespaces+0x425/0x7b0\n[ 136.263918][ T35] unshare_nsproxy_namespaces+0x124/0x180\n[ 136.263918][ T35] ksys_unshare+0x57d/0xa70\n[ 136.263918][ T35] __x64_sys_unshare+0x38/0x40\n[ 136.263918][ T35] do_syscall_64+0xf3/0x230\n[ 136.263918][ T35] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 136.263918][ T35]\n[ 136.343488][ T35] ref_tracker: net notrefcnt@ffff8880638f01e0 has 1/2 users at\n[ 136.343488][ T35] sk_alloc+0x2b3/0x370\n[ 136.343488][ T35] inet6_create+0x6ce/0x10f0\n[ 136.343488][ T35] __sock_create+0x4c0/0xa30\n[ 136.343488][ T35] inet_ctl_sock_create+0xc2/0x250\n[ 136.343488][ T35] ndisc_net_init+0xa7/0x2b0\n[ 136.343488][ T35] ops_init+0x31e/0x590\n[ 136.343488][ T35] setup_net+0x287/0x9e0\n[ 136.343488][ T35] copy_net_ns+0x33f/0x570\n[ 136.343488][ T35] create_new_namespaces+0x425/0x7b0\n[ 136.343488][ T35] unshare_nsproxy_namespaces+0x124/0x180\n[ 136.343488][ T35] ksys_unshare+0x57d/0xa70\n[ 136.343488][ T35] __x64_sys_unshare+0x38/0x40\n[ 136.343488][ T35] do_syscall_64+0xf3/0x230\n[ 136.343488][ T35] entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21884",
"url": "https://www.suse.com/security/cve/CVE-2025-21884"
},
{
"category": "external",
"summary": "SUSE Bug 1240171 for CVE-2025-21884",
"url": "https://bugzilla.suse.com/1240171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21884"
},
{
"cve": "CVE-2025-21885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21885"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix the page details for the srq created by kernel consumers\n\nWhile using nvme target with use_srq on, below kernel panic is noticed.\n\n[ 549.698111] bnxt_en 0000:41:00.0 enp65s0np0: FEC autoneg off encoding: Clause 91 RS(544,514)\n[ 566.393619] Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI\n..\n[ 566.393799] \u003cTASK\u003e\n[ 566.393807] ? __die_body+0x1a/0x60\n[ 566.393823] ? die+0x38/0x60\n[ 566.393835] ? do_trap+0xe4/0x110\n[ 566.393847] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393867] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393881] ? do_error_trap+0x7c/0x120\n[ 566.393890] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393911] ? exc_divide_error+0x34/0x50\n[ 566.393923] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393939] ? asm_exc_divide_error+0x16/0x20\n[ 566.393966] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393997] bnxt_qplib_create_srq+0xc9/0x340 [bnxt_re]\n[ 566.394040] bnxt_re_create_srq+0x335/0x3b0 [bnxt_re]\n[ 566.394057] ? srso_return_thunk+0x5/0x5f\n[ 566.394068] ? __init_swait_queue_head+0x4a/0x60\n[ 566.394090] ib_create_srq_user+0xa7/0x150 [ib_core]\n[ 566.394147] nvmet_rdma_queue_connect+0x7d0/0xbe0 [nvmet_rdma]\n[ 566.394174] ? lock_release+0x22c/0x3f0\n[ 566.394187] ? srso_return_thunk+0x5/0x5f\n\nPage size and shift info is set only for the user space SRQs.\nSet page size and page shift for kernel space SRQs also.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21885",
"url": "https://www.suse.com/security/cve/CVE-2025-21885"
},
{
"category": "external",
"summary": "SUSE Bug 1240169 for CVE-2025-21885",
"url": "https://bugzilla.suse.com/1240169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21885"
},
{
"cve": "CVE-2025-21886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21886"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix implicit ODP hang on parent deregistration\n\nFix the destroy_unused_implicit_child_mr() to prevent hanging during\nparent deregistration as of below [1].\n\nUpon entering destroy_unused_implicit_child_mr(), the reference count\nfor the implicit MR parent is incremented using:\nrefcount_inc_not_zero().\n\nA corresponding decrement must be performed if\nfree_implicit_child_mr_work() is not called.\n\nThe code has been updated to properly manage the reference count that\nwas incremented.\n\n[1]\nINFO: task python3:2157 blocked for more than 120 seconds.\nNot tainted 6.12.0-rc7+ #1633\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:python3 state:D stack:0 pid:2157 tgid:2157 ppid:1685 flags:0x00000000\nCall Trace:\n\u003cTASK\u003e\n__schedule+0x420/0xd30\nschedule+0x47/0x130\n__mlx5_ib_dereg_mr+0x379/0x5d0 [mlx5_ib]\n? __pfx_autoremove_wake_function+0x10/0x10\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0x116/0x170 [ib_uverbs]\n? lock_release+0xc6/0x280\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n __x64_sys_ioctl+0x1b0/0xa70\n? kmem_cache_free+0x221/0x400\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f20f21f017b\nRSP: 002b:00007ffcfc4a77c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffcfc4a78d8 RCX: 00007f20f21f017b\nRDX: 00007ffcfc4a78c0 RSI: 00000000c0181b01 RDI: 0000000000000003\nRBP: 00007ffcfc4a78a0 R08: 000056147d125190 R09: 00007f20f1f14c60\nR10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcfc4a7890\nR13: 000000000000001c R14: 000056147d100fc0 R15: 00007f20e365c9d0\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21886",
"url": "https://www.suse.com/security/cve/CVE-2025-21886"
},
{
"category": "external",
"summary": "SUSE Bug 1240188 for CVE-2025-21886",
"url": "https://bugzilla.suse.com/1240188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21886"
},
{
"cve": "CVE-2025-21887",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21887"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\novl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up\n\nThe issue was caused by dput(upper) being called before\novl_dentry_update_reval(), while upper-\u003ed_flags was still\naccessed in ovl_dentry_remote().\n\nMove dput(upper) after its last use to prevent use-after-free.\n\nBUG: KASAN: slab-use-after-free in ovl_dentry_remote fs/overlayfs/util.c:162 [inline]\nBUG: KASAN: slab-use-after-free in ovl_dentry_update_reval+0xd2/0xf0 fs/overlayfs/util.c:167\n\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n ovl_dentry_remote fs/overlayfs/util.c:162 [inline]\n ovl_dentry_update_reval+0xd2/0xf0 fs/overlayfs/util.c:167\n ovl_link_up fs/overlayfs/copy_up.c:610 [inline]\n ovl_copy_up_one+0x2105/0x3490 fs/overlayfs/copy_up.c:1170\n ovl_copy_up_flags+0x18d/0x200 fs/overlayfs/copy_up.c:1223\n ovl_rename+0x39e/0x18c0 fs/overlayfs/dir.c:1136\n vfs_rename+0xf84/0x20a0 fs/namei.c:4893\n...\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21887",
"url": "https://www.suse.com/security/cve/CVE-2025-21887"
},
{
"category": "external",
"summary": "SUSE Bug 1240176 for CVE-2025-21887",
"url": "https://bugzilla.suse.com/1240176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21887"
},
{
"cve": "CVE-2025-21888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21888"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix a WARN during dereg_mr for DM type\n\nMemory regions (MR) of type DM (device memory) do not have an associated\numem.\n\nIn the __mlx5_ib_dereg_mr() -\u003e mlx5_free_priv_descs() flow, the code\nincorrectly takes the wrong branch, attempting to call\ndma_unmap_single() on a DMA address that is not mapped.\n\nThis results in a WARN [1], as shown below.\n\nThe issue is resolved by properly accounting for the DM type and\nensuring the correct branch is selected in mlx5_free_priv_descs().\n\n[1]\nWARNING: CPU: 12 PID: 1346 at drivers/iommu/dma-iommu.c:1230 iommu_dma_unmap_page+0x79/0x90\nModules linked in: ip6table_mangle ip6table_nat ip6table_filter ip6_tables iptable_mangle xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry ovelay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core fuse mlx5_core\nCPU: 12 UID: 0 PID: 1346 Comm: ibv_rc_pingpong Not tainted 6.12.0-rc7+ #1631\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:iommu_dma_unmap_page+0x79/0x90\nCode: 2b 49 3b 29 72 26 49 3b 69 08 73 20 4d 89 f0 44 89 e9 4c 89 e2 48 89 ee 48 89 df 5b 5d 41 5c 41 5d 41 5e 41 5f e9 07 b8 88 ff \u003c0f\u003e 0b 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 66 0f 1f 44 00\nRSP: 0018:ffffc90001913a10 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88810194b0a8 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001\nRBP: ffff88810194b0a8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f537abdd740(0000) GS:ffff88885fb00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f537aeb8000 CR3: 000000010c248001 CR4: 0000000000372eb0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x84/0x190\n? iommu_dma_unmap_page+0x79/0x90\n? report_bug+0xf8/0x1c0\n? handle_bug+0x55/0x90\n? exc_invalid_op+0x13/0x60\n? asm_exc_invalid_op+0x16/0x20\n? iommu_dma_unmap_page+0x79/0x90\ndma_unmap_page_attrs+0xe6/0x290\nmlx5_free_priv_descs+0xb0/0xe0 [mlx5_ib]\n__mlx5_ib_dereg_mr+0x37e/0x520 [mlx5_ib]\n? _raw_spin_unlock_irq+0x24/0x40\n? wait_for_completion+0xfe/0x130\n? rdma_restrack_put+0x63/0xe0 [ib_core]\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0x116/0x170 [ib_uverbs]\n? lock_release+0xc6/0x280\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n__x64_sys_ioctl+0x1b0/0xa70\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f537adaf17b\nCode: 0f 1e fa 48 8b 05 1d ad 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d ed ac 0c 00 f7 d8 64 89 01 48\nRSP: 002b:00007ffff218f0b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffff218f1d8 RCX: 00007f537adaf17b\nRDX: 00007ffff218f1c0 RSI: 00000000c0181b01 RDI: 0000000000000003\nRBP: 00007ffff218f1a0 R08: 00007f537aa8d010 R09: 0000561ee2e4f270\nR10: 00007f537aace3a8 R11: 0000000000000246 R12: 00007ffff218f190\nR13: 000000000000001c R14: 0000561ee2e4d7c0 R15: 00007ffff218f450\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21888",
"url": "https://www.suse.com/security/cve/CVE-2025-21888"
},
{
"category": "external",
"summary": "SUSE Bug 1240177 for CVE-2025-21888",
"url": "https://bugzilla.suse.com/1240177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21888"
},
{
"cve": "CVE-2025-21889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Add RCU read lock protection to perf_iterate_ctx()\n\nThe perf_iterate_ctx() function performs RCU list traversal but\ncurrently lacks RCU read lock protection. This causes lockdep warnings\nwhen running perf probe with unshare(1) under CONFIG_PROVE_RCU_LIST=y:\n\n\tWARNING: suspicious RCU usage\n\tkernel/events/core.c:8168 RCU-list traversed in non-reader section!!\n\n\t Call Trace:\n\t lockdep_rcu_suspicious\n\t ? perf_event_addr_filters_apply\n\t perf_iterate_ctx\n\t perf_event_exec\n\t begin_new_exec\n\t ? load_elf_phdrs\n\t load_elf_binary\n\t ? lock_acquire\n\t ? find_held_lock\n\t ? bprm_execve\n\t bprm_execve\n\t do_execveat_common.isra.0\n\t __x64_sys_execve\n\t do_syscall_64\n\t entry_SYSCALL_64_after_hwframe\n\nThis protection was previously present but was removed in commit\nbd2756811766 (\"perf: Rewrite core context handling\"). Add back the\nnecessary rcu_read_lock()/rcu_read_unlock() pair around\nperf_iterate_ctx() call in perf_event_exec().\n\n[ mingo: Use scoped_guard() as suggested by Peter ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21889",
"url": "https://www.suse.com/security/cve/CVE-2025-21889"
},
{
"category": "external",
"summary": "SUSE Bug 1240167 for CVE-2025-21889",
"url": "https://bugzilla.suse.com/1240167"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21889"
},
{
"cve": "CVE-2025-21890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21890"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix checksums set in idpf_rx_rsc()\n\nidpf_rx_rsc() uses skb_transport_offset(skb) while the transport header\nis not set yet.\n\nThis triggers the following warning for CONFIG_DEBUG_NET=y builds.\n\nDEBUG_NET_WARN_ON_ONCE(!skb_transport_header_was_set(skb))\n\n[ 69.261620] WARNING: CPU: 7 PID: 0 at ./include/linux/skbuff.h:3020 idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261629] Modules linked in: vfat fat dummy bridge intel_uncore_frequency_tpmi intel_uncore_frequency_common intel_vsec_tpmi idpf intel_vsec cdc_ncm cdc_eem cdc_ether usbnet mii xhci_pci xhci_hcd ehci_pci ehci_hcd libeth\n[ 69.261644] CPU: 7 UID: 0 PID: 0 Comm: swapper/7 Tainted: G S W 6.14.0-smp-DEV #1697\n[ 69.261648] Tainted: [S]=CPU_OUT_OF_SPEC, [W]=WARN\n[ 69.261650] RIP: 0010:idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261677] ? __warn (kernel/panic.c:242 kernel/panic.c:748)\n[ 69.261682] ? idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261687] ? report_bug (lib/bug.c:?)\n[ 69.261690] ? handle_bug (arch/x86/kernel/traps.c:285)\n[ 69.261694] ? exc_invalid_op (arch/x86/kernel/traps.c:309)\n[ 69.261697] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)\n[ 69.261700] ? __pfx_idpf_vport_splitq_napi_poll (drivers/net/ethernet/intel/idpf/idpf_txrx.c:4011) idpf\n[ 69.261704] ? idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261708] ? idpf_vport_splitq_napi_poll (drivers/net/ethernet/intel/idpf/idpf_txrx.c:3072) idpf\n[ 69.261712] __napi_poll (net/core/dev.c:7194)\n[ 69.261716] net_rx_action (net/core/dev.c:7265)\n[ 69.261718] ? __qdisc_run (net/sched/sch_generic.c:293)\n[ 69.261721] ? sched_clock (arch/x86/include/asm/preempt.h:84 arch/x86/kernel/tsc.c:288)\n[ 69.261726] handle_softirqs (kernel/softirq.c:561)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21890",
"url": "https://www.suse.com/security/cve/CVE-2025-21890"
},
{
"category": "external",
"summary": "SUSE Bug 1240173 for CVE-2025-21890",
"url": "https://bugzilla.suse.com/1240173"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21890"
},
{
"cve": "CVE-2025-21891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21891"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: ensure network headers are in skb linear part\n\nsyzbot found that ipvlan_process_v6_outbound() was assuming\nthe IPv6 network header isis present in skb-\u003ehead [1]\n\nAdd the needed pskb_network_may_pull() calls for both\nIPv4 and IPv6 handlers.\n\n[1]\nBUG: KMSAN: uninit-value in __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n ipv6_addr_type include/net/ipv6.h:555 [inline]\n ip6_route_output_flags_noref net/ipv6/route.c:2616 [inline]\n ip6_route_output_flags+0x51/0x720 net/ipv6/route.c:2651\n ip6_route_output include/net/ip6_route.h:93 [inline]\n ipvlan_route_v6_outbound+0x24e/0x520 drivers/net/ipvlan/ipvlan_core.c:476\n ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:491 [inline]\n ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:541 [inline]\n ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:605 [inline]\n ipvlan_queue_xmit+0xd72/0x1780 drivers/net/ipvlan/ipvlan_core.c:671\n ipvlan_start_xmit+0x5b/0x210 drivers/net/ipvlan/ipvlan_main.c:223\n __netdev_start_xmit include/linux/netdevice.h:5150 [inline]\n netdev_start_xmit include/linux/netdevice.h:5159 [inline]\n xmit_one net/core/dev.c:3735 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3751\n sch_direct_xmit+0x399/0xd40 net/sched/sch_generic.c:343\n qdisc_restart net/sched/sch_generic.c:408 [inline]\n __qdisc_run+0x14da/0x35d0 net/sched/sch_generic.c:416\n qdisc_run+0x141/0x4d0 include/net/pkt_sched.h:127\n net_tx_action+0x78b/0x940 net/core/dev.c:5484\n handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561\n __do_softirq+0x14/0x1a kernel/softirq.c:595\n do_softirq+0x9a/0x100 kernel/softirq.c:462\n __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:389\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]\n __dev_queue_xmit+0x2758/0x57d0 net/core/dev.c:4611\n dev_queue_xmit include/linux/netdevice.h:3311 [inline]\n packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3132 [inline]\n packet_sendmsg+0x93e0/0xa7e0 net/packet/af_packet.c:3164\n sock_sendmsg_nosec net/socket.c:718 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21891",
"url": "https://www.suse.com/security/cve/CVE-2025-21891"
},
{
"category": "external",
"summary": "SUSE Bug 1240186 for CVE-2025-21891",
"url": "https://bugzilla.suse.com/1240186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21891"
},
{
"cve": "CVE-2025-21892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21892"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix the recovery flow of the UMR QP\n\nThis patch addresses an issue in the recovery flow of the UMR QP,\nensuring tasks do not get stuck, as highlighted by the call trace [1].\n\nDuring recovery, before transitioning the QP to the RESET state, the\nsoftware must wait for all outstanding WRs to complete.\n\nFailing to do so can cause the firmware to skip sending some flushed\nCQEs with errors and simply discard them upon the RESET, as per the IB\nspecification.\n\nThis race condition can result in lost CQEs and tasks becoming stuck.\n\nTo resolve this, the patch sends a final WR which serves only as a\nbarrier before moving the QP state to RESET.\n\nOnce a CQE is received for that final WR, it guarantees that no\noutstanding WRs remain, making it safe to transition the QP to RESET and\nsubsequently back to RTS, restoring proper functionality.\n\nNote:\nFor the barrier WR, we simply reuse the failed and ready WR.\nSince the QP is in an error state, it will only receive\nIB_WC_WR_FLUSH_ERR. However, as it serves only as a barrier we don\u0027t\ncare about its status.\n\n[1]\nINFO: task rdma_resource_l:1922 blocked for more than 120 seconds.\nTainted: G W 6.12.0-rc7+ #1626\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:rdma_resource_l state:D stack:0 pid:1922 tgid:1922 ppid:1369\n flags:0x00004004\nCall Trace:\n\u003cTASK\u003e\n__schedule+0x420/0xd30\nschedule+0x47/0x130\nschedule_timeout+0x280/0x300\n? mark_held_locks+0x48/0x80\n? lockdep_hardirqs_on_prepare+0xe5/0x1a0\nwait_for_completion+0x75/0x130\nmlx5r_umr_post_send_wait+0x3c2/0x5b0 [mlx5_ib]\n? __pfx_mlx5r_umr_done+0x10/0x10 [mlx5_ib]\nmlx5r_umr_revoke_mr+0x93/0xc0 [mlx5_ib]\n__mlx5_ib_dereg_mr+0x299/0x520 [mlx5_ib]\n? _raw_spin_unlock_irq+0x24/0x40\n? wait_for_completion+0xfe/0x130\n? rdma_restrack_put+0x63/0xe0 [ib_core]\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? __lock_acquire+0x64e/0x2080\n? mark_held_locks+0x48/0x80\n? find_held_lock+0x2d/0xa0\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? __fget_files+0xc3/0x1b0\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n__x64_sys_ioctl+0x1b0/0xa70\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f99c918b17b\nRSP: 002b:00007ffc766d0468 EFLAGS: 00000246 ORIG_RAX:\n 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffc766d0578 RCX:\n 00007f99c918b17b\nRDX: 00007ffc766d0560 RSI: 00000000c0181b01 RDI:\n 0000000000000003\nRBP: 00007ffc766d0540 R08: 00007f99c8f99010 R09:\n 000000000000bd7e\nR10: 00007f99c94c1c70 R11: 0000000000000246 R12:\n 00007ffc766d0530\nR13: 000000000000001c R14: 0000000040246a80 R15:\n 0000000000000000\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21892",
"url": "https://www.suse.com/security/cve/CVE-2025-21892"
},
{
"category": "external",
"summary": "SUSE Bug 1240175 for CVE-2025-21892",
"url": "https://bugzilla.suse.com/1240175"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21892"
},
{
"cve": "CVE-2025-21894",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21894"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC\n\nActually ENETC VFs do not support HWTSTAMP_TX_ONESTEP_SYNC because only\nENETC PF can access PMa_SINGLE_STEP registers. And there will be a crash\nif VFs are used to test one-step timestamp, the crash log as follows.\n\n[ 129.110909] Unable to handle kernel paging request at virtual address 00000000000080c0\n[ 129.287769] Call trace:\n[ 129.290219] enetc_port_mac_wr+0x30/0xec (P)\n[ 129.294504] enetc_start_xmit+0xda4/0xe74\n[ 129.298525] enetc_xmit+0x70/0xec\n[ 129.301848] dev_hard_start_xmit+0x98/0x118",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21894",
"url": "https://www.suse.com/security/cve/CVE-2025-21894"
},
{
"category": "external",
"summary": "SUSE Bug 1240581 for CVE-2025-21894",
"url": "https://bugzilla.suse.com/1240581"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21894"
},
{
"cve": "CVE-2025-21895",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21895"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Order the PMU list to fix warning about unordered pmu_ctx_list\n\nSyskaller triggers a warning due to prev_epc-\u003epmu != next_epc-\u003epmu in\nperf_event_swap_task_ctx_data(). vmcore shows that two lists have the same\nperf_event_pmu_context, but not in the same order.\n\nThe problem is that the order of pmu_ctx_list for the parent is impacted by\nthe time when an event/PMU is added. While the order for a child is\nimpacted by the event order in the pinned_groups and flexible_groups. So\nthe order of pmu_ctx_list in the parent and child may be different.\n\nTo fix this problem, insert the perf_event_pmu_context to its proper place\nafter iteration of the pmu_ctx_list.\n\nThe follow testcase can trigger above warning:\n\n # perf record -e cycles --call-graph lbr -- taskset -c 3 ./a.out \u0026\n # perf stat -e cpu-clock,cs -p xxx // xxx is the pid of a.out\n\n test.c\n\n void main() {\n int count = 0;\n pid_t pid;\n\n printf(\"%d running\\n\", getpid());\n sleep(30);\n printf(\"running\\n\");\n\n pid = fork();\n if (pid == -1) {\n printf(\"fork error\\n\");\n return;\n }\n if (pid == 0) {\n while (1) {\n count++;\n }\n } else {\n while (1) {\n count++;\n }\n }\n }\n\nThe testcase first opens an LBR event, so it will allocate task_ctx_data,\nand then open tracepoint and software events, so the parent context will\nhave 3 different perf_event_pmu_contexts. On inheritance, child ctx will\ninsert the perf_event_pmu_context in another order and the warning will\ntrigger.\n\n[ mingo: Tidied up the changelog. ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21895",
"url": "https://www.suse.com/security/cve/CVE-2025-21895"
},
{
"category": "external",
"summary": "SUSE Bug 1240585 for CVE-2025-21895",
"url": "https://bugzilla.suse.com/1240585"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21895"
},
{
"cve": "CVE-2025-21905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21905"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: limit printed string from FW file\n\nThere\u0027s no guarantee here that the file is always with a\nNUL-termination, so reading the string may read beyond the\nend of the TLV. If that\u0027s the last TLV in the file, it can\nperhaps even read beyond the end of the file buffer.\n\nFix that by limiting the print format to the size of the\nbuffer we have.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21905",
"url": "https://www.suse.com/security/cve/CVE-2025-21905"
},
{
"category": "external",
"summary": "SUSE Bug 1240575 for CVE-2025-21905",
"url": "https://bugzilla.suse.com/1240575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21905"
},
{
"cve": "CVE-2025-21906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21906"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: clean up ROC on failure\n\nIf the firmware fails to start the session protection, then we\ndo call iwl_mvm_roc_finished() here, but that won\u0027t do anything\nat all because IWL_MVM_STATUS_ROC_P2P_RUNNING was never set.\nSet IWL_MVM_STATUS_ROC_P2P_RUNNING in the failure/stop path.\nIf it started successfully before, it\u0027s already set, so that\ndoesn\u0027t matter, and if it didn\u0027t start it needs to be set to\nclean up.\n\nNot doing so will lead to a WARN_ON() later on a fresh remain-\non-channel, since the link is already active when activated as\nit was never deactivated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21906",
"url": "https://www.suse.com/security/cve/CVE-2025-21906"
},
{
"category": "external",
"summary": "SUSE Bug 1240587 for CVE-2025-21906",
"url": "https://bugzilla.suse.com/1240587"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21906"
},
{
"cve": "CVE-2025-21908",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21908"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: fix nfs_release_folio() to not deadlock via kcompactd writeback\n\nAdd PF_KCOMPACTD flag and current_is_kcompactd() helper to check for it so\nnfs_release_folio() can skip calling nfs_wb_folio() from kcompactd.\n\nOtherwise NFS can deadlock waiting for kcompactd enduced writeback which\nrecurses back to NFS (which triggers writeback to NFSD via NFS loopback\nmount on the same host, NFSD blocks waiting for XFS\u0027s call to\n__filemap_get_folio):\n\n6070.550357] INFO: task kcompactd0:58 blocked for more than 4435 seconds.\n\n{---\n[58] \"kcompactd0\"\n[\u003c0\u003e] folio_wait_bit+0xe8/0x200\n[\u003c0\u003e] folio_wait_writeback+0x2b/0x80\n[\u003c0\u003e] nfs_wb_folio+0x80/0x1b0 [nfs]\n[\u003c0\u003e] nfs_release_folio+0x68/0x130 [nfs]\n[\u003c0\u003e] split_huge_page_to_list_to_order+0x362/0x840\n[\u003c0\u003e] migrate_pages_batch+0x43d/0xb90\n[\u003c0\u003e] migrate_pages_sync+0x9a/0x240\n[\u003c0\u003e] migrate_pages+0x93c/0x9f0\n[\u003c0\u003e] compact_zone+0x8e2/0x1030\n[\u003c0\u003e] compact_node+0xdb/0x120\n[\u003c0\u003e] kcompactd+0x121/0x2e0\n[\u003c0\u003e] kthread+0xcf/0x100\n[\u003c0\u003e] ret_from_fork+0x31/0x40\n[\u003c0\u003e] ret_from_fork_asm+0x1a/0x30\n---}\n\n[akpm@linux-foundation.org: fix build]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21908",
"url": "https://www.suse.com/security/cve/CVE-2025-21908"
},
{
"category": "external",
"summary": "SUSE Bug 1240600 for CVE-2025-21908",
"url": "https://bugzilla.suse.com/1240600"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21908"
},
{
"cve": "CVE-2025-21909",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21909"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: reject cooked mode if it is set along with other flags\n\nIt is possible to set both MONITOR_FLAG_COOK_FRAMES and MONITOR_FLAG_ACTIVE\nflags simultaneously on the same monitor interface from the userspace. This\ncauses a sub-interface to be created with no IEEE80211_SDATA_IN_DRIVER bit\nset because the monitor interface is in the cooked state and it takes\nprecedence over all other states. When the interface is then being deleted\nthe kernel calls WARN_ONCE() from check_sdata_in_driver() because of missing\nthat bit.\n\nFix this by rejecting MONITOR_FLAG_COOK_FRAMES if it is set along with\nother flags.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21909",
"url": "https://www.suse.com/security/cve/CVE-2025-21909"
},
{
"category": "external",
"summary": "SUSE Bug 1240590 for CVE-2025-21909",
"url": "https://bugzilla.suse.com/1240590"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21909"
},
{
"cve": "CVE-2025-21910",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21910"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: regulatory: improve invalid hints checking\n\nSyzbot keeps reporting an issue [1] that occurs when erroneous symbols\nsent from userspace get through into user_alpha2[] via\nregulatory_hint_user() call. Such invalid regulatory hints should be\nrejected.\n\nWhile a sanity check from commit 47caf685a685 (\"cfg80211: regulatory:\nreject invalid hints\") looks to be enough to deter these very cases,\nthere is a way to get around it due to 2 reasons.\n\n1) The way isalpha() works, symbols other than latin lower and\nupper letters may be used to determine a country/domain.\nFor instance, greek letters will also be considered upper/lower\nletters and for such characters isalpha() will return true as well.\nHowever, ISO-3166-1 alpha2 codes should only hold latin\ncharacters.\n\n2) While processing a user regulatory request, between\nreg_process_hint_user() and regulatory_hint_user() there happens to\nbe a call to queue_regulatory_request() which modifies letters in\nrequest-\u003ealpha2[] with toupper(). This works fine for latin symbols,\nless so for weird letter characters from the second part of _ctype[].\n\nSyzbot triggers a warning in is_user_regdom_saved() by first sending\nover an unexpected non-latin letter that gets malformed by toupper()\ninto a character that ends up failing isalpha() check.\n\nPrevent this by enhancing is_an_alpha2() to ensure that incoming\nsymbols are latin letters and nothing else.\n\n[1] Syzbot report:\n------------[ cut here ]------------\nUnexpected user alpha2: A\ufffd\nWARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 is_user_regdom_saved net/wireless/reg.c:440 [inline]\nWARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 restore_alpha2 net/wireless/reg.c:3424 [inline]\nWARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 restore_regulatory_settings+0x3c0/0x1e50 net/wireless/reg.c:3516\nModules linked in:\nCPU: 1 UID: 0 PID: 964 Comm: kworker/1:2 Not tainted 6.12.0-rc5-syzkaller-00044-gc1e939a21eb1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: events_power_efficient crda_timeout_work\nRIP: 0010:is_user_regdom_saved net/wireless/reg.c:440 [inline]\nRIP: 0010:restore_alpha2 net/wireless/reg.c:3424 [inline]\nRIP: 0010:restore_regulatory_settings+0x3c0/0x1e50 net/wireless/reg.c:3516\n...\nCall Trace:\n \u003cTASK\u003e\n crda_timeout_work+0x27/0x50 net/wireless/reg.c:542\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa65/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f2/0x390 kernel/kthread.c:389\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21910",
"url": "https://www.suse.com/security/cve/CVE-2025-21910"
},
{
"category": "external",
"summary": "SUSE Bug 1240583 for CVE-2025-21910",
"url": "https://bugzilla.suse.com/1240583"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21910"
},
{
"cve": "CVE-2025-21912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21912"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: rcar: Use raw_spinlock to protect register access\n\nUse raw_spinlock in order to fix spurious messages about invalid context\nwhen spinlock debugging is enabled. The lock is only used to serialize\nregister access.\n\n [ 4.239592] =============================\n [ 4.239595] [ BUG: Invalid wait context ]\n [ 4.239599] 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35 Not tainted\n [ 4.239603] -----------------------------\n [ 4.239606] kworker/u8:5/76 is trying to lock:\n [ 4.239609] ffff0000091898a0 (\u0026p-\u003elock){....}-{3:3}, at: gpio_rcar_config_interrupt_input_mode+0x34/0x164\n [ 4.239641] other info that might help us debug this:\n [ 4.239643] context-{5:5}\n [ 4.239646] 5 locks held by kworker/u8:5/76:\n [ 4.239651] #0: ffff0000080fb148 ((wq_completion)async){+.+.}-{0:0}, at: process_one_work+0x190/0x62c\n [ 4.250180] OF: /soc/sound@ec500000/ports/port@0/endpoint: Read of boolean property \u0027frame-master\u0027 with a value.\n [ 4.254094] #1: ffff80008299bd80 ((work_completion)(\u0026entry-\u003ework)){+.+.}-{0:0}, at: process_one_work+0x1b8/0x62c\n [ 4.254109] #2: ffff00000920c8f8\n [ 4.258345] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property \u0027bitclock-master\u0027 with a value.\n [ 4.264803] (\u0026dev-\u003emutex){....}-{4:4}, at: __device_attach_async_helper+0x3c/0xdc\n [ 4.264820] #3: ffff00000a50ca40 (request_class#2){+.+.}-{4:4}, at: __setup_irq+0xa0/0x690\n [ 4.264840] #4:\n [ 4.268872] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property \u0027frame-master\u0027 with a value.\n [ 4.273275] ffff00000a50c8c8 (lock_class){....}-{2:2}, at: __setup_irq+0xc4/0x690\n [ 4.296130] renesas_sdhi_internal_dmac ee100000.mmc: mmc1 base at 0x00000000ee100000, max clock rate 200 MHz\n [ 4.304082] stack backtrace:\n [ 4.304086] CPU: 1 UID: 0 PID: 76 Comm: kworker/u8:5 Not tainted 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35\n [ 4.304092] Hardware name: Renesas Salvator-X 2nd version board based on r8a77965 (DT)\n [ 4.304097] Workqueue: async async_run_entry_fn\n [ 4.304106] Call trace:\n [ 4.304110] show_stack+0x14/0x20 (C)\n [ 4.304122] dump_stack_lvl+0x6c/0x90\n [ 4.304131] dump_stack+0x14/0x1c\n [ 4.304138] __lock_acquire+0xdfc/0x1584\n [ 4.426274] lock_acquire+0x1c4/0x33c\n [ 4.429942] _raw_spin_lock_irqsave+0x5c/0x80\n [ 4.434307] gpio_rcar_config_interrupt_input_mode+0x34/0x164\n [ 4.440061] gpio_rcar_irq_set_type+0xd4/0xd8\n [ 4.444422] __irq_set_trigger+0x5c/0x178\n [ 4.448435] __setup_irq+0x2e4/0x690\n [ 4.452012] request_threaded_irq+0xc4/0x190\n [ 4.456285] devm_request_threaded_irq+0x7c/0xf4\n [ 4.459398] ata1: link resume succeeded after 1 retries\n [ 4.460902] mmc_gpiod_request_cd_irq+0x68/0xe0\n [ 4.470660] mmc_start_host+0x50/0xac\n [ 4.474327] mmc_add_host+0x80/0xe4\n [ 4.477817] tmio_mmc_host_probe+0x2b0/0x440\n [ 4.482094] renesas_sdhi_probe+0x488/0x6f4\n [ 4.486281] renesas_sdhi_internal_dmac_probe+0x60/0x78\n [ 4.491509] platform_probe+0x64/0xd8\n [ 4.495178] really_probe+0xb8/0x2a8\n [ 4.498756] __driver_probe_device+0x74/0x118\n [ 4.503116] driver_probe_device+0x3c/0x154\n [ 4.507303] __device_attach_driver+0xd4/0x160\n [ 4.511750] bus_for_each_drv+0x84/0xe0\n [ 4.515588] __device_attach_async_helper+0xb0/0xdc\n [ 4.520470] async_run_entry_fn+0x30/0xd8\n [ 4.524481] process_one_work+0x210/0x62c\n [ 4.528494] worker_thread+0x1ac/0x340\n [ 4.532245] kthread+0x10c/0x110\n [ 4.535476] ret_from_fork+0x10/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21912",
"url": "https://www.suse.com/security/cve/CVE-2025-21912"
},
{
"category": "external",
"summary": "SUSE Bug 1240584 for CVE-2025-21912",
"url": "https://bugzilla.suse.com/1240584"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21912"
},
{
"cve": "CVE-2025-21913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21913"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range()\n\nXen doesn\u0027t offer MSR_FAM10H_MMIO_CONF_BASE to all guests. This results\nin the following warning:\n\n unchecked MSR access error: RDMSR from 0xc0010058 at rIP: 0xffffffff8101d19f (xen_do_read_msr+0x7f/0xa0)\n Call Trace:\n xen_read_msr+0x1e/0x30\n amd_get_mmconfig_range+0x2b/0x80\n quirk_amd_mmconfig_area+0x28/0x100\n pnp_fixup_device+0x39/0x50\n __pnp_add_device+0xf/0x150\n pnp_add_device+0x3d/0x100\n pnpacpi_add_device_handler+0x1f9/0x280\n acpi_ns_get_device_callback+0x104/0x1c0\n acpi_ns_walk_namespace+0x1d0/0x260\n acpi_get_devices+0x8a/0xb0\n pnpacpi_init+0x50/0x80\n do_one_initcall+0x46/0x2e0\n kernel_init_freeable+0x1da/0x2f0\n kernel_init+0x16/0x1b0\n ret_from_fork+0x30/0x50\n ret_from_fork_asm+0x1b/0x30\n\nbased on quirks for a \"PNP0c01\" device. Treating MMCFG as disabled is the\nright course of action, so no change is needed there.\n\nThis was most likely exposed by fixing the Xen MSR accessors to not be\nsilently-safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21913",
"url": "https://www.suse.com/security/cve/CVE-2025-21913"
},
{
"category": "external",
"summary": "SUSE Bug 1240591 for CVE-2025-21913",
"url": "https://bugzilla.suse.com/1240591"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21913"
},
{
"cve": "CVE-2025-21914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21914"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nslimbus: messaging: Free transaction ID in delayed interrupt scenario\n\nIn case of interrupt delay for any reason, slim_do_transfer()\nreturns timeout error but the transaction ID (TID) is not freed.\nThis results into invalid memory access inside\nqcom_slim_ngd_rx_msgq_cb() due to invalid TID.\n\nFix the issue by freeing the TID in slim_do_transfer() before\nreturning timeout error to avoid invalid memory access.\n\nCall trace:\n__memcpy_fromio+0x20/0x190\nqcom_slim_ngd_rx_msgq_cb+0x130/0x290 [slim_qcom_ngd_ctrl]\nvchan_complete+0x2a0/0x4a0\ntasklet_action_common+0x274/0x700\ntasklet_action+0x28/0x3c\n_stext+0x188/0x620\nrun_ksoftirqd+0x34/0x74\nsmpboot_thread_fn+0x1d8/0x464\nkthread+0x178/0x238\nret_from_fork+0x10/0x20\nCode: aa0003e8 91000429 f100044a 3940002b (3800150b)\n---[ end trace 0fe00bec2b975c99 ]---\nKernel panic - not syncing: Oops: Fatal exception in interrupt.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21914",
"url": "https://www.suse.com/security/cve/CVE-2025-21914"
},
{
"category": "external",
"summary": "SUSE Bug 1240595 for CVE-2025-21914",
"url": "https://bugzilla.suse.com/1240595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21914"
},
{
"cve": "CVE-2025-21915",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21915"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncdx: Fix possible UAF error in driver_override_show()\n\nFixed a possible UAF problem in driver_override_show() in drivers/cdx/cdx.c\n\nThis function driver_override_show() is part of DEVICE_ATTR_RW, which\nincludes both driver_override_show() and driver_override_store().\nThese functions can be executed concurrently in sysfs.\n\nThe driver_override_store() function uses driver_set_override() to\nupdate the driver_override value, and driver_set_override() internally\nlocks the device (device_lock(dev)). If driver_override_show() reads\ncdx_dev-\u003edriver_override without locking, it could potentially access\na freed pointer if driver_override_store() frees the string\nconcurrently. This could lead to printing a kernel address, which is a\nsecurity risk since DEVICE_ATTR can be read by all users.\n\nAdditionally, a similar pattern is used in drivers/amba/bus.c, as well\nas many other bus drivers, where device_lock() is taken in the show\nfunction, and it has been working without issues.\n\nThis potential bug was detected by our experimental static analysis\ntool, which analyzes locking APIs and paired functions to identify\ndata races and atomicity violations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21915",
"url": "https://www.suse.com/security/cve/CVE-2025-21915"
},
{
"category": "external",
"summary": "SUSE Bug 1240594 for CVE-2025-21915",
"url": "https://bugzilla.suse.com/1240594"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21915"
},
{
"cve": "CVE-2025-21916",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21916"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: atm: cxacru: fix a flaw in existing endpoint checks\n\nSyzbot once again identified a flaw in usb endpoint checking, see [1].\nThis time the issue stems from a commit authored by me (2eabb655a968\n(\"usb: atm: cxacru: fix endpoint checking in cxacru_bind()\")).\n\nWhile using usb_find_common_endpoints() may usually be enough to\ndiscard devices with wrong endpoints, in this case one needs more\nthan just finding and identifying the sufficient number of endpoints\nof correct types - one needs to check the endpoint\u0027s address as well.\n\nSince cxacru_bind() fills URBs with CXACRU_EP_CMD address in mind,\nswitch the endpoint verification approach to usb_check_XXX_endpoints()\ninstead to fix incomplete ep testing.\n\n[1] Syzbot report:\nusb 5-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 0 PID: 1378 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503\n...\nRIP: 0010:usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503\n...\nCall Trace:\n \u003cTASK\u003e\n cxacru_cm+0x3c8/0xe50 drivers/usb/atm/cxacru.c:649\n cxacru_card_status drivers/usb/atm/cxacru.c:760 [inline]\n cxacru_bind+0xcf9/0x1150 drivers/usb/atm/cxacru.c:1223\n usbatm_usb_probe+0x314/0x1d30 drivers/usb/atm/usbatm.c:1058\n cxacru_usb_probe+0x184/0x220 drivers/usb/atm/cxacru.c:1377\n usb_probe_interface+0x641/0xbb0 drivers/usb/core/driver.c:396\n really_probe+0x2b9/0xad0 drivers/base/dd.c:658\n __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:800\n driver_probe_device+0x50/0x430 drivers/base/dd.c:830\n...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21916",
"url": "https://www.suse.com/security/cve/CVE-2025-21916"
},
{
"category": "external",
"summary": "SUSE Bug 1240582 for CVE-2025-21916",
"url": "https://bugzilla.suse.com/1240582"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21916"
},
{
"cve": "CVE-2025-21917",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21917"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: renesas_usbhs: Flush the notify_hotplug_work\n\nWhen performing continuous unbind/bind operations on the USB drivers\navailable on the Renesas RZ/G2L SoC, a kernel crash with the message\n\"Unable to handle kernel NULL pointer dereference at virtual address\"\nmay occur. This issue points to the usbhsc_notify_hotplug() function.\n\nFlush the delayed work to avoid its execution when driver resources are\nunavailable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21917",
"url": "https://www.suse.com/security/cve/CVE-2025-21917"
},
{
"category": "external",
"summary": "SUSE Bug 1240596 for CVE-2025-21917",
"url": "https://bugzilla.suse.com/1240596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21917"
},
{
"cve": "CVE-2025-21918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21918"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Fix NULL pointer access\n\nResources should be released only after all threads that utilize them\nhave been destroyed.\nThis commit ensures that resources are not released prematurely by waiting\nfor the associated workqueue to complete before deallocating them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21918",
"url": "https://www.suse.com/security/cve/CVE-2025-21918"
},
{
"category": "external",
"summary": "SUSE Bug 1240592 for CVE-2025-21918",
"url": "https://bugzilla.suse.com/1240592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21918"
},
{
"cve": "CVE-2025-21922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21922"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: Fix KMSAN uninit-value warning with bpf\n\nSyzbot caught an \"KMSAN: uninit-value\" warning [1], which is caused by the\nppp driver not initializing a 2-byte header when using socket filter.\n\nThe following code can generate a PPP filter BPF program:\n\u0027\u0027\u0027\nstruct bpf_program fp;\npcap_t *handle;\nhandle = pcap_open_dead(DLT_PPP_PPPD, 65535);\npcap_compile(handle, \u0026fp, \"ip and outbound\", 0, 0);\nbpf_dump(\u0026fp, 1);\n\u0027\u0027\u0027\nIts output is:\n\u0027\u0027\u0027\n(000) ldh [2]\n(001) jeq #0x21 jt 2 jf 5\n(002) ldb [0]\n(003) jeq #0x1 jt 4 jf 5\n(004) ret #65535\n(005) ret #0\n\u0027\u0027\u0027\nWen can find similar code at the following link:\nhttps://github.com/ppp-project/ppp/blob/master/pppd/options.c#L1680\nThe maintainer of this code repository is also the original maintainer\nof the ppp driver.\n\nAs you can see the BPF program skips 2 bytes of data and then reads the\n\u0027Protocol\u0027 field to determine if it\u0027s an IP packet. Then it read the first\nbyte of the first 2 bytes to determine the direction.\n\nThe issue is that only the first byte indicating direction is initialized\nin current ppp driver code while the second byte is not initialized.\n\nFor normal BPF programs generated by libpcap, uninitialized data won\u0027t be\nused, so it\u0027s not a problem. However, for carefully crafted BPF programs,\nsuch as those generated by syzkaller [2], which start reading from offset\n0, the uninitialized data will be used and caught by KMSAN.\n\n[1] https://syzkaller.appspot.com/bug?extid=853242d9c9917165d791\n[2] https://syzkaller.appspot.com/text?tag=ReproC\u0026x=11994913980000",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21922",
"url": "https://www.suse.com/security/cve/CVE-2025-21922"
},
{
"category": "external",
"summary": "SUSE Bug 1240639 for CVE-2025-21922",
"url": "https://bugzilla.suse.com/1240639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21922"
},
{
"cve": "CVE-2025-21923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21923"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-steam: Fix use-after-free when detaching device\n\nWhen a hid-steam device is removed it must clean up the client_hdev used for\nintercepting hidraw access. This can lead to scheduling deferred work to\nreattach the input device. Though the cleanup cancels the deferred work, this\nwas done before the client_hdev itself is cleaned up, so it gets rescheduled.\nThis patch fixes the ordering to make sure the deferred work is properly\ncanceled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21923",
"url": "https://www.suse.com/security/cve/CVE-2025-21923"
},
{
"category": "external",
"summary": "SUSE Bug 1240691 for CVE-2025-21923",
"url": "https://bugzilla.suse.com/1240691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21923"
},
{
"cve": "CVE-2025-21924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error\n\nDuring the initialization of ptp, hclge_ptp_get_cycle might return an error\nand returned directly without unregister clock and free it. To avoid that,\ncall hclge_ptp_destroy_clock to unregist and free clock if\nhclge_ptp_get_cycle failed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21924",
"url": "https://www.suse.com/security/cve/CVE-2025-21924"
},
{
"category": "external",
"summary": "SUSE Bug 1240720 for CVE-2025-21924",
"url": "https://bugzilla.suse.com/1240720"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21924"
},
{
"cve": "CVE-2025-21927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()\n\nnvme_tcp_recv_pdu() doesn\u0027t check the validity of the header length.\nWhen header digests are enabled, a target might send a packet with an\ninvalid header length (e.g. 255), causing nvme_tcp_verify_hdgst()\nto access memory outside the allocated area and cause memory corruptions\nby overwriting it with the calculated digest.\n\nFix this by rejecting packets with an unexpected header length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21927",
"url": "https://www.suse.com/security/cve/CVE-2025-21927"
},
{
"category": "external",
"summary": "SUSE Bug 1240714 for CVE-2025-21927",
"url": "https://bugzilla.suse.com/1240714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21927"
},
{
"cve": "CVE-2025-21928",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21928"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()\n\nThe system can experience a random crash a few minutes after the driver is\nremoved. This issue occurs due to improper handling of memory freeing in\nthe ishtp_hid_remove() function.\n\nThe function currently frees the `driver_data` directly within the loop\nthat destroys the HID devices, which can lead to accessing freed memory.\nSpecifically, `hid_destroy_device()` uses `driver_data` when it calls\n`hid_ishtp_set_feature()` to power off the sensor, so freeing\n`driver_data` beforehand can result in accessing invalid memory.\n\nThis patch resolves the issue by storing the `driver_data` in a temporary\nvariable before calling `hid_destroy_device()`, and then freeing the\n`driver_data` after the device is destroyed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21928",
"url": "https://www.suse.com/security/cve/CVE-2025-21928"
},
{
"category": "external",
"summary": "SUSE Bug 1240722 for CVE-2025-21928",
"url": "https://bugzilla.suse.com/1240722"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21928"
},
{
"cve": "CVE-2025-21930",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21930"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don\u0027t try to talk to a dead firmware\n\nThis fixes:\n\n bad state = 0\n WARNING: CPU: 10 PID: 702 at drivers/net/wireless/inel/iwlwifi/iwl-trans.c:178 iwl_trans_send_cmd+0xba/0xe0 [iwlwifi]\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0xca/0x1c0\n ? iwl_trans_send_cmd+0xba/0xe0 [iwlwifi 64fa9ad799a0e0d2ba53d4af93a53ad9a531f8d4]\n iwl_fw_dbg_clear_monitor_buf+0xd7/0x110 [iwlwifi 64fa9ad799a0e0d2ba53d4af93a53ad9a531f8d4]\n _iwl_dbgfs_fw_dbg_clear_write+0xe2/0x120 [iwlmvm 0e8adb18cea92d2c341766bcc10b18699290068a]\n\nAsk whether the firmware is alive before sending a command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21930",
"url": "https://www.suse.com/security/cve/CVE-2025-21930"
},
{
"category": "external",
"summary": "SUSE Bug 1240715 for CVE-2025-21930",
"url": "https://bugzilla.suse.com/1240715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21930"
},
{
"cve": "CVE-2025-21934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21934"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrapidio: fix an API misues when rio_add_net() fails\n\nrio_add_net() calls device_register() and fails when device_register()\nfails. Thus, put_device() should be used rather than kfree(). Add\n\"mport-\u003enet = NULL;\" to avoid a use after free issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21934",
"url": "https://www.suse.com/security/cve/CVE-2025-21934"
},
{
"category": "external",
"summary": "SUSE Bug 1240708 for CVE-2025-21934",
"url": "https://bugzilla.suse.com/1240708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21934"
},
{
"cve": "CVE-2025-21935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21935"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrapidio: add check for rio_add_net() in rio_scan_alloc_net()\n\nThe return value of rio_add_net() should be checked. If it fails,\nput_device() should be called to free the memory and give up the reference\ninitialized in rio_add_net().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21935",
"url": "https://www.suse.com/security/cve/CVE-2025-21935"
},
{
"category": "external",
"summary": "SUSE Bug 1240700 for CVE-2025-21935",
"url": "https://bugzilla.suse.com/1240700"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21935"
},
{
"cve": "CVE-2025-21936",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21936"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected()\n\nAdd check for the return value of mgmt_alloc_skb() in\nmgmt_device_connected() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21936",
"url": "https://www.suse.com/security/cve/CVE-2025-21936"
},
{
"category": "external",
"summary": "SUSE Bug 1240716 for CVE-2025-21936",
"url": "https://bugzilla.suse.com/1240716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21936"
},
{
"cve": "CVE-2025-21937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21937"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name()\n\nAdd check for the return value of mgmt_alloc_skb() in\nmgmt_remote_name() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21937",
"url": "https://www.suse.com/security/cve/CVE-2025-21937"
},
{
"category": "external",
"summary": "SUSE Bug 1240643 for CVE-2025-21937",
"url": "https://bugzilla.suse.com/1240643"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21937"
},
{
"cve": "CVE-2025-21941",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21941"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in resource_build_scaling_params\n\nNull pointer dereference issue could occur when pipe_ctx-\u003eplane_state\nis null. The fix adds a check to ensure \u0027pipe_ctx-\u003eplane_state\u0027 is not\nnull before accessing. This prevents a null pointer dereference.\n\nFound by code review.\n\n(cherry picked from commit 63e6a77ccf239337baa9b1e7787cde9fa0462092)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21941",
"url": "https://www.suse.com/security/cve/CVE-2025-21941"
},
{
"category": "external",
"summary": "SUSE Bug 1240701 for CVE-2025-21941",
"url": "https://bugzilla.suse.com/1240701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21941"
},
{
"cve": "CVE-2025-21943",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21943"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: aggregator: protect driver attr handlers against module unload\n\nBoth new_device_store and delete_device_store touch module global\nresources (e.g. gpio_aggregator_lock). To prevent race conditions with\nmodule unload, a reference needs to be held.\n\nAdd try_module_get() in these handlers.\n\nFor new_device_store, this eliminates what appears to be the most dangerous\nscenario: if an id is allocated from gpio_aggregator_idr but\nplatform_device_register has not yet been called or completed, a concurrent\nmodule unload could fail to unregister/delete the device, leaving behind a\ndangling platform device/GPIO forwarder. This can result in various issues.\nThe following simple reproducer demonstrates these problems:\n\n #!/bin/bash\n while :; do\n # note: whether \u0027gpiochip0 0\u0027 exists or not does not matter.\n echo \u0027gpiochip0 0\u0027 \u003e /sys/bus/platform/drivers/gpio-aggregator/new_device\n done \u0026\n while :; do\n modprobe gpio-aggregator\n modprobe -r gpio-aggregator\n done \u0026\n wait\n\n Starting with the following warning, several kinds of warnings will appear\n and the system may become unstable:\n\n ------------[ cut here ]------------\n list_del corruption, ffff888103e2e980-\u003enext is LIST_POISON1 (dead000000000100)\n WARNING: CPU: 1 PID: 1327 at lib/list_debug.c:56 __list_del_entry_valid_or_report+0xa3/0x120\n [...]\n RIP: 0010:__list_del_entry_valid_or_report+0xa3/0x120\n [...]\n Call Trace:\n \u003cTASK\u003e\n ? __list_del_entry_valid_or_report+0xa3/0x120\n ? __warn.cold+0x93/0xf2\n ? __list_del_entry_valid_or_report+0xa3/0x120\n ? report_bug+0xe6/0x170\n ? __irq_work_queue_local+0x39/0xe0\n ? handle_bug+0x58/0x90\n ? exc_invalid_op+0x13/0x60\n ? asm_exc_invalid_op+0x16/0x20\n ? __list_del_entry_valid_or_report+0xa3/0x120\n gpiod_remove_lookup_table+0x22/0x60\n new_device_store+0x315/0x350 [gpio_aggregator]\n kernfs_fop_write_iter+0x137/0x1f0\n vfs_write+0x262/0x430\n ksys_write+0x60/0xd0\n do_syscall_64+0x6c/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21943",
"url": "https://www.suse.com/security/cve/CVE-2025-21943"
},
{
"category": "external",
"summary": "SUSE Bug 1240647 for CVE-2025-21943",
"url": "https://bugzilla.suse.com/1240647"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21943"
},
{
"cve": "CVE-2025-21948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: appleir: Fix potential NULL dereference at raw event handle\n\nSyzkaller reports a NULL pointer dereference issue in input_event().\n\nBUG: KASAN: null-ptr-deref in instrument_atomic_read include/linux/instrumented.h:68 [inline]\nBUG: KASAN: null-ptr-deref in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\nBUG: KASAN: null-ptr-deref in is_event_supported drivers/input/input.c:67 [inline]\nBUG: KASAN: null-ptr-deref in input_event+0x42/0xa0 drivers/input/input.c:395\nRead of size 8 at addr 0000000000000028 by task syz-executor199/2949\n\nCPU: 0 UID: 0 PID: 2949 Comm: syz-executor199 Not tainted 6.13.0-rc4-syzkaller-00076-gf097a36ef88d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n kasan_report+0xd9/0x110 mm/kasan/report.c:602\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189\n instrument_atomic_read include/linux/instrumented.h:68 [inline]\n _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\n is_event_supported drivers/input/input.c:67 [inline]\n input_event+0x42/0xa0 drivers/input/input.c:395\n input_report_key include/linux/input.h:439 [inline]\n key_down drivers/hid/hid-appleir.c:159 [inline]\n appleir_raw_event+0x3e5/0x5e0 drivers/hid/hid-appleir.c:232\n __hid_input_report.constprop.0+0x312/0x440 drivers/hid/hid-core.c:2111\n hid_ctrl+0x49f/0x550 drivers/hid/usbhid/hid-core.c:484\n __usb_hcd_giveback_urb+0x389/0x6e0 drivers/usb/core/hcd.c:1650\n usb_hcd_giveback_urb+0x396/0x450 drivers/usb/core/hcd.c:1734\n dummy_timer+0x17f7/0x3960 drivers/usb/gadget/udc/dummy_hcd.c:1993\n __run_hrtimer kernel/time/hrtimer.c:1739 [inline]\n __hrtimer_run_queues+0x20a/0xae0 kernel/time/hrtimer.c:1803\n hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1820\n handle_softirqs+0x206/0x8d0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xfa/0x160 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1049\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702\n __mod_timer+0x8f6/0xdc0 kernel/time/timer.c:1185\n add_timer+0x62/0x90 kernel/time/timer.c:1295\n schedule_timeout+0x11f/0x280 kernel/time/sleep_timeout.c:98\n usbhid_wait_io+0x1c7/0x380 drivers/hid/usbhid/hid-core.c:645\n usbhid_init_reports+0x19f/0x390 drivers/hid/usbhid/hid-core.c:784\n hiddev_ioctl+0x1133/0x15b0 drivers/hid/usbhid/hiddev.c:794\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl fs/ioctl.c:892 [inline]\n __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nThis happens due to the malformed report items sent by the emulated device\nwhich results in a report, that has no fields, being added to the report list.\nDue to this appleir_input_configured() is never called, hidinput_connect()\nfails which results in the HID_CLAIMED_INPUT flag is not being set. However,\nit does not make appleir_probe() fail and lets the event callback to be\ncalled without the associated input device.\n\nThus, add a check for the HID_CLAIMED_INPUT flag and leave the event hook\nearly if the driver didn\u0027t claim any input_dev for some reason. Moreover,\nsome other hid drivers accessing input_dev in their event callbacks do have\nsimilar checks, too.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21948",
"url": "https://www.suse.com/security/cve/CVE-2025-21948"
},
{
"category": "external",
"summary": "SUSE Bug 1240703 for CVE-2025-21948",
"url": "https://bugzilla.suse.com/1240703"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21948"
},
{
"cve": "CVE-2025-21950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21950"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl\n\nIn the \"pmcmd_ioctl\" function, three memory objects allocated by\nkmalloc are initialized by \"hcall_get_cpu_state\", which are then\ncopied to user space. The initializer is indeed implemented in\n\"acrn_hypercall2\" (arch/x86/include/asm/acrn.h). There is a risk of\ninformation leakage due to uninitialized bytes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21950",
"url": "https://www.suse.com/security/cve/CVE-2025-21950"
},
{
"category": "external",
"summary": "SUSE Bug 1240719 for CVE-2025-21950",
"url": "https://bugzilla.suse.com/1240719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21950"
},
{
"cve": "CVE-2025-21951",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21951"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock\n\nThere are multiple places from where the recovery work gets scheduled\nasynchronously. Also, there are multiple places where the caller waits\nsynchronously for the recovery to be completed. One such place is during\nthe PM shutdown() callback.\n\nIf the device is not alive during recovery_work, it will try to reset the\ndevice using pci_reset_function(). This function internally will take the\ndevice_lock() first before resetting the device. By this time, if the lock\nhas already been acquired, then recovery_work will get stalled while\nwaiting for the lock. And if the lock was already acquired by the caller\nwhich waits for the recovery_work to be completed, it will lead to\ndeadlock.\n\nThis is what happened on the X1E80100 CRD device when the device died\nbefore shutdown() callback. Driver core calls the driver\u0027s shutdown()\ncallback while holding the device_lock() leading to deadlock.\n\nAnd this deadlock scenario can occur on other paths as well, like during\nthe PM suspend() callback, where the driver core would hold the\ndevice_lock() before calling driver\u0027s suspend() callback. And if the\nrecovery_work was already started, it could lead to deadlock. This is also\nobserved on the X1E80100 CRD.\n\nSo to fix both issues, use pci_try_reset_function() in recovery_work. This\nfunction first checks for the availability of the device_lock() before\ntrying to reset the device. If the lock is available, it will acquire it\nand reset the device. Otherwise, it will return -EAGAIN. If that happens,\nrecovery_work will fail with the error message \"Recovery failed\" as not\nmuch could be done.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21951",
"url": "https://www.suse.com/security/cve/CVE-2025-21951"
},
{
"category": "external",
"summary": "SUSE Bug 1240718 for CVE-2025-21951",
"url": "https://bugzilla.suse.com/1240718"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21951"
},
{
"cve": "CVE-2025-21953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21953"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: cleanup mana struct after debugfs_remove()\n\nWhen on a MANA VM hibernation is triggered, as part of hibernate_snapshot(),\nmana_gd_suspend() and mana_gd_resume() are called. If during this\nmana_gd_resume(), a failure occurs with HWC creation, mana_port_debugfs\npointer does not get reinitialized and ends up pointing to older,\ncleaned-up dentry.\nFurther in the hibernation path, as part of power_down(), mana_gd_shutdown()\nis triggered. This call, unaware of the failures in resume, tries to cleanup\nthe already cleaned up mana_port_debugfs value and hits the following bug:\n\n[ 191.359296] mana 7870:00:00.0: Shutdown was called\n[ 191.359918] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[ 191.360584] #PF: supervisor write access in kernel mode\n[ 191.361125] #PF: error_code(0x0002) - not-present page\n[ 191.361727] PGD 1080ea067 P4D 0\n[ 191.362172] Oops: Oops: 0002 [#1] SMP NOPTI\n[ 191.362606] CPU: 11 UID: 0 PID: 1674 Comm: bash Not tainted 6.14.0-rc5+ #2\n[ 191.363292] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024\n[ 191.364124] RIP: 0010:down_write+0x19/0x50\n[ 191.364537] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 53 48 89 fb e8 de cd ff ff 31 c0 ba 01 00 00 00 \u003cf0\u003e 48 0f b1 13 75 16 65 48 8b 05 88 24 4c 6a 48 89 43 08 48 8b 5d\n[ 191.365867] RSP: 0000:ff45fbe0c1c037b8 EFLAGS: 00010246\n[ 191.366350] RAX: 0000000000000000 RBX: 0000000000000098 RCX: ffffff8100000000\n[ 191.366951] RDX: 0000000000000001 RSI: 0000000000000064 RDI: 0000000000000098\n[ 191.367600] RBP: ff45fbe0c1c037c0 R08: 0000000000000000 R09: 0000000000000001\n[ 191.368225] R10: ff45fbe0d2b01000 R11: 0000000000000008 R12: 0000000000000000\n[ 191.368874] R13: 000000000000000b R14: ff43dc27509d67c0 R15: 0000000000000020\n[ 191.369549] FS: 00007dbc5001e740(0000) GS:ff43dc663f380000(0000) knlGS:0000000000000000\n[ 191.370213] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 191.370830] CR2: 0000000000000098 CR3: 0000000168e8e002 CR4: 0000000000b73ef0\n[ 191.371557] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 191.372192] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n[ 191.372906] Call Trace:\n[ 191.373262] \u003cTASK\u003e\n[ 191.373621] ? show_regs+0x64/0x70\n[ 191.374040] ? __die+0x24/0x70\n[ 191.374468] ? page_fault_oops+0x290/0x5b0\n[ 191.374875] ? do_user_addr_fault+0x448/0x800\n[ 191.375357] ? exc_page_fault+0x7a/0x160\n[ 191.375971] ? asm_exc_page_fault+0x27/0x30\n[ 191.376416] ? down_write+0x19/0x50\n[ 191.376832] ? down_write+0x12/0x50\n[ 191.377232] simple_recursive_removal+0x4a/0x2a0\n[ 191.377679] ? __pfx_remove_one+0x10/0x10\n[ 191.378088] debugfs_remove+0x44/0x70\n[ 191.378530] mana_detach+0x17c/0x4f0\n[ 191.378950] ? __flush_work+0x1e2/0x3b0\n[ 191.379362] ? __cond_resched+0x1a/0x50\n[ 191.379787] mana_remove+0xf2/0x1a0\n[ 191.380193] mana_gd_shutdown+0x3b/0x70\n[ 191.380642] pci_device_shutdown+0x3a/0x80\n[ 191.381063] device_shutdown+0x13e/0x230\n[ 191.381480] kernel_power_off+0x35/0x80\n[ 191.381890] hibernate+0x3c6/0x470\n[ 191.382312] state_store+0xcb/0xd0\n[ 191.382734] kobj_attr_store+0x12/0x30\n[ 191.383211] sysfs_kf_write+0x3e/0x50\n[ 191.383640] kernfs_fop_write_iter+0x140/0x1d0\n[ 191.384106] vfs_write+0x271/0x440\n[ 191.384521] ksys_write+0x72/0xf0\n[ 191.384924] __x64_sys_write+0x19/0x20\n[ 191.385313] x64_sys_call+0x2b0/0x20b0\n[ 191.385736] do_syscall_64+0x79/0x150\n[ 191.386146] ? __mod_memcg_lruvec_state+0xe7/0x240\n[ 191.386676] ? __lruvec_stat_mod_folio+0x79/0xb0\n[ 191.387124] ? __pfx_lru_add+0x10/0x10\n[ 191.387515] ? queued_spin_unlock+0x9/0x10\n[ 191.387937] ? do_anonymous_page+0x33c/0xa00\n[ 191.388374] ? __handle_mm_fault+0xcf3/0x1210\n[ 191.388805] ? __count_memcg_events+0xbe/0x180\n[ 191.389235] ? handle_mm_fault+0xae/0x300\n[ 19\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21953",
"url": "https://www.suse.com/security/cve/CVE-2025-21953"
},
{
"category": "external",
"summary": "SUSE Bug 1240727 for CVE-2025-21953",
"url": "https://bugzilla.suse.com/1240727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21953"
},
{
"cve": "CVE-2025-21956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21956"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Assign normalized_pix_clk when color depth = 14\n\n[WHY \u0026 HOW]\nA warning message \"WARNING: CPU: 4 PID: 459 at ... /dc_resource.c:3397\ncalculate_phy_pix_clks+0xef/0x100 [amdgpu]\" occurs because the\ndisplay_color_depth == COLOR_DEPTH_141414 is not handled. This is\nobserved in Radeon RX 6600 XT.\n\nIt is fixed by assigning pix_clk * (14 * 3) / 24 - same as the rests.\n\nAlso fixes the indentation in get_norm_pix_clk.\n\n(cherry picked from commit 274a87eb389f58eddcbc5659ab0b180b37e92775)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21956",
"url": "https://www.suse.com/security/cve/CVE-2025-21956"
},
{
"category": "external",
"summary": "SUSE Bug 1240739 for CVE-2025-21956",
"url": "https://bugzilla.suse.com/1240739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21956"
},
{
"cve": "CVE-2025-21957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21957"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla1280: Fix kernel oops when debug level \u003e 2\n\nA null dereference or oops exception will eventually occur when qla1280.c\ndriver is compiled with DEBUG_QLA1280 enabled and ql_debug_level \u003e 2. I\nthink its clear from the code that the intention here is sg_dma_len(s) not\nlength of sg_next(s) when printing the debug info.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21957",
"url": "https://www.suse.com/security/cve/CVE-2025-21957"
},
{
"category": "external",
"summary": "SUSE Bug 1240742 for CVE-2025-21957",
"url": "https://bugzilla.suse.com/1240742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21957"
},
{
"cve": "CVE-2025-21960",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21960"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neth: bnxt: do not update checksum in bnxt_xdp_build_skb()\n\nThe bnxt_rx_pkt() updates ip_summed value at the end if checksum offload\nis enabled.\nWhen the XDP-MB program is attached and it returns XDP_PASS, the\nbnxt_xdp_build_skb() is called to update skb_shared_info.\nThe main purpose of bnxt_xdp_build_skb() is to update skb_shared_info,\nbut it updates ip_summed value too if checksum offload is enabled.\nThis is actually duplicate work.\n\nWhen the bnxt_rx_pkt() updates ip_summed value, it checks if ip_summed\nis CHECKSUM_NONE or not.\nIt means that ip_summed should be CHECKSUM_NONE at this moment.\nBut ip_summed may already be updated to CHECKSUM_UNNECESSARY in the\nXDP-MB-PASS path.\nSo the by skb_checksum_none_assert() WARNS about it.\n\nThis is duplicate work and updating ip_summed in the\nbnxt_xdp_build_skb() is not needed.\n\nSplat looks like:\nWARNING: CPU: 3 PID: 5782 at ./include/linux/skbuff.h:5155 bnxt_rx_pkt+0x479b/0x7610 [bnxt_en]\nModules linked in: bnxt_re bnxt_en rdma_ucm rdma_cm iw_cm ib_cm ib_uverbs veth xt_nat xt_tcpudp xt_conntrack nft_chain_nat xt_MASQUERADE nf_]\nCPU: 3 UID: 0 PID: 5782 Comm: socat Tainted: G W 6.14.0-rc4+ #27\nTainted: [W]=WARN\nHardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021\nRIP: 0010:bnxt_rx_pkt+0x479b/0x7610 [bnxt_en]\nCode: 54 24 0c 4c 89 f1 4c 89 ff c1 ea 1f ff d3 0f 1f 00 49 89 c6 48 85 c0 0f 84 4c e5 ff ff 48 89 c7 e8 ca 3d a0 c8 e9 8f f4 ff ff \u003c0f\u003e 0b f\nRSP: 0018:ffff88881ba09928 EFLAGS: 00010202\nRAX: 0000000000000000 RBX: 00000000c7590303 RCX: 0000000000000000\nRDX: 1ffff1104e7d1610 RSI: 0000000000000001 RDI: ffff8881c91300b8\nRBP: ffff88881ba09b28 R08: ffff888273e8b0d0 R09: ffff888273e8b070\nR10: ffff888273e8b010 R11: ffff888278b0f000 R12: ffff888273e8b080\nR13: ffff8881c9130e00 R14: ffff8881505d3800 R15: ffff888273e8b000\nFS: 00007f5a2e7be080(0000) GS:ffff88881ba00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fff2e708ff8 CR3: 000000013e3b0000 CR4: 00000000007506f0\nPKRU: 55555554\nCall Trace:\n \u003cIRQ\u003e\n ? __warn+0xcd/0x2f0\n ? bnxt_rx_pkt+0x479b/0x7610\n ? report_bug+0x326/0x3c0\n ? handle_bug+0x53/0xa0\n ? exc_invalid_op+0x14/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? bnxt_rx_pkt+0x479b/0x7610\n ? bnxt_rx_pkt+0x3e41/0x7610\n ? __pfx_bnxt_rx_pkt+0x10/0x10\n ? napi_complete_done+0x2cf/0x7d0\n __bnxt_poll_work+0x4e8/0x1220\n ? __pfx___bnxt_poll_work+0x10/0x10\n ? __pfx_mark_lock.part.0+0x10/0x10\n bnxt_poll_p5+0x36a/0xfa0\n ? __pfx_bnxt_poll_p5+0x10/0x10\n __napi_poll.constprop.0+0xa0/0x440\n net_rx_action+0x899/0xd00\n...\n\nFollowing ping.py patch adds xdp-mb-pass case. so ping.py is going\nto be able to reproduce this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21960",
"url": "https://www.suse.com/security/cve/CVE-2025-21960"
},
{
"category": "external",
"summary": "SUSE Bug 1240815 for CVE-2025-21960",
"url": "https://bugzilla.suse.com/1240815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21960"
},
{
"cve": "CVE-2025-21961",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21961"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neth: bnxt: fix truesize for mb-xdp-pass case\n\nWhen mb-xdp is set and return is XDP_PASS, packet is converted from\nxdp_buff to sk_buff with xdp_update_skb_shared_info() in\nbnxt_xdp_build_skb().\nbnxt_xdp_build_skb() passes incorrect truesize argument to\nxdp_update_skb_shared_info().\nThe truesize is calculated as BNXT_RX_PAGE_SIZE * sinfo-\u003enr_frags but\nthe skb_shared_info was wiped by napi_build_skb() before.\nSo it stores sinfo-\u003enr_frags before bnxt_xdp_build_skb() and use it\ninstead of getting skb_shared_info from xdp_get_shared_info_from_buff().\n\nSplat looks like:\n ------------[ cut here ]------------\n WARNING: CPU: 2 PID: 0 at net/core/skbuff.c:6072 skb_try_coalesce+0x504/0x590\n Modules linked in: xt_nat xt_tcpudp veth af_packet xt_conntrack nft_chain_nat xt_MASQUERADE nf_conntrack_netlink xfrm_user xt_addrtype nft_coms\n CPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.14.0-rc2+ #3\n RIP: 0010:skb_try_coalesce+0x504/0x590\n Code: 4b fd ff ff 49 8b 34 24 40 80 e6 40 0f 84 3d fd ff ff 49 8b 74 24 48 40 f6 c6 01 0f 84 2e fd ff ff 48 8d 4e ff e9 25 fd ff ff \u003c0f\u003e 0b e99\n RSP: 0018:ffffb62c4120caa8 EFLAGS: 00010287\n RAX: 0000000000000003 RBX: ffffb62c4120cb14 RCX: 0000000000000ec0\n RDX: 0000000000001000 RSI: ffffa06e5d7dc000 RDI: 0000000000000003\n RBP: ffffa06e5d7ddec0 R08: ffffa06e6120a800 R09: ffffa06e7a119900\n R10: 0000000000002310 R11: ffffa06e5d7dcec0 R12: ffffe4360575f740\n R13: ffffe43600000000 R14: 0000000000000002 R15: 0000000000000002\n FS: 0000000000000000(0000) GS:ffffa0755f700000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f147b76b0f8 CR3: 00000001615d4000 CR4: 00000000007506f0\n PKRU: 55555554\n Call Trace:\n \u003cIRQ\u003e\n ? __warn+0x84/0x130\n ? skb_try_coalesce+0x504/0x590\n ? report_bug+0x18a/0x1a0\n ? handle_bug+0x53/0x90\n ? exc_invalid_op+0x14/0x70\n ? asm_exc_invalid_op+0x16/0x20\n ? skb_try_coalesce+0x504/0x590\n inet_frag_reasm_finish+0x11f/0x2e0\n ip_defrag+0x37a/0x900\n ip_local_deliver+0x51/0x120\n ip_sublist_rcv_finish+0x64/0x70\n ip_sublist_rcv+0x179/0x210\n ip_list_rcv+0xf9/0x130\n\nHow to reproduce:\n\u003cNode A\u003e\nip link set $interface1 xdp obj xdp_pass.o\nip link set $interface1 mtu 9000 up\nip a a 10.0.0.1/24 dev $interface1\n\u003cNode B\u003e\nip link set $interfac2 mtu 9000 up\nip a a 10.0.0.2/24 dev $interface2\nping 10.0.0.1 -s 65000\n\nFollowing ping.py patch adds xdp-mb-pass case. so ping.py is going to be\nable to reproduce this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21961",
"url": "https://www.suse.com/security/cve/CVE-2025-21961"
},
{
"category": "external",
"summary": "SUSE Bug 1240816 for CVE-2025-21961",
"url": "https://bugzilla.suse.com/1240816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21961"
},
{
"cve": "CVE-2025-21966",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21966"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-flakey: Fix memory corruption in optional corrupt_bio_byte feature\n\nFix memory corruption due to incorrect parameter being passed to bio_init",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21966",
"url": "https://www.suse.com/security/cve/CVE-2025-21966"
},
{
"category": "external",
"summary": "SUSE Bug 1240779 for CVE-2025-21966",
"url": "https://bugzilla.suse.com/1240779"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21966"
},
{
"cve": "CVE-2025-21968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21968"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix slab-use-after-free on hdcp_work\n\n[Why]\nA slab-use-after-free is reported when HDCP is destroyed but the\nproperty_validate_dwork queue is still running.\n\n[How]\nCancel the delayed work when destroying workqueue.\n\n(cherry picked from commit 725a04ba5a95e89c89633d4322430cfbca7ce128)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21968",
"url": "https://www.suse.com/security/cve/CVE-2025-21968"
},
{
"category": "external",
"summary": "SUSE Bug 1240783 for CVE-2025-21968",
"url": "https://bugzilla.suse.com/1240783"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21968"
},
{
"cve": "CVE-2025-21969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21969"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd\n\nAfter the hci sync command releases l2cap_conn, the hci receive data work\nqueue references the released l2cap_conn when sending to the upper layer.\nAdd hci dev lock to the hci receive data work queue to synchronize the two.\n\n[1]\nBUG: KASAN: slab-use-after-free in l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954\nRead of size 8 at addr ffff8880271a4000 by task kworker/u9:2/5837\n\nCPU: 0 UID: 0 PID: 5837 Comm: kworker/u9:2 Not tainted 6.13.0-rc5-syzkaller-00163-gab75170520d4 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: hci1 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n l2cap_build_cmd net/bluetooth/l2cap_core.c:2964 [inline]\n l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954\n l2cap_sig_send_rej net/bluetooth/l2cap_core.c:5502 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5538 [inline]\n l2cap_recv_frame+0x221f/0x10db0 net/bluetooth/l2cap_core.c:6817\n hci_acldata_packet net/bluetooth/hci_core.c:3797 [inline]\n hci_rx_work+0x508/0xdb0 net/bluetooth/hci_core.c:4040\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nAllocated by task 5837:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n l2cap_conn_add+0xa9/0x8e0 net/bluetooth/l2cap_core.c:6860\n l2cap_connect_cfm+0x115/0x1090 net/bluetooth/l2cap_core.c:7239\n hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline]\n hci_remote_features_evt+0x68e/0xac0 net/bluetooth/hci_event.c:3726\n hci_event_func net/bluetooth/hci_event.c:7473 [inline]\n hci_event_packet+0xac2/0x1540 net/bluetooth/hci_event.c:7525\n hci_rx_work+0x3f3/0xdb0 net/bluetooth/hci_core.c:4035\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nFreed by task 54:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2353 [inline]\n slab_free mm/slub.c:4613 [inline]\n kfree+0x196/0x430 mm/slub.c:4761\n l2cap_connect_cfm+0xcc/0x1090 net/bluetooth/l2cap_core.c:7235\n hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline]\n hci_conn_failed+0x287/0x400 net/bluetooth/hci_conn.c:1266\n hci_abort_conn_sync+0x56c/0x11f0 net/bluetooth/hci_sync.c:5603\n hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entr\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21969",
"url": "https://www.suse.com/security/cve/CVE-2025-21969"
},
{
"category": "external",
"summary": "SUSE Bug 1240784 for CVE-2025-21969",
"url": "https://bugzilla.suse.com/1240784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21969"
},
{
"cve": "CVE-2025-21970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21970"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Bridge, fix the crash caused by LAG state check\n\nWhen removing LAG device from bridge, NETDEV_CHANGEUPPER event is\ntriggered. Driver finds the lower devices (PFs) to flush all the\noffloaded entries. And mlx5_lag_is_shared_fdb is checked, it returns\nfalse if one of PF is unloaded. In such case,\nmlx5_esw_bridge_lag_rep_get() and its caller return NULL, instead of\nthe alive PF, and the flush is skipped.\n\nBesides, the bridge fdb entry\u0027s lastuse is updated in mlx5 bridge\nevent handler. But this SWITCHDEV_FDB_ADD_TO_BRIDGE event can be\nignored in this case because the upper interface for bond is deleted,\nand the entry will never be aged because lastuse is never updated.\n\nTo make things worse, as the entry is alive, mlx5 bridge workqueue\nkeeps sending that event, which is then handled by kernel bridge\nnotifier. It causes the following crash when accessing the passed bond\nnetdev which is already destroyed.\n\nTo fix this issue, remove such checks. LAG state is already checked in\ncommit 15f8f168952f (\"net/mlx5: Bridge, verify LAG state when adding\nbond to bridge\"), driver still need to skip offload if LAG becomes\ninvalid state after initialization.\n\n Oops: stack segment: 0000 [#1] SMP\n CPU: 3 UID: 0 PID: 23695 Comm: kworker/u40:3 Tainted: G OE 6.11.0_mlnx #1\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: mlx5_bridge_wq mlx5_esw_bridge_update_work [mlx5_core]\n RIP: 0010:br_switchdev_event+0x2c/0x110 [bridge]\n Code: 44 00 00 48 8b 02 48 f7 00 00 02 00 00 74 69 41 54 55 53 48 83 ec 08 48 8b a8 08 01 00 00 48 85 ed 74 4a 48 83 fe 02 48 89 d3 \u003c4c\u003e 8b 65 00 74 23 76 49 48 83 fe 05 74 7e 48 83 fe 06 75 2f 0f b7\n RSP: 0018:ffffc900092cfda0 EFLAGS: 00010297\n RAX: ffff888123bfe000 RBX: ffffc900092cfe08 RCX: 00000000ffffffff\n RDX: ffffc900092cfe08 RSI: 0000000000000001 RDI: ffffffffa0c585f0\n RBP: 6669746f6e690a30 R08: 0000000000000000 R09: ffff888123ae92c8\n R10: 0000000000000000 R11: fefefefefefefeff R12: ffff888123ae9c60\n R13: 0000000000000001 R14: ffffc900092cfe08 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff88852c980000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f15914c8734 CR3: 0000000002830005 CR4: 0000000000770ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die_body+0x1a/0x60\n ? die+0x38/0x60\n ? do_trap+0x10b/0x120\n ? do_error_trap+0x64/0xa0\n ? exc_stack_segment+0x33/0x50\n ? asm_exc_stack_segment+0x22/0x30\n ? br_switchdev_event+0x2c/0x110 [bridge]\n ? sched_balance_newidle.isra.149+0x248/0x390\n notifier_call_chain+0x4b/0xa0\n atomic_notifier_call_chain+0x16/0x20\n mlx5_esw_bridge_update+0xec/0x170 [mlx5_core]\n mlx5_esw_bridge_update_work+0x19/0x40 [mlx5_core]\n process_scheduled_works+0x81/0x390\n worker_thread+0x106/0x250\n ? bh_worker+0x110/0x110\n kthread+0xb7/0xe0\n ? kthread_park+0x80/0x80\n ret_from_fork+0x2d/0x50\n ? kthread_park+0x80/0x80\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21970",
"url": "https://www.suse.com/security/cve/CVE-2025-21970"
},
{
"category": "external",
"summary": "SUSE Bug 1240819 for CVE-2025-21970",
"url": "https://bugzilla.suse.com/1240819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21970"
},
{
"cve": "CVE-2025-21971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21971"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: Prevent creation of classes with TC_H_ROOT\n\nThe function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination\ncondition when traversing up the qdisc tree to update parent backlog\ncounters. However, if a class is created with classid TC_H_ROOT, the\ntraversal terminates prematurely at this class instead of reaching the\nactual root qdisc, causing parent statistics to be incorrectly maintained.\nIn case of DRR, this could lead to a crash as reported by Mingi Cho.\n\nPrevent the creation of any Qdisc class with classid TC_H_ROOT\n(0xFFFFFFFF) across all qdisc types, as suggested by Jamal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21971",
"url": "https://www.suse.com/security/cve/CVE-2025-21971"
},
{
"category": "external",
"summary": "SUSE Bug 1240799 for CVE-2025-21971",
"url": "https://bugzilla.suse.com/1240799"
},
{
"category": "external",
"summary": "SUSE Bug 1245794 for CVE-2025-21971",
"url": "https://bugzilla.suse.com/1245794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21971"
},
{
"cve": "CVE-2025-21972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21972"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: unshare packets when reassembling\n\nEnsure that the frag_list used for reassembly isn\u0027t shared with other\npackets. This avoids incorrect reassembly when packets are cloned, and\nprevents a memory leak due to circular references between fragments and\ntheir skb_shared_info.\n\nThe upcoming MCTP-over-USB driver uses skb_clone which can trigger the\nproblem - other MCTP drivers don\u0027t share SKBs.\n\nA kunit test is added to reproduce the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21972",
"url": "https://www.suse.com/security/cve/CVE-2025-21972"
},
{
"category": "external",
"summary": "SUSE Bug 1240813 for CVE-2025-21972",
"url": "https://bugzilla.suse.com/1240813"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21972"
},
{
"cve": "CVE-2025-21975",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21975"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: handle errors in mlx5_chains_create_table()\n\nIn mlx5_chains_create_table(), the return value of mlx5_get_fdb_sub_ns()\nand mlx5_get_flow_namespace() must be checked to prevent NULL pointer\ndereferences. If either function fails, the function should log error\nmessage with mlx5_core_warn() and return error pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21975",
"url": "https://www.suse.com/security/cve/CVE-2025-21975"
},
{
"category": "external",
"summary": "SUSE Bug 1240812 for CVE-2025-21975",
"url": "https://bugzilla.suse.com/1240812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21975"
},
{
"cve": "CVE-2025-21978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/hyperv: Fix address space leak when Hyper-V DRM device is removed\n\nWhen a Hyper-V DRM device is probed, the driver allocates MMIO space for\nthe vram, and maps it cacheable. If the device removed, or in the error\npath for device probing, the MMIO space is released but no unmap is done.\nConsequently the kernel address space for the mapping is leaked.\n\nFix this by adding iounmap() calls in the device removal path, and in the\nerror path during device probing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21978",
"url": "https://www.suse.com/security/cve/CVE-2025-21978"
},
{
"category": "external",
"summary": "SUSE Bug 1240806 for CVE-2025-21978",
"url": "https://bugzilla.suse.com/1240806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21978"
},
{
"cve": "CVE-2025-21979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21979"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: cancel wiphy_work before freeing wiphy\n\nA wiphy_work can be queued from the moment the wiphy is allocated and\ninitialized (i.e. wiphy_new_nm). When a wiphy_work is queued, the\nrdev::wiphy_work is getting queued.\n\nIf wiphy_free is called before the rdev::wiphy_work had a chance to run,\nthe wiphy memory will be freed, and then when it eventally gets to run\nit\u0027ll use invalid memory.\n\nFix this by canceling the work before freeing the wiphy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21979",
"url": "https://www.suse.com/security/cve/CVE-2025-21979"
},
{
"category": "external",
"summary": "SUSE Bug 1240808 for CVE-2025-21979",
"url": "https://bugzilla.suse.com/1240808"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21979"
},
{
"cve": "CVE-2025-21981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix memory leak in aRFS after reset\n\nFix aRFS (accelerated Receive Flow Steering) structures memory leak by\nadding a checker to verify if aRFS memory is already allocated while\nconfiguring VSI. aRFS objects are allocated in two cases:\n- as part of VSI initialization (at probe), and\n- as part of reset handling\n\nHowever, VSI reconfiguration executed during reset involves memory\nallocation one more time, without prior releasing already allocated\nresources. This led to the memory leak with the following signature:\n\n[root@os-delivery ~]# cat /sys/kernel/debug/kmemleak\nunreferenced object 0xff3c1ca7252e6000 (size 8192):\n comm \"kworker/0:0\", pid 8, jiffies 4296833052\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 0):\n [\u003cffffffff991ec485\u003e] __kmalloc_cache_noprof+0x275/0x340\n [\u003cffffffffc0a6e06a\u003e] ice_init_arfs+0x3a/0xe0 [ice]\n [\u003cffffffffc09f1027\u003e] ice_vsi_cfg_def+0x607/0x850 [ice]\n [\u003cffffffffc09f244b\u003e] ice_vsi_setup+0x5b/0x130 [ice]\n [\u003cffffffffc09c2131\u003e] ice_init+0x1c1/0x460 [ice]\n [\u003cffffffffc09c64af\u003e] ice_probe+0x2af/0x520 [ice]\n [\u003cffffffff994fbcd3\u003e] local_pci_probe+0x43/0xa0\n [\u003cffffffff98f07103\u003e] work_for_cpu_fn+0x13/0x20\n [\u003cffffffff98f0b6d9\u003e] process_one_work+0x179/0x390\n [\u003cffffffff98f0c1e9\u003e] worker_thread+0x239/0x340\n [\u003cffffffff98f14abc\u003e] kthread+0xcc/0x100\n [\u003cffffffff98e45a6d\u003e] ret_from_fork+0x2d/0x50\n [\u003cffffffff98e083ba\u003e] ret_from_fork_asm+0x1a/0x30\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21981",
"url": "https://www.suse.com/security/cve/CVE-2025-21981"
},
{
"category": "external",
"summary": "SUSE Bug 1240612 for CVE-2025-21981",
"url": "https://bugzilla.suse.com/1240612"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21981"
},
{
"cve": "CVE-2025-21991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21991"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes\n\nCurrently, load_microcode_amd() iterates over all NUMA nodes, retrieves their\nCPU masks and unconditionally accesses per-CPU data for the first CPU of each\nmask.\n\nAccording to Documentation/admin-guide/mm/numaperf.rst:\n\n \"Some memory may share the same node as a CPU, and others are provided as\n memory only nodes.\"\n\nTherefore, some node CPU masks may be empty and wouldn\u0027t have a \"first CPU\".\n\nOn a machine with far memory (and therefore CPU-less NUMA nodes):\n- cpumask_of_node(nid) is 0\n- cpumask_first(0) is CONFIG_NR_CPUS\n- cpu_data(CONFIG_NR_CPUS) accesses the cpu_info per-CPU array at an\n index that is 1 out of bounds\n\nThis does not have any security implications since flashing microcode is\na privileged operation but I believe this has reliability implications by\npotentially corrupting memory while flashing a microcode update.\n\nWhen booting with CONFIG_UBSAN_BOUNDS=y on an AMD machine that flashes\na microcode update. I get the following splat:\n\n UBSAN: array-index-out-of-bounds in arch/x86/kernel/cpu/microcode/amd.c:X:Y\n index 512 is out of range for type \u0027unsigned long[512]\u0027\n [...]\n Call Trace:\n dump_stack\n __ubsan_handle_out_of_bounds\n load_microcode_amd\n request_microcode_amd\n reload_store\n kernfs_fop_write_iter\n vfs_write\n ksys_write\n do_syscall_64\n entry_SYSCALL_64_after_hwframe\n\nChange the loop to go over only NUMA nodes which have CPUs before determining\nwhether the first CPU on the respective node needs microcode update.\n\n [ bp: Massage commit message, fix typo. ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21991",
"url": "https://www.suse.com/security/cve/CVE-2025-21991"
},
{
"category": "external",
"summary": "SUSE Bug 1240795 for CVE-2025-21991",
"url": "https://bugzilla.suse.com/1240795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21991"
},
{
"cve": "CVE-2025-21992",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21992"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: ignore non-functional sensor in HP 5MP Camera\n\nThe HP 5MP Camera (USB ID 0408:5473) reports a HID sensor interface that\nis not actually implemented. Attempting to access this non-functional\nsensor via iio_info causes system hangs as runtime PM tries to wake up\nan unresponsive sensor.\n\n [453] hid-sensor-hub 0003:0408:5473.0003: Report latency attributes: ffffffff:ffffffff\n [453] hid-sensor-hub 0003:0408:5473.0003: common attributes: 5:1, 2:1, 3:1 ffffffff:ffffffff\n\nAdd this device to the HID ignore list since the sensor interface is\nnon-functional by design and should not be exposed to userspace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21992",
"url": "https://www.suse.com/security/cve/CVE-2025-21992"
},
{
"category": "external",
"summary": "SUSE Bug 1240796 for CVE-2025-21992",
"url": "https://bugzilla.suse.com/1240796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21992"
},
{
"cve": "CVE-2025-21993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()\n\nWhen performing an iSCSI boot using IPv6, iscsistart still reads the\n/sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 prefix\nlength is 64, this causes the shift exponent to become negative,\ntriggering a UBSAN warning. As the concept of a subnet mask does not\napply to IPv6, the value is set to ~0 to suppress the warning message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21993",
"url": "https://www.suse.com/security/cve/CVE-2025-21993"
},
{
"category": "external",
"summary": "SUSE Bug 1240797 for CVE-2025-21993",
"url": "https://bugzilla.suse.com/1240797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21993"
},
{
"cve": "CVE-2025-21995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21995"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sched: Fix fence reference count leak\n\nThe last_scheduled fence leaks when an entity is being killed and adding\nthe cleanup callback fails.\n\nDecrement the reference count of prev when dma_fence_add_callback()\nfails, ensuring proper balance.\n\n[phasta: add git tag info for stable kernel]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21995",
"url": "https://www.suse.com/security/cve/CVE-2025-21995"
},
{
"category": "external",
"summary": "SUSE Bug 1240821 for CVE-2025-21995",
"url": "https://bugzilla.suse.com/1240821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21995"
},
{
"cve": "CVE-2025-21996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()\n\nOn the off chance that command stream passed from userspace via\nioctl() call to radeon_vce_cs_parse() is weirdly crafted and\nfirst command to execute is to encode (case 0x03000001), the function\nin question will attempt to call radeon_vce_cs_reloc() with size\nargument that has not been properly initialized. Specifically, \u0027size\u0027\nwill point to \u0027tmp\u0027 variable before the latter had a chance to be\nassigned any value.\n\nPlay it safe and init \u0027tmp\u0027 with 0, thus ensuring that\nradeon_vce_cs_reloc() will catch an early error in cases like these.\n\nFound by Linux Verification Center (linuxtesting.org) with static\nanalysis tool SVACE.\n\n(cherry picked from commit 2d52de55f9ee7aaee0e09ac443f77855989c6b68)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21996",
"url": "https://www.suse.com/security/cve/CVE-2025-21996"
},
{
"category": "external",
"summary": "SUSE Bug 1240801 for CVE-2025-21996",
"url": "https://bugzilla.suse.com/1240801"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21996"
},
{
"cve": "CVE-2025-22001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22001"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/qaic: Fix integer overflow in qaic_validate_req()\n\nThese are u64 variables that come from the user via\nqaic_attach_slice_bo_ioctl(). Use check_add_overflow() to ensure that\nthe math doesn\u0027t have an integer wrapping bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22001",
"url": "https://www.suse.com/security/cve/CVE-2025-22001"
},
{
"category": "external",
"summary": "SUSE Bug 1240873 for CVE-2025-22001",
"url": "https://bugzilla.suse.com/1240873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22001"
},
{
"cve": "CVE-2025-22003",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22003"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: ucan: fix out of bound read in strscpy() source\n\nCommit 7fdaf8966aae (\"can: ucan: use strscpy() to instead of strncpy()\")\nunintentionally introduced a one byte out of bound read on strscpy()\u0027s\nsource argument (which is kind of ironic knowing that strscpy() is meant\nto be a more secure alternative :)).\n\nLet\u0027s consider below buffers:\n\n dest[len + 1]; /* will be NUL terminated */\n src[len]; /* may not be NUL terminated */\n\nWhen doing:\n\n strncpy(dest, src, len);\n dest[len] = \u0027\\0\u0027;\n\nstrncpy() will read up to len bytes from src.\n\nOn the other hand:\n\n strscpy(dest, src, len + 1);\n\nwill read up to len + 1 bytes from src, that is to say, an out of bound\nread of one byte will occur on src if it is not NUL terminated. Note\nthat the src[len] byte is never copied, but strscpy() still needs to\nread it to check whether a truncation occurred or not.\n\nThis exact pattern happened in ucan.\n\nThe root cause is that the source is not NUL terminated. Instead of\ndoing a copy in a local buffer, directly NUL terminate it as soon as\nusb_control_msg() returns. With this, the local firmware_str[] variable\ncan be removed.\n\nOn top of this do a couple refactors:\n\n - ucan_ctl_payload-\u003eraw is only used for the firmware string, so\n rename it to ucan_ctl_payload-\u003efw_str and change its type from u8 to\n char.\n\n - ucan_device_request_in() is only used to retrieve the firmware\n string, so rename it to ucan_get_fw_str() and refactor it to make it\n directly handle all the string termination logic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22003",
"url": "https://www.suse.com/security/cve/CVE-2025-22003"
},
{
"category": "external",
"summary": "SUSE Bug 1240825 for CVE-2025-22003",
"url": "https://bugzilla.suse.com/1240825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22003"
},
{
"cve": "CVE-2025-22007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22007"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix error code in chan_alloc_skb_cb()\n\nThe chan_alloc_skb_cb() function is supposed to return error pointers on\nerror. Returning NULL will lead to a NULL dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22007",
"url": "https://www.suse.com/security/cve/CVE-2025-22007"
},
{
"category": "external",
"summary": "SUSE Bug 1240829 for CVE-2025-22007",
"url": "https://bugzilla.suse.com/1240829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22007"
},
{
"cve": "CVE-2025-22008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22008"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: check that dummy regulator has been probed before using it\n\nDue to asynchronous driver probing there is a chance that the dummy\nregulator hasn\u0027t already been probed when first accessing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22008",
"url": "https://www.suse.com/security/cve/CVE-2025-22008"
},
{
"category": "external",
"summary": "SUSE Bug 1240942 for CVE-2025-22008",
"url": "https://bugzilla.suse.com/1240942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22008"
},
{
"cve": "CVE-2025-22009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: dummy: force synchronous probing\n\nSometimes I get a NULL pointer dereference at boot time in kobject_get()\nwith the following call stack:\n\nanatop_regulator_probe()\n devm_regulator_register()\n regulator_register()\n regulator_resolve_supply()\n kobject_get()\n\nBy placing some extra BUG_ON() statements I could verify that this is\nraised because probing of the \u0027dummy\u0027 regulator driver is not completed\n(\u0027dummy_regulator_rdev\u0027 is still NULL).\n\nIn the JTAG debugger I can see that dummy_regulator_probe() and\nanatop_regulator_probe() can be run by different kernel threads\n(kworker/u4:*). I haven\u0027t further investigated whether this can be\nchanged or if there are other possibilities to force synchronization\nbetween these two probe routines. On the other hand I don\u0027t expect much\nboot time penalty by probing the \u0027dummy\u0027 regulator synchronously.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22009",
"url": "https://www.suse.com/security/cve/CVE-2025-22009"
},
{
"category": "external",
"summary": "SUSE Bug 1240940 for CVE-2025-22009",
"url": "https://bugzilla.suse.com/1240940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22009"
},
{
"cve": "CVE-2025-22010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix soft lockup during bt pages loop\n\nDriver runs a for-loop when allocating bt pages and mapping them with\nbuffer pages. When a large buffer (e.g. MR over 100GB) is being allocated,\nit may require a considerable loop count. This will lead to soft lockup:\n\n watchdog: BUG: soft lockup - CPU#27 stuck for 22s!\n ...\n Call trace:\n hem_list_alloc_mid_bt+0x124/0x394 [hns_roce_hw_v2]\n hns_roce_hem_list_request+0xf8/0x160 [hns_roce_hw_v2]\n hns_roce_mtr_create+0x2e4/0x360 [hns_roce_hw_v2]\n alloc_mr_pbl+0xd4/0x17c [hns_roce_hw_v2]\n hns_roce_reg_user_mr+0xf8/0x190 [hns_roce_hw_v2]\n ib_uverbs_reg_mr+0x118/0x290\n\n watchdog: BUG: soft lockup - CPU#35 stuck for 23s!\n ...\n Call trace:\n hns_roce_hem_list_find_mtt+0x7c/0xb0 [hns_roce_hw_v2]\n mtr_map_bufs+0xc4/0x204 [hns_roce_hw_v2]\n hns_roce_mtr_create+0x31c/0x3c4 [hns_roce_hw_v2]\n alloc_mr_pbl+0xb0/0x160 [hns_roce_hw_v2]\n hns_roce_reg_user_mr+0x108/0x1c0 [hns_roce_hw_v2]\n ib_uverbs_reg_mr+0x120/0x2bc\n\nAdd a cond_resched() to fix soft lockup during these loops. In order not\nto affect the allocation performance of normal-size buffer, set the loop\ncount of a 100GB MR as the threshold to call cond_resched().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22010",
"url": "https://www.suse.com/security/cve/CVE-2025-22010"
},
{
"category": "external",
"summary": "SUSE Bug 1240943 for CVE-2025-22010",
"url": "https://bugzilla.suse.com/1240943"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22010"
},
{
"cve": "CVE-2025-22013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state\n\nThere are several problems with the way hyp code lazily saves the host\u0027s\nFPSIMD/SVE state, including:\n\n* Host SVE being discarded unexpectedly due to inconsistent\n configuration of TIF_SVE and CPACR_ELx.ZEN. This has been seen to\n result in QEMU crashes where SVE is used by memmove(), as reported by\n Eric Auger:\n\n https://issues.redhat.com/browse/RHEL-68997\n\n* Host SVE state is discarded *after* modification by ptrace, which was an\n unintentional ptrace ABI change introduced with lazy discarding of SVE state.\n\n* The host FPMR value can be discarded when running a non-protected VM,\n where FPMR support is not exposed to a VM, and that VM uses\n FPSIMD/SVE. In these cases the hyp code does not save the host\u0027s FPMR\n before unbinding the host\u0027s FPSIMD/SVE/SME state, leaving a stale\n value in memory.\n\nAvoid these by eagerly saving and \"flushing\" the host\u0027s FPSIMD/SVE/SME\nstate when loading a vCPU such that KVM does not need to save any of the\nhost\u0027s FPSIMD/SVE/SME state. For clarity, fpsimd_kvm_prepare() is\nremoved and the necessary call to fpsimd_save_and_flush_cpu_state() is\nplaced in kvm_arch_vcpu_load_fp(). As \u0027fpsimd_state\u0027 and \u0027fpmr_ptr\u0027\nshould not be used, they are set to NULL; all uses of these will be\nremoved in subsequent patches.\n\nHistorical problems go back at least as far as v5.17, e.g. erroneous\nassumptions about TIF_SVE being clear in commit:\n\n 8383741ab2e773a9 (\"KVM: arm64: Get rid of host SVE tracking/saving\")\n\n... and so this eager save+flush probably needs to be backported to ALL\nstable trees.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22013",
"url": "https://www.suse.com/security/cve/CVE-2025-22013"
},
{
"category": "external",
"summary": "SUSE Bug 1240938 for CVE-2025-22013",
"url": "https://bugzilla.suse.com/1240938"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22013"
},
{
"cve": "CVE-2025-22014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22014"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pdr: Fix the potential deadlock\n\nWhen some client process A call pdr_add_lookup() to add the look up for\nthe service and does schedule locator work, later a process B got a new\nserver packet indicating locator is up and call pdr_locator_new_server()\nwhich eventually sets pdr-\u003elocator_init_complete to true which process A\nsees and takes list lock and queries domain list but it will timeout due\nto deadlock as the response will queued to the same qmi-\u003ewq and it is\nordered workqueue and process B is not able to complete new server\nrequest work due to deadlock on list lock.\n\nFix it by removing the unnecessary list iteration as the list iteration\nis already being done inside locator work, so avoid it here and just\ncall schedule_work() here.\n\n Process A Process B\n\n process_scheduled_works()\npdr_add_lookup() qmi_data_ready_work()\n process_scheduled_works() pdr_locator_new_server()\n pdr-\u003elocator_init_complete=true;\n pdr_locator_work()\n mutex_lock(\u0026pdr-\u003elist_lock);\n\n pdr_locate_service() mutex_lock(\u0026pdr-\u003elist_lock);\n\n pdr_get_domain_list()\n pr_err(\"PDR: %s get domain list\n txn wait failed: %d\\n\",\n req-\u003eservice_name,\n ret);\n\nTimeout error log due to deadlock:\n\n\"\n PDR: tms/servreg get domain list txn wait failed: -110\n PDR: service lookup for msm/adsp/sensor_pd:tms/servreg failed: -110\n\"\n\nThanks to Bjorn and Johan for letting me know that this commit also fixes\nan audio regression when using the in-kernel pd-mapper as that makes it\neasier to hit this race. [1]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22014",
"url": "https://www.suse.com/security/cve/CVE-2025-22014"
},
{
"category": "external",
"summary": "SUSE Bug 1240937 for CVE-2025-22014",
"url": "https://bugzilla.suse.com/1240937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22014"
},
{
"cve": "CVE-2025-2312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-2312"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host\u0027s Kerberos credentials cache.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-2312",
"url": "https://www.suse.com/security/cve/CVE-2025-2312"
},
{
"category": "external",
"summary": "SUSE Bug 1239680 for CVE-2025-2312",
"url": "https://bugzilla.suse.com/1239680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-2312"
}
]
}
wid-sec-w-2025-0461
Vulnerability from csaf_certbund
Published
2025-02-27 23:00
Modified
2025-08-12 22:00
Summary
Linux Kernel: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen und um nicht näher spezifizierte Auswirkungen zu erzielen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren und um nicht n\u00e4her spezifizierte Auswirkungen zu erzielen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0461 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0461.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0461 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0461"
},
{
"category": "external",
"summary": "Kernel CVE Announce Mailingliste",
"url": "https://lore.kernel.org/linux-cve-announce/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-58022",
"url": "https://lore.kernel.org/linux-cve-announce/2025022748-CVE-2024-58022-60ab@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-58034",
"url": "https://lore.kernel.org/linux-cve-announce/2025022751-CVE-2024-58034-36fb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-58042",
"url": "https://lore.kernel.org/linux-cve-announce/2025022751-CVE-2024-58042-c5ba@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21798",
"url": "https://lore.kernel.org/linux-cve-announce/2025022751-CVE-2025-21798-5fcb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21799",
"url": "https://lore.kernel.org/linux-cve-announce/2025022752-CVE-2025-21799-0420@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21800",
"url": "https://lore.kernel.org/linux-cve-announce/2025022752-CVE-2025-21800-d1e6@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21801",
"url": "https://lore.kernel.org/linux-cve-announce/2025022752-CVE-2025-21801-5496@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21802",
"url": "https://lore.kernel.org/linux-cve-announce/2025022752-CVE-2025-21802-0cc5@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21803",
"url": "https://lore.kernel.org/linux-cve-announce/2025022752-CVE-2025-21803-e8ea@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21804",
"url": "https://lore.kernel.org/linux-cve-announce/2025022753-CVE-2025-21804-dea6@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21805",
"url": "https://lore.kernel.org/linux-cve-announce/2025022753-CVE-2025-21805-7256@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21806",
"url": "https://lore.kernel.org/linux-cve-announce/2025022753-CVE-2025-21806-7910@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21807",
"url": "https://lore.kernel.org/linux-cve-announce/2025022753-CVE-2025-21807-a4bb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21808",
"url": "https://lore.kernel.org/linux-cve-announce/2025022753-CVE-2025-21808-b8bf@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21809",
"url": "https://lore.kernel.org/linux-cve-announce/2025022754-CVE-2025-21809-4258@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21810",
"url": "https://lore.kernel.org/linux-cve-announce/2025022754-CVE-2025-21810-0c14@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21811",
"url": "https://lore.kernel.org/linux-cve-announce/2025022754-CVE-2025-21811-beb7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21812",
"url": "https://lore.kernel.org/linux-cve-announce/2025022754-CVE-2025-21812-9b17@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21813",
"url": "https://lore.kernel.org/linux-cve-announce/2025022709-CVE-2025-21813-9e46@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21814",
"url": "https://lore.kernel.org/linux-cve-announce/2025022709-CVE-2025-21814-d723@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21815",
"url": "https://lore.kernel.org/linux-cve-announce/2025022709-CVE-2025-21815-19c9@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21816",
"url": "https://lore.kernel.org/linux-cve-announce/2025022709-CVE-2025-21816-bbd4@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21817",
"url": "https://lore.kernel.org/linux-cve-announce/2025022710-CVE-2025-21817-2fc8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21818",
"url": "https://lore.kernel.org/linux-cve-announce/2025022710-CVE-2025-21818-27ee@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21819",
"url": "https://lore.kernel.org/linux-cve-announce/2025022710-CVE-2025-21819-5549@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21820",
"url": "https://lore.kernel.org/linux-cve-announce/2025022710-CVE-2025-21820-f4ab@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21821",
"url": "https://lore.kernel.org/linux-cve-announce/2025022707-CVE-2025-21821-ae41@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21822",
"url": "https://lore.kernel.org/linux-cve-announce/2025022707-CVE-2025-21822-88c0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21823",
"url": "https://lore.kernel.org/linux-cve-announce/2025022708-CVE-2025-21823-9027@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21824",
"url": "https://lore.kernel.org/linux-cve-announce/2025022708-CVE-2025-21824-1a04@gregkh/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0847-1 vom 2025-03-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020505.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0856-1 vom 2025-03-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020508.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0856-1 vom 2025-03-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/OSPHACQPT5GWCIN3WJL55RCYA4OHTBLI/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0856-1 vom 2025-03-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OSPHACQPT5GWCIN3WJL55RCYA4OHTBLI/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0955-1 vom 2025-03-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020563.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4102 vom 2025-04-01",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1177-1 vom 2025-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-April/020670.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1178-1 vom 2025-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-April/020674.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1180-1 vom 2025-04-09",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/DGJ23MSZWYIA7MJ47RNVV6T27Z324VKA/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1293-1 vom 2025-04-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-April/020712.html"
},
{
"category": "external",
"summary": "Container-Optimized OS release notes vom 2025-04-16",
"url": "https://cloud.google.com/container-optimized-os/docs/release-notes#April_14_2025"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.10-2025-088 vom 2025-04-16",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2025-088.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7489-1 vom 2025-05-06",
"url": "https://ubuntu.com/security/notices/USN-7489-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7491-1 vom 2025-05-06",
"url": "https://ubuntu.com/security/notices/USN-7491-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7499-1 vom 2025-05-07",
"url": "https://ubuntu.com/security/notices/USN-7499-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7489-2 vom 2025-05-07",
"url": "https://ubuntu.com/security/notices/USN-7489-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-1 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7510-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1573-1 vom 2025-05-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020836.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-1 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7516-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7512-1 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7512-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-2 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7510-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-2 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7511-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7511-1 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7511-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7517-1 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7517-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7518-1 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7518-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7521-1 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7521-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-5 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7510-5"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-3 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7516-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-4 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7510-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-3 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7510-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7511-3 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7511-3"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01600-1 vom 2025-05-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020854.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01640-1 vom 2025-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020861.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01627-1 vom 2025-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020866.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01614-1 vom 2025-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020870.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01620-1 vom 2025-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020867.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7517-2 vom 2025-05-21",
"url": "https://ubuntu.com/security/notices/USN-7517-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-4 vom 2025-05-21",
"url": "https://ubuntu.com/security/notices/USN-7516-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7521-2 vom 2025-05-22",
"url": "https://ubuntu.com/security/notices/USN-7521-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-5 vom 2025-05-23",
"url": "https://ubuntu.com/security/notices/USN-7516-5"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4178 vom 2025-05-26",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01707-1 vom 2025-05-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020902.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-6 vom 2025-05-26",
"url": "https://ubuntu.com/security/notices/USN-7516-6"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7517-3 vom 2025-05-26",
"url": "https://ubuntu.com/security/notices/USN-7517-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-6 vom 2025-05-27",
"url": "https://ubuntu.com/security/notices/USN-7510-6"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7539-1 vom 2025-05-28",
"url": "https://ubuntu.com/security/notices/USN-7539-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7521-3 vom 2025-05-28",
"url": "https://ubuntu.com/security/notices/USN-7521-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-7 vom 2025-05-28",
"url": "https://ubuntu.com/security/notices/USN-7510-7"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7540-1 vom 2025-05-28",
"url": "https://ubuntu.com/security/notices/USN-7540-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-7 vom 2025-05-29",
"url": "https://ubuntu.com/security/notices/USN-7516-7"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-8 vom 2025-05-29",
"url": "https://ubuntu.com/security/notices/USN-7510-8"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20343-1 vom 2025-05-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020965.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-9 vom 2025-05-29",
"url": "https://ubuntu.com/security/notices/USN-7516-9"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-8 vom 2025-05-29",
"url": "https://ubuntu.com/security/notices/USN-7516-8"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20344-1 vom 2025-05-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020964.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20354-1 vom 2025-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021016.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20355-1 vom 2025-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021015.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20283-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021049.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20260-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021058.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20270-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021056.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20192-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021150.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20206-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021137.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20190-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021154.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2025-236 vom 2025-06-12",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2025-236.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2025-237 vom 2025-06-12",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2025-237.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2025-238 vom 2025-06-12",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2025-238.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2025-235 vom 2025-06-12",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2025-235.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2025-234 vom 2025-06-12",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2025-234.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01919-1 vom 2025-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021477.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01951-1 vom 2025-06-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021509.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01964-1 vom 2025-06-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021531.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01965-1 vom 2025-06-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021535.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01967-1 vom 2025-06-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021533.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01972-1 vom 2025-06-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021537.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20408-1 vom 2025-06-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021550.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20413-1 vom 2025-06-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021547.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01983-1 vom 2025-06-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021538.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01982-1 vom 2025-06-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021539.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01995-1 vom 2025-06-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021572.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02000-1 vom 2025-06-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021568.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20419-1 vom 2025-06-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021591.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20421-1 vom 2025-06-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021590.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7593-1 vom 2025-06-24",
"url": "https://ubuntu.com/security/notices/USN-7593-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7602-1 vom 2025-06-26",
"url": "https://ubuntu.com/security/notices/USN-7602-1"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2LIVEPATCH-2025-237 vom 2025-06-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS2LIVEPATCH-2025-237.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2LIVEPATCH-2025-234 vom 2025-06-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS2LIVEPATCH-2025-234.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2LIVEPATCH-2025-238 vom 2025-06-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS2LIVEPATCH-2025-238.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2LIVEPATCH-2025-236 vom 2025-06-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS2LIVEPATCH-2025-236.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2LIVEPATCH-2025-235 vom 2025-06-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS2LIVEPATCH-2025-235.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20406 vom 2025-07-08",
"url": "https://linux.oracle.com/errata/ELSA-2025-20406.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02254-1 vom 2025-07-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021770.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02307-1 vom 2025-07-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021804.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02333-1 vom 2025-07-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021830.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7640-1 vom 2025-07-16",
"url": "https://ubuntu.com/security/notices/USN-7640-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7653-1 vom 2025-07-17",
"url": "https://ubuntu.com/security/notices/USN-7653-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7652-1 vom 2025-07-17",
"url": "https://ubuntu.com/security/notices/USN-7652-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7651-1 vom 2025-07-17",
"url": "https://ubuntu.com/security/notices/USN-7651-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7651-2 vom 2025-07-18",
"url": "https://ubuntu.com/security/notices/USN-7651-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7651-3 vom 2025-07-22",
"url": "https://ubuntu.com/security/notices/USN-7651-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7651-4 vom 2025-07-22",
"url": "https://ubuntu.com/security/notices/USN-7651-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7651-5 vom 2025-07-24",
"url": "https://ubuntu.com/security/notices/USN-7651-5"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7651-6 vom 2025-07-24",
"url": "https://ubuntu.com/security/notices/USN-7651-6"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5973 vom 2025-08-12",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00137.html"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-08-12T22:00:00.000+00:00",
"generator": {
"date": "2025-08-13T06:27:19.588+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-0461",
"initial_release_date": "2025-02-27T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-02-27T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-03-12T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-03-13T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-03-19T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-03-31T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-04-08T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-04-15T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-04-16T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-05-06T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-07T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-18T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Ubuntu und SUSE aufgenommen"
},
{
"date": "2025-05-19T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-20T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Ubuntu und SUSE aufgenommen"
},
{
"date": "2025-05-21T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
},
{
"date": "2025-05-22T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-26T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Debian, SUSE und Ubuntu aufgenommen"
},
{
"date": "2025-05-27T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-29T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Ubuntu und SUSE aufgenommen"
},
{
"date": "2025-06-02T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-03T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-11T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-06-15T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-16T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-17T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-19T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-23T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-06-26T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-06-30T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-07-08T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Oracle Linux und SUSE aufgenommen"
},
{
"date": "2025-07-14T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-16T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-17T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-07-21T22:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-07-22T22:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-07-23T22:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-07-24T22:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-07-31T22:00:00.000+00:00",
"number": "37",
"summary": "Referenz(en) aufgenommen:"
},
{
"date": "2025-08-12T22:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von Debian aufgenommen"
}
],
"status": "final",
"version": "38"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Google Container-Optimized OS",
"product": {
"name": "Google Container-Optimized OS",
"product_id": "1607324",
"product_identification_helper": {
"cpe": "cpe:/o:google:container-optimized_os:-"
}
}
}
],
"category": "vendor",
"name": "Google"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.13.4",
"product": {
"name": "Open Source Linux Kernel \u003c6.13.4",
"product_id": "T041378"
}
},
{
"category": "product_version",
"name": "6.13.4",
"product": {
"name": "Open Source Linux Kernel 6.13.4",
"product_id": "T041378-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:6.13.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.12.16",
"product": {
"name": "Open Source Linux Kernel \u003c6.12.16",
"product_id": "T041379"
}
},
{
"category": "product_version",
"name": "6.12.16",
"product": {
"name": "Open Source Linux Kernel 6.12.16",
"product_id": "T041379-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:6.12.16"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.6.79",
"product": {
"name": "Open Source Linux Kernel \u003c6.6.79",
"product_id": "T041380"
}
},
{
"category": "product_version",
"name": "6.6.79",
"product": {
"name": "Open Source Linux Kernel 6.6.79",
"product_id": "T041380-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:6.6.79"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.1.129",
"product": {
"name": "Open Source Linux Kernel \u003c6.1.129",
"product_id": "T041381"
}
},
{
"category": "product_version",
"name": "6.1.129",
"product": {
"name": "Open Source Linux Kernel 6.1.129",
"product_id": "T041381-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:6.1.129"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.14-rc3",
"product": {
"name": "Open Source Linux Kernel \u003c6.14-rc3",
"product_id": "T041490"
}
},
{
"category": "product_version",
"name": "6.14-rc3",
"product": {
"name": "Open Source Linux Kernel 6.14-rc3",
"product_id": "T041490-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:6.14-rc3"
}
}
}
],
"category": "product_name",
"name": "Linux Kernel"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-58022",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2024-58022"
},
{
"cve": "CVE-2024-58034",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2024-58034"
},
{
"cve": "CVE-2024-58042",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2024-58042"
},
{
"cve": "CVE-2025-21798",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21798"
},
{
"cve": "CVE-2025-21799",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21799"
},
{
"cve": "CVE-2025-21800",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21800"
},
{
"cve": "CVE-2025-21801",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21801"
},
{
"cve": "CVE-2025-21802",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21802"
},
{
"cve": "CVE-2025-21803",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21803"
},
{
"cve": "CVE-2025-21804",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21804"
},
{
"cve": "CVE-2025-21805",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21805"
},
{
"cve": "CVE-2025-21806",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21806"
},
{
"cve": "CVE-2025-21807",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21807"
},
{
"cve": "CVE-2025-21808",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21808"
},
{
"cve": "CVE-2025-21809",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21809"
},
{
"cve": "CVE-2025-21810",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21810"
},
{
"cve": "CVE-2025-21811",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21811"
},
{
"cve": "CVE-2025-21812",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21812"
},
{
"cve": "CVE-2025-21813",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21813"
},
{
"cve": "CVE-2025-21814",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21814"
},
{
"cve": "CVE-2025-21815",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21815"
},
{
"cve": "CVE-2025-21816",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21816"
},
{
"cve": "CVE-2025-21817",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21817"
},
{
"cve": "CVE-2025-21818",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21818"
},
{
"cve": "CVE-2025-21819",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21819"
},
{
"cve": "CVE-2025-21820",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21820"
},
{
"cve": "CVE-2025-21821",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21821"
},
{
"cve": "CVE-2025-21822",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21822"
},
{
"cve": "CVE-2025-21823",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21823"
},
{
"cve": "CVE-2025-21824",
"product_status": {
"known_affected": [
"2951",
"T002207",
"T041381",
"T041380",
"T041490",
"T000126",
"398363",
"T041379",
"T004914",
"1607324",
"T041378"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-21824"
}
]
}
wid-sec-w-2025-1439
Vulnerability from csaf_certbund
Published
2025-06-30 22:00
Modified
2025-06-30 22:00
Summary
Dell Secure Connect Gateway: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Dell Secure Connect Gateway ist eine Softwarelösung, die als sicherer, zentralisierter Punkt für die Verwaltung des Fernzugriffs und des Supports für Hardware und Software von Dell Technologies dient.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Dell Secure Connect Gateway ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Dell Secure Connect Gateway ist eine Softwarel\u00f6sung, die als sicherer, zentralisierter Punkt f\u00fcr die Verwaltung des Fernzugriffs und des Supports f\u00fcr Hardware und Software von Dell Technologies dient.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Dell Secure Connect Gateway ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1439 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1439.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1439 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1439"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-260 vom 2025-06-30",
"url": "https://www.dell.com/support/kbdoc/de-de/000337528/dsa-2025-260-dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities"
}
],
"source_lang": "en-US",
"title": "Dell Secure Connect Gateway: Mehrere Schwachstellen erm\u00f6glichen nicht spezifizierten Angriff",
"tracking": {
"current_release_date": "2025-06-30T22:00:00.000+00:00",
"generator": {
"date": "2025-07-01T15:23:17.939+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1439",
"initial_release_date": "2025-06-30T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-06-30T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.30.0.14",
"product": {
"name": "Dell Secure Connect Gateway \u003c5.30.0.14",
"product_id": "T044974"
}
},
{
"category": "product_version",
"name": "5.30.0.14",
"product": {
"name": "Dell Secure Connect Gateway 5.30.0.14",
"product_id": "T044974-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:secure_connect_gateway:5.30.0.14"
}
}
}
],
"category": "product_name",
"name": "Secure Connect Gateway"
}
],
"category": "vendor",
"name": "Dell"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-39028",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2022-39028"
},
{
"cve": "CVE-2023-4016",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2023-4016"
},
{
"cve": "CVE-2023-40403",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2023-40403"
},
{
"cve": "CVE-2023-46316",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2023-46316"
},
{
"cve": "CVE-2023-52426",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2023-52426"
},
{
"cve": "CVE-2023-52831",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2023-52831"
},
{
"cve": "CVE-2023-52924",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2023-52924"
},
{
"cve": "CVE-2023-52925",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2023-52925"
},
{
"cve": "CVE-2023-52926",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2023-52926"
},
{
"cve": "CVE-2023-52927",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2023-52927"
},
{
"cve": "CVE-2024-10041",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-10041"
},
{
"cve": "CVE-2024-11168",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-11168"
},
{
"cve": "CVE-2024-12243",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-12243"
},
{
"cve": "CVE-2024-26634",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-26634"
},
{
"cve": "CVE-2024-26708",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-26708"
},
{
"cve": "CVE-2024-26810",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-26810"
},
{
"cve": "CVE-2024-26873",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-26873"
},
{
"cve": "CVE-2024-29018",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-29018"
},
{
"cve": "CVE-2024-35826",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-35826"
},
{
"cve": "CVE-2024-35910",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-35910"
},
{
"cve": "CVE-2024-38606",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-38606"
},
{
"cve": "CVE-2024-40635",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-40635"
},
{
"cve": "CVE-2024-40980",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-40980"
},
{
"cve": "CVE-2024-41005",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-41005"
},
{
"cve": "CVE-2024-41055",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-41055"
},
{
"cve": "CVE-2024-41077",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-41077"
},
{
"cve": "CVE-2024-41149",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-41149"
},
{
"cve": "CVE-2024-42307",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-42307"
},
{
"cve": "CVE-2024-43790",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-43790"
},
{
"cve": "CVE-2024-43802",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-43802"
},
{
"cve": "CVE-2024-43820",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-43820"
},
{
"cve": "CVE-2024-44974",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-44974"
},
{
"cve": "CVE-2024-45009",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-45009"
},
{
"cve": "CVE-2024-45010",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-45010"
},
{
"cve": "CVE-2024-45306",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-45306"
},
{
"cve": "CVE-2024-46736",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-46736"
},
{
"cve": "CVE-2024-46782",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-46782"
},
{
"cve": "CVE-2024-46796",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-46796"
},
{
"cve": "CVE-2024-47220",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-47220"
},
{
"cve": "CVE-2024-47408",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-47408"
},
{
"cve": "CVE-2024-47794",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-47794"
},
{
"cve": "CVE-2024-49571",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-49571"
},
{
"cve": "CVE-2024-49761",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-49761"
},
{
"cve": "CVE-2024-49924",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-49924"
},
{
"cve": "CVE-2024-49940",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-49940"
},
{
"cve": "CVE-2024-49994",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-49994"
},
{
"cve": "CVE-2024-50029",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50029"
},
{
"cve": "CVE-2024-50036",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50036"
},
{
"cve": "CVE-2024-50056",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50056"
},
{
"cve": "CVE-2024-50085",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50085"
},
{
"cve": "CVE-2024-50126",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50126"
},
{
"cve": "CVE-2024-50140",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50140"
},
{
"cve": "CVE-2024-50152",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50152"
},
{
"cve": "CVE-2024-50185",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50185"
},
{
"cve": "CVE-2024-50290",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50290"
},
{
"cve": "CVE-2024-50294",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50294"
},
{
"cve": "CVE-2024-52559",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-52559"
},
{
"cve": "CVE-2024-53057",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53057"
},
{
"cve": "CVE-2024-53063",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53063"
},
{
"cve": "CVE-2024-53123",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53123"
},
{
"cve": "CVE-2024-53140",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53140"
},
{
"cve": "CVE-2024-53147",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53147"
},
{
"cve": "CVE-2024-53163",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53163"
},
{
"cve": "CVE-2024-53176",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53176"
},
{
"cve": "CVE-2024-53177",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53177"
},
{
"cve": "CVE-2024-53178",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53178"
},
{
"cve": "CVE-2024-53226",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53226"
},
{
"cve": "CVE-2024-53680",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53680"
},
{
"cve": "CVE-2024-54683",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-54683"
},
{
"cve": "CVE-2024-55549",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-55549"
},
{
"cve": "CVE-2024-56171",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56171"
},
{
"cve": "CVE-2024-56568",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56568"
},
{
"cve": "CVE-2024-56579",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56579"
},
{
"cve": "CVE-2024-56633",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56633"
},
{
"cve": "CVE-2024-56638",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56638"
},
{
"cve": "CVE-2024-56640",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56640"
},
{
"cve": "CVE-2024-56647",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56647"
},
{
"cve": "CVE-2024-56702",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56702"
},
{
"cve": "CVE-2024-56703",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56703"
},
{
"cve": "CVE-2024-56718",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56718"
},
{
"cve": "CVE-2024-56719",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56719"
},
{
"cve": "CVE-2024-56720",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56720"
},
{
"cve": "CVE-2024-56751",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56751"
},
{
"cve": "CVE-2024-56758",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56758"
},
{
"cve": "CVE-2024-56770",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56770"
},
{
"cve": "CVE-2024-57807",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57807"
},
{
"cve": "CVE-2024-57834",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57834"
},
{
"cve": "CVE-2024-57889",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57889"
},
{
"cve": "CVE-2024-57900",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57900"
},
{
"cve": "CVE-2024-57947",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57947"
},
{
"cve": "CVE-2024-57948",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57948"
},
{
"cve": "CVE-2024-57973",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57973"
},
{
"cve": "CVE-2024-57974",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57974"
},
{
"cve": "CVE-2024-57978",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57978"
},
{
"cve": "CVE-2024-57979",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57979"
},
{
"cve": "CVE-2024-57980",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57980"
},
{
"cve": "CVE-2024-57981",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57981"
},
{
"cve": "CVE-2024-57986",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57986"
},
{
"cve": "CVE-2024-57990",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57990"
},
{
"cve": "CVE-2024-57993",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57993"
},
{
"cve": "CVE-2024-57994",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57994"
},
{
"cve": "CVE-2024-57996",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57996"
},
{
"cve": "CVE-2024-57997",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57997"
},
{
"cve": "CVE-2024-57999",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57999"
},
{
"cve": "CVE-2024-58002",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58002"
},
{
"cve": "CVE-2024-58005",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58005"
},
{
"cve": "CVE-2024-58006",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58006"
},
{
"cve": "CVE-2024-58007",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58007"
},
{
"cve": "CVE-2024-58009",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58009"
},
{
"cve": "CVE-2024-58011",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58011"
},
{
"cve": "CVE-2024-58012",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58012"
},
{
"cve": "CVE-2024-58013",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58013"
},
{
"cve": "CVE-2024-58014",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58014"
},
{
"cve": "CVE-2024-58017",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58017"
},
{
"cve": "CVE-2024-58019",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58019"
},
{
"cve": "CVE-2024-58020",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58020"
},
{
"cve": "CVE-2024-58034",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58034"
},
{
"cve": "CVE-2024-58051",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58051"
},
{
"cve": "CVE-2024-58052",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58052"
},
{
"cve": "CVE-2024-58054",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58054"
},
{
"cve": "CVE-2024-58055",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58055"
},
{
"cve": "CVE-2024-58056",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58056"
},
{
"cve": "CVE-2024-58057",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58057"
},
{
"cve": "CVE-2024-58058",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58058"
},
{
"cve": "CVE-2024-58061",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58061"
},
{
"cve": "CVE-2024-58063",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58063"
},
{
"cve": "CVE-2024-58069",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58069"
},
{
"cve": "CVE-2024-58072",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58072"
},
{
"cve": "CVE-2024-58076",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58076"
},
{
"cve": "CVE-2024-58078",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58078"
},
{
"cve": "CVE-2024-58079",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58079"
},
{
"cve": "CVE-2024-58080",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58080"
},
{
"cve": "CVE-2024-58083",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58083"
},
{
"cve": "CVE-2024-58085",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58085"
},
{
"cve": "CVE-2024-58086",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58086"
},
{
"cve": "CVE-2024-8176",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-8176"
},
{
"cve": "CVE-2025-0395",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-0395"
},
{
"cve": "CVE-2025-1094",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-1094"
},
{
"cve": "CVE-2025-1215",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-1215"
},
{
"cve": "CVE-2025-1795",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-1795"
},
{
"cve": "CVE-2025-21631",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21631"
},
{
"cve": "CVE-2025-21635",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21635"
},
{
"cve": "CVE-2025-21636",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21636"
},
{
"cve": "CVE-2025-21637",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21637"
},
{
"cve": "CVE-2025-21638",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21638"
},
{
"cve": "CVE-2025-21639",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21639"
},
{
"cve": "CVE-2025-21640",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21640"
},
{
"cve": "CVE-2025-21647",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21647"
},
{
"cve": "CVE-2025-21659",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21659"
},
{
"cve": "CVE-2025-21665",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21665"
},
{
"cve": "CVE-2025-21667",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21667"
},
{
"cve": "CVE-2025-21668",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21668"
},
{
"cve": "CVE-2025-21671",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21671"
},
{
"cve": "CVE-2025-21673",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21673"
},
{
"cve": "CVE-2025-21680",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21680"
},
{
"cve": "CVE-2025-21681",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21681"
},
{
"cve": "CVE-2025-21684",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21684"
},
{
"cve": "CVE-2025-21687",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21687"
},
{
"cve": "CVE-2025-21688",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21688"
},
{
"cve": "CVE-2025-21689",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21689"
},
{
"cve": "CVE-2025-21690",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21690"
},
{
"cve": "CVE-2025-21692",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21693",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21693"
},
{
"cve": "CVE-2025-21697",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21697"
},
{
"cve": "CVE-2025-21699",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21699"
},
{
"cve": "CVE-2025-21700",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21700"
},
{
"cve": "CVE-2025-21701",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21701"
},
{
"cve": "CVE-2025-21703",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21703"
},
{
"cve": "CVE-2025-21704",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21704"
},
{
"cve": "CVE-2025-21705",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21705"
},
{
"cve": "CVE-2025-21706",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21706"
},
{
"cve": "CVE-2025-21708",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21708"
},
{
"cve": "CVE-2025-21711",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21711"
},
{
"cve": "CVE-2025-21714",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21714"
},
{
"cve": "CVE-2025-21715",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21715"
},
{
"cve": "CVE-2025-21716",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21716"
},
{
"cve": "CVE-2025-21718",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21718"
},
{
"cve": "CVE-2025-21719",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21719"
},
{
"cve": "CVE-2025-21723",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21723"
},
{
"cve": "CVE-2025-21724",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21724"
},
{
"cve": "CVE-2025-21725",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21725"
},
{
"cve": "CVE-2025-21726",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21726"
},
{
"cve": "CVE-2025-21727",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21727"
},
{
"cve": "CVE-2025-21728",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21728"
},
{
"cve": "CVE-2025-21731",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21731"
},
{
"cve": "CVE-2025-21732",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21732"
},
{
"cve": "CVE-2025-21733",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21733"
},
{
"cve": "CVE-2025-21734",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21734"
},
{
"cve": "CVE-2025-21735",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21735"
},
{
"cve": "CVE-2025-21736",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21736"
},
{
"cve": "CVE-2025-21738",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21738"
},
{
"cve": "CVE-2025-21739",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21739"
},
{
"cve": "CVE-2025-21741",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21741"
},
{
"cve": "CVE-2025-21742",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21742"
},
{
"cve": "CVE-2025-21743",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21743"
},
{
"cve": "CVE-2025-21744",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21744"
},
{
"cve": "CVE-2025-21745",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21745"
},
{
"cve": "CVE-2025-21749",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21749"
},
{
"cve": "CVE-2025-21750",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21750"
},
{
"cve": "CVE-2025-21753",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21753"
},
{
"cve": "CVE-2025-21754",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21754"
},
{
"cve": "CVE-2025-21756",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21756"
},
{
"cve": "CVE-2025-21759",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21759"
},
{
"cve": "CVE-2025-21760",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21760"
},
{
"cve": "CVE-2025-21761",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21761"
},
{
"cve": "CVE-2025-21762",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21762"
},
{
"cve": "CVE-2025-21763",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21763"
},
{
"cve": "CVE-2025-21764",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21764"
},
{
"cve": "CVE-2025-21765",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21765"
},
{
"cve": "CVE-2025-21766",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21766"
},
{
"cve": "CVE-2025-21767",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21767"
},
{
"cve": "CVE-2025-21772",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21772"
},
{
"cve": "CVE-2025-21773",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21773"
},
{
"cve": "CVE-2025-21775",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21775"
},
{
"cve": "CVE-2025-21776",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21776"
},
{
"cve": "CVE-2025-21779",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21779"
},
{
"cve": "CVE-2025-21780",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21780"
},
{
"cve": "CVE-2025-21781",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21781"
},
{
"cve": "CVE-2025-21782",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21782"
},
{
"cve": "CVE-2025-21784",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21784"
},
{
"cve": "CVE-2025-21785",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21785"
},
{
"cve": "CVE-2025-21790",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21790"
},
{
"cve": "CVE-2025-21791",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21791"
},
{
"cve": "CVE-2025-21793",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21793"
},
{
"cve": "CVE-2025-21794",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21794"
},
{
"cve": "CVE-2025-21795",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21795"
},
{
"cve": "CVE-2025-21796",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21796"
},
{
"cve": "CVE-2025-21799",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21799"
},
{
"cve": "CVE-2025-21802",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21802"
},
{
"cve": "CVE-2025-21804",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21804"
},
{
"cve": "CVE-2025-21810",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21810"
},
{
"cve": "CVE-2025-21815",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21815"
},
{
"cve": "CVE-2025-21819",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21819"
},
{
"cve": "CVE-2025-21820",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21820"
},
{
"cve": "CVE-2025-21821",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21821"
},
{
"cve": "CVE-2025-21823",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21823"
},
{
"cve": "CVE-2025-21825",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21825"
},
{
"cve": "CVE-2025-21828",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21828"
},
{
"cve": "CVE-2025-21829",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21829"
},
{
"cve": "CVE-2025-21830",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21830"
},
{
"cve": "CVE-2025-21831",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21831"
},
{
"cve": "CVE-2025-21832",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21832"
},
{
"cve": "CVE-2025-21835",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21835"
},
{
"cve": "CVE-2025-21838",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21838"
},
{
"cve": "CVE-2025-21844",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21844"
},
{
"cve": "CVE-2025-21846",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21846"
},
{
"cve": "CVE-2025-21847",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21847"
},
{
"cve": "CVE-2025-21848",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21848"
},
{
"cve": "CVE-2025-21850",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21850"
},
{
"cve": "CVE-2025-21855",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21855"
},
{
"cve": "CVE-2025-21856",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21856"
},
{
"cve": "CVE-2025-21857",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21857"
},
{
"cve": "CVE-2025-21858",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21858"
},
{
"cve": "CVE-2025-21859",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21859"
},
{
"cve": "CVE-2025-21861",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21861"
},
{
"cve": "CVE-2025-21862",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21862"
},
{
"cve": "CVE-2025-21864",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21864"
},
{
"cve": "CVE-2025-21865",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21865"
},
{
"cve": "CVE-2025-21866",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21866"
},
{
"cve": "CVE-2025-21869",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21869"
},
{
"cve": "CVE-2025-21870",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21870"
},
{
"cve": "CVE-2025-21871",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21871"
},
{
"cve": "CVE-2025-21876",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21876"
},
{
"cve": "CVE-2025-21877",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21877"
},
{
"cve": "CVE-2025-21878",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21878"
},
{
"cve": "CVE-2025-21883",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21883"
},
{
"cve": "CVE-2025-21885",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21885"
},
{
"cve": "CVE-2025-21886",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21886"
},
{
"cve": "CVE-2025-21888",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21888"
},
{
"cve": "CVE-2025-21890",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21890"
},
{
"cve": "CVE-2025-21891",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21891"
},
{
"cve": "CVE-2025-21892",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21892"
},
{
"cve": "CVE-2025-22134",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-22134"
},
{
"cve": "CVE-2025-22228",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-22228"
},
{
"cve": "CVE-2025-22247",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-22247"
},
{
"cve": "CVE-2025-22868",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-22868"
},
{
"cve": "CVE-2025-22869",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-24014",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-24014"
},
{
"cve": "CVE-2025-24813",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-24813"
},
{
"cve": "CVE-2025-24855",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-24855"
},
{
"cve": "CVE-2025-24928",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-24928"
},
{
"cve": "CVE-2025-2588",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-2588"
},
{
"cve": "CVE-2025-26465",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-26465"
},
{
"cve": "CVE-2025-26466",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-26466"
},
{
"cve": "CVE-2025-26597",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-26597"
},
{
"cve": "CVE-2025-27113",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-27113"
},
{
"cve": "CVE-2025-27219",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-27219"
},
{
"cve": "CVE-2025-27220",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-27220"
},
{
"cve": "CVE-2025-27363",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-27363"
},
{
"cve": "CVE-2025-29087",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-29087"
},
{
"cve": "CVE-2025-29088",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-29088"
},
{
"cve": "CVE-2025-31115",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-31115"
},
{
"cve": "CVE-2025-31335",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-31335"
},
{
"cve": "CVE-2025-31650",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-31650"
},
{
"cve": "CVE-2025-31651",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-31651"
},
{
"cve": "CVE-2025-32414",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-32414"
},
{
"cve": "CVE-2025-32415",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-32415"
},
{
"cve": "CVE-2025-32728",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-32728"
},
{
"cve": "CVE-2025-3360",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-3360"
},
{
"cve": "CVE-2025-4207",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-4207"
},
{
"cve": "CVE-2025-4382",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-4382"
},
{
"cve": "CVE-2025-47268",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-47268"
},
{
"cve": "CVE-2025-4802",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-4802"
},
{
"cve": "CVE-2025-48734",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-48734"
}
]
}
fkie_cve-2025-21799
Vulnerability from fkie_nvd
Published
2025-02-27 20:16
Modified
2025-03-13 13:15
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()
When getting the IRQ we use k3_udma_glue_tx_get_irq() which returns
negative error value on error. So not NULL check is not sufficient
to deteremine if IRQ is valid. Check that IRQ is greater then zero
to ensure it is valid.
There is no issue at probe time but at runtime user can invoke
.set_channels which results in the following call chain.
am65_cpsw_set_channels()
am65_cpsw_nuss_update_tx_rx_chns()
am65_cpsw_nuss_remove_tx_chns()
am65_cpsw_nuss_init_tx_chns()
At this point if am65_cpsw_nuss_init_tx_chns() fails due to
k3_udma_glue_tx_get_irq() then tx_chn->irq will be set to a
negative value.
Then, at subsequent .set_channels with higher channel count we
will attempt to free an invalid IRQ in am65_cpsw_nuss_remove_tx_chns()
leading to a kernel warning.
The issue is present in the original commit that introduced this driver,
although there, am65_cpsw_nuss_update_tx_rx_chns() existed as
am65_cpsw_nuss_update_tx_chns().
References
| ▶ | URL | Tags | |
|---|---|---|---|
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/321990fdf4f1bb64e818c7140688bf33d129e48d | ||
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/4395a44acb15850e492dd1de9ec4b6479d96bc80 | ||
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/8448c87b3af68bebca21e3136913f7f77e363515 | ||
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/88fd5db8c0073bd91d18391feb5741aeb0a2b475 | ||
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/8aae91ae1c65782a169ec070e023d4d269e5d6e6 | ||
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/aea5cca681d268f794fa2385f9ec26a5cce025cd | ||
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/ed8c0300f302338c36edb06bca99051e5be6fb2f |
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()\n\nWhen getting the IRQ we use k3_udma_glue_tx_get_irq() which returns\nnegative error value on error. So not NULL check is not sufficient\nto deteremine if IRQ is valid. Check that IRQ is greater then zero\nto ensure it is valid.\n\nThere is no issue at probe time but at runtime user can invoke\n.set_channels which results in the following call chain.\nam65_cpsw_set_channels()\n am65_cpsw_nuss_update_tx_rx_chns()\n am65_cpsw_nuss_remove_tx_chns()\n am65_cpsw_nuss_init_tx_chns()\n\nAt this point if am65_cpsw_nuss_init_tx_chns() fails due to\nk3_udma_glue_tx_get_irq() then tx_chn-\u003eirq will be set to a\nnegative value.\n\nThen, at subsequent .set_channels with higher channel count we\nwill attempt to free an invalid IRQ in am65_cpsw_nuss_remove_tx_chns()\nleading to a kernel warning.\n\nThe issue is present in the original commit that introduced this driver,\nalthough there, am65_cpsw_nuss_update_tx_rx_chns() existed as\nam65_cpsw_nuss_update_tx_chns()."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ethernet: ti: am65-cpsw: arreglo de liberaci\u00f3n de IRQ en am65_cpsw_nuss_remove_tx_chns() Al obtener la IRQ, usamos k3_udma_glue_tx_get_irq() que devuelve un valor de error negativo en caso de error. Por lo tanto, la comprobaci\u00f3n de que no sea NULL no es suficiente para determinar si la IRQ es v\u00e1lida. Compruebe que la IRQ sea mayor que cero para asegurarse de que sea v\u00e1lida. No hay ning\u00fan problema en el momento de la prueba, pero en el momento de la ejecuci\u00f3n, el usuario puede invocar .set_channels, lo que da como resultado la siguiente cadena de llamadas. am65_cpsw_set_channels() am65_cpsw_nuss_update_tx_rx_chns() am65_cpsw_nuss_remove_tx_chns() am65_cpsw_nuss_init_tx_chns() En este punto, si am65_cpsw_nuss_init_tx_chns() falla debido a k3_udma_glue_tx_get_irq(), tx_chn-\u0026gt;irq se establecer\u00e1 en un valor negativo. Luego, en los .set_channels posteriores con un mayor conteo de canales, intentaremos liberar una IRQ no v\u00e1lida en am65_cpsw_nuss_remove_tx_chns(), lo que generar\u00e1 una advertencia del kernel. El problema est\u00e1 presente en el commit original que introdujo este controlador, aunque all\u00ed, am65_cpsw_nuss_update_tx_rx_chns() exist\u00eda como am65_cpsw_nuss_update_tx_chns()."
}
],
"id": "CVE-2025-21799",
"lastModified": "2025-03-13T13:15:55.610",
"metrics": {},
"published": "2025-02-27T20:16:02.563",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/321990fdf4f1bb64e818c7140688bf33d129e48d"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/4395a44acb15850e492dd1de9ec4b6479d96bc80"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/8448c87b3af68bebca21e3136913f7f77e363515"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/88fd5db8c0073bd91d18391feb5741aeb0a2b475"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/8aae91ae1c65782a169ec070e023d4d269e5d6e6"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/aea5cca681d268f794fa2385f9ec26a5cce025cd"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/ed8c0300f302338c36edb06bca99051e5be6fb2f"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Awaiting Analysis"
}
ghsa-gpg5-528w-fhh8
Vulnerability from github
Published
2025-02-27 21:32
Modified
2025-03-13 15:32
VLAI Severity ?
Details
In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()
When getting the IRQ we use k3_udma_glue_tx_get_irq() which returns negative error value on error. So not NULL check is not sufficient to deteremine if IRQ is valid. Check that IRQ is greater then zero to ensure it is valid.
There is no issue at probe time but at runtime user can invoke .set_channels which results in the following call chain. am65_cpsw_set_channels() am65_cpsw_nuss_update_tx_rx_chns() am65_cpsw_nuss_remove_tx_chns() am65_cpsw_nuss_init_tx_chns()
At this point if am65_cpsw_nuss_init_tx_chns() fails due to k3_udma_glue_tx_get_irq() then tx_chn->irq will be set to a negative value.
Then, at subsequent .set_channels with higher channel count we will attempt to free an invalid IRQ in am65_cpsw_nuss_remove_tx_chns() leading to a kernel warning.
The issue is present in the original commit that introduced this driver, although there, am65_cpsw_nuss_update_tx_rx_chns() existed as am65_cpsw_nuss_update_tx_chns().
{
"affected": [],
"aliases": [
"CVE-2025-21799"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-27T20:16:02Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()\n\nWhen getting the IRQ we use k3_udma_glue_tx_get_irq() which returns\nnegative error value on error. So not NULL check is not sufficient\nto deteremine if IRQ is valid. Check that IRQ is greater then zero\nto ensure it is valid.\n\nThere is no issue at probe time but at runtime user can invoke\n.set_channels which results in the following call chain.\nam65_cpsw_set_channels()\n am65_cpsw_nuss_update_tx_rx_chns()\n am65_cpsw_nuss_remove_tx_chns()\n am65_cpsw_nuss_init_tx_chns()\n\nAt this point if am65_cpsw_nuss_init_tx_chns() fails due to\nk3_udma_glue_tx_get_irq() then tx_chn-\u003eirq will be set to a\nnegative value.\n\nThen, at subsequent .set_channels with higher channel count we\nwill attempt to free an invalid IRQ in am65_cpsw_nuss_remove_tx_chns()\nleading to a kernel warning.\n\nThe issue is present in the original commit that introduced this driver,\nalthough there, am65_cpsw_nuss_update_tx_rx_chns() existed as\nam65_cpsw_nuss_update_tx_chns().",
"id": "GHSA-gpg5-528w-fhh8",
"modified": "2025-03-13T15:32:52Z",
"published": "2025-02-27T21:32:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21799"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/321990fdf4f1bb64e818c7140688bf33d129e48d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4395a44acb15850e492dd1de9ec4b6479d96bc80"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8448c87b3af68bebca21e3136913f7f77e363515"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/88fd5db8c0073bd91d18391feb5741aeb0a2b475"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8aae91ae1c65782a169ec070e023d4d269e5d6e6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/aea5cca681d268f794fa2385f9ec26a5cce025cd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ed8c0300f302338c36edb06bca99051e5be6fb2f"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…